Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/ZCkRriL5SP3thF862vGiBC4bC44.roa
File: ZCkRriL5SP3thF862vGiBC4bC44.roa (raw, json)
Hash identifier: w4jgYLQD+J29UGcGVrKhcTAWFWGRB4fnLv7Al/crlPA=
Subject key identifier: 64:29:11:AE:22:F9:48:FD:ED:84:5F:3A:DA:F1:A2:04:2E:1B:0B:8E
Certificate issuer: /CN=7415fec4ae76b24e4f02991649917b99b740044a
Certificate serial: 019774627071DD639A40E7F6497F0EBA66FB
Authority key identifier: 74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/ZCkRriL5SP3thF862vGiBC4bC44.roa
Signing time: Sun 15 Jun 2025 16:18:17 +0000
ROA not before: Sun 15 Jun 2025 16:18:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 216300
IP address blocks: 77.105.129.0/24 maxlen: 24
77.105.132.0/24 maxlen: 24
77.105.134.0/24 maxlen: 24
77.105.135.0/24 maxlen: 24
77.105.160.0/24 maxlen: 24
185.225.202.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:74:62:70:71:dd:63:9a:40:e7:f6:49:7f:0e:ba:66:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7415fec4ae76b24e4f02991649917b99b740044a
Validity
Not Before: Jun 15 16:18:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=642911ae22f948fded845f3adaf1a2042e1b0b8e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:56:b3:73:aa:08:00:5d:98:e8:15:a6:f5:36:
8e:f6:ce:4b:dc:0e:7a:f4:8a:07:3a:5e:82:eb:bb:
4f:4d:2b:61:0b:f8:e9:85:85:49:40:5f:02:26:a9:
a9:6e:c0:58:8b:3d:1d:d4:df:53:4c:a8:c6:81:bf:
2f:2a:9b:fc:2f:05:71:e1:77:25:b7:17:28:66:90:
25:3d:77:66:dd:c9:39:67:57:41:12:2f:a3:d9:c2:
c6:e9:74:86:2b:9a:e7:69:ef:41:33:2b:44:0c:d7:
12:fc:43:bc:63:28:1d:eb:6e:18:fa:17:d5:29:6e:
fc:cb:4c:8f:23:3a:f2:75:fd:e9:62:c2:c7:d9:e1:
9f:b6:ab:49:55:43:5b:d6:ec:d5:6f:71:3f:1e:d7:
df:88:36:68:e9:1b:40:78:db:df:e0:49:5b:a7:94:
28:17:f5:99:e1:51:89:49:ef:50:c2:1f:fd:68:cb:
d9:96:b9:cb:d7:6e:c3:05:1d:84:a1:19:0f:16:93:
b3:37:1f:0a:39:00:81:51:79:eb:db:f1:03:bd:2f:
9d:15:4f:27:d1:96:e6:21:c3:88:09:ef:d4:ab:a6:
a2:d5:e2:5a:a5:2b:ed:cb:de:99:08:ae:87:19:44:
f8:ee:5d:1d:64:f2:2c:62:87:65:f4:f1:02:ca:01:
d4:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:29:11:AE:22:F9:48:FD:ED:84:5F:3A:DA:F1:A2:04:2E:1B:0B:8E
X509v3 Authority Key Identifier:
keyid:74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/ZCkRriL5SP3thF862vGiBC4bC44.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.105.129.0/24
77.105.132.0/24
77.105.134.0/23
77.105.160.0/24
185.225.202.0/24
Signature Algorithm: sha256WithRSAEncryption
26:e6:63:ff:d4:51:16:04:f3:37:0d:42:71:9a:6e:4f:42:2e:
b9:8b:6a:22:68:66:6c:26:c1:93:1e:7e:5a:84:34:c2:b0:23:
99:bb:4c:29:b2:b9:f7:8b:b9:ec:67:e5:20:34:72:ba:e0:8a:
80:5c:14:77:d9:57:88:1e:d6:dc:bc:7f:ad:a5:f3:22:6f:af:
d9:91:df:30:47:42:f0:80:ab:26:d9:f7:24:55:14:16:6f:c2:
c6:41:78:00:b1:7e:a1:f8:03:93:65:92:f3:1f:0e:d8:ac:eb:
20:fb:20:44:e9:be:0d:7f:a6:b9:96:2a:c2:e6:5d:da:5b:7b:
73:b8:73:63:ad:52:0e:11:7e:33:e6:77:de:32:5a:9e:cd:a4:
4b:db:bb:5c:33:53:bf:af:3e:d5:b6:d6:a7:2b:36:7e:4f:f8:
50:cf:37:7e:3c:9f:9c:f0:3b:73:21:92:4b:38:ba:52:e7:a4:
b0:fb:0b:ad:89:89:2a:46:4c:6a:bd:9b:e6:a2:50:2e:11:33:
fd:c6:dc:a3:ff:1b:f8:b5:4e:89:7c:4f:7c:ce:51:89:ea:05:
e5:80:61:de:34:39:84:87:da:cb:0f:40:c7:33:2c:b7:bd:fc:
a7:7a:b7:eb:aa:96:cf:21:2d:48:0b:70:c4:73:43:75:81:e2:
98:d0:fc:c6
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZd0YnBx3WOaQOf2SX8Oumb7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MTVmZWM0YWU3NmIyNGU0ZjAyOTkxNjQ5OTE3Yjk5Yjc0
MDA0NGEwHhcNMjUwNjE1MTYxODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDI5MTFhZTIyZjk0OGZkZWQ4NDVmM2FkYWYxYTIwNDJlMWIwYjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVazc6oIAF2Y6BWm9TaO9s5L3A56
9IoHOl6C67tPTSthC/jphYVJQF8CJqmpbsBYiz0d1N9TTKjGgb8vKpv8LwVx4Xcl
txcoZpAlPXdm3ck5Z1dBEi+j2cLG6XSGK5rnae9BMytEDNcS/EO8Yygd624Y+hfV
KW78y0yPIzrydf3pYsLH2eGftqtJVUNb1uzVb3E/HtffiDZo6RtAeNvf4Elbp5Qo
F/WZ4VGJSe9Qwh/9aMvZlrnL127DBR2EoRkPFpOzNx8KOQCBUXnr2/EDvS+dFU8n
0ZbmIcOICe/Uq6ai1eJapSvty96ZCK6HGUT47l0dZPIsYodl9PECygHUMwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFGQpEa4i+Uj97YRfOtrxogQuGwuOMB8GA1UdIwQY
MBaAFHQV/sSudrJOTwKZFkmRe5m3QARKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEt
ZWQ1MzU4YjZkYTMxLzEvWkNrUnJpTDVTUDN0aEY4NjJ2R2lCQzRiQzQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEtZWQ1MzU4YjZkYTMx
LzEvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQATWmBAwQA
TWmEAwQBTWmGAwQATWmgAwQAueHKMA0GCSqGSIb3DQEBCwUAA4IBAQAm5mP/1FEW
BPM3DUJxmm5PQi65i2oiaGZsJsGTHn5ahDTCsCOZu0wpsrn3i7nsZ+UgNHK64IqA
XBR32VeIHtbcvH+tpfMib6/Zkd8wR0LwgKsm2fckVRQWb8LGQXgAsX6h+AOTZZLz
Hw7YrOsg+yBE6b4Nf6a5lirC5l3aW3tzuHNjrVIOEX4z5nfeMlqezaRL27tcM1O/
rz7VttanKzZ+T/hQzzd+PJ+c8DtzIZJLOLpS56Sw+wutiYkqRkxqvZvmolAuETP9
xtyj/xv4tU6JfE98zlGJ6gXlgGHeNDmEh9rLD0DHMyy3vfynerfrqpbPIS1IC3DE
c0N1geKY0PzG
-----END CERTIFICATE-----
Generated at Fri Jul 25 01:02:21 2025 by rpki-client