Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/xeyOvAZB2wYubEBDAwwO-ACwssc.roa
File: xeyOvAZB2wYubEBDAwwO-ACwssc.roa (raw, json)
Hash identifier: wLCrfhwnMuWinvjbmYmO6BBiu2MJDTwxPjX1u35nOMc=
Subject key identifier: C5:EC:8E:BC:06:41:DB:06:2E:6C:40:43:03:0C:0E:F8:00:B0:B2:C7
Certificate issuer: /CN=80f9a24bd26cc8217518a11f598e6372025e8ae9
Certificate serial: 019428258F931EF089239099183137C2963E
Authority key identifier: 80:F9:A2:4B:D2:6C:C8:21:75:18:A1:1F:59:8E:63:72:02:5E:8A:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gPmiS9JsyCF1GKEfWY5jcgJeiuk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/xeyOvAZB2wYubEBDAwwO-ACwssc.roa
Signing time: Thu 02 Jan 2025 17:52:17 +0000
ROA not before: Thu 02 Jan 2025 17:52:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3212
IP address blocks: 31.15.128.0/17 maxlen: 17
46.150.32.0/19 maxlen: 19
46.182.224.0/21 maxlen: 21
77.38.0.0/17 maxlen: 17
77.73.104.0/22 maxlen: 22
77.111.0.0/18 maxlen: 18
78.153.32.0/19 maxlen: 19
82.149.0.0/19 maxlen: 19
82.192.32.0/19 maxlen: 19
84.20.224.0/19 maxlen: 19
84.52.128.0/18 maxlen: 18
86.58.0.0/17 maxlen: 17
87.119.128.0/19 maxlen: 19
91.132.208.0/22 maxlen: 22
91.185.192.0/19 maxlen: 19
91.237.132.0/22 maxlen: 22
92.53.128.0/19 maxlen: 19
92.63.16.0/20 maxlen: 20
94.140.64.0/19 maxlen: 19
95.143.144.0/20 maxlen: 20
176.57.92.0/22 maxlen: 22
176.76.0.0/16 maxlen: 16
178.79.64.0/18 maxlen: 18
185.30.136.0/22 maxlen: 22
185.65.228.0/22 maxlen: 22
185.66.148.0/22 maxlen: 22
185.72.60.0/22 maxlen: 22
185.72.60.0/24 maxlen: 24
185.79.228.0/22 maxlen: 22
185.85.148.0/22 maxlen: 22
185.97.68.0/22 maxlen: 22
193.111.220.0/22 maxlen: 22
194.152.0.0/19 maxlen: 19
195.47.228.0/24 maxlen: 24
212.85.160.0/19 maxlen: 19
213.143.64.0/19 maxlen: 19
213.161.0.0/19 maxlen: 19
213.172.224.0/19 maxlen: 19
217.72.64.0/19 maxlen: 19
2001:1688::/29 maxlen: 29
2a00:fc0::/32 maxlen: 32
2a00:13d8::/29 maxlen: 29
2a00:1c80::/29 maxlen: 29
2a00:1da8::/32 maxlen: 32
2a00:b2a0::/32 maxlen: 32
2a02:840::/32 maxlen: 32
2a05:acc0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:25:8f:93:1e:f0:89:23:90:99:18:31:37:c2:96:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=80f9a24bd26cc8217518a11f598e6372025e8ae9
Validity
Not Before: Jan 2 17:52:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c5ec8ebc0641db062e6c4043030c0ef800b0b2c7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:3f:ee:eb:6e:51:f4:e2:cc:55:ce:12:b4:8b:
2c:ec:2e:ec:cd:0d:86:0f:c2:fc:c6:2d:fc:73:8a:
16:09:42:40:4b:aa:a3:18:dc:4d:15:30:06:bd:f9:
8b:4f:d6:1b:8a:b9:b6:0e:eb:f1:60:4c:63:01:56:
8d:c1:2a:ac:24:c6:16:04:d9:a9:0c:d2:01:15:49:
e8:54:89:83:c0:86:6a:c2:98:3d:e9:64:df:10:06:
14:a7:31:e5:7e:7c:48:09:99:95:07:32:c4:06:d9:
a5:e3:ff:0c:55:7f:eb:d0:c6:36:39:a6:1b:46:1e:
55:3c:6c:9f:a6:d9:fc:0e:da:c6:ac:7a:14:91:fb:
8c:a2:f8:45:d0:32:9d:34:13:b0:42:e1:55:7e:6d:
64:be:be:9f:0b:6f:9b:3c:59:90:f4:f2:7e:73:91:
6d:cc:36:6b:3d:72:88:ee:81:01:86:65:f1:70:2f:
ea:32:2a:78:83:e8:ab:d5:ff:b3:26:be:a3:30:77:
02:e4:d2:e9:dc:19:0f:9f:57:48:a0:0b:89:10:18:
78:3c:8c:18:72:11:8b:8a:07:01:ce:8a:2d:47:1d:
5c:ad:e5:c9:c0:cd:d6:05:06:cc:7e:e2:51:4c:df:
f6:de:d0:a9:37:0a:44:11:c5:e4:fb:6a:1e:a6:f0:
d9:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:EC:8E:BC:06:41:DB:06:2E:6C:40:43:03:0C:0E:F8:00:B0:B2:C7
X509v3 Authority Key Identifier:
keyid:80:F9:A2:4B:D2:6C:C8:21:75:18:A1:1F:59:8E:63:72:02:5E:8A:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gPmiS9JsyCF1GKEfWY5jcgJeiuk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/xeyOvAZB2wYubEBDAwwO-ACwssc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/gPmiS9JsyCF1GKEfWY5jcgJeiuk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.15.128.0/17
46.150.32.0/19
46.182.224.0/21
77.38.0.0/17
77.73.104.0/22
77.111.0.0/18
78.153.32.0/19
82.149.0.0/19
82.192.32.0/19
84.20.224.0/19
84.52.128.0/18
86.58.0.0/17
87.119.128.0/19
91.132.208.0/22
91.185.192.0/19
91.237.132.0/22
92.53.128.0/19
92.63.16.0/20
94.140.64.0/19
95.143.144.0/20
176.57.92.0/22
176.76.0.0/16
178.79.64.0/18
185.30.136.0/22
185.65.228.0/22
185.66.148.0/22
185.72.60.0/22
185.79.228.0/22
185.85.148.0/22
185.97.68.0/22
193.111.220.0/22
194.152.0.0/19
195.47.228.0/24
212.85.160.0/19
213.143.64.0/19
213.161.0.0/19
213.172.224.0/19
217.72.64.0/19
IPv6:
2001:1688::/29
2a00:fc0::/32
2a00:13d8::/29
2a00:1c80::/29
2a00:1da8::/32
2a00:b2a0::/32
2a02:840::/32
2a05:acc0::/29
Signature Algorithm: sha256WithRSAEncryption
0c:67:58:c2:8d:da:42:b4:6e:9b:8c:7f:a8:d1:35:98:c5:13:
bf:37:18:b2:f2:2e:05:d5:86:25:82:ee:cb:21:4c:39:59:7c:
94:43:c5:de:4e:b2:65:b2:45:b0:65:f6:8d:da:34:d9:cc:7c:
18:12:ef:dd:1f:27:f9:1a:2b:cd:6c:3c:6e:08:cd:fe:0d:93:
c2:c4:8b:db:00:e7:6f:4b:d9:2d:68:66:ae:d7:f1:2a:79:c4:
ff:1f:e8:19:59:1d:c5:c5:99:42:76:ad:1d:2d:05:a6:d9:45:
1d:c0:d0:bc:eb:35:43:68:0a:a3:8e:c1:a8:d8:ee:5b:23:0a:
09:97:16:e9:da:ae:72:fc:95:39:78:18:bf:a7:3c:54:b2:97:
4b:ec:76:bd:a7:55:76:18:c6:b3:65:bd:9f:99:a2:ba:2a:80:
c2:9e:44:db:10:34:75:b8:58:3c:2b:c4:ed:52:ad:aa:f6:b4:
a2:ce:43:98:c7:8f:38:50:cc:be:f1:4c:f0:ca:5f:42:87:eb:
46:df:d3:ec:ee:48:13:d8:c4:6a:39:31:3a:cf:32:28:a5:ca:
5b:9d:17:f4:fb:1c:3f:46:3f:fd:2d:9b:69:64:af:08:ab:55:
c6:8c:f1:01:3d:b9:14:47:f7:b3:bf:14:4e:b4:49:d9:1c:07:
0b:d5:93:84
-----BEGIN CERTIFICATE-----
MIIGIjCCBQqgAwIBAgISAZQoJY+THvCJI5CZGDE3wpY+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZjlhMjRiZDI2Y2M4MjE3NTE4YTExZjU5OGU2MzcyMDI1
ZThhZTkwHhcNMjUwMTAyMTc1MjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWVjOGViYzA2NDFkYjA2MmU2YzQwNDMwMzBjMGVmODAwYjBiMmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsj/u625R9OLMVc4StIss7C7szQ2G
D8L8xi38c4oWCUJAS6qjGNxNFTAGvfmLT9Ybirm2DuvxYExjAVaNwSqsJMYWBNmp
DNIBFUnoVImDwIZqwpg96WTfEAYUpzHlfnxICZmVBzLEBtml4/8MVX/r0MY2OaYb
Rh5VPGyfptn8DtrGrHoUkfuMovhF0DKdNBOwQuFVfm1kvr6fC2+bPFmQ9PJ+c5Ft
zDZrPXKI7oEBhmXxcC/qMip4g+ir1f+zJr6jMHcC5NLp3BkPn1dIoAuJEBh4PIwY
chGLigcBzootRx1creXJwM3WBQbMfuJRTN/23tCpNwpEEcXk+2oepvDZkQIDAQAB
o4IDLjCCAyowHQYDVR0OBBYEFMXsjrwGQdsGLmxAQwMMDvgAsLLHMB8GA1UdIwQY
MBaAFID5okvSbMghdRihH1mOY3ICXorpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1BtaVM5SnN5Q0YxR0tFZldZNWpjZ0plaXVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9mYjIxMmEtN2E3Ni00MmUyLTg5ODkt
OTY1NTI5ZjIwZDExLzEveGV5T3ZBWkIyd1l1YkVCREF3d08tQUN3c3NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9mYjIxMmEtN2E3Ni00MmUyLTg5ODktOTY1NTI5ZjIwZDEx
LzEvZ1BtaVM5SnN5Q0YxR0tFZldZNWpjZ0plaXVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBQgYIKwYBBQUHAQcBAf8EggExMIIBLTCB6gQCAAEwgeMD
BAcfD4ADBAUuliADBAMutuADBAdNJgADBAJNSWgDBAZNbwADBAVOmSADBAVSlQAD
BAVSwCADBAVUFOADBAZUNIADBAdWOgADBAVXd4ADBAJbhNADBAVbucADBAJb7YQD
BAVcNYADBARcPxADBAVejEADBARfj5ADBAKwOVwDAwCwTAMEBrJPQAMEArkeiAME
ArlB5AMEArlClAMEArlIPAMEArlP5AMEArlVlAMEArlhRAMEAsFv3AMEBcKYAAME
AMMv5AMEBdRVoAMEBdWPQAMEBdWhAAMEBdWs4AMEBdlIQDA+BAIAAjA4AwUDIAEW
iAMFACoAD8ADBQMqABPYAwUDKgAcgAMFACoAHagDBQAqALKgAwUAKgIIQAMFAyoF
rMAwDQYJKoZIhvcNAQELBQADggEBAAxnWMKN2kK0bpuMf6jRNZjFE783GLLyLgXV
hiWC7sshTDlZfJRDxd5OsmWyRbBl9o3aNNnMfBgS790fJ/kaK81sPG4Izf4Nk8LE
i9sA529L2S1oZq7X8Sp5xP8f6BlZHcXFmUJ2rR0tBabZRR3A0LzrNUNoCqOOwajY
7lsjCgmXFunarnL8lTl4GL+nPFSyl0vsdr2nVXYYxrNlvZ+ZoroqgMKeRNsQNHW4
WDwrxO1Srar2tKLOQ5jHjzhQzL7xTPDKX0KH60bf0+zuSBPYxGo5MTrPMiilylud
F/T7HD9GP/0tm2lkrwirVcaM8QE9uRRH97O/FE60SdkcBwvVk4Q=
-----END CERTIFICATE-----
Generated at Tue Apr 8 07:49:00 2025 by rpki-client