Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/lqGZwg2qQb03_yHgcmATlk3yMe0.roa
File: lqGZwg2qQb03_yHgcmATlk3yMe0.roa (raw, json)
Hash identifier: 5rN6jgz6BcSaXRw4TKFIrYaaexKwOQhmuUSNWGeyDiM=
Subject key identifier: 96:A1:99:C2:0D:AA:41:BD:37:FF:21:E0:72:60:13:96:4D:F2:31:ED
Certificate issuer: /CN=80f9a24bd26cc8217518a11f598e6372025e8ae9
Certificate serial: 0195EABD00A485BB7A89BBEDDF4729493ADA
Authority key identifier: 80:F9:A2:4B:D2:6C:C8:21:75:18:A1:1F:59:8E:63:72:02:5E:8A:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gPmiS9JsyCF1GKEfWY5jcgJeiuk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/lqGZwg2qQb03_yHgcmATlk3yMe0.roa
Signing time: Mon 31 Mar 2025 05:46:49 +0000
ROA not before: Mon 31 Mar 2025 05:46:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3212
IP address blocks: 31.15.128.0/17 maxlen: 17
46.150.32.0/19 maxlen: 19
46.182.224.0/21 maxlen: 21
77.38.0.0/17 maxlen: 17
77.73.104.0/22 maxlen: 22
77.111.0.0/18 maxlen: 18
78.153.32.0/19 maxlen: 19
82.149.0.0/19 maxlen: 19
82.192.32.0/19 maxlen: 19
84.20.224.0/19 maxlen: 19
84.52.128.0/18 maxlen: 18
86.58.0.0/17 maxlen: 17
87.119.128.0/19 maxlen: 19
91.132.208.0/22 maxlen: 22
91.185.192.0/19 maxlen: 19
91.237.132.0/22 maxlen: 22
92.53.128.0/19 maxlen: 19
92.63.16.0/20 maxlen: 20
94.140.64.0/19 maxlen: 19
95.143.144.0/20 maxlen: 20
176.57.92.0/22 maxlen: 22
176.76.0.0/16 maxlen: 16
178.79.64.0/18 maxlen: 18
185.30.136.0/22 maxlen: 22
185.65.228.0/22 maxlen: 22
185.66.148.0/22 maxlen: 22
185.72.60.0/22 maxlen: 22
185.72.60.0/24 maxlen: 24
185.79.228.0/22 maxlen: 22
185.85.148.0/22 maxlen: 22
185.97.68.0/22 maxlen: 22
193.111.220.0/22 maxlen: 22
194.152.0.0/19 maxlen: 19
195.47.228.0/24 maxlen: 24
212.85.160.0/19 maxlen: 19
213.143.64.0/19 maxlen: 19
213.161.0.0/19 maxlen: 19
213.172.224.0/19 maxlen: 19
217.72.64.0/19 maxlen: 19
2001:1688::/29 maxlen: 29
2a00:fc0::/32 maxlen: 32
2a00:13d8::/29 maxlen: 29
2a00:1da8::/32 maxlen: 32
2a00:b2a0::/32 maxlen: 32
2a02:840::/32 maxlen: 32
2a05:acc0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:ea:bd:00:a4:85:bb:7a:89:bb:ed:df:47:29:49:3a:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=80f9a24bd26cc8217518a11f598e6372025e8ae9
Validity
Not Before: Mar 31 05:46:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=96a199c20daa41bd37ff21e0726013964df231ed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:d5:8b:48:9f:6a:e9:20:3e:ca:e7:0b:c4:92:
90:a0:c8:ed:f7:31:a5:32:a7:ea:fa:55:48:2e:96:
f6:4f:3e:14:0d:fb:f6:10:1c:f3:18:fb:ec:c1:df:
de:2d:68:fb:67:01:fa:6e:06:ca:ea:49:c4:7d:52:
d9:68:4d:de:6e:dc:d9:4b:09:7b:c2:ac:60:f8:20:
88:07:57:d5:0a:53:a4:2e:97:77:2c:17:f8:fa:b9:
15:bb:4d:da:c7:89:da:bb:72:f8:ea:d2:be:a7:d9:
ce:16:f2:9e:68:cd:09:59:0d:d6:9b:40:dd:c9:bf:
ca:72:f2:ea:de:53:33:74:51:53:54:d8:ba:c3:64:
7b:15:a4:0e:24:fe:26:23:c3:7c:d1:31:8b:41:6d:
4a:8d:29:7b:a8:19:f6:35:b7:4d:2d:eb:6e:e5:54:
c1:54:91:8a:8c:52:74:98:0e:35:ac:4d:40:4b:62:
5b:78:ad:0f:55:81:d9:bb:0c:d0:04:67:2b:fe:5b:
c5:58:8b:c7:82:68:1b:99:8d:7d:d2:78:0e:d0:3d:
55:71:42:34:f3:5e:29:1b:09:84:d5:2f:8f:2c:05:
ad:d9:91:6a:c6:8b:6b:74:5e:2d:90:29:0e:e2:5a:
a3:51:b7:4b:49:8a:ff:8e:7b:c6:8f:5b:4a:1b:26:
9c:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:A1:99:C2:0D:AA:41:BD:37:FF:21:E0:72:60:13:96:4D:F2:31:ED
X509v3 Authority Key Identifier:
keyid:80:F9:A2:4B:D2:6C:C8:21:75:18:A1:1F:59:8E:63:72:02:5E:8A:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gPmiS9JsyCF1GKEfWY5jcgJeiuk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/lqGZwg2qQb03_yHgcmATlk3yMe0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/gPmiS9JsyCF1GKEfWY5jcgJeiuk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.15.128.0/17
46.150.32.0/19
46.182.224.0/21
77.38.0.0/17
77.73.104.0/22
77.111.0.0/18
78.153.32.0/19
82.149.0.0/19
82.192.32.0/19
84.20.224.0/19
84.52.128.0/18
86.58.0.0/17
87.119.128.0/19
91.132.208.0/22
91.185.192.0/19
91.237.132.0/22
92.53.128.0/19
92.63.16.0/20
94.140.64.0/19
95.143.144.0/20
176.57.92.0/22
176.76.0.0/16
178.79.64.0/18
185.30.136.0/22
185.65.228.0/22
185.66.148.0/22
185.72.60.0/22
185.79.228.0/22
185.85.148.0/22
185.97.68.0/22
193.111.220.0/22
194.152.0.0/19
195.47.228.0/24
212.85.160.0/19
213.143.64.0/19
213.161.0.0/19
213.172.224.0/19
217.72.64.0/19
IPv6:
2001:1688::/29
2a00:fc0::/32
2a00:13d8::/29
2a00:1da8::/32
2a00:b2a0::/32
2a02:840::/32
2a05:acc0::/29
Signature Algorithm: sha256WithRSAEncryption
48:1f:a6:8c:68:f6:bf:dc:60:23:da:16:57:c6:00:7e:16:90:
b1:e1:23:f0:90:50:32:be:a7:0f:17:d5:75:f1:6c:68:90:f4:
43:58:77:55:11:ea:97:c1:68:bb:8e:bf:ff:d7:7a:74:8c:d0:
5e:46:d3:5b:3c:25:13:b4:22:1e:e5:1b:de:ed:3f:d2:93:de:
c0:5d:77:e7:be:b7:d9:e6:d0:7a:c6:3e:18:b3:4b:66:4a:0c:
19:4f:04:a1:48:e5:76:c5:91:53:e8:20:81:72:de:df:47:e9:
6c:90:21:66:39:1f:e9:fc:10:66:9d:ff:93:a2:59:2c:06:99:
97:a5:f7:0b:a3:0f:ac:a8:ba:b4:ad:2e:e4:ae:9a:8b:ca:25:
f3:92:57:96:91:88:e6:0f:64:32:2b:2e:1d:aa:58:3e:c1:16:
66:b0:74:87:9c:b2:dd:1a:f5:21:3a:8d:e5:1b:5a:8b:58:b3:
ba:bf:c4:31:cd:ab:e8:28:26:e9:96:42:c3:87:4d:8a:57:85:
20:ed:08:12:64:52:a4:54:52:25:87:27:d6:39:ad:d7:97:55:
3e:6d:29:37:ad:db:3c:17:0d:6b:a6:a0:c5:2f:2c:82:ea:9c:
fe:44:ef:23:2e:4c:11:38:b2:05:8d:95:88:03:03:6a:22:1e:
29:ea:12:4d
-----BEGIN CERTIFICATE-----
MIIGGzCCBQOgAwIBAgISAZXqvQCkhbt6ibvt30cpSTraMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZjlhMjRiZDI2Y2M4MjE3NTE4YTExZjU5OGU2MzcyMDI1
ZThhZTkwHhcNMjUwMzMxMDU0NjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmExOTljMjBkYWE0MWJkMzdmZjIxZTA3MjYwMTM5NjRkZjIzMWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2NWLSJ9q6SA+yucLxJKQoMjt9zGl
Mqfq+lVILpb2Tz4UDfv2EBzzGPvswd/eLWj7ZwH6bgbK6knEfVLZaE3ebtzZSwl7
wqxg+CCIB1fVClOkLpd3LBf4+rkVu03ax4nau3L46tK+p9nOFvKeaM0JWQ3Wm0Dd
yb/KcvLq3lMzdFFTVNi6w2R7FaQOJP4mI8N80TGLQW1KjSl7qBn2NbdNLetu5VTB
VJGKjFJ0mA41rE1AS2JbeK0PVYHZuwzQBGcr/lvFWIvHgmgbmY190ngO0D1VcUI0
814pGwmE1S+PLAWt2ZFqxotrdF4tkCkO4lqjUbdLSYr/jnvGj1tKGyacvQIDAQAB
o4IDJzCCAyMwHQYDVR0OBBYEFJahmcINqkG9N/8h4HJgE5ZN8jHtMB8GA1UdIwQY
MBaAFID5okvSbMghdRihH1mOY3ICXorpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1BtaVM5SnN5Q0YxR0tFZldZNWpjZ0plaXVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9mYjIxMmEtN2E3Ni00MmUyLTg5ODkt
OTY1NTI5ZjIwZDExLzEvbHFHWndnMnFRYjAzX3lIZ2NtQVRsazN5TWUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9mYjIxMmEtN2E3Ni00MmUyLTg5ODktOTY1NTI5ZjIwZDEx
LzEvZ1BtaVM5SnN5Q0YxR0tFZldZNWpjZ0plaXVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOwYIKwYBBQUHAQcBAf8EggEqMIIBJjCB6gQCAAEwgeMD
BAcfD4ADBAUuliADBAMutuADBAdNJgADBAJNSWgDBAZNbwADBAVOmSADBAVSlQAD
BAVSwCADBAVUFOADBAZUNIADBAdWOgADBAVXd4ADBAJbhNADBAVbucADBAJb7YQD
BAVcNYADBARcPxADBAVejEADBARfj5ADBAKwOVwDAwCwTAMEBrJPQAMEArkeiAME
ArlB5AMEArlClAMEArlIPAMEArlP5AMEArlVlAMEArlhRAMEAsFv3AMEBcKYAAME
AMMv5AMEBdRVoAMEBdWPQAMEBdWhAAMEBdWs4AMEBdlIQDA3BAIAAjAxAwUDIAEW
iAMFACoAD8ADBQMqABPYAwUAKgAdqAMFACoAsqADBQAqAghAAwUDKgWswDANBgkq
hkiG9w0BAQsFAAOCAQEASB+mjGj2v9xgI9oWV8YAfhaQseEj8JBQMr6nDxfVdfFs
aJD0Q1h3VRHql8Fou46//9d6dIzQXkbTWzwlE7QiHuUb3u0/0pPewF1357632ebQ
esY+GLNLZkoMGU8EoUjldsWRU+gggXLe30fpbJAhZjkf6fwQZp3/k6JZLAaZl6X3
C6MPrKi6tK0u5K6ai8ol85JXlpGI5g9kMisuHapYPsEWZrB0h5yy3Rr1ITqN5Rta
i1izur/EMc2r6Cgm6ZZCw4dNileFIO0IEmRSpFRSJYcn1jmt15dVPm0pN63bPBcN
a6agxS8sguqc/kTvIy5METiyBY2ViAMDaiIeKeoSTQ==
-----END CERTIFICATE-----
Generated at Fri May 2 13:37:25 2025 by rpki-client