Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/febb18-e78a-4d12-80a2-944ce7eeb154/1/YQO0uZJ8MByBHGLQUMaEIwxlavw.roa
File: YQO0uZJ8MByBHGLQUMaEIwxlavw.roa (raw, json)
Hash identifier: NCwO7hhL50uPZZaUJsCc12+7sA4dZ2yXrQ3c0N2iwU0=
Subject key identifier: 61:03:B4:B9:92:7C:30:1C:81:1C:62:D0:50:C6:84:23:0C:65:6A:FC
Certificate issuer: /CN=ad5eda0a1e7479c4ca78fe41c58d17e9d13b67aa
Certificate serial: 018FCD229A08145D809E1C06CA638E796509
Authority key identifier: AD:5E:DA:0A:1E:74:79:C4:CA:78:FE:41:C5:8D:17:E9:D1:3B:67:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rV7aCh50ecTKeP5BxY0X6dE7Z6o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/febb18-e78a-4d12-80a2-944ce7eeb154/1/YQO0uZJ8MByBHGLQUMaEIwxlavw.roa
Signing time: Fri 31 May 2024 05:32:27 +0000
ROA not before: Fri 31 May 2024 05:32:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 25229
IP address blocks: 77.120.0.0/20 maxlen: 24
77.120.4.0/24 maxlen: 24
77.120.6.0/24 maxlen: 24
77.120.16.0/20 maxlen: 21
77.120.32.0/20 maxlen: 21
77.120.52.0/22 maxlen: 23
77.120.60.0/22 maxlen: 23
77.120.64.0/21 maxlen: 22
77.120.72.0/21 maxlen: 22
77.120.80.0/20 maxlen: 21
77.120.96.0/19 maxlen: 20
77.120.112.0/22 maxlen: 22
77.120.128.0/18 maxlen: 24
77.120.192.0/21 maxlen: 24
77.120.200.0/21 maxlen: 22
77.120.208.0/21 maxlen: 24
77.120.211.0/24 maxlen: 24
77.120.212.0/23 maxlen: 24
77.120.214.0/23 maxlen: 24
77.120.216.0/22 maxlen: 23
77.120.220.0/22 maxlen: 24
77.120.224.0/20 maxlen: 21
77.120.240.0/20 maxlen: 21
77.120.248.0/21 maxlen: 22
77.121.0.0/21 maxlen: 22
77.121.8.0/22 maxlen: 23
77.121.12.0/24 maxlen: 24
77.121.13.0/24 maxlen: 24
77.121.15.0/24 maxlen: 24
77.121.16.0/24 maxlen: 24
77.121.17.0/24 maxlen: 24
77.121.18.0/24 maxlen: 24
77.121.19.0/24 maxlen: 24
77.121.20.0/24 maxlen: 24
77.121.21.0/24 maxlen: 24
77.121.22.0/24 maxlen: 24
77.121.23.0/24 maxlen: 24
77.121.24.0/24 maxlen: 24
77.121.25.0/24 maxlen: 24
77.121.26.0/24 maxlen: 24
77.121.27.0/24 maxlen: 24
77.121.28.0/24 maxlen: 24
77.121.29.0/24 maxlen: 24
77.121.30.0/24 maxlen: 24
77.121.64.0/21 maxlen: 22
77.121.72.0/21 maxlen: 22
77.121.80.0/20 maxlen: 21
77.121.96.0/19 maxlen: 20
77.121.96.0/20 maxlen: 21
77.121.112.0/20 maxlen: 21
77.121.128.0/20 maxlen: 21
77.121.160.0/19 maxlen: 20
77.122.128.0/17 maxlen: 18
77.123.0.0/18 maxlen: 19
77.123.32.0/19 maxlen: 20
77.123.64.0/19 maxlen: 20
77.123.128.0/19 maxlen: 20
77.123.144.0/22 maxlen: 22
77.123.160.0/20 maxlen: 24
77.244.32.0/20 maxlen: 21
82.144.192.0/19 maxlen: 20
109.201.224.0/24 maxlen: 24
109.201.225.0/24 maxlen: 24
109.201.226.0/24 maxlen: 24
109.201.227.0/24 maxlen: 24
109.201.228.0/22 maxlen: 23
109.201.232.0/22 maxlen: 23
109.201.236.0/23 maxlen: 24
109.201.238.0/23 maxlen: 24
109.201.240.0/20 maxlen: 21
141.170.224.0/23 maxlen: 24
141.170.226.0/23 maxlen: 24
141.170.226.0/24 maxlen: 24
141.170.227.0/24 maxlen: 24
141.170.228.0/24 maxlen: 24
141.170.229.0/24 maxlen: 24
141.170.230.0/24 maxlen: 24
141.170.231.0/24 maxlen: 24
141.170.232.0/24 maxlen: 24
141.170.233.0/24 maxlen: 24
141.170.234.0/23 maxlen: 24
141.170.236.0/24 maxlen: 24
141.170.237.0/24 maxlen: 24
141.170.238.0/24 maxlen: 24
141.170.239.0/24 maxlen: 24
141.170.240.0/22 maxlen: 23
141.170.244.0/22 maxlen: 23
141.170.248.0/21 maxlen: 22
141.170.248.0/23 maxlen: 24
141.170.250.0/23 maxlen: 24
188.230.78.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:cd:22:9a:08:14:5d:80:9e:1c:06:ca:63:8e:79:65:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ad5eda0a1e7479c4ca78fe41c58d17e9d13b67aa
Validity
Not Before: May 31 05:32:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6103b4b9927c301c811c62d050c684230c656afc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:ae:92:7f:91:be:28:85:c5:d2:cb:30:fc:5f:
a4:80:a6:e3:8c:a8:f5:e3:9e:08:50:d9:0d:da:37:
22:66:d9:3d:62:96:9d:ef:08:15:8a:fe:28:15:24:
67:46:a6:73:0e:06:f9:09:b0:01:ae:51:8c:43:78:
f6:c6:48:96:ef:80:32:0a:fe:65:78:e4:17:38:07:
2e:31:ec:3c:8e:d4:55:cf:39:a0:f0:ea:37:98:c6:
3a:b8:c2:e7:0e:09:a6:31:84:51:81:13:73:2c:ab:
4d:67:67:88:f4:30:19:37:91:4b:48:6c:bf:8c:c6:
73:67:85:8c:c9:aa:58:f9:86:f1:ea:e0:2b:b7:cd:
ef:d3:61:e4:f8:27:da:ec:cf:2a:26:e8:53:52:04:
4e:ce:f0:14:45:42:e6:ac:03:46:c7:2b:ee:8a:82:
34:1f:7e:b4:bf:a0:7e:66:22:73:10:7f:47:56:bf:
2b:68:73:80:51:a2:6c:cc:9f:b2:97:b9:cf:67:dd:
15:18:3d:95:4d:57:11:2c:f5:44:34:01:b0:ad:5d:
67:f8:7a:8a:85:dd:4d:72:0f:6a:f9:b6:bc:ba:63:
17:7a:9e:58:5c:42:f1:ee:a4:18:b2:29:26:38:94:
d7:a1:77:4d:a6:00:7e:f9:47:03:3f:fb:b2:bc:55:
56:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:03:B4:B9:92:7C:30:1C:81:1C:62:D0:50:C6:84:23:0C:65:6A:FC
X509v3 Authority Key Identifier:
keyid:AD:5E:DA:0A:1E:74:79:C4:CA:78:FE:41:C5:8D:17:E9:D1:3B:67:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rV7aCh50ecTKeP5BxY0X6dE7Z6o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/febb18-e78a-4d12-80a2-944ce7eeb154/1/YQO0uZJ8MByBHGLQUMaEIwxlavw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/febb18-e78a-4d12-80a2-944ce7eeb154/1/rV7aCh50ecTKeP5BxY0X6dE7Z6o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.120.0.0-77.120.47.255
77.120.52.0/22
77.120.60.0-77.121.13.255
77.121.15.0-77.121.30.255
77.121.64.0-77.121.143.255
77.121.160.0/19
77.122.128.0-77.123.95.255
77.123.128.0-77.123.175.255
77.244.32.0/20
82.144.192.0/19
109.201.224.0/19
141.170.224.0/19
188.230.78.0/23
Signature Algorithm: sha256WithRSAEncryption
65:20:08:e5:e8:97:f9:b1:3f:0b:a9:41:74:63:74:bd:8d:ec:
b5:d8:c3:d8:ab:e0:74:fd:10:bc:35:95:c0:2e:ae:99:4b:8d:
1e:8f:af:7f:25:0a:ba:16:36:c6:98:b2:5e:5d:b1:c6:a5:85:
04:c5:3b:e2:3a:6a:9c:5d:1c:08:27:cd:77:20:07:a9:f2:ee:
d9:84:71:d6:32:95:b5:aa:81:17:7e:97:fc:6c:ed:41:fb:b6:
9d:1b:43:6a:9e:0f:fb:9f:62:7a:d6:55:79:a0:c0:88:ac:8c:
02:81:0f:9b:83:14:5b:97:e4:21:e2:91:2f:3c:02:f3:b6:89:
3b:2d:9f:3b:e5:70:d0:22:44:12:c0:e9:ac:ed:76:d2:c4:69:
2c:9b:53:79:c8:38:e8:54:b6:ad:9f:e1:20:24:5f:70:fd:a3:
93:e8:29:a6:34:af:b2:58:f5:78:b9:cc:bf:eb:1c:f1:e4:9a:
16:d2:39:ef:2e:80:b0:5c:c6:1c:fb:9e:35:86:7c:60:75:cb:
35:8a:27:4d:cf:e8:a4:b7:e2:d4:b7:ec:d0:47:dc:e4:c4:6b:
18:5a:9f:d0:8c:83:18:ef:0a:d9:42:a2:09:e6:c0:f5:d1:79:
d5:4b:68:56:a1:ec:2f:2a:93:b8:4e:7e:a6:aa:7f:6a:7b:ca:
72:71:e4:fa
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAY/NIpoIFF2AnhwGymOOeWUJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkNWVkYTBhMWU3NDc5YzRjYTc4ZmU0MWM1OGQxN2U5ZDEz
YjY3YWEwHhcNMjQwNTMxMDUzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTAzYjRiOTkyN2MzMDFjODExYzYyZDA1MGM2ODQyMzBjNjU2YWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApa6Sf5G+KIXF0ssw/F+kgKbjjKj1
454IUNkN2jciZtk9Ypad7wgViv4oFSRnRqZzDgb5CbABrlGMQ3j2xkiW74AyCv5l
eOQXOAcuMew8jtRVzzmg8Oo3mMY6uMLnDgmmMYRRgRNzLKtNZ2eI9DAZN5FLSGy/
jMZzZ4WMyapY+Ybx6uArt83v02Hk+Cfa7M8qJuhTUgROzvAURULmrANGxyvuioI0
H360v6B+ZiJzEH9HVr8raHOAUaJszJ+yl7nPZ90VGD2VTVcRLPVENAGwrV1n+HqK
hd1Ncg9q+ba8umMXep5YXELx7qQYsikmOJTXoXdNpgB++UcDP/uyvFVWxQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFGEDtLmSfDAcgRxi0FDGhCMMZWr8MB8GA1UdIwQY
MBaAFK1e2goedHnEynj+QcWNF+nRO2eqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclY3YUNoNTBlY1RLZVA1QnhZMFg2ZEU3WjZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9mZWJiMTgtZTc4YS00ZDEyLTgwYTIt
OTQ0Y2U3ZWViMTU0LzEvWVFPMHVaSjhNQnlCSEdMUVVNYUVJd3hsYXZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9mZWJiMTgtZTc4YS00ZDEyLTgwYTItOTQ0Y2U3ZWViMTU0
LzEvclY3YUNoNTBlY1RLZVA1QnhZMFg2ZEU3WjZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGZBggrBgEFBQcBBwEB/wSBiTCBhjCBgwQCAAEwfTALAwMD
TXgDBARNeCADBAJNeDQwDAMEAk14PAMEAU15DDAMAwQATXkPAwQATXkeMAwDBAZN
eUADBARNeYADBAVNeaAwDAMEB016gAMEBU17QDAMAwQHTXuAAwQETXugAwQETfQg
AwQFUpDAAwQFbcngAwQFjargAwQBvOZOMA0GCSqGSIb3DQEBCwUAA4IBAQBlIAjl
6Jf5sT8LqUF0Y3S9jey12MPYq+B0/RC8NZXALq6ZS40ej69/JQq6FjbGmLJeXbHG
pYUExTviOmqcXRwIJ813IAep8u7ZhHHWMpW1qoEXfpf8bO1B+7adG0Nqng/7n2J6
1lV5oMCIrIwCgQ+bgxRbl+Qh4pEvPALztok7LZ875XDQIkQSwOms7XbSxGksm1N5
yDjoVLatn+EgJF9w/aOT6CmmNK+yWPV4ucy/6xzx5JoW0jnvLoCwXMYc+541hnxg
dcs1iidNz+ikt+LUt+zQR9zkxGsYWp/QjIMY7wrZQqIJ5sD10XnVS2hWoewvKpO4
Tn6mqn9qe8pyceT6
-----END CERTIFICATE-----
Generated at Wed Apr 16 06:52:09 2025 by rpki-client