Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/AlabyKxiJQ0FoHHKZfoOW-WNFdQ.roa
File: AlabyKxiJQ0FoHHKZfoOW-WNFdQ.roa (raw, json)
Hash identifier: nl6FOMfhKDcHRerXQf9FTqFVrAt/MsT6vPVC7lYOKkc=
Subject key identifier: 02:56:9B:C8:AC:62:25:0D:05:A0:71:CA:65:FA:0E:5B:E5:8D:15:D4
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 01944055B601EBFBC426C8092A1A3573F3B4
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/AlabyKxiJQ0FoHHKZfoOW-WNFdQ.roa
Signing time: Tue 07 Jan 2025 10:35:46 +0000
ROA not before: Tue 07 Jan 2025 10:35:46 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205647
IP address blocks: 37.148.120.0/21 maxlen: 24
37.202.128.0/21 maxlen: 21
37.202.136.0/21 maxlen: 21
37.202.144.0/21 maxlen: 21
37.202.144.0/22 maxlen: 22
37.202.148.0/23 maxlen: 23
37.202.150.0/23 maxlen: 23
37.202.152.0/21 maxlen: 21
37.202.160.0/21 maxlen: 21
37.202.168.0/21 maxlen: 21
37.202.176.0/22 maxlen: 22
37.202.180.0/22 maxlen: 22
37.202.184.0/22 maxlen: 24
37.202.188.0/22 maxlen: 24
85.15.48.0/24 maxlen: 24
85.15.49.0/24 maxlen: 24
94.182.0.0/18 maxlen: 18
94.182.8.0/23 maxlen: 23
94.182.12.0/23 maxlen: 23
94.182.14.0/24 maxlen: 24
94.182.17.0/24 maxlen: 24
94.182.30.0/23 maxlen: 23
94.182.41.0/24 maxlen: 24
94.182.48.0/24 maxlen: 24
94.182.56.0/22 maxlen: 24
94.182.60.0/22 maxlen: 24
94.182.64.0/18 maxlen: 18
94.182.64.0/20 maxlen: 20
94.182.72.0/21 maxlen: 21
94.182.80.0/20 maxlen: 20
94.182.82.0/24 maxlen: 24
94.182.96.0/20 maxlen: 20
94.182.97.192/28 maxlen: 28
94.182.112.0/20 maxlen: 20
94.182.114.0/23 maxlen: 23
94.182.116.0/22 maxlen: 22
94.182.120.0/21 maxlen: 21
94.182.128.0/18 maxlen: 18
94.182.128.0/20 maxlen: 20
94.182.144.0/20 maxlen: 20
94.182.160.0/20 maxlen: 20
94.182.176.0/20 maxlen: 20
94.182.192.0/18 maxlen: 18
94.182.196.0/24 maxlen: 24
94.182.199.0/24 maxlen: 24
94.182.204.0/22 maxlen: 22
94.182.204.0/24 maxlen: 24
94.182.205.0/24 maxlen: 24
94.182.206.0/24 maxlen: 24
94.182.207.0/24 maxlen: 24
94.182.208.0/24 maxlen: 24
94.182.212.0/23 maxlen: 23
94.182.217.0/24 maxlen: 24
94.182.222.0/23 maxlen: 23
94.182.226.0/24 maxlen: 24
94.182.228.0/22 maxlen: 22
94.182.232.0/23 maxlen: 24
94.182.234.0/23 maxlen: 23
94.182.238.0/24 maxlen: 24
94.182.240.0/23 maxlen: 24
94.182.244.0/22 maxlen: 24
94.182.244.0/23 maxlen: 23
94.182.248.0/22 maxlen: 24
94.182.248.0/23 maxlen: 23
94.182.252.0/24 maxlen: 24
94.182.254.0/24 maxlen: 24
94.183.0.0/18 maxlen: 18
94.183.64.0/18 maxlen: 18
94.183.128.0/18 maxlen: 18
94.183.192.0/18 maxlen: 18
151.240.168.0/22 maxlen: 22
151.240.192.0/21 maxlen: 21
151.240.240.0/21 maxlen: 21
151.240.240.0/23 maxlen: 23
151.240.242.0/23 maxlen: 23
151.240.244.0/23 maxlen: 23
151.241.216.0/23 maxlen: 23
151.241.218.0/23 maxlen: 23
151.241.220.0/22 maxlen: 22
151.241.224.0/21 maxlen: 21
151.244.48.0/21 maxlen: 21
151.244.48.0/22 maxlen: 22
151.244.52.0/22 maxlen: 22
151.244.56.0/21 maxlen: 21
151.244.64.0/21 maxlen: 21
151.244.72.0/22 maxlen: 22
151.244.76.0/22 maxlen: 22
151.244.80.0/21 maxlen: 21
151.244.88.0/21 maxlen: 21
151.244.96.0/23 maxlen: 23
151.244.98.0/23 maxlen: 23
151.244.100.0/23 maxlen: 23
151.244.102.0/23 maxlen: 23
151.244.104.0/23 maxlen: 23
151.244.106.0/23 maxlen: 23
151.244.108.0/23 maxlen: 23
151.244.110.0/23 maxlen: 23
151.244.112.0/23 maxlen: 23
151.244.114.0/23 maxlen: 23
151.244.116.0/23 maxlen: 23
151.244.118.0/23 maxlen: 23
151.244.120.0/23 maxlen: 23
151.244.122.0/23 maxlen: 23
151.244.124.0/23 maxlen: 23
151.244.126.0/23 maxlen: 23
151.244.128.0/22 maxlen: 22
151.244.132.0/22 maxlen: 22
151.244.136.0/22 maxlen: 22
151.244.140.0/22 maxlen: 22
151.244.144.0/22 maxlen: 22
151.244.148.0/22 maxlen: 22
151.244.152.0/22 maxlen: 22
151.244.156.0/22 maxlen: 22
151.244.160.0/22 maxlen: 22
151.244.164.0/22 maxlen: 22
151.244.168.0/22 maxlen: 22
151.244.172.0/22 maxlen: 22
151.244.176.0/22 maxlen: 22
151.244.180.0/22 maxlen: 22
151.244.184.0/22 maxlen: 22
151.244.188.0/22 maxlen: 22
151.244.192.0/22 maxlen: 22
151.244.196.0/22 maxlen: 22
151.244.200.0/22 maxlen: 22
151.244.204.0/22 maxlen: 22
151.244.208.0/22 maxlen: 22
151.244.212.0/22 maxlen: 22
151.244.216.0/23 maxlen: 23
151.244.218.0/23 maxlen: 23
151.244.220.0/23 maxlen: 23
151.244.222.0/23 maxlen: 23
151.244.224.0/23 maxlen: 23
151.244.226.0/23 maxlen: 23
151.246.0.0/18 maxlen: 18
151.246.64.0/18 maxlen: 18
151.246.128.0/18 maxlen: 18
151.246.192.0/18 maxlen: 18
151.246.248.0/22 maxlen: 22
151.247.0.0/20 maxlen: 24
151.247.16.0/22 maxlen: 24
151.247.214.0/23 maxlen: 23
151.247.216.0/21 maxlen: 21
151.247.224.0/22 maxlen: 22
151.247.228.0/22 maxlen: 24
151.247.232.0/22 maxlen: 22
151.247.236.0/22 maxlen: 24
151.247.236.0/24 maxlen: 24
151.247.237.0/24 maxlen: 24
151.247.238.0/23 maxlen: 23
151.247.240.0/24 maxlen: 24
151.247.241.0/24 maxlen: 24
151.247.248.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:40:55:b6:01:eb:fb:c4:26:c8:09:2a:1a:35:73:f3:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Jan 7 10:35:46 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=02569bc8ac62250d05a071ca65fa0e5be58d15d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:c6:0f:18:d0:2c:5a:16:c7:b1:e1:c9:67:d4:
6a:9d:a8:6d:7f:1e:0f:38:77:63:b7:ed:91:ea:34:
a3:a8:4d:7e:89:6c:bf:c5:3a:74:ff:6f:90:bc:2e:
5e:59:e5:26:50:7b:13:0a:cb:2e:1e:4b:d0:4d:cb:
fb:35:6b:1b:9c:c1:b4:82:e7:a4:5a:13:1a:5c:a3:
0b:2f:74:e5:db:72:0a:be:a7:79:fa:3a:6f:11:5d:
7b:a9:87:d9:8b:aa:26:14:b1:30:8a:70:b2:ba:98:
72:8a:74:a4:4a:e1:7f:6a:4a:c6:0c:c4:60:41:b3:
47:67:d8:7b:e9:8b:62:7f:a7:13:bc:2f:62:eb:a9:
04:f5:be:72:6c:92:bb:0f:ec:c7:19:f6:34:03:b8:
81:ff:68:32:ba:03:c6:d8:1c:0d:24:10:dd:bb:07:
3c:7e:a9:3f:2f:58:3e:46:64:ba:50:c8:3f:f5:0b:
4a:63:36:ad:39:72:0a:2d:9d:a0:59:58:ee:2b:75:
37:e4:cd:9b:6a:4d:23:a9:25:c9:43:4c:23:ec:61:
e1:fb:51:81:17:d8:bd:5b:e8:c4:4e:cd:91:18:03:
ff:c6:16:72:b5:c7:bc:8f:ee:95:ef:03:93:74:ce:
93:94:ed:7c:53:46:5f:70:73:44:5f:90:06:8b:c3:
1d:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:56:9B:C8:AC:62:25:0D:05:A0:71:CA:65:FA:0E:5B:E5:8D:15:D4
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/AlabyKxiJQ0FoHHKZfoOW-WNFdQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.148.120.0/21
37.202.128.0/18
85.15.48.0/23
94.182.0.0/15
151.240.168.0/22
151.240.192.0/21
151.240.240.0/21
151.241.216.0-151.241.231.255
151.244.48.0-151.244.227.255
151.246.0.0-151.247.19.255
151.247.214.0-151.247.241.255
151.247.248.0/22
Signature Algorithm: sha256WithRSAEncryption
51:f8:21:bb:86:22:71:f2:14:0d:81:1c:c5:74:09:ad:ec:aa:
da:11:e9:3e:bf:76:c3:81:5c:67:0b:32:bc:3e:b7:3c:46:9b:
32:8c:f8:df:17:e4:48:68:7d:a1:a2:53:bc:6d:33:30:4c:f3:
2d:8f:61:cb:b2:80:f9:5c:dd:a9:21:7a:b7:cf:81:ec:58:02:
f3:e1:94:6f:29:68:55:15:40:25:d7:f1:8f:c8:12:db:a0:39:
01:1c:98:00:89:76:5f:95:52:63:34:a5:96:9c:84:f7:23:38:
1f:bf:40:01:cf:f0:2c:cc:eb:af:24:e7:01:dd:ea:7a:3e:29:
96:91:16:b0:1f:f1:b7:8c:7c:70:df:00:1d:60:c7:53:ff:a7:
de:1f:28:ab:ce:2f:64:34:2f:4b:95:22:24:c1:fe:21:65:23:
1b:be:7c:3c:b4:02:c6:b6:18:7e:fc:39:92:8a:ac:3a:81:97:
83:a9:7e:e1:d9:ca:5e:81:25:6e:0c:f4:e4:35:55:52:91:10:
22:8d:52:b7:f3:98:4a:5d:a8:b1:25:c5:58:4c:15:90:40:db:
b4:e2:07:f0:0c:16:f1:e6:ea:d1:67:88:95:8a:7f:ac:da:be:
49:a3:e7:a1:dc:15:1d:ee:fb:6a:e2:f5:fb:40:1d:be:cd:d7:
e6:71:c6:dc
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAZRAVbYB6/vEJsgJKho1c/O0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjUwMTA3MTAzNTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjU2OWJjOGFjNjIyNTBkMDVhMDcxY2E2NWZhMGU1YmU1OGQxNWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMYPGNAsWhbHseHJZ9Rqnahtfx4P
OHdjt+2R6jSjqE1+iWy/xTp0/2+QvC5eWeUmUHsTCssuHkvQTcv7NWsbnMG0guek
WhMaXKMLL3Tl23IKvqd5+jpvEV17qYfZi6omFLEwinCyuphyinSkSuF/akrGDMRg
QbNHZ9h76Ytif6cTvC9i66kE9b5ybJK7D+zHGfY0A7iB/2gyugPG2BwNJBDduwc8
fqk/L1g+RmS6UMg/9QtKYzatOXIKLZ2gWVjuK3U35M2bak0jqSXJQ0wj7GHh+1GB
F9i9W+jETs2RGAP/xhZytce8j+6V7wOTdM6TlO18U0ZfcHNEX5AGi8MdGwIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFAJWm8isYiUNBaBxymX6DlvljRXUMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvQWxhYnlLeGlKUTBGb0hIS1pmb09XLVdORmRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBsBAIAATBmAwQDJZR4AwQG
JcqAAwQBVQ8wAwMBXrYDBAKX8KgDBAOX8MADBAOX8PAwDAMEA5fx2AMEA5fx4DAM
AwQEl/QwAwQCl/TgMAsDAwGX9gMEApf3EDAMAwQBl/fWAwQBl/fwAwQCl/f4MA0G
CSqGSIb3DQEBCwUAA4IBAQBR+CG7hiJx8hQNgRzFdAmt7KraEek+v3bDgVxnCzK8
Prc8RpsyjPjfF+RIaH2holO8bTMwTPMtj2HLsoD5XN2pIXq3z4HsWALz4ZRvKWhV
FUAl1/GPyBLboDkBHJgAiXZflVJjNKWWnIT3Izgfv0ABz/AszOuvJOcB3ep6PimW
kRawH/G3jHxw3wAdYMdT/6feHyirzi9kNC9LlSIkwf4hZSMbvnw8tALGthh+/DmS
iqw6gZeDqX7h2cpegSVuDPTkNVVSkRAijVK385hKXaixJcVYTBWQQNu04gfwDBbx
5urRZ4iVin+s2r5Jo+eh3BUd7vtq4vX7QB2+zdfmccbc
-----END CERTIFICATE-----
Generated at Tue Jun 10 07:31:03 2025 by rpki-client