Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/9y9sJpqy40DN1y8HGVsqgAWo3eQ.roa
File:                     9y9sJpqy40DN1y8HGVsqgAWo3eQ.roa (raw, json)
Hash identifier:          3ebZw38QQt14NY0lLeKPgkDj+51aupbR6kC6eT4aeKY=
Subject key identifier:   F7:2F:6C:26:9A:B2:E3:40:CD:D7:2F:07:19:5B:2A:80:05:A8:DD:E4
Certificate issuer:       /CN=ca96218c20efd8fe53fca9990b725dd7963c885c
Certificate serial:       120CC2C9
Authority key identifier: CA:96:21:8C:20:EF:D8:FE:53:FC:A9:99:0B:72:5D:D7:96:3C:88:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/9y9sJpqy40DN1y8HGVsqgAWo3eQ.roa
Signing time:             Sat 01 Jan 2022 01:56:31 +0000
ROA not before:           Sat 01 Jan 2022 01:56:31 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     25145
IP address blocks:        77.92.106.0/24 maxlen: 24
                          77.92.109.0/24 maxlen: 24
                          77.92.110.0/24 maxlen: 24
                          77.92.107.0/24 maxlen: 24
                          77.92.108.0/24 maxlen: 24
                          77.92.111.0/24 maxlen: 24
                          77.92.112.0/24 maxlen: 24
                          77.92.113.0/24 maxlen: 24
                          77.92.116.0/24 maxlen: 24
                          77.92.117.0/24 maxlen: 24
                          77.92.114.0/24 maxlen: 24
                          77.92.115.0/24 maxlen: 24
                          77.92.118.0/24 maxlen: 24
                          77.92.123.0/24 maxlen: 24
                          77.92.124.0/24 maxlen: 24
                          77.92.122.0/24 maxlen: 24
                          77.92.125.0/24 maxlen: 24
                          77.92.120.0/24 maxlen: 24
                          77.92.119.0/24 maxlen: 24
                          77.92.126.0/24 maxlen: 24
                          77.92.127.0/24 maxlen: 24
                          77.92.96.0/24 maxlen: 24
                          77.92.97.0/24 maxlen: 24
                          77.92.98.0/24 maxlen: 24
                          77.92.99.0/24 maxlen: 24
                          77.92.102.0/24 maxlen: 24
                          77.92.103.0/24 maxlen: 24
                          77.92.100.0/24 maxlen: 24
                          77.92.101.0/24 maxlen: 24
                          77.92.104.0/24 maxlen: 24
                          77.92.105.0/24 maxlen: 24
                          213.144.97.0/24 maxlen: 24
                          213.144.98.0/24 maxlen: 24
                          213.144.96.0/24 maxlen: 24
                          213.144.101.0/24 maxlen: 24
                          213.144.99.0/24 maxlen: 24
                          213.144.104.0/24 maxlen: 24
                          213.144.105.0/24 maxlen: 24
                          213.144.103.0/24 maxlen: 24
                          213.144.107.0/24 maxlen: 24
                          213.144.108.0/24 maxlen: 24
                          213.144.106.0/24 maxlen: 24
                          213.144.111.0/24 maxlen: 24
                          213.144.112.0/24 maxlen: 24
                          213.144.109.0/24 maxlen: 24
                          213.144.110.0/24 maxlen: 24
                          213.144.114.0/24 maxlen: 24
                          213.144.115.0/24 maxlen: 24
                          213.144.113.0/24 maxlen: 24
                          213.144.118.0/24 maxlen: 24
                          213.144.116.0/24 maxlen: 24
                          213.144.117.0/24 maxlen: 24
                          213.144.119.0/24 maxlen: 24
                          213.144.121.0/24 maxlen: 24
                          213.144.122.0/24 maxlen: 24
                          213.144.120.0/24 maxlen: 24
                          213.144.125.0/24 maxlen: 24
                          213.144.123.0/24 maxlen: 24
                          213.144.124.0/24 maxlen: 24
                          213.144.126.0/24 maxlen: 24
                          213.144.127.0/24 maxlen: 24
                          185.115.209.0/24 maxlen: 24
                          185.115.208.0/24 maxlen: 24
                          185.115.210.0/24 maxlen: 24
                          185.115.211.0/24 maxlen: 24
                          31.40.240.0/24 maxlen: 24
                          31.40.240.0/22 maxlen: 22
                          31.40.243.0/24 maxlen: 24
                          31.40.241.0/24 maxlen: 24
                          31.40.242.0/24 maxlen: 24
                          2a02:ac87:ac87::/48 maxlen: 48
                          2a02:ac80:10::/48 maxlen: 48
                          2a02:ac81::/32 maxlen: 32
                          2a02:ac82::/32 maxlen: 32
                          2a02:ac80:c0::/48 maxlen: 48
                          2a02:ac80:40::/48 maxlen: 48
                          2a02:ac84::/32 maxlen: 32
                          2a02:ac80::/29 maxlen: 29
                          2a02:ac80:7370::/48 maxlen: 48
                          2a02:ac80:70::/48 maxlen: 48
                          2a02:ac80:f0::/48 maxlen: 48
                          2a02:ac87:59cb::/48 maxlen: 48
                          2a02:ac83::/32 maxlen: 32
                          2a02:ac80:20::/48 maxlen: 48
                          2a02:ac80:a0::/48 maxlen: 48
                          2a02:ac87:5900::/48 maxlen: 48
                          2a02:ac80:d0::/48 maxlen: 48
                          2a02:ac80:50::/48 maxlen: 48
                          2a02:ac80:a00::/48 maxlen: 48
                          2a02:ac80:400::/48 maxlen: 48
                          2a02:ac80:d00::/48 maxlen: 48
                          2a02:ac80:4000::/48 maxlen: 48
                          2a02:ac80:700::/48 maxlen: 48
                          2a02:ac80:c000::/48 maxlen: 48
                          2a02:ac80:e00::/48 maxlen: 48
                          2a02:ac80:3000::/48 maxlen: 48
                          2a02:ac80:b000::/48 maxlen: 48
                          2a02:ac80:1000::/48 maxlen: 48
                          2a02:ac80:200::/48 maxlen: 48
                          2a02:ac80:500::/48 maxlen: 48
                          2a02:ac80:6000::/48 maxlen: 48
                          2a02:ac80:e000::/48 maxlen: 48
                          2a02:ac80:b00::/48 maxlen: 48
                          2a02:ac80:a000::/48 maxlen: 48
                          2a02:ac80:2000::/48 maxlen: 48
                          2a02:ac80:d000::/48 maxlen: 48
                          2a02:ac80:c00::/48 maxlen: 48
                          2a02:ac80:300::/48 maxlen: 48
                          2a02:ac80:600::/48 maxlen: 48
                          2a02:ac80:5000::/48 maxlen: 48
                          2a02:ac80:f000::/48 maxlen: 48
                          2a02:ac80:7000::/48 maxlen: 48
                          2a02:ac80:f00::/48 maxlen: 48
                          2a02:ac80:100::/48 maxlen: 48
                          2a02:ac85::/32 maxlen: 32
                          2a02:ac87::/32 maxlen: 32
                          2a02:ac80:b0::/48 maxlen: 48
                          2a02:ac80:30::/48 maxlen: 48
                          2a02:ac80::/32 maxlen: 32
                          2a02:ac80:60::/48 maxlen: 48
                          2a02:ac80:e0::/48 maxlen: 48
                          2a02:ac86::/32 maxlen: 32
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 302826185 (0x120cc2c9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca96218c20efd8fe53fca9990b725dd7963c885c
        Validity
            Not Before: Jan  1 01:56:31 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f72f6c269ab2e340cdd72f07195b2a8005a8dde4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:4c:79:f9:62:52:72:b6:b0:c7:77:74:de:6e:
                    36:f0:59:ec:25:5f:03:8d:56:dd:c1:63:93:98:a6:
                    de:a6:a2:33:e8:1d:85:36:f8:f6:7f:7c:b8:4b:e3:
                    e9:8f:38:58:e6:55:d7:38:d5:82:a7:46:cc:44:ae:
                    08:3d:ad:04:39:8d:c7:97:e1:53:4e:bd:5d:c5:cc:
                    2c:94:64:0c:be:96:22:f0:c3:56:f0:9f:9d:08:af:
                    84:77:04:dc:b9:16:14:19:dc:ba:b2:87:e1:eb:c7:
                    18:98:0d:73:1d:7f:9a:e6:60:45:41:75:3b:86:fe:
                    fc:09:27:a4:52:c3:3f:3c:70:d4:3c:6c:71:75:c3:
                    05:2f:67:9c:28:62:06:37:87:a9:45:00:cd:6c:b8:
                    7e:17:0c:f1:60:c0:ce:e0:4d:0b:99:a2:87:34:e5:
                    28:f9:5e:45:a3:0e:af:eb:b2:41:09:5d:5c:0b:64:
                    0d:97:6f:97:c3:a4:9d:e9:6e:e1:25:d5:6e:96:ea:
                    b0:6c:be:20:76:1a:9d:f8:a9:76:25:72:48:f7:db:
                    fe:42:41:3b:5c:87:55:b4:83:59:27:68:35:91:6e:
                    09:6b:58:6d:7c:d3:12:1b:08:6c:98:86:36:82:76:
                    75:d7:dd:46:bb:8b:31:c2:50:78:4a:19:a0:70:f0:
                    c6:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:2F:6C:26:9A:B2:E3:40:CD:D7:2F:07:19:5B:2A:80:05:A8:DD:E4
            X509v3 Authority Key Identifier:
                keyid:CA:96:21:8C:20:EF:D8:FE:53:FC:A9:99:0B:72:5D:D7:96:3C:88:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/9y9sJpqy40DN1y8HGVsqgAWo3eQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.240.0/22
                  77.92.96.0-77.92.120.255
                  77.92.122.0-77.92.127.255
                  185.115.208.0/22
                  213.144.96.0/22
                  213.144.101.0/24
                  213.144.103.0-213.144.127.255
                IPv6:
                  2a02:ac80::/29

    Signature Algorithm: sha256WithRSAEncryption
         be:23:e6:9a:35:58:f1:f3:29:97:85:05:e7:47:c5:5f:3d:1d:
         76:d1:15:d7:04:b8:5c:ce:47:a7:b4:9e:88:2c:eb:f1:01:57:
         8b:4d:3a:b1:f3:a8:b3:e0:52:28:16:cd:e1:29:62:c9:09:67:
         fe:0c:5a:91:d2:90:46:a9:67:3f:6a:47:00:f2:72:8e:8c:20:
         ef:52:60:70:0b:84:9d:27:80:12:e0:d9:76:c2:43:c2:a5:65:
         38:80:7d:8e:c7:c3:0b:69:45:79:23:6c:62:c5:34:0f:c0:9f:
         b0:ba:e7:38:a3:03:fe:b8:f1:28:b5:23:50:00:a7:23:79:11:
         f5:36:ea:5f:d1:d8:94:5c:76:36:97:87:4e:99:dc:ea:6d:97:
         46:4f:92:f6:85:39:f8:db:4c:ff:81:07:be:cf:b4:96:50:c7:
         9d:ea:0e:1a:28:a8:0f:f1:81:0f:6b:9e:fb:c9:fa:90:ea:63:
         4b:80:2d:52:06:57:60:d4:79:fb:02:ab:68:eb:0c:a3:b0:f2:
         70:17:e6:67:89:46:60:01:85:66:34:f1:7c:78:12:63:34:07:
         88:f9:51:f8:8e:97:84:57:26:fa:f9:37:98:5a:81:d8:53:56:
         2d:e1:20:49:b3:4f:18:43:66:43:00:6b:27:db:fe:90:81:24:
         d5:ce:10:a4
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIEEgzCyTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
YTk2MjE4YzIwZWZkOGZlNTNmY2E5OTkwYjcyNWRkNzk2M2M4ODVjMB4XDTIyMDEw
MTAxNTYzMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjcyZjZjMjY5YWIy
ZTM0MGNkZDcyZjA3MTk1YjJhODAwNWE4ZGRlNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKFMefliUnK2sMd3dN5uNvBZ7CVfA41W3cFjk5im3qaiM+gd
hTb49n98uEvj6Y84WOZV1zjVgqdGzESuCD2tBDmNx5fhU069XcXMLJRkDL6WIvDD
VvCfnQivhHcE3LkWFBncurKH4evHGJgNcx1/muZgRUF1O4b+/AknpFLDPzxw1Dxs
cXXDBS9nnChiBjeHqUUAzWy4fhcM8WDAzuBNC5mihzTlKPleRaMOr+uyQQldXAtk
DZdvl8Oknelu4SXVbpbqsGy+IHYanfipdiVySPfb/kJBO1yHVbSDWSdoNZFuCWtY
bXzTEhsIbJiGNoJ2ddfdRruLMcJQeEoZoHDwxr0CAwEAAaOCAlQwggJQMB0GA1Ud
DgQWBBT3L2wmmrLjQM3XLwcZWyqABajd5DAfBgNVHSMEGDAWgBTKliGMIO/Y/lP8
qZkLcl3XljyIXDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3lwWWhqQ0R2MlA1VF9LbVpDM0pkMTVZOGlGdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOGQvOTc1NWQ1LTdmMGItNDI3Zi1hZmUwLWQ3MTJkNDczODA0Ni8x
Lzl5OXNKcHF5NDBETjF5OEhHVnNxZ0FXbzNlUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGQv
OTc1NWQ1LTdmMGItNDI3Zi1hZmUwLWQ3MTJkNDczODA0Ni8xL3lwWWhqQ0R2MlA1
VF9LbVpDM0pkMTVZOGlGdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBq
BggrBgEFBQcBBwEB/wRbMFkwSAQCAAEwQgMEAh8o8DAMAwQFTVxgAwQATVx4MAwD
BAFNXHoDBAdNXAADBAK5c9ADBALVkGADBADVkGUwDAMEANWQZwMEB9WQADANBAIA
AjAHAwUDKgKsgDANBgkqhkiG9w0BAQsFAAOCAQEAviPmmjVY8fMpl4UF50fFXz0d
dtEV1wS4XM5Hp7SeiCzr8QFXi006sfOos+BSKBbN4SliyQln/gxakdKQRqlnP2pH
APJyjowg71JgcAuEnSeAEuDZdsJDwqVlOIB9jsfDC2lFeSNsYsU0D8CfsLrnOKMD
/rjxKLUjUACnI3kR9TbqX9HYlFx2NpeHTpnc6m2XRk+S9oU5+NtM/4EHvs+0llDH
neoOGiioD/GBD2ue+8n6kOpjS4AtUgZXYNR5+wKraOsMo7DycBfmZ4lGYAGFZjTx
fHgSYzQHiPlR+I6XhFcm+vk3mFqB2FNWLeEgSbNPGENmQwBrJ9v+kIEk1c4QpA==
-----END CERTIFICATE-----
Generated at Thu Jun 12 11:07:38 2025 by rpki-client