Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/a734a4-143d-461d-bfd6-45caa6ef6700/1/AmmERHoFL94GmD-TNoEsdCRoLA0.roa
File: AmmERHoFL94GmD-TNoEsdCRoLA0.roa (raw, json)
Hash identifier: biK301TWdWY9asw86ndZF9AzE6I4gnsLDy1ooUih+WA=
Subject key identifier: 02:69:84:44:7A:05:2F:DE:06:98:3F:93:36:81:2C:74:24:68:2C:0D
Certificate issuer: /CN=2b928097dc9f89a7a3a8a296a78a4f9d0cbce17f
Certificate serial: 019421B2240915EB407666B8AEF3E9979CD5
Authority key identifier: 2B:92:80:97:DC:9F:89:A7:A3:A8:A2:96:A7:8A:4F:9D:0C:BC:E1:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/K5KAl9yfiaejqKKWp4pPnQy84X8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c6/a734a4-143d-461d-bfd6-45caa6ef6700/1/AmmERHoFL94GmD-TNoEsdCRoLA0.roa
Signing time: Wed 01 Jan 2025 11:48:30 +0000
ROA not before: Wed 01 Jan 2025 11:48:30 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197305
IP address blocks: 46.243.16.0/24 maxlen: 24
46.243.17.0/24 maxlen: 24
46.243.18.0/24 maxlen: 24
46.243.19.0/24 maxlen: 24
46.243.20.0/24 maxlen: 24
46.243.21.0/24 maxlen: 24
46.243.22.0/24 maxlen: 24
46.243.23.0/24 maxlen: 24
2a03:6dc0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c6/a734a4-143d-461d-bfd6-45caa6ef6700/1/K5KAl9yfiaejqKKWp4pPnQy84X8.crl
rsync://rpki.ripe.net/repository/DEFAULT/c6/a734a4-143d-461d-bfd6-45caa6ef6700/1/K5KAl9yfiaejqKKWp4pPnQy84X8.mft
rsync://rpki.ripe.net/repository/DEFAULT/K5KAl9yfiaejqKKWp4pPnQy84X8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Feb 2025 23:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b2:24:09:15:eb:40:76:66:b8:ae:f3:e9:97:9c:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2b928097dc9f89a7a3a8a296a78a4f9d0cbce17f
Validity
Not Before: Jan 1 11:48:30 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=026984447a052fde06983f9336812c7424682c0d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:56:8a:d3:e4:10:01:2d:d0:f6:6b:84:f1:67:
13:9e:63:bb:41:1b:5c:21:14:bf:98:b4:6b:7b:76:
94:ae:a9:33:75:1f:42:7e:06:45:77:0a:f8:7b:9f:
25:7e:35:b9:18:7e:32:43:f8:fa:f4:0b:8b:3b:08:
77:65:99:6b:21:37:51:5e:d5:54:2d:64:41:b8:98:
56:14:3c:ef:02:31:a9:f9:8f:03:1a:e1:b8:bf:91:
fd:4f:70:bc:c8:a9:76:cd:de:a4:6b:b0:51:81:3f:
61:87:25:40:85:fe:bd:48:39:81:9e:9f:4d:d1:44:
29:f5:4c:ad:fb:37:6f:35:81:3e:1c:72:a1:2e:68:
89:5e:f0:6d:f2:f9:af:27:3d:3c:56:9b:c5:0c:b4:
2f:20:64:00:f4:a8:c4:e4:af:3a:25:4f:4d:5b:d3:
32:bb:0b:79:07:b8:16:72:0b:07:ab:31:b4:0c:53:
50:bb:96:18:72:54:ab:a5:a2:33:92:33:49:bf:33:
13:b1:7f:16:de:15:50:ad:23:0c:ec:e0:ac:0e:1e:
7f:28:9f:39:31:ee:4e:65:ae:e6:18:ca:ae:70:67:
08:2e:3c:64:0a:40:66:ef:29:25:b1:ea:36:fa:1a:
b5:a4:90:5e:3b:a4:c0:19:76:af:d1:c4:4f:c0:4a:
fc:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:69:84:44:7A:05:2F:DE:06:98:3F:93:36:81:2C:74:24:68:2C:0D
X509v3 Authority Key Identifier:
keyid:2B:92:80:97:DC:9F:89:A7:A3:A8:A2:96:A7:8A:4F:9D:0C:BC:E1:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5KAl9yfiaejqKKWp4pPnQy84X8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a734a4-143d-461d-bfd6-45caa6ef6700/1/AmmERHoFL94GmD-TNoEsdCRoLA0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a734a4-143d-461d-bfd6-45caa6ef6700/1/K5KAl9yfiaejqKKWp4pPnQy84X8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.243.16.0/21
IPv6:
2a03:6dc0::/32
Signature Algorithm: sha256WithRSAEncryption
24:b4:80:d6:2c:50:ef:d6:56:0b:e3:b2:c8:33:19:65:0a:45:
68:5d:35:0d:1c:af:5a:2b:4f:da:30:51:35:28:8d:9a:4a:b2:
ba:49:ae:67:6e:2b:93:2b:c8:0a:56:82:eb:bd:1a:9e:88:88:
37:51:c7:6d:73:5b:a0:f9:18:e1:e1:c9:e8:71:24:94:72:fa:
c3:97:0e:60:c3:b4:64:48:da:ac:21:be:cb:fb:b2:c1:1f:93:
a1:b0:6f:0a:a5:c3:06:37:88:25:60:22:64:9f:b5:da:b1:7f:
9d:32:cc:37:c1:49:1c:d6:d8:be:19:74:39:1c:28:9c:17:f2:
89:f6:0b:ba:b9:7a:6e:c6:ae:6f:27:69:dc:26:06:6b:74:93:
b6:cb:05:0e:ec:4b:86:75:96:ad:d7:52:db:99:82:8e:19:b9:
98:13:d0:a6:4c:ed:e5:45:5f:b6:6b:9a:c5:6b:ed:ca:d4:53:
8b:5d:8c:95:65:37:29:1f:ed:09:32:4d:bf:cd:19:3f:a3:fb:
18:dd:da:08:85:a0:0a:1c:7a:09:81:7c:27:ec:09:08:7e:4f:
ea:af:59:95:8b:27:c7:80:7d:bf:9b:3a:6b:d4:36:eb:fd:28:
ad:a4:9c:0f:e0:8b:3d:a1:ff:9c:59:f2:e8:dd:fe:18:76:30:
10:67:96:c1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhsiQJFetAdma4rvPpl5zVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTI4MDk3ZGM5Zjg5YTdhM2E4YTI5NmE3OGE0ZjlkMGNi
Y2UxN2YwHhcNMjUwMTAxMTE0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjY5ODQ0NDdhMDUyZmRlMDY5ODNmOTMzNjgxMmM3NDI0NjgyYzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1aK0+QQAS3Q9muE8WcTnmO7QRtc
IRS/mLRre3aUrqkzdR9CfgZFdwr4e58lfjW5GH4yQ/j69AuLOwh3ZZlrITdRXtVU
LWRBuJhWFDzvAjGp+Y8DGuG4v5H9T3C8yKl2zd6ka7BRgT9hhyVAhf69SDmBnp9N
0UQp9Uyt+zdvNYE+HHKhLmiJXvBt8vmvJz08VpvFDLQvIGQA9KjE5K86JU9NW9My
uwt5B7gWcgsHqzG0DFNQu5YYclSrpaIzkjNJvzMTsX8W3hVQrSMM7OCsDh5/KJ85
Me5OZa7mGMqucGcILjxkCkBm7yklseo2+hq1pJBeO6TAGXav0cRPwEr8oQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAJphER6BS/eBpg/kzaBLHQkaCwNMB8GA1UdIwQY
MBaAFCuSgJfcn4mno6iilqeKT50MvOF/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVLQWw5eWZpYWVqcUtLV3A0cFBuUXk4NFg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9hNzM0YTQtMTQzZC00NjFkLWJmZDYt
NDVjYWE2ZWY2NzAwLzEvQW1tRVJIb0ZMOTRHbUQtVE5vRXNkQ1JvTEEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9hNzM0YTQtMTQzZC00NjFkLWJmZDYtNDVjYWE2ZWY2NzAw
LzEvSzVLQWw5eWZpYWVqcUtLV3A0cFBuUXk4NFg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDLvMQMA0E
AgACMAcDBQAqA23AMA0GCSqGSIb3DQEBCwUAA4IBAQAktIDWLFDv1lYL47LIMxll
CkVoXTUNHK9aK0/aMFE1KI2aSrK6Sa5nbiuTK8gKVoLrvRqeiIg3Ucdtc1ug+Rjh
4cnocSSUcvrDlw5gw7RkSNqsIb7L+7LBH5OhsG8KpcMGN4glYCJkn7XasX+dMsw3
wUkc1ti+GXQ5HCicF/KJ9gu6uXpuxq5vJ2ncJgZrdJO2ywUO7EuGdZat11LbmYKO
GbmYE9CmTO3lRV+2a5rFa+3K1FOLXYyVZTcpH+0JMk2/zRk/o/sY3doIhaAKHHoJ
gXwn7AkIfk/qr1mViyfHgH2/mzpr1Dbr/SitpJwP4Is9of+cWfLo3f4YdjAQZ5bB
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:49:57 2025 by rpki-client