Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/oRnOW5AQRUt4ZjdKR8azTR8d3cs.roa
File: oRnOW5AQRUt4ZjdKR8azTR8d3cs.roa (raw, json)
Hash identifier: J1Ps3E0EkXYzlQU7caOg50GsB44bR3QhX+kJrw6pOpo=
Subject key identifier: A1:19:CE:5B:90:10:45:4B:78:66:37:4A:47:C6:B3:4D:1F:1D:DD:CB
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 018441D6D8A1E78C999AE173CB71D4184E2E
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/oRnOW5AQRUt4ZjdKR8azTR8d3cs.roa
Signing time: Fri 04 Nov 2022 08:51:49 +0000
ROA not before: Fri 04 Nov 2022 08:51:49 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60602
IP address blocks: 62.182.168.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:41:d6:d8:a1:e7:8c:99:9a:e1:73:cb:71:d4:18:4e:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Nov 4 08:51:49 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a119ce5b9010454b7866374a47c6b34d1f1dddcb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:03:80:80:fb:d3:f9:48:0a:3f:01:36:ce:85:
a3:bd:54:6c:0e:5f:fc:bc:2e:33:5a:4f:df:93:54:
07:e9:f3:5c:b8:b7:4c:8f:f6:37:a1:4c:55:27:8a:
86:07:e3:15:ab:cd:9c:d0:36:96:05:a7:f0:97:7b:
a0:3b:0b:a0:a9:c7:85:ab:9b:e4:2f:56:84:62:9b:
85:62:1b:7c:04:88:dc:37:86:b6:fa:ab:3b:be:77:
54:0f:89:cc:71:1e:5a:50:25:17:11:61:c7:cf:73:
87:48:97:58:3a:c4:94:b9:f5:9a:87:f1:6e:01:dd:
c1:f5:ab:87:e6:94:f5:3d:5f:d5:55:a5:e9:d0:63:
38:af:01:b8:e4:48:55:a2:c2:f8:f5:4f:90:1d:b2:
2d:53:63:6e:dd:09:7b:32:e7:3b:18:a1:4e:0a:3e:
66:34:b0:53:61:6a:87:f9:c7:d4:ae:34:b5:b0:5a:
c6:aa:b2:98:53:a2:2f:6f:eb:ed:90:8f:61:6c:b1:
b3:81:9d:6f:17:a1:72:cd:a4:8e:e7:d0:d9:d9:d6:
87:9d:1b:d9:74:46:ac:36:96:0e:55:96:b9:e6:fa:
99:e4:38:96:fa:e6:ff:b5:46:30:9d:85:05:d1:e3:
85:b7:25:57:20:12:e7:75:b4:d2:6f:28:4e:77:ea:
69:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:19:CE:5B:90:10:45:4B:78:66:37:4A:47:C6:B3:4D:1F:1D:DD:CB
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/oRnOW5AQRUt4ZjdKR8azTR8d3cs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.182.168.0/23
Signature Algorithm: sha256WithRSAEncryption
65:d5:43:8d:2d:bd:c4:56:79:5a:11:7f:98:41:29:b6:2b:47:
7c:cc:28:99:23:54:12:2d:bc:ef:f9:68:0d:83:46:dc:9e:ce:
dd:44:ed:11:06:9d:e7:71:92:97:77:a3:7f:a3:41:0e:82:2c:
77:43:b2:41:de:24:7f:ed:b3:af:b3:ed:13:f0:38:f8:d9:74:
76:7c:f8:9c:1e:3a:90:9c:84:31:71:18:7f:e1:96:06:ff:f3:
c6:8e:af:4a:43:57:64:33:97:b3:21:88:61:5a:b2:b3:34:f5:
ef:51:f0:27:43:fb:eb:2c:db:e3:03:ad:c4:01:d8:d3:41:95:
d5:ca:75:0d:6b:31:d0:50:b3:8f:79:3f:92:29:35:cf:47:93:
b1:54:0f:2b:12:42:2d:8b:65:3a:fd:12:e8:c9:0f:3b:1e:9a:
ce:11:83:ed:90:41:13:b6:93:9e:53:db:86:4e:51:04:e2:55:
f1:a9:ca:fd:22:c5:7f:91:13:9e:eb:d3:43:ba:58:df:cf:df:
74:d0:19:65:1e:16:df:4d:c8:91:93:a7:55:7e:71:64:54:b1:
39:1a:4a:3f:c7:06:da:32:e1:3e:47:46:e7:49:e0:64:60:fd:
d9:86:89:63:ee:84:52:72:63:41:fc:da:e4:fc:26:d4:2e:20:
20:a4:1e:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYRB1tih54yZmuFzy3HUGE4uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjIxMTA0MDg1MTQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTE5Y2U1YjkwMTA0NTRiNzg2NjM3NGE0N2M2YjM0ZDFmMWRkZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQOAgPvT+UgKPwE2zoWjvVRsDl/8
vC4zWk/fk1QH6fNcuLdMj/Y3oUxVJ4qGB+MVq82c0DaWBafwl3ugOwugqceFq5vk
L1aEYpuFYht8BIjcN4a2+qs7vndUD4nMcR5aUCUXEWHHz3OHSJdYOsSUufWah/Fu
Ad3B9auH5pT1PV/VVaXp0GM4rwG45EhVosL49U+QHbItU2Nu3Ql7Muc7GKFOCj5m
NLBTYWqH+cfUrjS1sFrGqrKYU6Ivb+vtkI9hbLGzgZ1vF6FyzaSO59DZ2daHnRvZ
dEasNpYOVZa55vqZ5DiW+ub/tUYwnYUF0eOFtyVXIBLndbTSbyhOd+ppqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEZzluQEEVLeGY3SkfGs00fHd3LMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvb1JuT1c1QVFSVXQ0WmpkS1I4YXpUUjhkM2NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPraoMA0G
CSqGSIb3DQEBCwUAA4IBAQBl1UONLb3EVnlaEX+YQSm2K0d8zCiZI1QSLbzv+WgN
g0bcns7dRO0RBp3ncZKXd6N/o0EOgix3Q7JB3iR/7bOvs+0T8Dj42XR2fPicHjqQ
nIQxcRh/4ZYG//PGjq9KQ1dkM5ezIYhhWrKzNPXvUfAnQ/vrLNvjA63EAdjTQZXV
ynUNazHQULOPeT+SKTXPR5OxVA8rEkIti2U6/RLoyQ87HprOEYPtkEETtpOeU9uG
TlEE4lXxqcr9IsV/kROe69NDuljfz9900BllHhbfTciRk6dVfnFkVLE5Gko/xwba
MuE+R0bnSeBkYP3Zholj7oRScmNB/Nrk/CbULiAgpB6P
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:40:23 2025 by rpki-client