Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/jYgCw1-J287SPAqAI2GUAs4C7JQ.roa
File: jYgCw1-J287SPAqAI2GUAs4C7JQ.roa (raw, json)
Hash identifier: S2ReHxRDHG5aDjxBJQQkmZ8TQKJakpWQFYA6f2/HkBQ=
Subject key identifier: 8D:88:02:C3:5F:89:DB:CE:D2:3C:0A:80:23:61:94:02:CE:02:EC:94
Certificate issuer: /CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Certificate serial: 018AF6A158A5BF3DEA5F677C71148E99D245
Authority key identifier: B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/jYgCw1-J287SPAqAI2GUAs4C7JQ.roa
Signing time: Tue 03 Oct 2023 17:41:23 +0000
ROA not before: Tue 03 Oct 2023 17:41:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210928
IP address blocks: 185.161.66.0/24 maxlen: 24
217.168.240.0/24 maxlen: 24
217.168.243.0/24 maxlen: 24
217.168.242.0/24 maxlen: 24
217.168.245.0/24 maxlen: 24
217.168.241.0/24 maxlen: 24
217.168.244.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:f6:a1:58:a5:bf:3d:ea:5f:67:7c:71:14:8e:99:d2:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Validity
Not Before: Oct 3 17:41:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8d8802c35f89dbced23c0a8023619402ce02ec94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:21:e2:8b:e7:a0:74:76:3c:3e:3b:2c:2e:78:
ea:88:ae:42:50:08:a1:f0:c8:e1:8b:1e:17:1a:20:
82:19:9b:60:dd:6f:1d:57:71:4c:85:17:c9:25:b1:
a6:62:ea:62:38:91:5d:64:06:d2:eb:a8:c1:2b:9a:
12:b8:7a:28:11:7d:82:e8:d4:07:f8:e2:c5:87:6a:
11:01:0e:10:95:4b:17:d4:27:e7:d0:a7:df:55:20:
d5:c1:07:8b:99:b9:92:52:48:f9:87:8e:f6:7a:30:
04:54:cf:4f:50:47:32:2b:36:e6:4c:23:a5:91:dc:
f5:c3:4a:c2:83:a0:af:b9:b7:a9:2a:6d:bd:41:43:
39:ee:dc:19:20:e7:a8:6f:1b:6e:1a:1a:78:7c:64:
4a:c0:b5:f3:16:d6:92:e3:37:a3:81:eb:dd:78:2d:
15:e7:ab:66:6c:66:d7:2d:52:e0:d7:af:6d:12:e9:
14:82:1a:c5:36:fd:e8:b2:64:90:10:d5:66:c7:7f:
26:c4:45:5e:9d:ce:28:2c:5b:f3:f6:36:9a:14:ce:
da:7f:1d:fe:72:20:88:d8:f9:69:95:54:2f:8e:50:
3a:d7:58:19:65:91:18:f7:10:c3:61:31:32:79:c0:
a5:f9:6c:d2:18:c6:2d:a1:c2:7d:8c:ad:c4:6b:f7:
f8:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:88:02:C3:5F:89:DB:CE:D2:3C:0A:80:23:61:94:02:CE:02:EC:94
X509v3 Authority Key Identifier:
keyid:B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/jYgCw1-J287SPAqAI2GUAs4C7JQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.161.66.0/24
217.168.240.0-217.168.245.255
Signature Algorithm: sha256WithRSAEncryption
2b:2e:96:6d:db:35:3d:c3:64:1d:8d:0a:79:13:1c:77:60:3a:
60:74:5c:37:b8:02:a3:f0:87:8f:63:cb:a9:66:ff:e3:a3:ab:
81:2f:63:47:dc:9d:20:d1:98:62:52:ea:27:de:2b:32:ec:17:
b0:1a:18:83:d6:27:22:da:cb:12:84:41:91:74:51:2e:53:f3:
69:01:8f:aa:60:10:62:5e:b9:74:26:d8:4b:65:51:87:05:c9:
8a:27:b8:2e:18:95:3c:95:8f:7b:14:fc:a5:2a:17:ad:af:1b:
70:ec:e9:3d:54:72:3d:c2:d4:ba:c0:ea:72:26:86:60:3d:95:
94:7d:23:b4:a7:7c:f9:28:8d:e2:14:14:4e:3f:7d:0a:16:d9:
bc:a0:6c:2d:f7:fe:e6:6a:19:b2:41:76:0c:a0:5d:63:27:44:
f8:d3:3e:cc:73:ab:f9:a7:00:41:75:be:33:98:be:33:00:b2:
32:26:b3:9f:43:cf:b6:47:6e:51:dc:d4:bf:9e:73:28:b4:c2:
4e:2b:fb:73:d0:40:a4:28:83:4a:5e:b1:31:87:5f:49:ce:41:
43:28:a0:d7:a7:02:53:f0:94:d1:dc:e5:13:22:ce:b8:e4:56:
ad:df:5b:a5:7e:20:a6:68:15:8f:b1:0a:45:65:c8:c0:db:72:
00:29:ce:65
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYr2oVilvz3qX2d8cRSOmdJFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMGMzY2YzZGM1M2NhNTQ5YzAzZTRmNWY0NmQ5MWNlOTBi
OGUwNzAwHhcNMjMxMDAzMTc0MTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDg4MDJjMzVmODlkYmNlZDIzYzBhODAyMzYxOTQwMmNlMDJlYzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSHii+egdHY8PjssLnjqiK5CUAih
8Mjhix4XGiCCGZtg3W8dV3FMhRfJJbGmYupiOJFdZAbS66jBK5oSuHooEX2C6NQH
+OLFh2oRAQ4QlUsX1Cfn0KffVSDVwQeLmbmSUkj5h472ejAEVM9PUEcyKzbmTCOl
kdz1w0rCg6CvubepKm29QUM57twZIOeobxtuGhp4fGRKwLXzFtaS4zejgevdeC0V
56tmbGbXLVLg169tEukUghrFNv3osmSQENVmx38mxEVenc4oLFvz9jaaFM7afx3+
ciCI2PlplVQvjlA611gZZZEY9xDDYTEyecCl+WzSGMYtocJ9jK3Ea/f4jQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFI2IAsNfidvO0jwKgCNhlALOAuyUMB8GA1UdIwQY
MBaAFLEMPPPcU8pUnAPk9fRtkc6QuOBwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMt
MzZmODJiZDM3OWJkLzEvallnQ3cxLUoyODdTUEFxQUkyR1VBczRDN0pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMtMzZmODJiZDM3OWJk
LzEvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAuaFCMAwD
BATZqPADBAHZqPQwDQYJKoZIhvcNAQELBQADggEBACsulm3bNT3DZB2NCnkTHHdg
OmB0XDe4AqPwh49jy6lm/+Ojq4EvY0fcnSDRmGJS6ifeKzLsF7AaGIPWJyLayxKE
QZF0US5T82kBj6pgEGJeuXQm2EtlUYcFyYonuC4YlTyVj3sU/KUqF62vG3Ds6T1U
cj3C1LrA6nImhmA9lZR9I7SnfPkojeIUFE4/fQoW2bygbC33/uZqGbJBdgygXWMn
RPjTPsxzq/mnAEF1vjOYvjMAsjIms59Dz7ZHblHc1L+ecyi0wk4r+3PQQKQog0pe
sTGHX0nOQUMooNenAlPwlNHc5RMizrjkVq3fW6V+IKZoFY+xCkVlyMDbcgApzmU=
-----END CERTIFICATE-----
Generated at Sun May 11 06:54:31 2025 by rpki-client