Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/SWMGNApUId3BIhl0r2w17VxrLsA.roa
File: SWMGNApUId3BIhl0r2w17VxrLsA.roa (raw, json)
Hash identifier: k2HP2skx0MG4fSgcNdsbOHGq9yot/7qrL3nFGy8LpDM=
Subject key identifier: 49:63:06:34:0A:54:21:DD:C1:22:19:74:AF:6C:35:ED:5C:6B:2E:C0
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018A6AFFF76CFC7EFF516916D93EFBF68738
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/SWMGNApUId3BIhl0r2w17VxrLsA.roa
Signing time: Wed 06 Sep 2023 14:57:54 +0000
ROA not before: Wed 06 Sep 2023 14:57:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 213035
IP address blocks: 212.193.29.0/24 maxlen: 24
194.87.132.0/24 maxlen: 24
195.133.16.0/24 maxlen: 24
212.192.218.0/24 maxlen: 24
212.192.216.0/24 maxlen: 24
195.133.17.0/24 maxlen: 24
212.192.219.0/24 maxlen: 24
212.192.217.0/24 maxlen: 24
212.192.240.0/24 maxlen: 24
212.192.243.0/24 maxlen: 24
195.133.42.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:6a:ff:f7:6c:fc:7e:ff:51:69:16:d9:3e:fb:f6:87:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Sep 6 14:57:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=496306340a5421ddc1221974af6c35ed5c6b2ec0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:3a:17:95:7f:15:2f:4f:65:24:0a:fb:2c:3c:
a8:78:58:34:89:0b:e7:6f:15:18:75:f1:c4:d5:97:
30:8f:af:3a:ab:5f:7a:c0:56:ec:9e:51:1b:23:3a:
45:26:a4:ce:98:f2:c2:ff:bb:31:24:62:4a:e4:cf:
0c:49:e4:b6:e6:f2:3b:07:47:69:44:7c:90:d6:c2:
0c:1b:19:41:6a:e4:47:b2:26:1e:27:bf:1f:ee:0e:
de:80:92:6a:33:04:a7:42:96:96:e6:8c:62:81:5b:
21:9e:af:58:fc:20:fb:73:49:17:18:ee:35:1d:7e:
a3:a8:c5:57:3c:01:db:e0:71:9a:72:cf:50:e1:75:
fe:8b:1b:ca:d7:99:30:10:c5:70:49:70:71:d0:37:
ac:1d:f9:aa:9c:53:50:be:8b:1b:90:2e:e3:72:2b:
37:9b:a9:16:03:91:9f:56:88:0a:7f:d2:79:99:cc:
98:e6:7d:a4:08:a8:36:0f:e7:34:34:67:be:f1:71:
26:30:25:76:4a:ab:bc:53:f1:99:7a:ce:12:c4:ff:
5c:d5:7a:b4:cf:e4:4c:33:50:30:0f:8d:75:49:81:
e7:89:2c:25:db:3b:77:73:b1:4f:33:2f:e7:4b:b6:
ed:96:c6:14:d2:c3:89:fc:93:2e:08:e2:57:42:fa:
60:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:63:06:34:0A:54:21:DD:C1:22:19:74:AF:6C:35:ED:5C:6B:2E:C0
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/SWMGNApUId3BIhl0r2w17VxrLsA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.87.132.0/24
195.133.16.0/23
195.133.42.0/24
212.192.216.0/22
212.192.240.0/24
212.192.243.0/24
212.193.29.0/24
Signature Algorithm: sha256WithRSAEncryption
03:37:69:9b:84:88:87:2c:cb:85:b1:c4:02:01:61:fa:db:89:
d5:63:45:1c:79:a8:d1:0c:47:30:73:64:a4:14:24:d8:a5:a5:
11:a9:1b:7d:d0:a6:0c:8e:8b:c6:fe:6b:7e:7e:0b:32:06:ad:
6e:33:f7:b9:77:d4:c3:77:3f:17:58:b6:c3:5c:6b:93:a1:2f:
3d:7d:99:aa:62:69:2c:b9:ab:a2:4b:0c:f7:59:aa:f7:48:1c:
2d:9c:f4:d8:30:6d:f9:e5:af:20:2b:2b:05:09:a4:70:45:be:
42:27:68:4c:ce:c7:24:8e:5a:4b:aa:de:d8:c3:78:aa:ba:21:
c5:46:69:fd:56:d6:b0:64:93:c7:32:56:6a:fa:b9:e0:4e:c2:
52:25:55:d0:e0:a5:aa:c5:0e:34:f0:15:77:74:55:99:d6:1c:
b9:ce:20:d1:bf:d9:72:ca:c5:86:3d:bd:a2:39:64:87:92:e0:
3c:9a:ae:7f:78:5b:97:12:b6:e7:7b:5a:10:60:b3:e0:e7:d1:
8f:93:f8:5d:0e:12:bc:c1:1a:2b:f7:0d:ae:9e:e5:6a:b3:95:
2e:7e:af:88:9f:54:4b:db:a0:cc:da:a4:31:31:ac:dd:1a:fa:
ec:81:ef:3f:44:5b:ed:44:49:a1:49:ca:97:8e:0b:da:00:b2:
77:1b:ee:22
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYpq//ds/H7/UWkW2T779oc4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwOTA2MTQ1NzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTYzMDYzNDBhNTQyMWRkYzEyMjE5NzRhZjZjMzVlZDVjNmIyZWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijoXlX8VL09lJAr7LDyoeFg0iQvn
bxUYdfHE1Zcwj686q196wFbsnlEbIzpFJqTOmPLC/7sxJGJK5M8MSeS25vI7B0dp
RHyQ1sIMGxlBauRHsiYeJ78f7g7egJJqMwSnQpaW5oxigVshnq9Y/CD7c0kXGO41
HX6jqMVXPAHb4HGacs9Q4XX+ixvK15kwEMVwSXBx0DesHfmqnFNQvosbkC7jcis3
m6kWA5GfVogKf9J5mcyY5n2kCKg2D+c0NGe+8XEmMCV2Squ8U/GZes4SxP9c1Xq0
z+RMM1AwD411SYHniSwl2zt3c7FPMy/nS7btlsYU0sOJ/JMuCOJXQvpgjQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFEljBjQKVCHdwSIZdK9sNe1cay7AMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvU1dNR05BcFVJZDNCSWhsMHIydzE3VnhyTHNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAwleEAwQB
w4UQAwQAw4UqAwQC1MDYAwQA1MDwAwQA1MDzAwQA1MEdMA0GCSqGSIb3DQEBCwUA
A4IBAQADN2mbhIiHLMuFscQCAWH624nVY0UceajRDEcwc2SkFCTYpaURqRt90KYM
jovG/mt+fgsyBq1uM/e5d9TDdz8XWLbDXGuToS89fZmqYmksuauiSwz3War3SBwt
nPTYMG355a8gKysFCaRwRb5CJ2hMzsckjlpLqt7Yw3iquiHFRmn9VtawZJPHMlZq
+rngTsJSJVXQ4KWqxQ408BV3dFWZ1hy5ziDRv9lyysWGPb2iOWSHkuA8mq5/eFuX
Erbne1oQYLPg59GPk/hdDhK8wRor9w2unuVqs5Uufq+In1RL26DM2qQxMazdGvrs
ge8/RFvtREmhScqXjgvaALJ3G+4i
-----END CERTIFICATE-----
Generated at Mon Jun 16 13:15:29 2025 by rpki-client