Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/bd56d7-3899-40e5-9612-3f28b6adbda9/1/pxA2emkj1Wi4hN6RLcWYaRGwohw.roa
File: pxA2emkj1Wi4hN6RLcWYaRGwohw.roa (raw, json)
Hash identifier: uZbURZqzj+fL5lJVe1ufQh9sUQe5T2Re+0qL38WwpV8=
Subject key identifier: A7:10:36:7A:69:23:D5:68:B8:84:DE:91:2D:C5:98:69:11:B0:A2:1C
Certificate issuer: /CN=6566addf9ca0de49a6eef49858384f54f47a56f0
Certificate serial: 019422FC29D0F48CF3543528857EA5E44BF5
Authority key identifier: 65:66:AD:DF:9C:A0:DE:49:A6:EE:F4:98:58:38:4F:54:F4:7A:56:F0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZWat35yg3kmm7vSYWDhPVPR6VvA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0f/bd56d7-3899-40e5-9612-3f28b6adbda9/1/pxA2emkj1Wi4hN6RLcWYaRGwohw.roa
Signing time: Wed 01 Jan 2025 17:48:58 +0000
ROA not before: Wed 01 Jan 2025 17:48:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51682
IP address blocks: 46.16.248.0/22 maxlen: 22
46.16.248.0/24 maxlen: 24
46.16.249.0/24 maxlen: 24
46.16.250.0/24 maxlen: 24
46.16.251.0/24 maxlen: 24
46.16.252.0/22 maxlen: 22
46.16.252.0/24 maxlen: 24
46.16.253.0/24 maxlen: 24
46.16.254.0/24 maxlen: 24
46.16.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0f/bd56d7-3899-40e5-9612-3f28b6adbda9/1/ZWat35yg3kmm7vSYWDhPVPR6VvA.crl
rsync://rpki.ripe.net/repository/DEFAULT/0f/bd56d7-3899-40e5-9612-3f28b6adbda9/1/ZWat35yg3kmm7vSYWDhPVPR6VvA.mft
rsync://rpki.ripe.net/repository/DEFAULT/ZWat35yg3kmm7vSYWDhPVPR6VvA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 20:00:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fc:29:d0:f4:8c:f3:54:35:28:85:7e:a5:e4:4b:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6566addf9ca0de49a6eef49858384f54f47a56f0
Validity
Not Before: Jan 1 17:48:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a710367a6923d568b884de912dc5986911b0a21c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:37:2d:85:b0:cd:94:67:2d:2b:20:9a:61:76:
f6:80:7a:04:85:e5:e4:4b:5e:f0:55:1c:ff:5b:2f:
e1:43:0f:56:1a:dc:21:ae:3e:7e:9a:c4:c2:28:af:
86:fd:61:35:59:1a:5e:e2:7c:1d:65:bf:6d:92:fd:
eb:70:b1:6a:a0:2d:5e:05:1f:74:32:f6:41:c6:02:
68:e0:4e:b2:16:3d:27:69:9c:2a:e8:ae:44:ab:86:
c1:91:50:ec:c0:32:31:31:00:76:e9:80:22:4f:31:
77:43:38:31:98:d0:7c:0d:50:98:0c:33:0d:20:3a:
f3:4b:16:52:20:10:a6:25:ea:ea:3c:9b:16:66:99:
a8:58:5a:95:2e:78:93:bc:37:1f:32:fa:9b:88:c2:
ca:9c:68:ce:07:8c:4f:37:63:8e:9d:06:f5:f0:83:
6e:69:3e:ae:a4:4b:ad:f1:81:a0:95:5e:25:8f:4c:
86:b3:b7:5d:5e:15:d5:32:5f:1b:6c:1a:a6:d7:8f:
68:71:6f:f6:ea:be:78:b6:07:13:45:f1:8d:a9:3f:
52:c2:86:6b:de:18:2d:f3:be:52:92:9e:c7:8f:0c:
72:ac:ec:4f:a1:f9:fc:58:b4:6e:e2:7b:b3:0b:27:
b6:29:ed:d3:16:0d:56:ee:6a:a8:47:96:78:33:e0:
dd:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:10:36:7A:69:23:D5:68:B8:84:DE:91:2D:C5:98:69:11:B0:A2:1C
X509v3 Authority Key Identifier:
keyid:65:66:AD:DF:9C:A0:DE:49:A6:EE:F4:98:58:38:4F:54:F4:7A:56:F0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZWat35yg3kmm7vSYWDhPVPR6VvA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/bd56d7-3899-40e5-9612-3f28b6adbda9/1/pxA2emkj1Wi4hN6RLcWYaRGwohw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/bd56d7-3899-40e5-9612-3f28b6adbda9/1/ZWat35yg3kmm7vSYWDhPVPR6VvA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.16.248.0/21
Signature Algorithm: sha256WithRSAEncryption
0d:40:92:2a:e5:67:62:73:16:30:e9:3d:c7:c7:7e:fd:f5:81:
bd:ae:e3:1a:55:16:fb:07:2b:72:e2:db:80:22:a9:99:61:de:
5d:04:69:51:37:6d:a3:d8:eb:09:de:aa:fd:8b:04:4a:7d:2e:
a7:54:60:20:59:cb:12:b6:01:1b:7a:71:c3:04:c6:f3:a4:8a:
20:4d:10:02:9d:53:3e:5b:45:78:bb:5e:98:c0:57:8a:0c:27:
52:60:aa:9e:86:b7:e4:55:71:0d:ab:81:71:34:b2:06:51:a9:
ad:c2:bd:8a:40:5a:bb:ea:1b:8e:8c:79:eb:24:5c:41:88:2a:
cc:5c:8e:38:d7:e3:b4:f9:34:0f:c8:3c:e9:50:1c:2b:25:94:
7e:62:e4:0b:ca:60:8c:5c:41:d9:62:a1:47:1e:5f:2f:92:2f:
0c:b0:e3:af:3d:fd:4b:ab:09:3b:ee:dd:8e:ff:2f:d9:08:d2:
c9:16:c0:8c:d0:9e:f9:11:39:3f:6c:ed:b2:0c:7e:94:ab:ac:
22:e5:36:d5:97:85:05:0a:fe:ec:ce:af:cc:dc:fb:30:0c:ad:
79:c0:00:1b:d3:e1:ac:65:b2:bb:35:83:a0:19:91:71:b1:41:
32:db:94:02:a4:f9:45:b1:33:8f:e9:4a:73:03:a8:38:42:19:
21:13:09:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/CnQ9IzzVDUohX6l5Ev1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NjZhZGRmOWNhMGRlNDlhNmVlZjQ5ODU4Mzg0ZjU0ZjQ3
YTU2ZjAwHhcNMjUwMTAxMTc0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzEwMzY3YTY5MjNkNTY4Yjg4NGRlOTEyZGM1OTg2OTExYjBhMjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjcthbDNlGctKyCaYXb2gHoEheXk
S17wVRz/Wy/hQw9WGtwhrj5+msTCKK+G/WE1WRpe4nwdZb9tkv3rcLFqoC1eBR90
MvZBxgJo4E6yFj0naZwq6K5Eq4bBkVDswDIxMQB26YAiTzF3QzgxmNB8DVCYDDMN
IDrzSxZSIBCmJerqPJsWZpmoWFqVLniTvDcfMvqbiMLKnGjOB4xPN2OOnQb18INu
aT6upEut8YGglV4lj0yGs7ddXhXVMl8bbBqm149ocW/26r54tgcTRfGNqT9SwoZr
3hgt875Skp7HjwxyrOxPofn8WLRu4nuzCye2Ke3TFg1W7mqoR5Z4M+DdNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKcQNnppI9VouITekS3FmGkRsKIcMB8GA1UdIwQY
MBaAFGVmrd+coN5Jpu70mFg4T1T0elbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWldhdDM1eWcza21tN3ZTWVdEaFBWUFI2VnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9iZDU2ZDctMzg5OS00MGU1LTk2MTIt
M2YyOGI2YWRiZGE5LzEvcHhBMmVta2oxV2k0aE42UkxjV1lhUkd3b2h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9iZDU2ZDctMzg5OS00MGU1LTk2MTItM2YyOGI2YWRiZGE5
LzEvWldhdDM1eWcza21tN3ZTWVdEaFBWUFI2VnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLhD4MA0G
CSqGSIb3DQEBCwUAA4IBAQANQJIq5WdicxYw6T3Hx3799YG9ruMaVRb7Byty4tuA
IqmZYd5dBGlRN22j2OsJ3qr9iwRKfS6nVGAgWcsStgEbenHDBMbzpIogTRACnVM+
W0V4u16YwFeKDCdSYKqehrfkVXENq4FxNLIGUamtwr2KQFq76huOjHnrJFxBiCrM
XI441+O0+TQPyDzpUBwrJZR+YuQLymCMXEHZYqFHHl8vki8MsOOvPf1Lqwk77t2O
/y/ZCNLJFsCM0J75ETk/bO2yDH6Uq6wi5TbVl4UFCv7szq/M3PswDK15wAAb0+Gs
ZbK7NYOgGZFxsUEy25QCpPlFsTOP6UpzA6g4QhkhEwnR
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:42:01 2025 by rpki-client