Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
File: AS16509.roa (raw, json)
Hash identifier: iKVKxU2yK6ueWi2rJ5y2Xgkeb9pa4uvmtfzKbNqG494=
Subject key identifier: AB:80:0D:0F:72:B4:DD:B6:62:F6:E0:34:15:0C:52:96:93:E7:9D:ED
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 1E618FED26E70DF07B98A84A8C44CE088EF05FE5
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
Signing time: Fri 30 May 2025 18:52:11 +0000
ROA not before: Fri 30 May 2025 18:47:11 +0000
ROA not after: Fri 29 May 2026 18:52:11 +0000
asID: 16509
IP address blocks: 96.62.208.0/22 maxlen: 22
140.233.128.0/19 maxlen: 24
145.223.64.0/24 maxlen: 24
145.223.65.0/24 maxlen: 24
146.103.60.0/24 maxlen: 24
146.103.62.0/23 maxlen: 24
148.135.180.0/24 maxlen: 24
148.135.186.0/24 maxlen: 24
167.148.144.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 06 Jun 2025 20:42:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1e:61:8f:ed:26:e7:0d:f0:7b:98:a8:4a:8c:44:ce:08:8e:f0:5f:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: May 30 18:47:11 2025 GMT
Not After : May 29 18:52:11 2026 GMT
Subject: CN=AB800D0F72B4DDB662F6E034150C529693E79DED
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:7a:58:88:51:8a:16:23:2e:85:d7:2a:71:f5:
58:4d:e3:e9:a0:1a:ae:5d:9a:97:5d:28:b9:bf:15:
b0:f2:90:d6:5a:21:52:da:45:12:4e:35:6d:8d:0e:
b7:a3:da:8e:df:b3:ee:22:b5:2c:b6:9f:0a:f8:2f:
fb:f4:c6:1d:58:8e:e2:52:29:a0:2e:91:bd:48:8e:
7e:4c:01:e3:f3:80:39:a5:03:11:07:dd:a8:55:80:
dc:e6:5d:b4:40:fe:a0:76:e0:c9:09:6f:ad:ec:bd:
7e:49:3c:c0:87:24:4c:9a:16:db:9f:b6:43:41:90:
23:4e:5e:56:e1:b4:38:93:72:45:1a:c5:fd:f9:54:
de:7a:77:ab:2b:83:c0:4e:51:65:96:f7:2f:29:17:
7b:4a:b1:13:be:db:21:26:6d:0b:75:04:9e:b8:05:
88:2e:4f:67:92:8d:50:4e:b3:8c:50:33:6d:0c:fc:
75:7e:0f:2e:aa:f3:1e:60:2c:bd:4b:d1:f9:f1:aa:
9f:21:f4:c7:24:8b:61:9f:17:76:3f:9c:8b:d9:c1:
c6:a1:5a:c3:f0:4f:6e:a4:c7:60:ed:4c:ad:81:3b:
06:b9:2f:ac:7e:4d:63:ca:99:a1:1a:ca:04:a7:94:
c0:fa:36:0e:59:16:ae:52:e2:a0:4a:ec:f1:80:83:
1a:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:80:0D:0F:72:B4:DD:B6:62:F6:E0:34:15:0C:52:96:93:E7:9D:ED
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.208.0/22
140.233.128.0/19
145.223.64.0/23
146.103.60.0/24
146.103.62.0/23
148.135.180.0/24
148.135.186.0/24
167.148.144.0/24
Signature Algorithm: sha256WithRSAEncryption
83:ff:b3:fe:5f:2c:cf:7b:5d:bc:ec:7b:24:59:69:c9:15:b2:
73:e8:c3:51:c3:bc:fe:85:b0:c5:ba:30:b4:23:49:67:c7:b1:
34:bb:8c:95:85:65:8d:33:25:e0:c6:62:96:e5:a6:96:f3:a3:
c6:44:b4:cc:02:82:d6:9d:5b:ad:b1:9f:ee:56:81:72:f6:d1:
a5:1a:fb:d0:ab:8b:ba:da:89:a8:d8:cc:f0:9b:53:08:73:3d:
4d:e0:58:cb:42:30:36:b7:3e:d6:9c:cf:3f:e9:e5:eb:f8:ee:
6d:d0:37:65:e4:f3:7e:fc:cf:0b:80:a8:74:6e:82:7d:ab:cf:
61:9a:8f:78:74:37:bd:65:2f:9a:14:0d:ca:5e:40:cd:37:ed:
5f:4c:36:db:c2:00:3c:1e:0c:9b:e8:36:45:c5:63:54:fb:c0:
a0:60:66:c6:ef:10:f4:06:14:87:c1:5d:11:f7:64:8e:ca:c4:
2f:cd:60:60:ac:42:ef:29:28:a9:54:68:d4:5d:39:2d:bf:40:
fa:11:b2:cd:db:50:ab:90:da:13:47:2a:dd:fd:f7:80:f9:fc:
3c:ab:2e:85:95:68:8b:fe:18:8d:c7:cb:ae:63:17:99:75:34:
71:42:a3:ea:84:fa:e2:51:0b:44:9f:5c:be:43:04:79:66:b4:
56:11:94:90
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUHmGP7SbnDfB7mKhKjETOCI7wX+UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MzAxODQ3MTFaFw0yNjA1MjkxODUyMTFaMDMxMTAvBgNV
BAMTKEFCODAwRDBGNzJCNEREQjY2MkY2RTAzNDE1MEM1Mjk2OTNFNzlERUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFeliIUYoWIy6F1ypx9VhN4+mg
Gq5dmpddKLm/FbDykNZaIVLaRRJONW2NDrej2o7fs+4itSy2nwr4L/v0xh1YjuJS
KaAukb1Ijn5MAePzgDmlAxEH3ahVgNzmXbRA/qB24MkJb63svX5JPMCHJEyaFtuf
tkNBkCNOXlbhtDiTckUaxf35VN56d6srg8BOUWWW9y8pF3tKsRO+2yEmbQt1BJ64
BYguT2eSjVBOs4xQM20M/HV+Dy6q8x5gLL1L0fnxqp8h9Mcki2GfF3Y/nIvZwcah
WsPwT26kx2DtTK2BOwa5L6x+TWPKmaEaygSnlMD6Ng5ZFq5S4qBK7PGAgxqdAgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUq4AND3K03bZi9uA0FQxSlpPnne0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwSQYIKwYBBQUHAQcBAf8EOjA4MDYEAgABMDADBAJgPtAD
BAWM6YADBAGR30ADBACSZzwDBAGSZz4DBACUh7QDBACUh7oDBACnlJAwDQYJKoZI
hvcNAQELBQADggEBAIP/s/5fLM97XbzseyRZackVsnPow1HDvP6FsMW6MLQjSWfH
sTS7jJWFZY0zJeDGYpblppbzo8ZEtMwCgtadW62xn+5WgXL20aUa+9Cri7raiajY
zPCbUwhzPU3gWMtCMDa3Ptaczz/p5ev47m3QN2Xk8378zwuAqHRugn2rz2Gaj3h0
N71lL5oUDcpeQM037V9MNtvCADweDJvoNkXFY1T7wKBgZsbvEPQGFIfBXRH3ZI7K
xC/NYGCsQu8pKKlUaNRdOS2/QPoRss3bUKuQ2hNHKt3994D5/DyrLoWVaIv+GI3H
y65jF5l1NHFCo+qE+uJRC0SfXL5DBHlmtFYRlJA=
-----END CERTIFICATE-----
Generated at Fri Jun 6 03:36:20 2025 by rpki-client