Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/Z3zPkqZqnuZk9gCRrTdW4pKJpzY.roa
File: Z3zPkqZqnuZk9gCRrTdW4pKJpzY.roa (raw, json)
Hash identifier: W/5/uCZRgH0d8RYTJjfoNzZhbwk+k86zFqot/Zxvc1g=
Subject key identifier: 67:7C:CF:92:A6:6A:9E:E6:64:F6:00:91:AD:37:56:E2:92:89:A7:36
Certificate issuer: /CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
Certificate serial: 018571D7BF6D9618A315626D40C2A65B742D
Authority key identifier: 08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/Z3zPkqZqnuZk9gCRrTdW4pKJpzY.roa
Signing time: Mon 02 Jan 2023 09:37:22 +0000
ROA not before: Mon 02 Jan 2023 09:37:22 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44285
IP address blocks: 45.140.224.0/22 maxlen: 22
45.87.4.0/22 maxlen: 22
185.18.213.0/24 maxlen: 24
185.18.212.0/22 maxlen: 22
185.18.212.0/24 maxlen: 24
185.18.215.0/24 maxlen: 24
185.18.214.0/24 maxlen: 24
37.32.32.0/24 maxlen: 24
37.32.33.0/24 maxlen: 24
37.32.32.0/21 maxlen: 21
37.32.32.0/22 maxlen: 22
37.32.36.0/22 maxlen: 22
37.32.37.0/24 maxlen: 24
37.32.38.0/24 maxlen: 24
37.32.36.0/24 maxlen: 24
37.32.35.0/24 maxlen: 24
37.32.34.0/24 maxlen: 24
37.32.39.0/24 maxlen: 24
185.51.201.0/24 maxlen: 24
185.51.200.0/24 maxlen: 24
185.51.203.0/24 maxlen: 24
185.51.202.0/24 maxlen: 24
86.57.120.0/23 maxlen: 23
86.57.122.0/23 maxlen: 23
86.57.96.0/20 maxlen: 20
86.57.112.0/23 maxlen: 23
86.57.114.0/23 maxlen: 23
86.57.116.0/22 maxlen: 22
217.172.124.0/23 maxlen: 23
217.172.120.0/24 maxlen: 24
217.172.120.0/21 maxlen: 21
217.172.127.0/24 maxlen: 24
217.172.126.0/23 maxlen: 23
45.9.253.0/24 maxlen: 24
45.9.252.0/24 maxlen: 24
45.9.254.0/24 maxlen: 24
37.75.246.0/24 maxlen: 24
37.75.245.0/24 maxlen: 24
37.75.244.0/24 maxlen: 24
37.75.244.0/22 maxlen: 22
37.75.243.0/24 maxlen: 24
37.75.247.0/24 maxlen: 24
195.110.38.0/24 maxlen: 24
195.110.38.0/23 maxlen: 23
195.110.39.0/24 maxlen: 24
185.182.250.0/24 maxlen: 24
185.182.250.0/23 maxlen: 23
185.182.248.0/22 maxlen: 22
185.182.248.0/23 maxlen: 23
185.182.251.0/24 maxlen: 24
91.236.168.0/23 maxlen: 23
91.236.169.0/24 maxlen: 24
91.236.168.0/24 maxlen: 24
46.28.74.0/24 maxlen: 24
46.28.73.0/24 maxlen: 24
46.28.72.0/24 maxlen: 24
46.28.72.0/21 maxlen: 24
185.121.128.0/22 maxlen: 24
185.121.128.0/24 maxlen: 24
185.121.131.0/24 maxlen: 24
185.121.130.0/24 maxlen: 24
185.121.129.0/24 maxlen: 24
88.135.38.0/24 maxlen: 24
88.135.37.0/24 maxlen: 24
185.141.132.0/24 maxlen: 24
185.141.134.0/24 maxlen: 24
185.141.133.0/24 maxlen: 24
185.141.135.0/24 maxlen: 24
84.47.226.0/24 maxlen: 24
84.47.224.0/22 maxlen: 22
84.47.225.0/24 maxlen: 24
84.47.224.0/21 maxlen: 21
84.47.224.0/24 maxlen: 24
188.209.152.0/23 maxlen: 23
84.47.231.0/24 maxlen: 24
84.47.227.0/24 maxlen: 24
84.47.230.0/24 maxlen: 24
84.47.229.0/24 maxlen: 24
84.47.228.0/24 maxlen: 24
84.47.228.0/22 maxlen: 22
88.135.39.0/24 maxlen: 24
185.128.138.0/24 maxlen: 24
185.128.137.0/24 maxlen: 24
185.128.136.0/24 maxlen: 24
185.128.139.0/24 maxlen: 24
2a02:828::/32 maxlen: 32
2a02:829::/32 maxlen: 32
2a02:82b::/32 maxlen: 32
2a02:82f::/32 maxlen: 32
2a02:828:1::/48 maxlen: 48
2a02:82a::/32 maxlen: 32
2a02:828::/29 maxlen: 29
2a02:828::/64 maxlen: 64
2a02:828::/48 maxlen: 48
2a02:82e::/32 maxlen: 32
2a02:82c::/32 maxlen: 32
2a02:82d::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:d7:bf:6d:96:18:a3:15:62:6d:40:c2:a6:5b:74:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
Validity
Not Before: Jan 2 09:37:22 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=677ccf92a66a9ee664f60091ad3756e29289a736
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:26:09:56:8a:7e:0f:14:1e:ac:aa:d6:0a:44:
3a:d2:e8:b2:52:e4:57:84:91:b0:b2:06:80:ad:69:
9d:9c:c0:a5:d0:cb:98:fa:51:83:7b:46:0f:86:92:
c4:e9:dd:69:70:af:c6:a5:df:1a:36:95:1a:60:d0:
e1:fc:24:56:1e:75:21:50:6e:ed:ef:a3:13:74:33:
9a:26:26:eb:9a:9c:8d:bf:24:4c:b9:34:5b:a2:2b:
be:e2:04:88:5e:0b:ff:52:e2:19:20:fd:07:c8:90:
ce:d3:6b:7f:2b:95:84:df:8e:f6:f0:37:8c:8e:cc:
5d:cb:6b:b5:23:10:0e:27:fc:cc:56:75:04:1d:38:
ef:24:df:17:07:86:76:8c:f8:40:cc:13:2e:35:bd:
f5:5e:52:dd:d5:6c:c5:81:3b:e5:29:71:48:78:34:
f5:08:01:18:f0:f1:79:ef:18:21:12:ce:bc:c7:2c:
b3:ba:46:7a:48:51:a5:ba:a0:29:23:1f:ea:ae:b4:
93:4d:b0:c1:4c:e7:48:2e:6d:2f:ee:61:8a:a9:ce:
73:83:ac:82:a8:d4:50:fe:43:0e:74:e7:14:70:1a:
21:fe:c3:5c:22:6c:b9:8f:11:5a:9f:96:d8:33:37:
d6:13:91:2f:64:8b:5d:af:bf:bb:a4:53:b9:17:ef:
e3:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:7C:CF:92:A6:6A:9E:E6:64:F6:00:91:AD:37:56:E2:92:89:A7:36
X509v3 Authority Key Identifier:
keyid:08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/Z3zPkqZqnuZk9gCRrTdW4pKJpzY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.32.32.0/21
37.75.243.0-37.75.247.255
45.9.252.0-45.9.254.255
45.87.4.0/22
45.140.224.0/22
46.28.72.0/21
84.47.224.0/21
86.57.96.0-86.57.123.255
88.135.37.0-88.135.39.255
91.236.168.0/23
185.18.212.0/22
185.51.200.0/22
185.121.128.0/22
185.128.136.0/22
185.141.132.0/22
185.182.248.0/22
188.209.152.0/23
195.110.38.0/23
217.172.120.0/21
IPv6:
2a02:828::/29
Signature Algorithm: sha256WithRSAEncryption
ad:0c:de:07:f4:1e:42:29:6e:9f:4a:12:d1:f2:5c:12:51:74:
45:ca:32:f8:93:e3:7b:34:87:f6:e1:2d:de:52:bb:ae:82:24:
c9:62:c7:94:6a:55:fc:b8:93:7b:b6:41:d3:09:6a:70:99:22:
3a:88:f3:fe:8f:76:79:52:5c:07:75:83:66:25:f7:5b:ab:ed:
95:61:80:32:5c:40:5a:d3:aa:48:69:38:67:3b:f3:45:30:a4:
2b:3d:2e:ca:85:0e:b0:d7:cc:61:f2:f7:b0:3f:96:85:ab:42:
91:c2:68:58:3f:07:3b:b3:ea:0e:4e:be:5d:15:a6:f6:ff:ea:
6f:bc:09:e0:53:66:fb:4a:82:6f:50:cf:0f:56:cb:10:50:7d:
ed:7a:1f:a7:a8:88:4b:15:29:ce:0e:86:36:5c:9f:ae:d7:1f:
77:fd:1f:f3:46:55:0a:6a:9a:41:57:16:c1:58:3e:96:2a:77:
59:00:7d:f0:b2:88:c6:08:9c:83:57:fb:c1:18:ba:84:2b:91:
20:76:f1:5d:90:d8:ac:ce:1b:7a:21:35:ef:7f:c2:bc:ff:44:
4b:c7:f9:cf:23:94:4c:45:1b:66:d5:ca:eb:4c:ad:cf:4b:39:
dc:c3:9d:56:49:96:c2:ac:f7:42:a3:f3:9c:f1:06:02:f7:0f:
5b:26:e3:d7
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgISAYVx179tlhijFWJtQMKmW3QtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MWI3YTIyZTUxY2ZiOWNmODQyMDVlNDQ0OTk5OGFkNTVk
OGYwNjUwHhcNMjMwMTAyMDkzNzIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzdjY2Y5MmE2NmE5ZWU2NjRmNjAwOTFhZDM3NTZlMjkyODlhNzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhyYJVop+DxQerKrWCkQ60uiyUuRX
hJGwsgaArWmdnMCl0MuY+lGDe0YPhpLE6d1pcK/Gpd8aNpUaYNDh/CRWHnUhUG7t
76MTdDOaJibrmpyNvyRMuTRboiu+4gSIXgv/UuIZIP0HyJDO02t/K5WE34728DeM
jsxdy2u1IxAOJ/zMVnUEHTjvJN8XB4Z2jPhAzBMuNb31XlLd1WzFgTvlKXFIeDT1
CAEY8PF57xghEs68xyyzukZ6SFGluqApIx/qrrSTTbDBTOdILm0v7mGKqc5zg6yC
qNRQ/kMOdOcUcBoh/sNcImy5jxFan5bYMzfWE5EvZItdr7+7pFO5F+/jjwIDAQAB
o4ICqTCCAqUwHQYDVR0OBBYEFGd8z5Kmap7mZPYAka03VuKSiac2MB8GA1UdIwQY
MBaAFAgbeiLlHPuc+EIF5ESZmK1V2PBlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYt
MDM2NzI2OGZmODcxLzEvWjN6UGtxWnFudVprOWdDUnJUZFc0cEtKcHpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYtMDM2NzI2OGZmODcx
LzEvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG+BggrBgEFBQcBBwEB/wSBrjCBqzCBmQQCAAEwgZIDBAMl
ICAwDAMEACVL8wMEAyVL8DAMAwQCLQn8AwQALQn+AwQCLVcEAwQCLYzgAwQDLhxI
AwQDVC/gMAwDBAVWOWADBAJWOXgwDAMEAFiHJQMEA1iHIAMEAVvsqAMEArkS1AME
ArkzyAMEArl5gAMEArmAiAMEArmNhAMEArm2+AMEAbzRmAMEAcNuJgMEA9mseDAN
BAIAAjAHAwUDKgIIKDANBgkqhkiG9w0BAQsFAAOCAQEArQzeB/QeQilun0oS0fJc
ElF0Rcoy+JPjezSH9uEt3lK7roIkyWLHlGpV/LiTe7ZB0wlqcJkiOojz/o92eVJc
B3WDZiX3W6vtlWGAMlxAWtOqSGk4ZzvzRTCkKz0uyoUOsNfMYfL3sD+WhatCkcJo
WD8HO7PqDk6+XRWm9v/qb7wJ4FNm+0qCb1DPD1bLEFB97Xofp6iISxUpzg6GNlyf
rtcfd/0f80ZVCmqaQVcWwVg+lip3WQB98LKIxgicg1f7wRi6hCuRIHbxXZDYrM4b
eiE173/CvP9ES8f5zyOUTEUbZtXK60ytz0s53MOdVkmWwqz3QqPznPEGAvcPWybj
1w==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:58:50 2025 by rpki-client