Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16509.roa
File: AS16509.roa (raw, json)
Hash identifier: VNB3+BW21KnPH5Udb4yrt1uOiF7FW66faAkGEpPWmJA=
Subject key identifier: 0C:99:4E:A7:1C:08:28:3F:27:F5:09:50:16:3D:AE:89:20:D1:E4:D0
Certificate issuer: /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial: 610672896D3644E3D2A020F724BBA271C0D7C907
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16509.roa
Signing time: Thu 28 May 2026 08:01:34 +0000
ROA not before: Thu 28 May 2026 07:56:34 +0000
ROA not after: Thu 27 May 2027 08:01:34 +0000
asID: 16509
IP address blocks: 2.57.18.0/24 maxlen: 24
181.214.94.0/24 maxlen: 24
181.214.110.0/24 maxlen: 24
181.215.206.0/23 maxlen: 24
185.137.13.0/24 maxlen: 24
191.96.204.0/24 maxlen: 24
191.101.111.0/24 maxlen: 24
2a00:d1a0:10::/48 maxlen: 48
2a00:d1a0:11::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 04 Jun 2026 14:59:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:06:72:89:6d:36:44:e3:d2:a0:20:f7:24:bb:a2:71:c0:d7:c9:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Validity
Not Before: May 28 07:56:34 2026 GMT
Not After : May 27 08:01:34 2027 GMT
Subject: CN=0C994EA71C08283F27F50950163DAE8920D1E4D0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:d9:8e:07:3b:60:73:ec:48:f9:10:e5:3a:95:
7a:2c:d0:71:f0:58:32:db:e7:cc:d2:8c:1d:43:35:
fc:fe:51:27:76:f6:27:76:4d:6e:ce:63:27:cc:b8:
3a:e6:4d:cd:fa:43:dd:3c:5a:7b:bb:e2:91:60:3a:
4c:91:9e:70:f9:7a:40:18:58:16:b0:31:aa:40:6b:
ca:5a:47:bb:16:6f:ea:30:a4:5c:a6:bb:e9:bc:37:
c4:dd:f2:05:ee:7a:8c:bf:0a:fc:8e:81:ce:98:a6:
3e:31:ee:cb:53:5b:19:b5:85:29:bc:d9:5c:a6:7e:
c4:0f:3d:27:ee:4c:ea:a6:11:50:51:b0:ca:87:67:
23:be:80:c8:bd:f1:df:e0:04:99:3f:ad:93:18:70:
93:f5:f1:0b:fd:a4:19:cc:65:64:87:90:93:32:14:
bb:09:c6:a5:34:88:8b:0e:68:77:ab:86:34:78:1a:
8e:d7:3b:a2:46:68:de:a2:97:91:6f:1b:87:42:55:
7d:31:23:7e:08:1b:9a:c3:d8:61:fa:e5:02:06:06:
f4:06:90:48:04:c7:99:da:20:66:64:ef:bd:a1:34:
af:d8:27:66:89:63:91:8e:b4:35:8a:1e:e0:40:38:
1b:2d:46:29:72:d7:da:0f:20:2e:dd:6b:46:f7:3e:
96:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:99:4E:A7:1C:08:28:3F:27:F5:09:50:16:3D:AE:89:20:D1:E4:D0
X509v3 Authority Key Identifier:
keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16509.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.18.0/24
181.214.94.0/24
181.214.110.0/24
181.215.206.0/23
185.137.13.0/24
191.96.204.0/24
191.101.111.0/24
IPv6:
2a00:d1a0:10::/47
Signature Algorithm: sha256WithRSAEncryption
83:93:5c:34:1e:ff:16:3a:01:42:ad:1b:cf:6b:d6:8a:e3:c5:
f2:46:b9:75:82:5f:5d:e3:5d:26:93:aa:63:78:a1:c7:78:d6:
3a:82:40:95:7b:d4:e0:32:bf:78:25:66:a4:17:62:5b:d9:3e:
9d:71:07:d5:d5:5f:63:5e:f2:6f:0e:18:10:e5:b3:7f:d1:2f:
5c:bd:91:bf:37:1f:d3:ad:d1:15:41:e1:f7:f7:f3:c4:58:1f:
f1:5b:9a:a4:69:60:01:e8:16:89:95:06:9f:77:b6:63:96:d9:
e2:fe:d1:86:14:8e:57:1e:1a:e1:5a:d9:e0:3f:6a:c4:a4:77:
63:bd:06:59:29:50:b0:e1:ac:d8:58:94:75:be:57:11:07:3d:
37:13:ef:8a:76:35:24:08:71:97:12:34:a2:65:1f:76:3a:64:
db:8b:39:a8:ab:74:b7:ea:07:8c:3a:40:e1:a2:95:26:ea:ab:
de:fd:83:6f:62:36:7f:97:c1:b7:44:ac:62:f4:58:0c:03:20:
90:7d:6c:a9:c4:3b:11:a2:54:57:c2:27:ee:e0:33:b4:71:99:
2f:20:36:ee:86:93:5d:33:23:0b:6b:27:a7:d4:e0:1c:74:30:
2f:fe:f8:db:58:1f:17:6e:33:dc:91:ba:e1:0d:27:ea:b6:c1:
7c:7f:21:4b
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgIUYQZyiW02ROPSoCD3JLuiccDXyQcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MjgwNzU2MzRaFw0yNzA1MjcwODAxMzRaMDMxMTAvBgNV
BAMTKDBDOTk0RUE3MUMwODI4M0YyN0Y1MDk1MDE2M0RBRTg5MjBEMUU0RDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo2Y4HO2Bz7Ej5EOU6lXos0HHw
WDLb58zSjB1DNfz+USd29id2TW7OYyfMuDrmTc36Q908Wnu74pFgOkyRnnD5ekAY
WBawMapAa8paR7sWb+owpFymu+m8N8Td8gXueoy/CvyOgc6Ypj4x7stTWxm1hSm8
2VymfsQPPSfuTOqmEVBRsMqHZyO+gMi98d/gBJk/rZMYcJP18Qv9pBnMZWSHkJMy
FLsJxqU0iIsOaHerhjR4Go7XO6JGaN6il5FvG4dCVX0xI34IG5rD2GH65QIGBvQG
kEgEx5naIGZk772hNK/YJ2aJY5GOtDWKHuBAOBstRily19oPIC7da0b3PpYbAgMB
AAGjggI+MIICOjAdBgNVHQ4EFgQUDJlOpxwIKD8n9QlQFj2uiSDR5NAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwVAYIKwYBBQUHAQcBAf8ERTBDMDAEAgABMCoDBAACORID
BAC11l4DBAC11m4DBAG1184DBAC5iQ0DBAC/YMwDBAC/ZW8wDwQCAAIwCQMHASoA
0aAAEDANBgkqhkiG9w0BAQsFAAOCAQEAg5NcNB7/FjoBQq0bz2vWiuPF8ka5dYJf
XeNdJpOqY3ihx3jWOoJAlXvU4DK/eCVmpBdiW9k+nXEH1dVfY17ybw4YEOWzf9Ev
XL2Rvzcf063RFUHh9/fzxFgf8VuapGlgAegWiZUGn3e2Y5bZ4v7RhhSOVx4a4VrZ
4D9qxKR3Y70GWSlQsOGs2FiUdb5XEQc9NxPvinY1JAhxlxI0omUfdjpk24s5qKt0
t+oHjDpA4aKVJuqr3v2Db2I2f5fBt0SsYvRYDAMgkH1sqcQ7EaJUV8In7uAztHGZ
LyA27oaTXTMjC2snp9TgHHQwL/7421gfF24z3JG64Q0n6rbBfH8hSw==
-----END CERTIFICATE-----
Generated at Thu Jun 4 01:18:46 2026 by rpki-client