Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/0EvNetSY48GJp-IViqa--lf5WYA.roa
File: 0EvNetSY48GJp-IViqa--lf5WYA.roa (raw, json)
Hash identifier: 1r2oBDppmeEvS5k2c5oKU32o+ndTbG2hV5n6C3Yc5N4=
Subject key identifier: D0:4B:CD:7A:D4:98:E3:C1:89:A7:E2:15:8A:A6:BE:FA:57:F9:59:80
Certificate issuer: /CN=a3717ea54b95942fad81a943edb1c10f9df94afb
Certificate serial: 01888B5F33EA89F766506256A41EECC8FDB4
Authority key identifier: A3:71:7E:A5:4B:95:94:2F:AD:81:A9:43:ED:B1:C1:0F:9D:F9:4A:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/o3F-pUuVlC-tgalD7bHBD535Svs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/0EvNetSY48GJp-IViqa--lf5WYA.roa
Signing time: Mon 05 Jun 2023 11:44:12 +0000
ROA not before: Mon 05 Jun 2023 11:44:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 56911
IP address blocks: 185.139.180.0/24 maxlen: 24
195.177.112.0/24 maxlen: 24
195.177.114.0/24 maxlen: 24
195.177.113.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:8b:5f:33:ea:89:f7:66:50:62:56:a4:1e:ec:c8:fd:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a3717ea54b95942fad81a943edb1c10f9df94afb
Validity
Not Before: Jun 5 11:44:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d04bcd7ad498e3c189a7e2158aa6befa57f95980
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:ad:e9:e4:b9:1d:2b:83:2c:db:fc:20:04:22:
61:1a:1e:80:d3:6c:0f:54:98:5b:81:d6:97:4f:19:
2d:99:1f:de:e7:fb:5e:f5:b6:03:2f:88:b4:c5:e0:
ad:3c:50:24:8c:83:2d:c5:6d:b9:b6:ff:cc:8c:f5:
86:fb:6c:7e:1c:4e:ee:5e:2e:f5:47:af:0a:7c:84:
e6:d4:1a:2e:df:d4:6c:83:fa:fe:e5:7e:63:f3:ac:
a0:fb:a9:fd:15:d5:e6:91:c1:47:18:6b:c2:4a:25:
c0:63:0b:8a:7d:76:f5:12:ec:48:38:5d:01:56:89:
8e:25:fb:29:3a:2c:60:68:23:1d:63:e9:1d:62:02:
ae:9d:e9:e8:f0:e2:97:96:7d:f8:d6:a0:f2:d6:2f:
02:89:eb:a6:75:e1:5f:49:8a:c7:c9:56:ae:20:ea:
a5:e0:a2:e3:6e:55:a2:6b:a0:f1:54:36:86:bf:9b:
18:90:fb:6e:d5:3f:c4:2d:dd:e3:40:f0:1d:49:8a:
2c:97:02:bd:92:0a:c7:86:70:96:05:a3:d3:7e:ff:
5d:9b:04:be:c9:a7:5f:50:bd:57:94:35:ad:41:6f:
2a:41:e0:02:5d:4d:47:20:7d:2d:2c:33:98:33:ab:
69:c5:0f:cb:af:ec:ca:36:f1:a3:a0:06:7c:5f:4d:
f1:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:4B:CD:7A:D4:98:E3:C1:89:A7:E2:15:8A:A6:BE:FA:57:F9:59:80
X509v3 Authority Key Identifier:
keyid:A3:71:7E:A5:4B:95:94:2F:AD:81:A9:43:ED:B1:C1:0F:9D:F9:4A:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o3F-pUuVlC-tgalD7bHBD535Svs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/0EvNetSY48GJp-IViqa--lf5WYA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/o3F-pUuVlC-tgalD7bHBD535Svs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.139.180.0/24
195.177.112.0-195.177.114.255
Signature Algorithm: sha256WithRSAEncryption
61:9b:03:af:bf:a5:02:57:ec:16:de:d9:1f:04:a8:80:8f:a2:
06:5b:64:af:06:44:32:c3:5d:2e:ec:9b:93:c5:40:3a:f7:67:
2d:e8:54:d9:aa:74:aa:54:64:15:88:43:38:87:08:a8:0c:6d:
84:1d:76:dc:32:38:1f:6f:a3:36:f4:11:4c:9e:4c:0d:f4:ad:
fe:72:c9:68:d1:fe:b9:f0:3e:3f:4f:be:7f:fd:62:b2:67:3a:
23:30:68:04:35:04:d7:c4:41:fa:0c:cb:d1:c7:de:b1:41:81:
f2:58:6f:d6:10:01:b9:5c:01:fc:8f:86:63:ba:12:39:b6:e7:
b3:c2:8f:72:ed:99:5e:00:6b:c5:9f:71:2a:e5:fa:1a:ee:2c:
78:2c:1b:a3:c7:c0:33:ce:49:7d:0c:2e:15:73:57:b8:53:66:
87:02:e9:38:3e:43:6e:35:c0:48:5e:03:b2:c4:2e:3a:cd:0c:
75:3d:ae:42:27:b6:c2:73:53:9c:72:42:2b:2b:62:e1:15:42:
7b:57:e8:de:8a:e6:32:20:45:a4:53:12:97:b7:39:35:ea:41:
e6:8f:61:89:f4:11:e8:d0:3d:e9:3f:e9:b8:91:27:b2:0f:22:
df:46:ea:fc:a1:e2:cb:47:4f:aa:32:a7:87:68:c3:ac:44:88:
48:72:5d:74
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYiLXzPqifdmUGJWpB7syP20MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNzE3ZWE1NGI5NTk0MmZhZDgxYTk0M2VkYjFjMTBmOWRm
OTRhZmIwHhcNMjMwNjA1MTE0NDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDRiY2Q3YWQ0OThlM2MxODlhN2UyMTU4YWE2YmVmYTU3Zjk1OTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh63p5LkdK4Ms2/wgBCJhGh6A02wP
VJhbgdaXTxktmR/e5/te9bYDL4i0xeCtPFAkjIMtxW25tv/MjPWG+2x+HE7uXi71
R68KfITm1Bou39Rsg/r+5X5j86yg+6n9FdXmkcFHGGvCSiXAYwuKfXb1EuxIOF0B
VomOJfspOixgaCMdY+kdYgKuneno8OKXln341qDy1i8CieumdeFfSYrHyVauIOql
4KLjblWia6DxVDaGv5sYkPtu1T/ELd3jQPAdSYoslwK9kgrHhnCWBaPTfv9dmwS+
yadfUL1XlDWtQW8qQeACXU1HIH0tLDOYM6tpxQ/Lr+zKNvGjoAZ8X03x/QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFNBLzXrUmOPBiafiFYqmvvpX+VmAMB8GA1UdIwQY
MBaAFKNxfqVLlZQvrYGpQ+2xwQ+d+Ur7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzNGLXBVdVZsQy10Z2FsRDdiSEJENTM1U3ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9iNTQ4ZDUtODJmZS00NmMyLWI5OTct
MTU3YWQwYWM1MjBhLzEvMEV2TmV0U1k0OEdKcC1JVmlxYS0tbGY1V1lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9iNTQ4ZDUtODJmZS00NmMyLWI5OTctMTU3YWQwYWM1MjBh
LzEvbzNGLXBVdVZsQy10Z2FsRDdiSEJENTM1U3ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAuYu0MAwD
BATDsXADBADDsXIwDQYJKoZIhvcNAQELBQADggEBAGGbA6+/pQJX7Bbe2R8EqICP
ogZbZK8GRDLDXS7sm5PFQDr3Zy3oVNmqdKpUZBWIQziHCKgMbYQddtwyOB9vozb0
EUyeTA30rf5yyWjR/rnwPj9Pvn/9YrJnOiMwaAQ1BNfEQfoMy9HH3rFBgfJYb9YQ
AblcAfyPhmO6Ejm257PCj3LtmV4Aa8WfcSrl+hruLHgsG6PHwDPOSX0MLhVzV7hT
ZocC6Tg+Q241wEheA7LELjrNDHU9rkIntsJzU5xyQisrYuEVQntX6N6K5jIgRaRT
Epe3OTXqQeaPYYn0EejQPek/6biRJ7IPIt9G6vyh4stHT6oyp4dow6xEiEhyXXQ=
-----END CERTIFICATE-----
Generated at Tue Apr 8 05:46:08 2025 by rpki-client