Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16509.roa
File:                     AS16509.roa (raw, json)
Hash identifier:          sEeVj/nxG06FMyINuq18qNzyWI/uEnaXxsMrK+K4lb8=
Subject key identifier:   86:34:71:5B:6A:4C:C3:49:55:A8:56:B8:9F:8B:04:7E:CA:E7:C9:89
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       760254C8A1DC0C98E4274ABEEB6F0278925DEA67
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16509.roa
Signing time:             Thu 16 Jul 2026 08:32:20 +0000
ROA not before:           Thu 16 Jul 2026 08:27:20 +0000
ROA not after:            Thu 15 Jul 2027 08:32:20 +0000
asID:                     16509
IP address blocks:        181.214.94.0/24 maxlen: 24
                          181.214.110.0/24 maxlen: 24
                          181.215.206.0/23 maxlen: 24
                          185.137.13.0/24 maxlen: 24
                          191.96.204.0/24 maxlen: 24
                          191.101.111.0/24 maxlen: 24
                          2a00:d1a0:10::/48 maxlen: 48
                          2a00:d1a0:11::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Jul 2026 07:32:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:02:54:c8:a1:dc:0c:98:e4:27:4a:be:eb:6f:02:78:92:5d:ea:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 16 08:27:20 2026 GMT
            Not After : Jul 15 08:32:20 2027 GMT
        Subject: CN=8634715B6A4CC34955A856B89F8B047ECAE7C989
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:23:4d:04:aa:28:2e:71:bc:6d:47:00:e5:ad:
                    8c:0c:af:71:61:db:1a:74:38:a9:0b:66:6b:09:68:
                    22:c8:5f:06:e5:ce:c1:3a:10:8f:ef:79:6c:73:5f:
                    1e:b0:0d:18:ca:b2:f7:3a:a7:20:3f:f7:9b:9c:74:
                    ec:68:ee:96:42:05:9b:ae:8d:66:a8:eb:00:35:aa:
                    22:5f:8c:5d:cb:f0:dc:47:26:66:31:d1:6c:c6:db:
                    f5:17:ca:4a:df:91:1e:b2:29:d3:72:a7:d9:71:7b:
                    fe:26:8c:2e:1e:d4:b6:0f:5e:49:c3:99:49:56:72:
                    9c:b4:9b:fa:83:54:00:d4:80:39:d0:55:9d:18:f2:
                    65:dd:cf:a4:a9:89:11:4a:4c:8f:44:c3:ec:4f:4c:
                    9c:d2:00:ae:1b:96:f7:91:71:f7:18:c0:6a:8b:a4:
                    33:e2:21:a9:e5:c6:e5:6d:82:10:31:eb:7c:f6:a4:
                    43:46:54:74:97:9c:22:83:f3:3e:30:10:d8:ed:17:
                    a0:3c:83:03:eb:35:63:b4:bd:a3:20:f4:ad:2a:77:
                    2b:62:7f:8a:e5:51:13:5c:b9:43:0e:e1:87:ad:91:
                    b5:f3:63:f0:ff:e5:db:a7:b8:96:c6:01:d7:c8:9d:
                    17:26:3b:3e:63:10:e2:2e:29:17:1a:3e:f8:fe:43:
                    f7:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:34:71:5B:6A:4C:C3:49:55:A8:56:B8:9F:8B:04:7E:CA:E7:C9:89
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.94.0/24
                  181.214.110.0/24
                  181.215.206.0/23
                  185.137.13.0/24
                  191.96.204.0/24
                  191.101.111.0/24
                IPv6:
                  2a00:d1a0:10::/47

    Signature Algorithm: sha256WithRSAEncryption
         9b:42:32:22:8a:f0:e3:36:5e:fe:6d:9d:d2:df:7d:ae:38:d9:
         3c:9a:88:86:7e:f3:08:49:b1:41:78:1d:ae:81:db:1a:9e:5f:
         1e:43:f4:aa:2b:d6:9c:91:52:a2:0a:6a:38:61:fa:b4:39:3c:
         cb:3b:22:f7:03:92:d9:00:bf:a3:9a:a9:26:d1:93:bf:d3:c2:
         d0:c9:23:1c:9f:6b:8d:92:54:cf:f9:a3:e5:a7:d4:79:7d:29:
         ce:83:cf:17:83:4c:e2:31:96:68:12:ba:93:fd:45:72:96:ac:
         47:ab:4e:67:9e:56:66:50:c0:05:4d:b5:7e:98:66:c5:ff:89:
         31:cd:57:c9:c6:a9:02:92:5e:30:0a:d5:b1:1c:48:1a:98:7f:
         c1:d1:97:b8:fc:48:b1:87:b3:42:ad:34:01:b7:17:7f:e8:bb:
         aa:1a:54:1b:91:9b:69:dc:c4:84:b9:02:4c:c2:d1:f6:2d:08:
         24:37:ef:06:09:3f:c2:55:61:15:72:8d:47:d3:5e:5a:74:90:
         a8:1a:56:9f:d8:0e:6b:4f:6c:83:28:a0:c0:4e:dd:82:5b:a9:
         ae:a1:f1:6e:e7:f1:d8:84:8d:fb:6e:aa:d3:f4:f2:a0:18:cb:
         6f:cf:39:f0:e0:8c:65:22:40:e7:a1:d8:ca:b7:1e:89:6d:20:
         5a:f0:3c:66
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgIUdgJUyKHcDJjkJ0q+628CeJJd6mcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA3MTYwODI3MjBaFw0yNzA3MTUwODMyMjBaMDMxMTAvBgNV
BAMTKDg2MzQ3MTVCNkE0Q0MzNDk1NUE4NTZCODlGOEIwNDdFQ0FFN0M5ODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrI00EqigucbxtRwDlrYwMr3Fh
2xp0OKkLZmsJaCLIXwblzsE6EI/veWxzXx6wDRjKsvc6pyA/95ucdOxo7pZCBZuu
jWao6wA1qiJfjF3L8NxHJmYx0WzG2/UXykrfkR6yKdNyp9lxe/4mjC4e1LYPXknD
mUlWcpy0m/qDVADUgDnQVZ0Y8mXdz6SpiRFKTI9Ew+xPTJzSAK4blveRcfcYwGqL
pDPiIanlxuVtghAx63z2pENGVHSXnCKD8z4wENjtF6A8gwPrNWO0vaMg9K0qdyti
f4rlURNcuUMO4YetkbXzY/D/5dunuJbGAdfInRcmOz5jEOIuKRcaPvj+Q/erAgMB
AAGjggI4MIICNDAdBgNVHQ4EFgQUhjRxW2pMw0lVqFa4n4sEfsrnyYkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwTgYIKwYBBQUHAQcBAf8EPzA9MCoEAgABMCQDBAC11l4D
BAC11m4DBAG1184DBAC5iQ0DBAC/YMwDBAC/ZW8wDwQCAAIwCQMHASoA0aAAEDAN
BgkqhkiG9w0BAQsFAAOCAQEAm0IyIorw4zZe/m2d0t99rjjZPJqIhn7zCEmxQXgd
roHbGp5fHkP0qivWnJFSogpqOGH6tDk8yzsi9wOS2QC/o5qpJtGTv9PC0MkjHJ9r
jZJUz/mj5afUeX0pzoPPF4NM4jGWaBK6k/1FcpasR6tOZ55WZlDABU21fphmxf+J
Mc1XycapApJeMArVsRxIGph/wdGXuPxIsYezQq00AbcXf+i7qhpUG5GbadzEhLkC
TMLR9i0IJDfvBgk/wlVhFXKNR9NeWnSQqBpWn9gOa09sgyigwE7dgluprqHxbufx
2ISN+26q0/TyoBjLb8858OCMZSJA56HYyrceiW0gWvA8Zg==
-----END CERTIFICATE-----
Generated at Sun Jul 19 16:38:46 2026 by rpki-client