Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
File: AS16509.roa (raw, json)
Hash identifier: EAofO0p06uwUUXNKX+AK3vdlGWxZbQkd8GxI466F9kE=
Subject key identifier: 8C:99:B0:47:33:09:CE:C6:D8:04:D9:F6:09:AF:5B:AC:53:70:5F:B3
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 0AD40B2443CDA05E9C585149B9D7924A00C64198
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
Signing time: Thu 06 Nov 2025 16:38:48 +0000
ROA not before: Thu 06 Nov 2025 16:33:48 +0000
ROA not after: Thu 05 Nov 2026 16:38:48 +0000
asID: 16509
IP address blocks: 96.62.208.0/22 maxlen: 22
140.233.128.0/19 maxlen: 24
140.233.174.0/23 maxlen: 23
143.14.82.0/23 maxlen: 23
143.14.132.0/24 maxlen: 24
145.223.64.0/24 maxlen: 24
145.223.65.0/24 maxlen: 24
146.103.60.0/24 maxlen: 24
146.103.62.0/23 maxlen: 24
147.79.25.0/24 maxlen: 24
148.135.180.0/24 maxlen: 24
148.135.186.0/24 maxlen: 24
155.117.0.0/24 maxlen: 24
155.117.60.0/24 maxlen: 24
155.117.144.0/22 maxlen: 22
155.117.185.0/24 maxlen: 24
155.117.187.0/24 maxlen: 24
162.141.159.0/24 maxlen: 24
162.141.180.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Nov 2025 23:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0a:d4:0b:24:43:cd:a0:5e:9c:58:51:49:b9:d7:92:4a:00:c6:41:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Nov 6 16:33:48 2025 GMT
Not After : Nov 5 16:38:48 2026 GMT
Subject: CN=8C99B0473309CEC6D804D9F609AF5BAC53705FB3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:ac:79:91:a7:b3:c7:fd:5b:4c:46:4d:e1:0a:
db:04:0d:37:86:69:a0:af:5e:55:76:ff:aa:92:53:
e1:4b:f0:39:6b:a0:ae:18:30:23:e3:b8:17:f6:c6:
91:9e:5c:ee:46:00:29:eb:36:ba:38:e6:4e:e0:b1:
c2:17:31:67:db:3e:e3:0f:fe:5b:8d:31:aa:a2:ea:
40:5d:0c:a2:e6:a1:cd:e5:fc:c2:5e:34:6e:ae:9f:
dc:76:b1:ef:35:a4:1c:19:4d:e1:3f:ab:54:84:4e:
91:86:74:0f:f5:73:41:be:a1:70:eb:26:91:f4:d1:
69:7f:c0:76:a6:0b:ec:3d:7b:bf:f9:18:f7:d3:ea:
56:51:eb:fc:13:30:9b:1c:3f:16:cd:dc:8a:bb:f1:
97:7d:72:8b:8e:7d:45:cf:49:76:04:82:f1:54:0c:
f2:ea:ce:aa:9c:98:e4:7e:3a:9e:4b:0b:1c:ef:97:
6b:77:71:43:84:1c:7a:0c:f0:48:30:ac:16:87:d4:
c6:07:81:ec:45:01:0d:f1:ff:cd:7c:cb:d2:cd:e8:
7c:51:d3:cf:77:cb:3b:f1:db:72:45:c4:58:93:fe:
33:28:3f:17:11:1a:13:19:66:12:90:fb:2c:95:a2:
94:19:71:42:09:ca:4a:87:71:79:52:5f:24:8f:68:
2d:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:99:B0:47:33:09:CE:C6:D8:04:D9:F6:09:AF:5B:AC:53:70:5F:B3
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.208.0/22
140.233.128.0/19
140.233.174.0/23
143.14.82.0/23
143.14.132.0/24
145.223.64.0/23
146.103.60.0/24
146.103.62.0/23
147.79.25.0/24
148.135.180.0/24
148.135.186.0/24
155.117.0.0/24
155.117.60.0/24
155.117.144.0/22
155.117.185.0/24
155.117.187.0/24
162.141.159.0/24
162.141.180.0/24
Signature Algorithm: sha256WithRSAEncryption
9f:a0:ca:94:af:2a:18:b9:56:37:c5:da:f5:60:45:49:0b:aa:
7b:7f:02:76:45:21:3c:c3:34:c8:e4:13:2b:b4:6c:ef:66:68:
5f:83:87:a7:ee:0e:0a:1c:84:17:b1:e7:b5:11:ba:5a:a8:09:
1f:7e:59:0d:93:17:d6:41:31:72:88:95:da:d7:7d:7f:53:84:
23:14:54:d0:09:0d:bd:92:a7:19:c1:97:ef:4d:e9:a0:be:52:
eb:df:30:b4:c5:8e:46:ea:90:00:6b:b6:db:e5:81:26:40:89:
a6:95:a9:d5:47:a7:fa:34:67:2e:a5:d8:7b:5f:cc:79:ae:04:
7d:12:5f:a4:e7:55:18:d3:a2:a7:4e:fb:e7:99:bb:f6:69:2e:
be:f4:76:22:89:16:26:52:c8:7d:dc:34:a0:b7:81:f9:3b:6f:
6e:7b:cb:76:b3:cf:d8:10:21:4a:6c:73:4c:b1:a6:63:1a:b6:
61:78:b3:38:08:8e:51:e5:51:1b:17:0b:24:3a:81:a8:85:17:
d4:e1:42:c0:a9:c9:c8:7c:13:53:6d:1d:25:91:ae:6e:b3:e0:
75:8c:26:5b:1e:85:a9:e1:08:97:3b:7b:74:76:63:e0:9a:9d:
0f:82:40:f9:70:5f:5e:58:1e:77:b5:d1:b5:db:7a:a3:77:f4:
6b:87:8e:40
-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgIUCtQLJEPNoF6cWFFJudeSSgDGQZgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTExMDYxNjMzNDhaFw0yNjExMDUxNjM4NDhaMDMxMTAvBgNV
BAMTKDhDOTlCMDQ3MzMwOUNFQzZEODA0RDlGNjA5QUY1QkFDNTM3MDVGQjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0rHmRp7PH/VtMRk3hCtsEDTeG
aaCvXlV2/6qSU+FL8DlroK4YMCPjuBf2xpGeXO5GACnrNro45k7gscIXMWfbPuMP
/luNMaqi6kBdDKLmoc3l/MJeNG6un9x2se81pBwZTeE/q1SETpGGdA/1c0G+oXDr
JpH00Wl/wHamC+w9e7/5GPfT6lZR6/wTMJscPxbN3Iq78Zd9couOfUXPSXYEgvFU
DPLqzqqcmOR+Op5LCxzvl2t3cUOEHHoM8EgwrBaH1MYHgexFAQ3x/818y9LN6HxR
0893yzvx23JFxFiT/jMoPxcRGhMZZhKQ+yyVopQZcUIJykqHcXlSXySPaC3XAgMB
AAGjggJwMIICbDAdBgNVHQ4EFgQUjJmwRzMJzsbYBNn2Ca9brFNwX7MwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgYUGCCsGAQUFBwEHAQH/BHYwdDByBAIAATBsAwQCYD7Q
AwQFjOmAAwQBjOmuAwQBjw5SAwQAjw6EAwQBkd9AAwQAkmc8AwQBkmc+AwQAk08Z
AwQAlIe0AwQAlIe6AwQAm3UAAwQAm3U8AwQCm3WQAwQAm3W5AwQAm3W7AwQAoo2f
AwQAoo20MA0GCSqGSIb3DQEBCwUAA4IBAQCfoMqUryoYuVY3xdr1YEVJC6p7fwJ2
RSE8wzTI5BMrtGzvZmhfg4en7g4KHIQXsee1EbpaqAkfflkNkxfWQTFyiJXa131/
U4QjFFTQCQ29kqcZwZfvTemgvlLr3zC0xY5G6pAAa7bb5YEmQImmlanVR6f6NGcu
pdh7X8x5rgR9El+k51UY06KnTvvnmbv2aS6+9HYiiRYmUsh93DSgt4H5O29ue8t2
s8/YECFKbHNMsaZjGrZheLM4CI5R5VEbFwskOoGohRfU4ULAqcnIfBNTbR0lka5u
s+B1jCZbHoWp4QiXO3t0dmPgmp0PgkD5cF9eWB53tdG123qjd/Rrh45A
-----END CERTIFICATE-----
Generated at Tue Nov 18 05:49:27 2025 by rpki-client