Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/TUFAZf04oKU71K-dzly3Tm0m00k.roa
File: TUFAZf04oKU71K-dzly3Tm0m00k.roa (raw, json)
Hash identifier: 8Q/4UFhDOuKqDkvv68K1gJSZ0i88GSnNRtnULQsx+Ss=
Subject key identifier: 4D:41:40:65:FD:38:A0:A5:3B:D4:AF:9D:CE:5C:B7:4E:6D:26:D3:49
Certificate issuer: /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial: 019754CE567D8EA0D6956DB2E49DF8C0E761
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/TUFAZf04oKU71K-dzly3Tm0m00k.roa
Signing time: Mon 09 Jun 2025 13:08:17 +0000
ROA not before: Mon 09 Jun 2025 13:08:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207239
IP address blocks: 195.64.140.0/23 maxlen: 23
195.64.140.0/24 maxlen: 24
195.64.141.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 01 Jul 2025 22:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:54:ce:56:7d:8e:a0:d6:95:6d:b2:e4:9d:f8:c0:e7:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Validity
Not Before: Jun 9 13:08:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4d414065fd38a0a53bd4af9dce5cb74e6d26d349
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:bd:84:d7:77:71:70:91:3a:29:2b:8b:20:d0:
64:1f:b4:73:89:26:7c:45:92:57:13:99:53:b5:7a:
5b:e4:80:9f:51:da:75:46:fe:39:13:20:05:f5:98:
8f:7a:2e:4d:42:22:78:9d:93:47:b5:9c:86:bd:ac:
a0:54:88:fd:72:6e:fc:d3:5a:2f:7d:a1:48:d1:71:
30:ce:57:86:9a:61:88:0d:37:a9:73:11:5f:f8:6e:
38:f0:2c:9a:b0:92:b1:68:74:bd:36:c3:f6:62:32:
13:03:69:f8:21:c2:5e:76:45:c3:32:ba:ac:c8:25:
13:a6:70:df:43:1b:fb:88:de:08:6c:ce:c6:50:74:
c1:71:0c:a4:00:3f:8a:ab:7b:d5:48:66:8c:c3:cd:
e1:59:c1:39:fa:85:81:25:86:9d:ee:51:48:d4:32:
12:5b:d4:7d:22:e7:e1:a2:e3:76:43:28:b3:63:e4:
6a:ee:2f:4e:29:e4:b6:3c:e7:fd:84:42:7f:0d:85:
a0:44:5e:7b:0d:03:bd:da:a1:e7:13:aa:72:8d:ed:
79:ac:03:53:2f:5e:ce:3f:f9:5e:2c:87:cb:b0:f5:
98:76:a3:cd:32:94:61:0d:27:6d:91:b0:ac:58:26:
cf:e4:c5:f6:ce:f5:77:c9:f0:17:86:f5:50:60:ca:
b8:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:41:40:65:FD:38:A0:A5:3B:D4:AF:9D:CE:5C:B7:4E:6D:26:D3:49
X509v3 Authority Key Identifier:
keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/TUFAZf04oKU71K-dzly3Tm0m00k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.64.140.0/23
Signature Algorithm: sha256WithRSAEncryption
29:d4:13:20:d1:39:1d:72:32:d5:67:9e:35:85:fc:b0:9d:8d:
0e:c9:b4:f6:35:65:f0:28:c1:9d:4d:81:af:c5:88:93:ad:64:
f5:b1:e7:43:7d:e2:86:c9:68:5a:fc:c4:e2:d5:5a:fd:e1:d0:
22:7d:d5:ec:05:79:c3:b3:f8:07:90:19:18:42:03:9c:10:4e:
e2:f0:2c:6b:74:d1:a4:c0:54:91:27:4c:1b:d6:07:5a:40:d1:
c6:c8:ab:10:9a:c5:40:ba:4c:35:7b:3d:78:90:bc:a4:b4:ce:
1f:c2:7e:fe:4e:85:52:20:ac:c7:35:5f:e1:1b:ad:ac:ed:4b:
e1:42:7c:59:06:17:e9:8e:a2:5a:b7:dd:44:92:ef:b6:4f:f6:
52:74:f9:3a:04:f7:6d:d0:5a:31:22:30:d8:e1:74:6c:10:29:
12:f5:e6:d7:b6:cd:4d:61:9c:bb:aa:c7:ec:05:c0:e5:c7:b7:
28:0c:11:2b:2a:85:f2:dd:f0:e4:67:08:4c:f5:32:20:ec:d2:
9c:46:ce:a7:01:5d:99:11:a3:11:55:8f:2c:45:c5:7a:d7:1b:
51:4e:16:bc:26:8d:69:09:a8:f9:17:d7:ff:e3:27:7e:0a:34:
68:51:44:a9:09:5d:83:7c:2d:4d:27:a1:6a:58:6a:e0:8c:b2:
ae:13:79:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdUzlZ9jqDWlW2y5J34wOdhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjUwNjA5MTMwODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDQxNDA2NWZkMzhhMGE1M2JkNGFmOWRjZTVjYjc0ZTZkMjZkMzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv72E13dxcJE6KSuLINBkH7RziSZ8
RZJXE5lTtXpb5ICfUdp1Rv45EyAF9ZiPei5NQiJ4nZNHtZyGvaygVIj9cm7801ov
faFI0XEwzleGmmGIDTepcxFf+G448CyasJKxaHS9NsP2YjITA2n4IcJedkXDMrqs
yCUTpnDfQxv7iN4IbM7GUHTBcQykAD+Kq3vVSGaMw83hWcE5+oWBJYad7lFI1DIS
W9R9IufhouN2QyizY+Rq7i9OKeS2POf9hEJ/DYWgRF57DQO92qHnE6pyje15rANT
L17OP/leLIfLsPWYdqPNMpRhDSdtkbCsWCbP5MX2zvV3yfAXhvVQYMq4EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1BQGX9OKClO9Svnc5ct05tJtNJMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvVFVGQVpmMDRvS1U3MUstZHpseTNUbTBtMDBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw0CMMA0G
CSqGSIb3DQEBCwUAA4IBAQAp1BMg0TkdcjLVZ541hfywnY0OybT2NWXwKMGdTYGv
xYiTrWT1sedDfeKGyWha/MTi1Vr94dAifdXsBXnDs/gHkBkYQgOcEE7i8CxrdNGk
wFSRJ0wb1gdaQNHGyKsQmsVAukw1ez14kLyktM4fwn7+ToVSIKzHNV/hG62s7Uvh
QnxZBhfpjqJat91Eku+2T/ZSdPk6BPdt0FoxIjDY4XRsECkS9ebXts1NYZy7qsfs
BcDlx7coDBErKoXy3fDkZwhM9TIg7NKcRs6nAV2ZEaMRVY8sRcV61xtRTha8Jo1p
Caj5F9f/4yd+CjRoUUSpCV2DfC1NJ6FqWGrgjLKuE3ls
-----END CERTIFICATE-----
Generated at Tue Jul 1 08:16:34 2025 by rpki-client