Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/febb18-e78a-4d12-80a2-944ce7eeb154/1/X4bPuEcikFX-tKiX8ROqRPr5THQ.roa
File: X4bPuEcikFX-tKiX8ROqRPr5THQ.roa (raw, json)
Hash identifier: 3bmoESpldJdKKMiAx4Anw+/HKA4MbrlvJZV3PwNI/As=
Subject key identifier: 5F:86:CF:B8:47:22:90:55:FE:B4:A8:97:F1:13:AA:44:FA:F9:4C:74
Certificate issuer: /CN=ad5eda0a1e7479c4ca78fe41c58d17e9d13b67aa
Certificate serial: 018CC7274631F9FA36334389F98E749A370E
Authority key identifier: AD:5E:DA:0A:1E:74:79:C4:CA:78:FE:41:C5:8D:17:E9:D1:3B:67:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rV7aCh50ecTKeP5BxY0X6dE7Z6o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/febb18-e78a-4d12-80a2-944ce7eeb154/1/X4bPuEcikFX-tKiX8ROqRPr5THQ.roa
Signing time: Mon 01 Jan 2024 22:31:28 +0000
ROA not before: Mon 01 Jan 2024 22:31:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 25229
IP address blocks: 77.120.192.0/21 maxlen: 22
77.120.200.0/21 maxlen: 22
77.120.208.0/21 maxlen: 22
77.120.112.0/22 maxlen: 22
77.120.128.0/18 maxlen: 24
109.201.232.0/22 maxlen: 23
77.121.17.0/24 maxlen: 24
77.121.16.0/24 maxlen: 24
77.121.15.0/24 maxlen: 24
109.201.228.0/22 maxlen: 23
77.121.13.0/24 maxlen: 24
109.201.227.0/24 maxlen: 24
77.121.12.0/24 maxlen: 24
77.121.18.0/24 maxlen: 24
77.121.19.0/24 maxlen: 24
77.121.24.0/24 maxlen: 24
77.121.23.0/24 maxlen: 24
77.121.22.0/24 maxlen: 24
109.201.238.0/23 maxlen: 24
77.121.21.0/24 maxlen: 24
109.201.236.0/23 maxlen: 24
77.121.20.0/24 maxlen: 24
77.121.30.0/24 maxlen: 24
77.121.29.0/24 maxlen: 24
77.121.28.0/24 maxlen: 24
109.201.240.0/20 maxlen: 21
77.121.26.0/24 maxlen: 24
77.121.25.0/24 maxlen: 24
77.121.64.0/21 maxlen: 22
77.120.216.0/22 maxlen: 23
77.120.224.0/20 maxlen: 21
77.120.220.0/22 maxlen: 23
77.120.240.0/20 maxlen: 21
77.120.248.0/21 maxlen: 22
77.121.0.0/21 maxlen: 22
109.201.226.0/24 maxlen: 24
109.201.225.0/24 maxlen: 24
109.201.224.0/24 maxlen: 24
77.121.8.0/22 maxlen: 23
77.120.52.0/22 maxlen: 23
77.120.64.0/21 maxlen: 22
77.120.60.0/22 maxlen: 23
77.120.72.0/21 maxlen: 22
77.120.80.0/20 maxlen: 21
77.120.96.0/19 maxlen: 20
77.120.4.0/24 maxlen: 24
77.120.0.0/20 maxlen: 21
77.120.6.0/24 maxlen: 24
77.120.16.0/20 maxlen: 21
77.120.32.0/20 maxlen: 21
93.73.0.0/16 maxlen: 17
93.72.0.0/16 maxlen: 17
93.72.0.0/15 maxlen: 16
95.69.232.0/24 maxlen: 24
141.170.244.0/22 maxlen: 23
141.170.250.0/23 maxlen: 24
141.170.248.0/23 maxlen: 24
141.170.248.0/21 maxlen: 22
95.69.240.0/21 maxlen: 22
95.69.253.0/24 maxlen: 24
95.69.252.0/24 maxlen: 24
95.69.255.0/24 maxlen: 24
95.69.254.0/24 maxlen: 24
82.144.192.0/19 maxlen: 20
77.123.64.0/19 maxlen: 20
77.123.0.0/18 maxlen: 19
77.123.32.0/19 maxlen: 20
77.123.160.0/19 maxlen: 20
95.69.192.0/20 maxlen: 21
141.170.226.0/24 maxlen: 24
141.170.226.0/23 maxlen: 24
141.170.224.0/23 maxlen: 24
95.69.208.0/20 maxlen: 24
141.170.229.0/24 maxlen: 24
141.170.228.0/24 maxlen: 24
141.170.227.0/24 maxlen: 24
141.170.233.0/24 maxlen: 24
141.170.232.0/24 maxlen: 24
141.170.231.0/24 maxlen: 24
141.170.230.0/24 maxlen: 24
141.170.236.0/24 maxlen: 24
141.170.234.0/23 maxlen: 24
141.170.240.0/22 maxlen: 23
141.170.239.0/24 maxlen: 24
141.170.238.0/24 maxlen: 24
141.170.237.0/24 maxlen: 24
95.69.224.0/21 maxlen: 22
77.123.96.0/21 maxlen: 22
77.123.104.0/21 maxlen: 22
95.69.128.0/20 maxlen: 21
95.69.144.0/21 maxlen: 22
77.123.112.0/21 maxlen: 22
95.69.152.0/22 maxlen: 23
77.123.120.0/21 maxlen: 22
77.123.128.0/19 maxlen: 20
95.69.156.0/22 maxlen: 23
95.69.160.0/19 maxlen: 20
77.123.144.0/22 maxlen: 22
188.230.28.0/22 maxlen: 23
188.230.26.0/23 maxlen: 24
188.230.32.0/21 maxlen: 22
188.230.40.0/21 maxlen: 22
188.230.48.0/21 maxlen: 22
188.230.56.0/21 maxlen: 22
188.230.64.0/21 maxlen: 22
188.230.71.0/24 maxlen: 24
188.230.78.0/23 maxlen: 24
188.230.77.0/24 maxlen: 24
188.230.76.0/24 maxlen: 24
77.122.128.0/17 maxlen: 18
188.230.74.0/23 maxlen: 24
188.230.73.0/24 maxlen: 24
188.230.72.0/24 maxlen: 24
188.230.0.0/21 maxlen: 22
188.230.0.0/22 maxlen: 23
188.230.4.0/23 maxlen: 24
188.230.7.0/24 maxlen: 24
188.230.8.0/21 maxlen: 22
188.230.16.0/21 maxlen: 22
188.230.24.0/23 maxlen: 24
77.244.32.0/20 maxlen: 21
188.230.80.0/21 maxlen: 22
188.230.88.0/22 maxlen: 23
188.230.98.0/24 maxlen: 24
188.230.96.0/23 maxlen: 24
188.230.95.0/24 maxlen: 24
188.230.94.0/24 maxlen: 24
188.230.92.0/23 maxlen: 24
188.230.105.0/24 maxlen: 24
188.230.104.0/24 maxlen: 24
188.230.103.0/24 maxlen: 24
188.230.102.0/24 maxlen: 24
188.230.100.0/24 maxlen: 24
188.230.99.0/24 maxlen: 24
188.230.112.0/24 maxlen: 24
188.230.111.0/24 maxlen: 24
188.230.109.0/24 maxlen: 24
188.230.108.0/24 maxlen: 24
188.230.107.0/24 maxlen: 24
188.230.106.0/24 maxlen: 24
188.230.116.0/23 maxlen: 24
188.230.115.0/24 maxlen: 24
188.230.113.0/24 maxlen: 24
77.121.128.0/20 maxlen: 21
77.121.144.0/20 maxlen: 21
77.121.160.0/19 maxlen: 20
77.121.72.0/21 maxlen: 22
77.121.80.0/20 maxlen: 21
77.121.96.0/20 maxlen: 21
77.121.96.0/19 maxlen: 20
77.121.112.0/20 maxlen: 21
77.122.0.0/17 maxlen: 18
77.122.0.0/16 maxlen: 17
77.121.192.0/20 maxlen: 21
77.121.192.0/19 maxlen: 20
77.121.208.0/21 maxlen: 22
77.121.216.0/21 maxlen: 22
77.121.224.0/19 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:27:46:31:f9:fa:36:33:43:89:f9:8e:74:9a:37:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ad5eda0a1e7479c4ca78fe41c58d17e9d13b67aa
Validity
Not Before: Jan 1 22:31:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5f86cfb847229055feb4a897f113aa44faf94c74
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:0d:75:d5:10:6c:86:1b:7e:4e:24:64:6e:68:
70:f0:81:3e:91:39:d5:51:d2:f6:52:8b:e0:59:bb:
8c:f2:76:30:cc:d7:fe:f0:58:ba:10:69:43:0f:d7:
f8:b6:67:ca:f9:9e:32:a6:dc:35:06:26:a8:c5:f7:
ed:23:2e:d8:d8:cb:ee:25:55:8b:df:4b:ef:ce:9d:
db:18:a4:80:bc:ef:70:a2:fa:e7:1a:b2:3e:a7:f4:
a1:f2:ec:62:96:a5:8b:41:c6:19:52:fc:4a:ba:21:
0e:bf:02:44:b0:5f:6c:c0:7e:8d:a3:79:bf:33:6d:
11:3a:ed:07:20:da:68:8e:51:7d:48:be:6f:07:12:
cd:05:86:f8:90:9c:0c:83:0e:af:44:d1:33:12:30:
66:c3:08:8b:72:3d:b3:8e:26:dc:47:2d:3e:f5:90:
ec:e1:68:0d:12:b1:5c:89:2e:ed:4c:bb:e7:bd:a0:
ae:62:6a:26:07:63:12:47:b6:66:6b:da:52:36:e6:
fb:c2:ec:91:fe:91:1d:52:31:e7:c4:b3:84:01:0b:
53:95:90:68:28:bd:c9:41:9f:95:b3:6a:a3:2b:78:
a4:ab:f5:0e:bf:06:5c:d1:8b:63:87:68:17:10:30:
ba:73:22:d4:dd:66:2b:f8:c1:41:4e:fd:96:57:bc:
9c:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:86:CF:B8:47:22:90:55:FE:B4:A8:97:F1:13:AA:44:FA:F9:4C:74
X509v3 Authority Key Identifier:
keyid:AD:5E:DA:0A:1E:74:79:C4:CA:78:FE:41:C5:8D:17:E9:D1:3B:67:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rV7aCh50ecTKeP5BxY0X6dE7Z6o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/febb18-e78a-4d12-80a2-944ce7eeb154/1/X4bPuEcikFX-tKiX8ROqRPr5THQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/febb18-e78a-4d12-80a2-944ce7eeb154/1/rV7aCh50ecTKeP5BxY0X6dE7Z6o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.120.0.0-77.120.47.255
77.120.52.0/22
77.120.60.0-77.121.13.255
77.121.15.0-77.121.26.255
77.121.28.0-77.121.30.255
77.121.64.0-77.123.191.255
77.244.32.0/20
82.144.192.0/19
93.72.0.0/15
95.69.128.0-95.69.232.255
95.69.240.0/21
95.69.252.0/22
109.201.224.0/19
141.170.224.0/19
188.230.0.0-188.230.100.255
188.230.102.0-188.230.109.255
188.230.111.0-188.230.113.255
188.230.115.0-188.230.117.255
Signature Algorithm: sha256WithRSAEncryption
a9:60:60:a2:85:aa:39:5e:8c:58:30:6e:82:e4:7f:ad:84:c6:
a4:1b:08:5d:86:81:da:51:13:5f:fd:7d:c6:c0:d9:fc:cb:26:
8e:26:c9:3a:3b:29:80:27:5d:e6:41:bc:8b:0a:74:a5:fb:1d:
2c:cb:f1:b8:7d:12:ca:eb:0a:b1:72:5b:f5:21:8c:c5:ac:d7:
d0:02:71:3d:52:c5:14:f0:0b:e8:2d:03:b9:4f:e1:26:8f:d0:
6d:ce:1b:6a:33:c4:c1:1d:08:f4:f1:61:be:58:0d:92:a5:43:
1f:32:95:24:b6:f8:b7:7a:1e:06:26:a4:2c:11:06:b9:5a:9f:
6c:36:67:71:09:fe:58:b7:15:c8:c4:47:81:c9:a7:b3:6a:ea:
e2:ad:80:33:04:51:5b:e3:84:7c:9d:b2:f7:70:26:fe:d0:52:
0b:03:da:cc:a5:ec:8c:d0:82:c5:e6:d5:11:d2:57:06:e1:99:
ff:57:83:62:0d:4c:7f:81:69:b2:9c:f6:91:46:e9:74:42:55:
2c:b3:1e:10:02:bd:10:49:93:fc:0a:fa:7a:a2:75:fa:62:5c:
ed:3d:a6:8a:21:94:79:98:66:91:b5:2d:72:7a:64:69:b7:ba:
54:a4:80:41:1a:5a:45:50:83:4b:f6:f6:55:bc:42:e2:e8:c4:
8e:b3:3f:63
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgISAYzHJ0Yx+fo2M0OJ+Y50mjcOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkNWVkYTBhMWU3NDc5YzRjYTc4ZmU0MWM1OGQxN2U5ZDEz
YjY3YWEwHhcNMjQwMTAxMjIzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Zjg2Y2ZiODQ3MjI5MDU1ZmViNGE4OTdmMTEzYWE0NGZhZjk0Yzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnA111RBshht+TiRkbmhw8IE+kTnV
UdL2UovgWbuM8nYwzNf+8Fi6EGlDD9f4tmfK+Z4yptw1BiaoxfftIy7Y2MvuJVWL
30vvzp3bGKSAvO9wovrnGrI+p/Sh8uxilqWLQcYZUvxKuiEOvwJEsF9swH6No3m/
M20ROu0HINpojlF9SL5vBxLNBYb4kJwMgw6vRNEzEjBmwwiLcj2zjibcRy0+9ZDs
4WgNErFciS7tTLvnvaCuYmomB2MSR7Zma9pSNub7wuyR/pEdUjHnxLOEAQtTlZBo
KL3JQZ+Vs2qjK3ikq/UOvwZc0Ytjh2gXEDC6cyLU3WYr+MFBTv2WV7ycAQIDAQAB
o4ICwTCCAr0wHQYDVR0OBBYEFF+Gz7hHIpBV/rSol/ETqkT6+Ux0MB8GA1UdIwQY
MBaAFK1e2goedHnEynj+QcWNF+nRO2eqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclY3YUNoNTBlY1RLZVA1QnhZMFg2ZEU3WjZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9mZWJiMTgtZTc4YS00ZDEyLTgwYTIt
OTQ0Y2U3ZWViMTU0LzEvWDRiUHVFY2lrRlgtdEtpWDhST3FSUHI1VEhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9mZWJiMTgtZTc4YS00ZDEyLTgwYTItOTQ0Y2U3ZWViMTU0
LzEvclY3YUNoNTBlY1RLZVA1QnhZMFg2ZEU3WjZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHWBggrBgEFBQcBBwEB/wSBxjCBwzCBwAQCAAEwgbkwCwMD
A014AwQETXggAwQCTXg0MAwDBAJNeDwDBAFNeQwwDAMEAE15DwMEAE15GjAMAwQC
TXkcAwQATXkeMAwDBAZNeUADBAZNe4ADBARN9CADBAVSkMADAwFdSDAMAwQHX0WA
AwQAX0XoAwQDX0XwAwQCX0X8AwQFbcngAwQFjargMAsDAwG85gMEALzmZDAMAwQB
vOZmAwQBvOZsMAwDBAC85m8DBAG85nAwDAMEALzmcwMEAbzmdDANBgkqhkiG9w0B
AQsFAAOCAQEAqWBgooWqOV6MWDBuguR/rYTGpBsIXYaB2lETX/19xsDZ/MsmjibJ
OjspgCdd5kG8iwp0pfsdLMvxuH0SyusKsXJb9SGMxazX0AJxPVLFFPAL6C0DuU/h
Jo/Qbc4bajPEwR0I9PFhvlgNkqVDHzKVJLb4t3oeBiakLBEGuVqfbDZncQn+WLcV
yMRHgcmns2rq4q2AMwRRW+OEfJ2y93Am/tBSCwPazKXsjNCCxebVEdJXBuGZ/1eD
Yg1Mf4Fpspz2kUbpdEJVLLMeEAK9EEmT/Ar6eqJ1+mJc7T2miiGUeZhmkbUtcnpk
abe6VKSAQRpaRVCDS/b2VbxC4ujEjrM/Yw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:17 2024 by rpki-client on console-ams.rpki-client.org