Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KwZ8kQWIkBrHqwmnig8RMHvTh-0.roa
File: KwZ8kQWIkBrHqwmnig8RMHvTh-0.roa (raw, json)
Hash identifier: RDR8Rwl1mYpCvOpu9R9gHdgjrYTXfDyR2xHPLqbZ9n0=
Subject key identifier: 2B:06:7C:91:05:88:90:1A:C7:AB:09:A7:8A:0F:11:30:7B:D3:87:ED
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0193C0B4B075F4507642784990FC2AFCDC4C
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KwZ8kQWIkBrHqwmnig8RMHvTh-0.roa
Signing time: Fri 13 Dec 2024 15:48:07 +0000
ROA not before: Fri 13 Dec 2024 15:48:07 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 26383
IP address blocks: 62.76.234.0/24 maxlen: 24
62.76.239.0/24 maxlen: 24
185.72.8.0/24 maxlen: 24
192.124.176.0/24 maxlen: 24
192.124.209.0/24 maxlen: 24
193.124.22.0/24 maxlen: 24
193.124.41.0/24 maxlen: 24
193.124.46.0/24 maxlen: 24
193.124.49.0/24 maxlen: 24
194.58.34.0/24 maxlen: 24
194.58.38.0/24 maxlen: 24
194.58.39.0/24 maxlen: 24
194.58.40.0/24 maxlen: 24
194.58.44.0/24 maxlen: 24
194.58.45.0/24 maxlen: 24
194.58.46.0/24 maxlen: 24
194.58.59.0/24 maxlen: 24
194.58.66.0/24 maxlen: 24
194.58.68.0/24 maxlen: 24
194.87.10.0/24 maxlen: 24
194.87.18.0/24 maxlen: 24
194.87.30.0/24 maxlen: 24
194.87.39.0/24 maxlen: 24
194.87.47.0/24 maxlen: 24
194.87.58.0/24 maxlen: 24
194.87.82.0/24 maxlen: 24
194.87.178.0/24 maxlen: 24
194.87.198.0/24 maxlen: 24
194.87.227.0/24 maxlen: 24
194.87.230.0/24 maxlen: 24
194.87.245.0/24 maxlen: 24
195.133.67.0/24 maxlen: 24
195.133.92.0/24 maxlen: 24
212.192.215.0/24 maxlen: 24
212.192.221.0/24 maxlen: 24
212.192.223.0/24 maxlen: 24
212.193.1.0/24 maxlen: 24
212.193.2.0/24 maxlen: 24
212.193.6.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:c0:b4:b0:75:f4:50:76:42:78:49:90:fc:2a:fc:dc:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 13 15:48:07 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2b067c910588901ac7ab09a78a0f11307bd387ed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:80:58:30:5f:54:6f:87:32:23:d5:59:ec:8d:
01:fc:87:92:b3:98:cc:90:9e:2a:b4:b7:e7:bc:fa:
da:5d:f4:71:85:6e:e5:d1:c3:60:b9:8f:2d:3e:c8:
2b:19:b4:47:27:cf:86:6d:93:c3:59:d5:8e:e5:69:
cd:33:e9:70:e3:86:5a:10:3f:65:36:0e:3b:e2:cd:
da:e4:99:66:23:a9:10:7c:65:bf:c5:6e:f3:80:3a:
2b:7b:5a:b6:46:c7:d3:bb:05:1d:09:8a:15:73:79:
40:5e:84:50:9c:93:2f:07:90:a8:be:48:49:00:bc:
50:bc:4e:74:57:5f:8f:8f:92:c3:fe:43:8e:5e:c7:
70:7f:1a:ce:59:22:be:9e:52:6b:e3:4d:d0:48:96:
b7:0d:fa:c2:9f:ec:63:bc:c2:9a:b2:f8:43:91:ea:
1e:ae:f0:bf:ad:fd:89:bf:b5:e5:a8:a7:2e:77:ec:
b8:9f:4e:2b:38:2b:18:b7:a6:35:7b:df:b9:a3:fb:
2c:7f:06:66:53:59:88:43:5f:b5:c0:37:48:bf:d8:
fd:71:06:4a:f2:5c:92:39:7e:74:3b:d8:9f:59:d0:
89:48:07:24:42:62:97:2e:f1:5e:ee:eb:a3:2e:fb:
10:a5:15:cd:6c:c4:e0:3c:89:06:c5:a2:47:2f:d0:
0c:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:06:7C:91:05:88:90:1A:C7:AB:09:A7:8A:0F:11:30:7B:D3:87:ED
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KwZ8kQWIkBrHqwmnig8RMHvTh-0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.234.0/24
62.76.239.0/24
185.72.8.0/24
192.124.176.0/24
192.124.209.0/24
193.124.22.0/24
193.124.41.0/24
193.124.46.0/24
193.124.49.0/24
194.58.34.0/24
194.58.38.0-194.58.40.255
194.58.44.0-194.58.46.255
194.58.59.0/24
194.58.66.0/24
194.58.68.0/24
194.87.10.0/24
194.87.18.0/24
194.87.30.0/24
194.87.39.0/24
194.87.47.0/24
194.87.58.0/24
194.87.82.0/24
194.87.178.0/24
194.87.198.0/24
194.87.227.0/24
194.87.230.0/24
194.87.245.0/24
195.133.67.0/24
195.133.92.0/24
212.192.215.0/24
212.192.221.0/24
212.192.223.0/24
212.193.1.0-212.193.2.255
212.193.6.0/24
Signature Algorithm: sha256WithRSAEncryption
04:32:21:72:b7:75:a8:25:5f:59:f1:89:8a:31:49:60:a2:fd:
5a:24:1f:4f:0c:d2:e1:12:81:6a:58:e7:82:7d:33:ba:3d:82:
00:5e:30:f8:ad:5d:1b:06:f1:c2:3e:a0:59:55:bc:8e:23:73:
1f:cd:07:87:54:0c:34:be:ce:88:7f:8a:57:48:82:ed:01:82:
50:56:52:63:a2:0b:bd:60:4e:1c:f1:10:06:13:2a:70:90:26:
9a:88:f1:09:b4:f7:fa:a0:3c:d2:d8:94:6e:a7:13:b9:6e:df:
94:68:bc:e8:ad:00:eb:a3:d3:3d:ed:30:95:49:f6:ec:a8:17:
99:1f:e7:41:7d:b9:df:df:39:b1:c9:9f:63:df:d5:42:f9:5e:
a2:68:75:bf:03:98:7d:68:e5:bc:b4:98:68:b4:a3:e1:cd:b8:
24:d6:53:99:ba:34:ee:71:d8:12:e0:4c:13:0f:e5:a8:39:c7:
c1:29:84:25:7c:6f:87:63:f2:1e:b7:e5:e8:d0:d2:1c:52:c0:
d1:cb:7e:4b:13:3a:57:1a:d7:8e:e0:ec:0a:98:d3:6c:05:92:
d1:59:e3:be:20:5d:af:c9:ff:9b:e5:f4:91:11:49:2a:23:43:
2f:a3:85:4a:38:b0:de:f7:68:0b:66:1b:b2:c8:fa:87:1b:30:
db:5c:cf:e5
-----BEGIN CERTIFICATE-----
MIIF4TCCBMmgAwIBAgISAZPAtLB19FB2QnhJkPwq/NxMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjEzMTU0ODA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjA2N2M5MTA1ODg5MDFhYzdhYjA5YTc4YTBmMTEzMDdiZDM4N2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4BYMF9Ub4cyI9VZ7I0B/IeSs5jM
kJ4qtLfnvPraXfRxhW7l0cNguY8tPsgrGbRHJ8+GbZPDWdWO5WnNM+lw44ZaED9l
Ng474s3a5JlmI6kQfGW/xW7zgDore1q2RsfTuwUdCYoVc3lAXoRQnJMvB5CovkhJ
ALxQvE50V1+Pj5LD/kOOXsdwfxrOWSK+nlJr403QSJa3DfrCn+xjvMKasvhDkeoe
rvC/rf2Jv7XlqKcud+y4n04rOCsYt6Y1e9+5o/ssfwZmU1mIQ1+1wDdIv9j9cQZK
8lySOX50O9ifWdCJSAckQmKXLvFe7uujLvsQpRXNbMTgPIkGxaJHL9AMlQIDAQAB
o4IC7TCCAukwHQYDVR0OBBYEFCsGfJEFiJAax6sJp4oPETB704ftMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvS3daOGtRV0lrQnJIcXdtbmlnOFJNSHZUaC0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBAQYIKwYBBQUHAQcBAf8EgfEwge4wgesEAgABMIHkAwQA
PkzqAwQAPkzvAwQAuUgIAwQAwHywAwQAwHzRAwQAwXwWAwQAwXwpAwQAwXwuAwQA
wXwxAwQAwjoiMAwDBAHCOiYDBADCOigwDAMEAsI6LAMEAMI6LgMEAMI6OwMEAMI6
QgMEAMI6RAMEAMJXCgMEAMJXEgMEAMJXHgMEAMJXJwMEAMJXLwMEAMJXOgMEAMJX
UgMEAMJXsgMEAMJXxgMEAMJX4wMEAMJX5gMEAMJX9QMEAMOFQwMEAMOFXAMEANTA
1wMEANTA3QMEANTA3zAMAwQA1MEBAwQA1MECAwQA1MEGMA0GCSqGSIb3DQEBCwUA
A4IBAQAEMiFyt3WoJV9Z8YmKMUlgov1aJB9PDNLhEoFqWOeCfTO6PYIAXjD4rV0b
BvHCPqBZVbyOI3MfzQeHVAw0vs6If4pXSILtAYJQVlJjogu9YE4c8RAGEypwkCaa
iPEJtPf6oDzS2JRupxO5bt+UaLzorQDro9M97TCVSfbsqBeZH+dBfbnf3zmxyZ9j
39VC+V6iaHW/A5h9aOW8tJhotKPhzbgk1lOZujTucdgS4EwTD+WoOcfBKYQlfG+H
Y/Iet+Xo0NIcUsDRy35LEzpXGteO4OwKmNNsBZLRWeO+IF2vyf+b5fSREUkqI0Mv
o4VKOLDe92gLZhuyyPqHGzDbXM/l
-----END CERTIFICATE-----
Generated at Mon Jun 16 15:48:59 2025 by rpki-client