Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/jVRRFOrnj6DHTBs2TrgiOc8SjtU.roa
File: jVRRFOrnj6DHTBs2TrgiOc8SjtU.roa (raw, json)
Hash identifier: BcktOUxZk2zGv+D/na77Wg9C0RAH2ZKrWSSzpnrsh64=
Subject key identifier: 8D:54:51:14:EA:E7:8F:A0:C7:4C:1B:36:4E:B8:22:39:CF:12:8E:D5
Certificate issuer: /CN=a3717ea54b95942fad81a943edb1c10f9df94afb
Certificate serial: 019420D5D3BC497C86449F8166757E1B6266
Authority key identifier: A3:71:7E:A5:4B:95:94:2F:AD:81:A9:43:ED:B1:C1:0F:9D:F9:4A:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/o3F-pUuVlC-tgalD7bHBD535Svs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/jVRRFOrnj6DHTBs2TrgiOc8SjtU.roa
Signing time: Wed 01 Jan 2025 07:47:51 +0000
ROA not before: Wed 01 Jan 2025 07:47:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56911
IP address blocks: 185.47.136.0/24 maxlen: 24
185.47.137.0/24 maxlen: 24
185.47.139.0/24 maxlen: 24
185.139.180.0/24 maxlen: 24
195.177.112.0/24 maxlen: 24
195.177.113.0/24 maxlen: 24
195.177.115.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d5:d3:bc:49:7c:86:44:9f:81:66:75:7e:1b:62:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a3717ea54b95942fad81a943edb1c10f9df94afb
Validity
Not Before: Jan 1 07:47:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8d545114eae78fa0c74c1b364eb82239cf128ed5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:ed:7b:b8:c3:20:f1:59:9a:40:50:1e:87:ea:
9a:b1:24:c9:40:a2:4c:29:30:8f:ff:8c:73:42:d5:
6d:66:fa:15:dd:ca:5c:02:7f:05:be:bd:1b:e2:6f:
29:2d:9e:5b:e8:0b:11:ba:14:2f:63:a7:02:74:ce:
43:71:db:0d:d8:9a:40:be:2b:82:93:1d:bc:0f:c0:
7a:0f:16:a2:8e:04:50:28:68:92:e4:b8:77:b2:15:
8f:02:9c:9f:57:ad:93:19:68:f7:3e:57:ec:8a:eb:
60:62:8d:3c:d2:01:9c:47:d6:4a:f6:79:3f:36:25:
8e:40:18:14:39:c5:c7:5f:9b:22:f6:a7:f9:d1:89:
8a:f8:df:e0:70:1a:46:b3:71:e7:05:47:b9:a4:85:
55:8e:a5:e9:92:d9:e3:20:c9:bc:63:82:73:49:59:
15:62:4f:b0:6c:27:3a:32:bf:50:a7:39:40:64:12:
79:bc:3a:cc:ec:37:90:32:ed:4d:f4:f7:a5:b8:7b:
e1:07:5f:8a:57:3b:cb:3e:1c:dd:9b:bd:23:a7:f4:
af:3e:2b:4b:34:50:07:e2:6d:dd:51:29:14:1f:03:
36:3c:f0:40:4a:4f:64:44:90:e3:bd:b6:33:4d:de:
6f:90:0d:ef:07:c3:a5:d4:05:35:00:49:38:2c:95:
97:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:54:51:14:EA:E7:8F:A0:C7:4C:1B:36:4E:B8:22:39:CF:12:8E:D5
X509v3 Authority Key Identifier:
keyid:A3:71:7E:A5:4B:95:94:2F:AD:81:A9:43:ED:B1:C1:0F:9D:F9:4A:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o3F-pUuVlC-tgalD7bHBD535Svs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/jVRRFOrnj6DHTBs2TrgiOc8SjtU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/b548d5-82fe-46c2-b997-157ad0ac520a/1/o3F-pUuVlC-tgalD7bHBD535Svs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.47.136.0/23
185.47.139.0/24
185.139.180.0/24
195.177.112.0/23
195.177.115.0/24
Signature Algorithm: sha256WithRSAEncryption
63:48:50:d7:57:4f:bc:e3:7a:87:8b:13:18:9b:bb:e9:00:2f:
be:6b:65:7c:f7:dd:ad:e6:bd:28:4e:21:bb:86:b8:53:34:e8:
21:3f:80:45:5b:8a:b9:39:21:d8:6a:ec:15:fe:1b:87:01:88:
a2:8c:ed:f2:3b:90:e1:09:1b:7e:65:32:5c:0c:5d:fc:ee:17:
f6:86:55:9a:b9:0e:ff:f9:a0:22:44:73:d9:d1:d5:64:77:b5:
33:c2:07:b6:37:37:c4:fe:65:11:74:cb:fa:97:6c:fc:06:85:
e7:4c:05:79:e1:d0:af:71:1d:27:e9:33:68:de:38:e5:e6:d7:
59:a9:35:92:ff:c8:7c:9b:a8:2c:b1:61:b5:e6:f4:53:dc:c2:
68:b8:ad:6b:91:2a:a7:87:0a:51:58:8d:e1:13:7a:ff:7d:e2:
1a:39:c4:fa:d5:55:e4:1e:d9:73:5f:1a:b2:c1:31:48:a8:a5:
30:5b:a4:57:5d:40:5b:04:b4:fb:56:3e:ad:8b:f6:7a:1d:55:
13:50:74:7f:fb:e5:1d:01:8c:4e:11:46:73:94:a7:ff:38:f1:
65:52:69:81:2b:6b:2d:4a:e2:5a:f9:11:77:e3:76:8d:c4:2f:
ae:47:6e:0e:c5:64:ff:02:ad:31:d5:f0:f8:dc:1d:30:81:7a:
46:9c:ad:2c
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQg1dO8SXyGRJ+BZnV+G2JmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNzE3ZWE1NGI5NTk0MmZhZDgxYTk0M2VkYjFjMTBmOWRm
OTRhZmIwHhcNMjUwMTAxMDc0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDU0NTExNGVhZTc4ZmEwYzc0YzFiMzY0ZWI4MjIzOWNmMTI4ZWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxu17uMMg8VmaQFAeh+qasSTJQKJM
KTCP/4xzQtVtZvoV3cpcAn8Fvr0b4m8pLZ5b6AsRuhQvY6cCdM5DcdsN2JpAviuC
kx28D8B6DxaijgRQKGiS5Lh3shWPApyfV62TGWj3PlfsiutgYo080gGcR9ZK9nk/
NiWOQBgUOcXHX5si9qf50YmK+N/gcBpGs3HnBUe5pIVVjqXpktnjIMm8Y4JzSVkV
Yk+wbCc6Mr9QpzlAZBJ5vDrM7DeQMu1N9PeluHvhB1+KVzvLPhzdm70jp/SvPitL
NFAH4m3dUSkUHwM2PPBASk9kRJDjvbYzTd5vkA3vB8Ol1AU1AEk4LJWXIQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFI1UURTq54+gx0wbNk64IjnPEo7VMB8GA1UdIwQY
MBaAFKNxfqVLlZQvrYGpQ+2xwQ+d+Ur7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzNGLXBVdVZsQy10Z2FsRDdiSEJENTM1U3ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9iNTQ4ZDUtODJmZS00NmMyLWI5OTct
MTU3YWQwYWM1MjBhLzEvalZSUkZPcm5qNkRIVEJzMlRyZ2lPYzhTanRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9iNTQ4ZDUtODJmZS00NmMyLWI5OTctMTU3YWQwYWM1MjBh
LzEvbzNGLXBVdVZsQy10Z2FsRDdiSEJENTM1U3ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBuS+IAwQA
uS+LAwQAuYu0AwQBw7FwAwQAw7FzMA0GCSqGSIb3DQEBCwUAA4IBAQBjSFDXV0+8
43qHixMYm7vpAC++a2V8992t5r0oTiG7hrhTNOghP4BFW4q5OSHYauwV/huHAYii
jO3yO5DhCRt+ZTJcDF387hf2hlWauQ7/+aAiRHPZ0dVkd7Uzwge2NzfE/mURdMv6
l2z8BoXnTAV54dCvcR0n6TNo3jjl5tdZqTWS/8h8m6gssWG15vRT3MJouK1rkSqn
hwpRWI3hE3r/feIaOcT61VXkHtlzXxqywTFIqKUwW6RXXUBbBLT7Vj6ti/Z6HVUT
UHR/++UdAYxOEUZzlKf/OPFlUmmBK2stSuJa+RF343aNxC+uR24OxWT/Aq0x1fD4
3B0wgXpGnK0s
-----END CERTIFICATE-----
Generated at Sun Apr 13 00:46:00 2025 by rpki-client