Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/lDKo0raEnsCpgqbxjUdneb-HmsE.roa
File: lDKo0raEnsCpgqbxjUdneb-HmsE.roa (raw, json)
Hash identifier: pbcVxf+0gOuiCu86aqaJ5Y2UImncQeeeVCZ5LNdx1QQ=
Subject key identifier: 94:32:A8:D2:B6:84:9E:C0:A9:82:A6:F1:8D:47:67:79:BF:87:9A:C1
Certificate issuer: /CN=08d79d20d76a9ddb075b94f9f00052ab218276b7
Certificate serial: 019078D058F9E9E5692E55FFE94CA20C4004
Authority key identifier: 08:D7:9D:20:D7:6A:9D:DB:07:5B:94:F9:F0:00:52:AB:21:82:76:B7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CNedINdqndsHW5T58ABSqyGCdrc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/lDKo0raEnsCpgqbxjUdneb-HmsE.roa
Signing time: Wed 03 Jul 2024 13:37:18 +0000
ROA not before: Wed 03 Jul 2024 13:37:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8831
IP address blocks: 62.108.64.0/21 maxlen: 21
62.108.64.0/22 maxlen: 24
62.108.68.0/22 maxlen: 24
62.108.72.0/22 maxlen: 24
62.108.76.0/22 maxlen: 24
62.108.88.0/22 maxlen: 24
62.108.92.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:78:d0:58:f9:e9:e5:69:2e:55:ff:e9:4c:a2:0c:40:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=08d79d20d76a9ddb075b94f9f00052ab218276b7
Validity
Not Before: Jul 3 13:37:18 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9432a8d2b6849ec0a982a6f18d476779bf879ac1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:0c:fa:c1:f8:ea:42:52:68:56:40:93:ac:2a:
21:24:33:b0:a1:9e:2c:ba:59:ad:4e:39:fe:51:a0:
63:70:d7:9a:21:73:07:c5:24:6f:d9:d5:01:46:33:
db:48:44:a6:76:f6:7e:23:73:25:0b:67:eb:81:f8:
d4:83:99:84:40:71:a4:30:ae:82:91:c0:02:a1:33:
a3:4f:ab:c6:51:01:c9:44:31:43:b0:c9:e0:d5:7e:
af:e1:51:6f:2c:ff:07:ff:c4:8b:ec:1a:73:18:e4:
12:79:06:e3:66:a0:d7:c9:47:3b:c9:73:dd:e6:ae:
56:48:96:da:d9:93:72:14:50:16:9d:d0:bc:f1:7c:
0c:74:5c:6d:e5:9b:5a:b3:1b:f8:99:93:4b:72:c2:
e6:70:b4:e8:dd:ee:47:f2:5e:67:5d:ce:cb:6d:f2:
3d:53:fd:aa:1c:d9:9b:62:cd:89:65:f4:32:ce:dd:
66:86:64:5c:ec:a5:37:23:35:b0:37:03:4e:c9:a3:
cb:31:63:a1:20:f5:dc:e7:95:a7:95:14:1d:e5:4b:
27:2e:9b:59:70:28:98:7b:24:9f:e3:ce:27:27:6f:
87:33:83:3f:61:12:62:47:19:06:15:71:a6:2a:45:
8e:13:1c:bc:97:e7:34:a5:c3:44:26:64:70:3e:a9:
dd:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:32:A8:D2:B6:84:9E:C0:A9:82:A6:F1:8D:47:67:79:BF:87:9A:C1
X509v3 Authority Key Identifier:
keyid:08:D7:9D:20:D7:6A:9D:DB:07:5B:94:F9:F0:00:52:AB:21:82:76:B7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CNedINdqndsHW5T58ABSqyGCdrc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/lDKo0raEnsCpgqbxjUdneb-HmsE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/37109d-1337-4b2d-bc1b-48dc88b56020/1/CNedINdqndsHW5T58ABSqyGCdrc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.108.64.0/20
62.108.88.0/21
Signature Algorithm: sha256WithRSAEncryption
9d:ff:f1:23:6d:40:65:bf:ce:95:99:b3:93:3e:65:9c:14:da:
bc:b2:fb:fc:38:0e:4d:f9:58:d8:1f:c0:f6:40:70:c1:a8:f0:
19:dd:ea:62:97:d4:a4:c4:52:b3:0a:f2:f4:f8:47:39:d1:35:
df:11:e3:89:88:0e:48:a8:9d:04:cd:2b:2e:9d:93:73:4c:3a:
4c:31:cb:5c:8c:70:5d:7d:f7:15:d3:d7:a6:4f:e6:9b:f7:12:
52:80:fb:9a:91:6e:78:24:cc:a3:fe:4a:27:00:75:d6:a1:bd:
1f:ea:35:0d:5c:b5:23:a1:51:fd:fd:f4:4c:f8:63:45:5e:d5:
30:5d:ad:98:28:d8:01:aa:48:95:37:a3:51:77:6b:ee:f6:87:
3f:b3:0f:38:df:1a:c9:ae:39:40:9a:fe:4e:82:2b:67:5d:71:
81:c8:a3:4b:74:fa:4c:8a:02:62:2e:fc:98:89:88:49:b3:b4:
86:c9:54:5c:9a:b3:92:05:07:98:a2:e2:99:e7:01:e5:d9:cd:
a4:8f:c5:e8:2e:6f:e4:a2:f3:94:66:5d:72:36:e1:c8:92:fa:
ca:42:a9:5e:2c:df:2d:41:b7:2f:af:a3:cc:b3:2c:d2:fe:7b:
c0:5f:f6:64:48:1a:6d:c4:e9:94:0b:f4:77:bf:2d:b0:59:1a:
3c:ec:b7:f3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZB40Fj56eVpLlX/6UyiDEAEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZDc5ZDIwZDc2YTlkZGIwNzViOTRmOWYwMDA1MmFiMjE4
Mjc2YjcwHhcNMjQwNzAzMTMzNzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDMyYThkMmI2ODQ5ZWMwYTk4MmE2ZjE4ZDQ3Njc3OWJmODc5YWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5wz6wfjqQlJoVkCTrCohJDOwoZ4s
ulmtTjn+UaBjcNeaIXMHxSRv2dUBRjPbSESmdvZ+I3MlC2frgfjUg5mEQHGkMK6C
kcACoTOjT6vGUQHJRDFDsMng1X6v4VFvLP8H/8SL7BpzGOQSeQbjZqDXyUc7yXPd
5q5WSJba2ZNyFFAWndC88XwMdFxt5Ztasxv4mZNLcsLmcLTo3e5H8l5nXc7LbfI9
U/2qHNmbYs2JZfQyzt1mhmRc7KU3IzWwNwNOyaPLMWOhIPXc55WnlRQd5UsnLptZ
cCiYeySf484nJ2+HM4M/YRJiRxkGFXGmKkWOExy8l+c0pcNEJmRwPqndfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJQyqNK2hJ7AqYKm8Y1HZ3m/h5rBMB8GA1UdIwQY
MBaAFAjXnSDXap3bB1uU+fAAUqshgna3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ05lZElOZHFuZHNIVzVUNThBQlNxeUdDZHJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8zNzEwOWQtMTMzNy00YjJkLWJjMWIt
NDhkYzg4YjU2MDIwLzEvbERLbzByYUVuc0NwZ3FieGpVZG5lYi1IbXNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8zNzEwOWQtMTMzNy00YjJkLWJjMWItNDhkYzg4YjU2MDIw
LzEvQ05lZElOZHFuZHNIVzVUNThBQlNxeUdDZHJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEPmxAAwQD
PmxYMA0GCSqGSIb3DQEBCwUAA4IBAQCd//EjbUBlv86VmbOTPmWcFNq8svv8OA5N
+VjYH8D2QHDBqPAZ3epil9SkxFKzCvL0+Ec50TXfEeOJiA5IqJ0EzSsunZNzTDpM
MctcjHBdffcV09emT+ab9xJSgPuakW54JMyj/konAHXWob0f6jUNXLUjoVH9/fRM
+GNFXtUwXa2YKNgBqkiVN6NRd2vu9oc/sw843xrJrjlAmv5OgitnXXGByKNLdPpM
igJiLvyYiYhJs7SGyVRcmrOSBQeYouKZ5wHl2c2kj8XoLm/kovOUZl1yNuHIkvrK
QqleLN8tQbcvr6PMsyzS/nvAX/ZkSBptxOmUC/R3vy2wWRo87Lfz
-----END CERTIFICATE-----
Generated at Thu May 1 07:57:45 2025 by rpki-client