Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/KBWzQwomuLPzfymtty8k_Eg8bWY.roa
File: KBWzQwomuLPzfymtty8k_Eg8bWY.roa (raw, json)
Hash identifier: FjCHknc12R7IIIXWMTEwqPgT+Sv/wRWr785ZWmeFzFk=
Subject key identifier: 28:15:B3:43:0A:26:B8:B3:F3:7F:29:AD:B7:2F:24:FC:48:3C:6D:66
Certificate issuer: /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial: 018CC8DF2BD8A195423B9311286B4DC33028
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/KBWzQwomuLPzfymtty8k_Eg8bWY.roa
Signing time: Tue 02 Jan 2024 06:31:58 +0000
ROA not before: Tue 02 Jan 2024 06:31:58 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 1680
IP address blocks: 212.29.192.0/18 maxlen: 18
176.13.0.0/16 maxlen: 24
212.235.0.0/17 maxlen: 24
147.161.8.0/21 maxlen: 24
89.138.0.0/16 maxlen: 16
207.232.0.0/18 maxlen: 18
62.90.135.0/24 maxlen: 24
37.26.144.0/21 maxlen: 24
212.29.244.0/24 maxlen: 24
147.234.84.0/24 maxlen: 24
147.234.83.0/24 maxlen: 24
147.234.86.0/24 maxlen: 24
147.234.26.0/24 maxlen: 24
147.234.28.0/24 maxlen: 24
147.234.27.0/24 maxlen: 24
147.234.27.0/25 maxlen: 25
147.234.27.128/25 maxlen: 25
82.166.201.128/25 maxlen: 25
147.234.43.0/24 maxlen: 24
212.150.0.0/16 maxlen: 24
176.12.128.0/17 maxlen: 24
194.90.1.0/24 maxlen: 24
62.90.0.0/16 maxlen: 24
194.90.0.0/16 maxlen: 24
46.117.0.0/16 maxlen: 16
212.143.194.0/24 maxlen: 24
46.210.0.0/16 maxlen: 24
93.173.0.0/16 maxlen: 16
141.226.134.0/24 maxlen: 24
199.203.1.0/24 maxlen: 24
199.203.0.0/16 maxlen: 16
89.139.0.0/16 maxlen: 16
82.166.0.0/16 maxlen: 24
199.203.21.0/24 maxlen: 24
85.65.0.0/16 maxlen: 16
46.116.0.0/16 maxlen: 16
212.143.0.0/16 maxlen: 24
147.234.17.0/24 maxlen: 24
199.203.191.0/24 maxlen: 24
147.234.22.0/24 maxlen: 24
80.250.144.0/20 maxlen: 24
95.35.0.0/16 maxlen: 24
82.166.100.0/22 maxlen: 24
82.166.112.0/21 maxlen: 24
192.118.30.0/23 maxlen: 23
192.118.28.0/22 maxlen: 22
192.118.28.0/23 maxlen: 23
93.172.0.0/16 maxlen: 16
62.0.88.0/22 maxlen: 24
62.0.87.0/24 maxlen: 24
62.0.94.0/24 maxlen: 24
62.0.92.0/23 maxlen: 24
109.253.0.0/16 maxlen: 24
62.0.0.0/16 maxlen: 24
85.64.0.0/16 maxlen: 16
217.132.0.0/16 maxlen: 16
109.186.0.0/16 maxlen: 16
85.250.0.0/16 maxlen: 16
141.226.132.0/24 maxlen: 24
62.0.116.0/22 maxlen: 24
62.0.114.0/23 maxlen: 24
62.0.120.0/21 maxlen: 24
62.0.128.0/23 maxlen: 24
2001:4df0::/32 maxlen: 32
2a02:148::/32 maxlen: 32
2a02:149::/32 maxlen: 32
2001:4df2::/32 maxlen: 32
2001:4df3::/32 maxlen: 32
2a02:148::/29 maxlen: 32
2a02:14b::/32 maxlen: 32
2a03:c5c0::/32 maxlen: 48
2a02:14f::/32 maxlen: 32
2001:4df7::/32 maxlen: 32
2a02:14e::/32 maxlen: 32
2001:4df6::/32 maxlen: 32
2001:4df5::/32 maxlen: 32
2a02:14c::/32 maxlen: 32
2001:4df0::/29 maxlen: 32
2001:4df1::/32 maxlen: 32
2a02:14a::/32 maxlen: 32
2001:4df4::/32 maxlen: 32
2a02:14d::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:df:2b:d8:a1:95:42:3b:93:11:28:6b:4d:c3:30:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Validity
Not Before: Jan 2 06:31:58 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2815b3430a26b8b3f37f29adb72f24fc483c6d66
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:b0:82:24:57:d8:d7:6b:e9:49:21:5b:95:10:
e5:5f:1a:70:63:ec:86:9a:75:56:ec:ad:e6:16:3f:
44:dc:4d:37:12:14:f2:c1:1a:e9:50:c4:a2:22:31:
99:5f:aa:f6:23:14:a0:9c:c5:db:8a:d6:46:16:f3:
79:38:ab:b9:e7:74:3a:0d:75:ac:19:aa:07:56:c4:
1d:36:b2:d6:af:3a:57:dc:f0:e5:d8:92:fe:6f:6f:
a0:f4:1d:54:47:42:ae:a1:f7:0e:85:7d:6f:2c:ba:
c5:93:ea:a3:e9:76:23:6e:d4:88:9d:ab:f7:54:58:
dc:1f:83:77:58:0b:35:0c:9c:eb:9a:34:1b:ec:6e:
48:38:b5:a5:4d:e6:c6:48:ab:b6:fa:5a:3d:1a:af:
64:05:83:82:45:ea:9d:48:4e:93:c7:2c:ff:e2:06:
df:1c:0d:c8:65:03:aa:16:53:6e:d0:3c:a9:2c:70:
e9:bf:45:67:9b:57:c7:bc:4e:0f:b3:ea:54:e3:52:
0c:36:05:61:be:7d:d2:20:2e:d9:4d:02:4c:fe:cf:
fd:d6:52:d5:78:4f:32:7b:e9:13:c3:45:da:2f:ae:
76:f7:04:90:7f:00:62:01:b0:27:6e:ce:f6:6d:fc:
a8:47:b2:ef:61:8e:53:ce:56:6c:9b:f5:a6:96:ed:
a1:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:15:B3:43:0A:26:B8:B3:F3:7F:29:AD:B7:2F:24:FC:48:3C:6D:66
X509v3 Authority Key Identifier:
keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/KBWzQwomuLPzfymtty8k_Eg8bWY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.26.144.0/21
46.116.0.0/15
46.210.0.0/16
62.0.0.0/16
62.90.0.0/16
80.250.144.0/20
82.166.0.0/16
85.64.0.0/15
85.250.0.0/16
89.138.0.0/15
93.172.0.0/15
95.35.0.0/16
109.186.0.0/16
109.253.0.0/16
141.226.132.0/24
141.226.134.0/24
147.161.8.0/21
147.234.17.0/24
147.234.22.0/24
147.234.26.0-147.234.28.255
147.234.43.0/24
147.234.83.0-147.234.84.255
147.234.86.0/24
176.12.128.0-176.13.255.255
192.118.28.0/22
194.90.0.0/16
199.203.0.0/16
207.232.0.0/18
212.29.192.0/18
212.143.0.0/16
212.150.0.0/16
212.235.0.0/17
217.132.0.0/16
IPv6:
2001:4df0::/29
2a02:148::/29
2a03:c5c0::/32
Signature Algorithm: sha256WithRSAEncryption
7c:e4:09:fb:5d:45:01:ca:b4:6b:f1:4a:e9:ac:3d:56:bb:a9:
2a:d2:d9:7f:92:8b:08:9d:fa:22:7a:a4:ab:91:d1:c6:68:11:
cc:46:6e:0b:d8:b0:d6:36:9c:90:3c:fc:32:6a:fb:41:10:fa:
a0:0e:55:cd:b7:a3:fe:62:5f:15:4d:f3:da:1b:cb:2f:c3:9c:
d7:89:70:f7:34:5a:39:f3:74:6d:3d:b4:04:41:7d:f8:fe:a9:
fc:15:d5:d8:e9:88:69:ef:b1:1a:76:e8:aa:95:7c:0d:a9:cc:
da:95:68:32:81:54:9d:f2:75:ba:2c:78:49:35:bf:d5:68:a3:
a0:81:1a:c6:46:72:96:b6:ef:d2:d2:f0:5f:84:35:93:5f:12:
39:eb:0b:21:6b:8d:f3:28:cc:54:8f:a7:8b:bf:bd:a5:7f:4b:
fe:68:61:26:e4:c3:c5:94:6e:70:ec:61:a1:8a:66:1c:e8:30:
e3:b6:16:00:3f:71:b2:1d:ed:12:9a:41:c8:de:af:20:c0:ec:
98:58:e2:22:58:8b:c8:dd:0d:2f:66:e9:9f:80:c4:bb:eb:2b:
a8:ad:8f:52:53:47:64:fc:6b:89:35:08:63:75:48:dd:40:f3:
db:ed:81:6e:49:c6:fa:d8:d5:8c:8d:94:99:45:a1:cc:0b:fc:
16:77:b7:90
-----BEGIN CERTIFICATE-----
MIIF5jCCBM6gAwIBAgISAYzI3yvYoZVCO5MRKGtNwzAoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjQwMTAyMDYzMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODE1YjM0MzBhMjZiOGIzZjM3ZjI5YWRiNzJmMjRmYzQ4M2M2ZDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7CCJFfY12vpSSFblRDlXxpwY+yG
mnVW7K3mFj9E3E03EhTywRrpUMSiIjGZX6r2IxSgnMXbitZGFvN5OKu553Q6DXWs
GaoHVsQdNrLWrzpX3PDl2JL+b2+g9B1UR0KuofcOhX1vLLrFk+qj6XYjbtSInav3
VFjcH4N3WAs1DJzrmjQb7G5IOLWlTebGSKu2+lo9Gq9kBYOCReqdSE6Txyz/4gbf
HA3IZQOqFlNu0DypLHDpv0Vnm1fHvE4Ps+pU41IMNgVhvn3SIC7ZTQJM/s/91lLV
eE8ye+kTw0XaL6529wSQfwBiAbAnbs72bfyoR7LvYY5TzlZsm/Wmlu2hYwIDAQAB
o4IC8jCCAu4wHQYDVR0OBBYEFCgVs0MKJriz838prbcvJPxIPG1mMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvS0JXelF3b211TFB6ZnltdHR5OGtfRWc4YldZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBBgYIKwYBBQUHAQcBAf8EgfYwgfMwgdMEAgABMIHMAwQD
JRqQAwMBLnQDAwAu0gMDAD4AAwMAPloDBARQ+pADAwBSpgMDAVVAAwMAVfoDAwFZ
igMDAV2sAwMAXyMDAwBtugMDAG39AwQAjeKEAwQAjeKGAwQDk6EIAwQAk+oRAwQA
k+oWMAwDBAGT6hoDBACT6hwDBACT6iswDAMEAJPqUwMEAJPqVAMEAJPqVjALAwQH
sAyAAwMBsAwDBALAdhwDAwDCWgMDAMfLAwQGz+gAAwQG1B3AAwMA1I8DAwDUlgME
B9TrAAMDANmEMBsEAgACMBUDBQMgAU3wAwUDKgIBSAMFACoDxcAwDQYJKoZIhvcN
AQELBQADggEBAHzkCftdRQHKtGvxSumsPVa7qSrS2X+Siwid+iJ6pKuR0cZoEcxG
bgvYsNY2nJA8/DJq+0EQ+qAOVc23o/5iXxVN89obyy/DnNeJcPc0WjnzdG09tARB
ffj+qfwV1djpiGnvsRp26KqVfA2pzNqVaDKBVJ3ydboseEk1v9Voo6CBGsZGcpa2
79LS8F+ENZNfEjnrCyFrjfMozFSPp4u/vaV/S/5oYSbkw8WUbnDsYaGKZhzoMOO2
FgA/cbId7RKaQcjeryDA7JhY4iJYi8jdDS9m6Z+AxLvrK6itj1JTR2T8a4k1CGN1
SN1A89vtgW5JxvrY1YyNlJlFocwL/BZ3t5A=
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:46:20 2025 by rpki-client