Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/8bdd00-7943-4584-84f3-3b242d54e788/1/LMKXb5r_ass6Lzs42Z5OVQSjnz0.roa
File: LMKXb5r_ass6Lzs42Z5OVQSjnz0.roa (raw, json)
Hash identifier: lkFtkh+qe1EUFjGh5d5HGlFzyxZEgwfduOBNlFW151c=
Subject key identifier: 2C:C2:97:6F:9A:FF:6A:CB:3A:2F:3B:38:D9:9E:4E:55:04:A3:9F:3D
Certificate issuer: /CN=63062302b438592376c4264f49dc5e673edb2cfb
Certificate serial: 0185A10A4A9747D0EAF9A6E1609443A98ACB
Authority key identifier: 63:06:23:02:B4:38:59:23:76:C4:26:4F:49:DC:5E:67:3E:DB:2C:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YwYjArQ4WSN2xCZPSdxeZz7bLPs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/26/8bdd00-7943-4584-84f3-3b242d54e788/1/LMKXb5r_ass6Lzs42Z5OVQSjnz0.roa
Signing time: Wed 11 Jan 2023 13:34:44 +0000
ROA not before: Wed 11 Jan 2023 13:34:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200229
IP address blocks: 2001:67c:b78::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:a1:0a:4a:97:47:d0:ea:f9:a6:e1:60:94:43:a9:8a:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63062302b438592376c4264f49dc5e673edb2cfb
Validity
Not Before: Jan 11 13:34:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2cc2976f9aff6acb3a2f3b38d99e4e5504a39f3d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:21:5d:8d:c8:f1:4d:6d:20:59:2a:33:54:f4:
66:f1:e4:42:37:6f:41:3c:96:7f:58:37:9f:02:84:
4d:ad:65:ab:56:61:8d:dc:5c:7a:37:4b:73:8e:fd:
59:da:d9:74:52:8d:91:1c:5c:da:4d:3c:03:60:71:
00:ad:98:84:ba:ac:40:cc:85:f0:70:6d:1b:ce:a9:
0e:cf:0f:4d:9e:92:c2:c9:db:68:88:cc:7a:12:51:
15:28:45:bc:45:b8:e2:e0:a3:ea:11:5e:ac:cf:f9:
3f:fa:57:5c:9c:f9:28:31:02:47:6f:03:8f:aa:3c:
c0:81:c2:84:73:ca:60:19:c7:69:9a:73:a9:06:e7:
4f:55:87:3b:1a:39:65:fb:c1:1e:d7:d4:fd:f1:01:
14:0e:c1:98:ba:f7:f2:34:88:f3:bd:2b:91:c1:b1:
80:82:50:1c:8a:2a:55:b8:9c:f5:92:40:eb:e2:59:
89:6c:4a:50:7c:08:8b:00:85:bf:82:5f:76:f4:1d:
51:3a:2f:19:35:18:10:78:67:23:b0:18:57:b0:85:
86:2a:02:d1:e0:ae:8c:78:b7:a2:ed:14:5a:5d:f9:
26:93:8b:b2:d3:45:95:51:97:c6:4b:6a:d7:2e:63:
0f:28:5b:f5:9a:e4:b9:0a:ba:38:17:e5:c0:0a:4d:
73:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:C2:97:6F:9A:FF:6A:CB:3A:2F:3B:38:D9:9E:4E:55:04:A3:9F:3D
X509v3 Authority Key Identifier:
keyid:63:06:23:02:B4:38:59:23:76:C4:26:4F:49:DC:5E:67:3E:DB:2C:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YwYjArQ4WSN2xCZPSdxeZz7bLPs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/8bdd00-7943-4584-84f3-3b242d54e788/1/LMKXb5r_ass6Lzs42Z5OVQSjnz0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/26/8bdd00-7943-4584-84f3-3b242d54e788/1/YwYjArQ4WSN2xCZPSdxeZz7bLPs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:b78::/48
Signature Algorithm: sha256WithRSAEncryption
20:a3:73:26:55:c6:db:85:f1:69:ff:f9:4d:fc:09:4d:b4:4f:
a5:bf:f2:81:4e:94:59:78:44:ef:bc:52:7e:7d:74:da:ef:e8:
53:92:1f:cb:ae:04:1b:41:6e:34:ee:86:d8:6c:9a:84:3d:49:
60:ed:21:bb:94:3c:7b:bd:0c:5b:aa:25:85:0e:87:ea:25:58:
11:46:e4:1a:35:ed:ba:00:dd:59:a1:13:2e:d0:14:9b:f8:86:
0b:47:b4:74:3b:4c:a4:89:41:71:ea:b2:62:c7:5e:d5:a9:dd:
b1:58:ba:ec:de:9a:79:b7:4b:e5:f3:29:fc:aa:ed:37:c2:5c:
98:da:27:b8:99:df:91:b6:a5:2c:b9:ae:b3:44:37:2f:0a:c1:
71:c5:b0:24:05:41:bd:7d:37:5f:d7:6b:a9:06:53:6e:30:8d:
cf:2b:de:de:9d:17:02:c9:71:da:87:b3:fa:f3:bc:b1:a8:7c:
94:60:e3:94:1a:b3:13:05:13:8a:6f:07:36:ab:bd:f1:f1:3c:
0b:e6:a0:82:f8:0d:b8:40:b9:04:62:d0:ee:22:26:d4:84:0c:
14:7c:50:c7:bd:bc:86:12:31:82:1c:b1:1e:db:93:b4:8b:4f:
04:0f:b5:cd:d8:8b:e4:a6:48:0c:b4:35:9e:f7:1e:73:2f:eb:
a1:27:09:77
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYWhCkqXR9Dq+abhYJRDqYrLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMDYyMzAyYjQzODU5MjM3NmM0MjY0ZjQ5ZGM1ZTY3M2Vk
YjJjZmIwHhcNMjMwMTExMTMzNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2MyOTc2ZjlhZmY2YWNiM2EyZjNiMzhkOTllNGU1NTA0YTM5ZjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSFdjcjxTW0gWSozVPRm8eRCN29B
PJZ/WDefAoRNrWWrVmGN3Fx6N0tzjv1Z2tl0Uo2RHFzaTTwDYHEArZiEuqxAzIXw
cG0bzqkOzw9NnpLCydtoiMx6ElEVKEW8Rbji4KPqEV6sz/k/+ldcnPkoMQJHbwOP
qjzAgcKEc8pgGcdpmnOpBudPVYc7Gjll+8Ee19T98QEUDsGYuvfyNIjzvSuRwbGA
glAciipVuJz1kkDr4lmJbEpQfAiLAIW/gl929B1ROi8ZNRgQeGcjsBhXsIWGKgLR
4K6MeLei7RRaXfkmk4uy00WVUZfGS2rXLmMPKFv1muS5Cro4F+XACk1zNwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCzCl2+a/2rLOi87ONmeTlUEo589MB8GA1UdIwQY
MBaAFGMGIwK0OFkjdsQmT0ncXmc+2yz7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXdZakFyUTRXU04yeENaUFNkeGVaejdiTFBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi84YmRkMDAtNzk0My00NTg0LTg0ZjMt
M2IyNDJkNTRlNzg4LzEvTE1LWGI1cl9hc3M2THpzNDJaNU9WUVNqbnowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi84YmRkMDAtNzk0My00NTg0LTg0ZjMtM2IyNDJkNTRlNzg4
LzEvWXdZakFyUTRXU04yeENaUFNkeGVaejdiTFBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAt4
MA0GCSqGSIb3DQEBCwUAA4IBAQAgo3MmVcbbhfFp//lN/AlNtE+lv/KBTpRZeETv
vFJ+fXTa7+hTkh/LrgQbQW407obYbJqEPUlg7SG7lDx7vQxbqiWFDofqJVgRRuQa
Ne26AN1ZoRMu0BSb+IYLR7R0O0ykiUFx6rJix17Vqd2xWLrs3pp5t0vl8yn8qu03
wlyY2ie4md+RtqUsua6zRDcvCsFxxbAkBUG9fTdf12upBlNuMI3PK97enRcCyXHa
h7P687yxqHyUYOOUGrMTBROKbwc2q73x8TwL5qCC+A24QLkEYtDuIibUhAwUfFDH
vbyGEjGCHLEe25O0i08ED7XN2IvkpkgMtDWe9x5zL+uhJwl3
-----END CERTIFICATE-----
Generated at Fri Apr 18 16:18:22 2025 by rpki-client