Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
File: AS16509.roa (raw, json)
Hash identifier: 7bqBBePEamSpai5YXP+f83QOdW7Ue2YVvli8dRkW74k=
Subject key identifier: E4:5B:D3:94:A1:31:95:57:2A:D9:4E:35:D7:7A:AE:38:2B:DE:B9:E2
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 0917D74E89E5B6D03D709FFE74B72006FE4D2559
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
Signing time: Tue 15 Jul 2025 12:30:31 +0000
ROA not before: Tue 15 Jul 2025 12:25:31 +0000
ROA not after: Tue 14 Jul 2026 12:30:31 +0000
asID: 16509
IP address blocks: 82.21.28.0/22 maxlen: 24
82.24.100.0/24 maxlen: 24
82.25.56.0/21 maxlen: 21
82.26.154.0/24 maxlen: 24
82.26.157.0/24 maxlen: 24
82.26.201.0/24 maxlen: 24
82.29.0.0/24 maxlen: 24
82.29.2.0/24 maxlen: 24
82.29.3.0/24 maxlen: 24
82.29.4.0/24 maxlen: 24
82.29.102.0/24 maxlen: 24
82.29.104.0/24 maxlen: 24
82.29.105.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 11:01:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:17:d7:4e:89:e5:b6:d0:3d:70:9f:fe:74:b7:20:06:fe:4d:25:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Jul 15 12:25:31 2025 GMT
Not After : Jul 14 12:30:31 2026 GMT
Subject: CN=E45BD394A13195572AD94E35D77AAE382BDEB9E2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:94:e2:88:d4:9c:3a:0b:13:ad:48:58:99:20:
3d:24:51:67:ac:04:49:8e:d4:54:4e:29:2d:4f:0a:
94:db:d5:f1:c5:ab:2b:45:c6:cc:42:e7:11:fb:28:
91:04:1a:2f:45:c7:30:f4:27:58:2e:44:9a:a9:fd:
e6:19:80:17:dc:7b:fb:b2:a3:a6:bd:04:1c:55:6a:
b6:6c:8e:cf:05:ea:7d:ce:c1:7c:9f:53:b6:6d:a5:
3d:01:5f:7d:00:a4:fa:2f:0e:dd:21:16:bb:2c:af:
b9:87:96:24:2b:d8:f2:86:e7:45:de:4f:dc:a7:a5:
19:50:c7:12:e1:94:98:6e:7b:10:cd:b9:cd:0e:8d:
ff:b1:c1:18:8d:f7:db:29:37:8d:02:11:32:fe:ad:
35:e5:a3:b0:c5:fe:e8:e7:94:d8:b5:3c:f6:c9:9b:
da:18:bd:d5:67:89:63:f9:ec:64:7a:5f:96:35:11:
a8:07:ff:c6:df:c9:41:2a:10:1c:96:e9:a5:1a:9b:
d1:8c:e8:0f:9c:32:f2:ca:d3:00:a2:f5:0b:57:08:
0c:31:c1:99:c0:fb:f3:82:41:9b:d3:bf:fa:57:64:
b6:2a:4d:4f:85:c7:46:bd:f1:51:3f:b4:17:be:66:
96:d6:c1:4e:b2:0f:fc:62:ee:8f:0b:33:f2:81:79:
84:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:5B:D3:94:A1:31:95:57:2A:D9:4E:35:D7:7A:AE:38:2B:DE:B9:E2
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.28.0/22
82.24.100.0/24
82.25.56.0/21
82.26.154.0/24
82.26.157.0/24
82.26.201.0/24
82.29.0.0/24
82.29.2.0-82.29.4.255
82.29.102.0/24
82.29.104.0/23
Signature Algorithm: sha256WithRSAEncryption
a7:79:c1:db:54:6a:a7:86:ac:e9:26:6c:aa:08:1f:81:47:d6:
3f:f0:b4:48:70:af:61:9a:79:8b:fc:15:29:f4:9f:e7:14:b1:
56:e0:95:99:6e:d5:d6:c1:4b:6b:7c:7c:2f:eb:7a:8d:57:73:
52:ad:cd:ce:2d:25:8d:60:42:c3:c7:77:86:14:48:1f:9f:e9:
1e:9d:11:c5:b5:f8:f9:bb:29:ee:27:9e:f3:fe:99:79:d0:8c:
e4:85:2b:b6:67:43:9c:91:0f:78:f8:bc:34:cb:cd:fc:76:09:
a9:28:fa:c9:cf:ea:79:31:01:a0:f6:f5:e4:34:69:86:52:d3:
cf:f3:85:8e:18:9d:96:c0:9c:b2:ca:68:6c:61:ff:22:b7:9c:
bc:09:c2:d2:07:6e:1a:4b:ca:9d:d8:3d:96:ff:1b:3b:50:ab:
40:3c:e1:1b:4a:71:22:0a:2d:3e:56:c7:3e:f6:2d:0f:2a:e6:
eb:91:79:9b:29:d6:72:ff:7c:b0:62:82:d0:12:a4:28:02:c3:
5b:13:10:3c:53:36:8f:07:41:f3:17:76:5b:d9:88:a2:9e:29:
1a:89:4b:a9:b4:de:6a:58:e4:6a:94:4c:7a:36:80:ae:75:03:
23:e1:b6:21:c7:40:af:0a:01:39:3c:8c:b3:8f:30:ba:6f:05:
2d:86:30:d1
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgIUCRfXTonlttA9cJ/+dLcgBv5NJVkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MTUxMjI1MzFaFw0yNjA3MTQxMjMwMzFaMDMxMTAvBgNV
BAMTKEU0NUJEMzk0QTEzMTk1NTcyQUQ5NEUzNUQ3N0FBRTM4MkJERUI5RTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBlOKI1Jw6CxOtSFiZID0kUWes
BEmO1FROKS1PCpTb1fHFqytFxsxC5xH7KJEEGi9FxzD0J1guRJqp/eYZgBfce/uy
o6a9BBxVarZsjs8F6n3OwXyfU7ZtpT0BX30ApPovDt0hFrssr7mHliQr2PKG50Xe
T9ynpRlQxxLhlJhuexDNuc0Ojf+xwRiN99spN40CETL+rTXlo7DF/ujnlNi1PPbJ
m9oYvdVniWP57GR6X5Y1EagH/8bfyUEqEByW6aUam9GM6A+cMvLK0wCi9QtXCAwx
wZnA+/OCQZvTv/pXZLYqTU+Fx0a98VE/tBe+ZpbWwU6yD/xi7o8LM/KBeYR9AgMB
AAGjggJHMIICQzAdBgNVHQ4EFgQU5FvTlKExlVcq2U4113quOCveueIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwXQYIKwYBBQUHAQcBAf8ETjBMMEoEAgABMEQDBAJSFRwD
BABSGGQDBANSGTgDBABSGpoDBABSGp0DBABSGskDBABSHQAwDAMEAVIdAgMEAFId
BAMEAFIdZgMEAVIdaDANBgkqhkiG9w0BAQsFAAOCAQEAp3nB21Rqp4as6SZsqggf
gUfWP/C0SHCvYZp5i/wVKfSf5xSxVuCVmW7V1sFLa3x8L+t6jVdzUq3Nzi0ljWBC
w8d3hhRIH5/pHp0RxbX4+bsp7iee8/6ZedCM5IUrtmdDnJEPePi8NMvN/HYJqSj6
yc/qeTEBoPb15DRphlLTz/OFjhidlsCcsspobGH/IrecvAnC0gduGkvKndg9lv8b
O1CrQDzhG0pxIgotPlbHPvYtDyrm65F5mynWcv98sGKC0BKkKALDWxMQPFM2jwdB
8xd2W9mIop4pGolLqbTealjkapRMejaArnUDI+G2IcdArwoBOTyMs48wum8FLYYw
0Q==
-----END CERTIFICATE-----
Generated at Sun Jul 20 21:55:51 2025 by rpki-client