Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
File: AS16509.roa (raw, json)
Hash identifier: yyew26NIyoHQrG1dQ6/L/RKTPAooP3rw86tDwl27y3U=
Subject key identifier: D4:A9:19:C3:D7:DD:97:8E:C1:7F:DA:89:E7:8C:D1:DC:8A:07:04:D1
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 5BBD01B27183D36DE2D80FF0673DCC2F1BA7E265
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
Signing time: Wed 16 Jul 2025 16:13:16 +0000
ROA not before: Wed 16 Jul 2025 16:08:16 +0000
ROA not after: Wed 15 Jul 2026 16:13:16 +0000
asID: 16509
IP address blocks: 96.62.208.0/22 maxlen: 22
140.233.128.0/19 maxlen: 24
145.223.64.0/24 maxlen: 24
145.223.65.0/24 maxlen: 24
146.103.60.0/24 maxlen: 24
146.103.62.0/23 maxlen: 24
148.135.180.0/24 maxlen: 24
148.135.186.0/24 maxlen: 24
155.117.187.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:47:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5b:bd:01:b2:71:83:d3:6d:e2:d8:0f:f0:67:3d:cc:2f:1b:a7:e2:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Jul 16 16:08:16 2025 GMT
Not After : Jul 15 16:13:16 2026 GMT
Subject: CN=D4A919C3D7DD978EC17FDA89E78CD1DC8A0704D1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:84:c4:ca:28:52:01:97:54:ec:79:7b:99:38:
b7:c5:28:30:ff:b9:11:b3:9b:92:44:6a:40:9e:6a:
b9:77:96:70:ec:35:30:51:5b:9d:e7:96:ef:e2:22:
00:2e:fe:f6:6f:0e:44:4c:f4:ad:47:66:9c:cd:d6:
87:10:2f:23:0a:65:d8:1e:82:02:3e:8a:ce:c7:2f:
29:bf:b8:32:9e:f3:1e:65:82:ab:4e:31:ed:8c:df:
b3:e7:5b:9f:e7:49:37:38:12:2c:a4:01:27:6e:cc:
2f:f6:ad:16:87:64:53:6c:94:a8:45:07:95:e4:70:
c5:74:28:6e:78:ea:c9:a5:90:d0:af:f6:54:fa:1a:
d7:86:cf:24:58:1f:44:62:0c:53:96:36:cc:b8:1f:
b6:f2:1d:56:66:6b:26:38:79:14:f8:66:c4:b7:01:
e6:dc:38:06:a9:63:3c:a8:a8:ac:fa:94:1c:06:a5:
0e:84:c2:39:c4:41:47:2a:c9:9e:ef:74:62:30:57:
3f:5b:6b:42:e9:19:16:6a:bb:13:43:fc:4b:4b:2d:
be:94:31:d8:c5:37:20:16:e9:f9:4f:56:e2:cf:86:
7f:76:d1:cf:46:19:51:30:77:65:a6:f9:8c:30:66:
8a:c1:92:96:6f:43:08:8f:16:4a:53:2d:33:77:89:
48:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:A9:19:C3:D7:DD:97:8E:C1:7F:DA:89:E7:8C:D1:DC:8A:07:04:D1
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.208.0/22
140.233.128.0/19
145.223.64.0/23
146.103.60.0/24
146.103.62.0/23
148.135.180.0/24
148.135.186.0/24
155.117.187.0/24
Signature Algorithm: sha256WithRSAEncryption
16:9b:16:ef:c0:51:c3:6d:1b:5f:44:42:d1:34:e8:0b:6a:23:
c6:da:9c:f2:ec:22:60:44:a7:19:4d:2a:41:a8:be:b1:5e:d6:
2e:07:ef:c9:de:fd:5f:b2:8a:4a:43:e0:51:12:b4:96:8b:da:
cd:93:09:0a:47:6b:b4:52:2e:9d:ec:2b:d4:96:9e:8a:b2:28:
4a:f5:a7:8a:7f:2f:31:a8:c0:3f:1c:86:7e:31:68:1f:58:8a:
ba:bb:1c:3e:77:e4:bb:1c:eb:a5:4e:bd:56:1f:f2:b1:85:c6:
57:54:17:f1:ea:9f:40:8d:01:89:78:64:b5:3e:41:da:e3:37:
13:9f:25:af:95:0e:c5:10:fd:fb:f0:ff:f9:37:4c:9a:65:63:
eb:03:91:ef:e6:12:a7:c8:86:8d:c6:71:77:c3:9a:87:fc:07:
cd:e9:37:da:34:91:56:e1:bb:7b:65:a0:f4:93:ce:e8:3a:d0:
63:a5:2e:ca:84:e6:87:ae:e9:da:59:bb:1b:58:f8:1e:6c:ec:
96:ae:7a:55:20:be:03:c5:35:84:27:04:89:67:9f:a9:20:85:
0d:a4:e5:46:f7:a2:2e:61:db:14:75:1e:51:c5:af:a6:5a:14:
85:c4:09:7d:03:02:38:a7:da:cd:15:b7:21:37:fe:45:10:99:
f9:5d:06:42
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUW70BsnGD023i2A/wZz3MLxun4mUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MTYxNjA4MTZaFw0yNjA3MTUxNjEzMTZaMDMxMTAvBgNV
BAMTKEQ0QTkxOUMzRDdERDk3OEVDMTdGREE4OUU3OENEMURDOEEwNzA0RDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDChMTKKFIBl1TseXuZOLfFKDD/
uRGzm5JEakCearl3lnDsNTBRW53nlu/iIgAu/vZvDkRM9K1HZpzN1ocQLyMKZdge
ggI+is7HLym/uDKe8x5lgqtOMe2M37PnW5/nSTc4EiykASduzC/2rRaHZFNslKhF
B5XkcMV0KG546smlkNCv9lT6GteGzyRYH0RiDFOWNsy4H7byHVZmayY4eRT4ZsS3
AebcOAapYzyoqKz6lBwGpQ6EwjnEQUcqyZ7vdGIwVz9ba0LpGRZquxND/EtLLb6U
MdjFNyAW6flPVuLPhn920c9GGVEwd2Wm+YwwZorBkpZvQwiPFkpTLTN3iUjPAgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQU1KkZw9fdl47Bf9qJ54zR3IoHBNEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwSQYIKwYBBQUHAQcBAf8EOjA4MDYEAgABMDADBAJgPtAD
BAWM6YADBAGR30ADBACSZzwDBAGSZz4DBACUh7QDBACUh7oDBACbdbswDQYJKoZI
hvcNAQELBQADggEBABabFu/AUcNtG19EQtE06AtqI8banPLsImBEpxlNKkGovrFe
1i4H78ne/V+yikpD4FEStJaL2s2TCQpHa7RSLp3sK9SWnoqyKEr1p4p/LzGowD8c
hn4xaB9Yirq7HD535Lsc66VOvVYf8rGFxldUF/Hqn0CNAYl4ZLU+QdrjNxOfJa+V
DsUQ/fvw//k3TJplY+sDke/mEqfIho3GcXfDmof8B83pN9o0kVbhu3tloPSTzug6
0GOlLsqE5oeu6dpZuxtY+B5s7JauelUgvgPFNYQnBIlnn6kghQ2k5Ub3oi5h2xR1
HlHFr6ZaFIXECX0DAjin2s0VtyE3/kUQmfldBkI=
-----END CERTIFICATE-----
Generated at Tue Jul 22 18:58:53 2025 by rpki-client