Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
File:                     AS16509.roa (raw, json)
Hash identifier:          QLtX+D4JjXOXiT7aN1RnQTLRtLtRZCvJdEH61dffIlc=
Subject key identifier:   D9:7E:69:6A:DE:2F:CC:40:35:D1:22:0C:D1:B6:CB:B1:89:92:AE:8C
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2276CBCA23DF0AA7984A78328D1BE0C770AD4217
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
Signing time:             Thu 16 Jul 2026 16:00:45 +0000
ROA not before:           Thu 16 Jul 2026 15:55:45 +0000
ROA not after:            Thu 15 Jul 2027 16:00:45 +0000
asID:                     16509
IP address blocks:        82.21.0.0/24 maxlen: 24
                          82.24.76.0/24 maxlen: 24
                          82.26.154.0/24 maxlen: 24
                          82.26.201.0/24 maxlen: 24
                          82.29.0.0/24 maxlen: 24
                          82.29.2.0/24 maxlen: 24
                          82.29.3.0/24 maxlen: 24
                          82.29.4.0/24 maxlen: 24
                          82.29.44.0/24 maxlen: 24
                          82.29.102.0/24 maxlen: 24
                          82.29.104.0/24 maxlen: 24
                          82.29.105.0/24 maxlen: 24
                          82.41.98.0/24 maxlen: 24
                          82.41.168.0/24 maxlen: 24
                          82.41.200.0/24 maxlen: 24
                          82.47.64.0/19 maxlen: 24
                          84.75.18.0/24 maxlen: 24
                          84.75.19.0/24 maxlen: 24
                          84.75.34.0/24 maxlen: 24
                          84.75.36.0/24 maxlen: 24
                          84.75.37.0/24 maxlen: 24
                          84.75.38.0/24 maxlen: 24
                          84.75.41.0/24 maxlen: 24
                          84.75.42.0/24 maxlen: 24
                          84.75.48.0/24 maxlen: 24
                          84.75.50.0/24 maxlen: 24
                          84.75.51.0/24 maxlen: 24
                          84.75.52.0/24 maxlen: 24
                          84.75.53.0/24 maxlen: 24
                          84.75.55.0/24 maxlen: 24
                          84.75.61.0/24 maxlen: 24
                          84.75.62.0/24 maxlen: 24
                          84.75.63.0/24 maxlen: 24
                          84.75.64.0/24 maxlen: 24
                          84.75.65.0/24 maxlen: 24
                          84.75.67.0/24 maxlen: 24
                          84.75.68.0/24 maxlen: 24
                          84.75.69.0/24 maxlen: 24
                          84.75.70.0/24 maxlen: 24
                          84.75.96.0/19 maxlen: 24
                          2a13:9500:110::/48 maxlen: 48
                          2a13:9500:126::/48 maxlen: 48
                          2a13:9500:127::/48 maxlen: 48
                          2a13:9500:13a::/48 maxlen: 48
                          2a13:9500:157::/48 maxlen: 48
                          2a13:9500:176::/48 maxlen: 48
                          2a13:9500:1a1::/48 maxlen: 48
                          2a13:9500:1a3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Jul 2026 16:14:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:76:cb:ca:23:df:0a:a7:98:4a:78:32:8d:1b:e0:c7:70:ad:42:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 16 15:55:45 2026 GMT
            Not After : Jul 15 16:00:45 2027 GMT
        Subject: CN=D97E696ADE2FCC4035D1220CD1B6CBB18992AE8C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:5b:ff:4f:1e:2b:50:f9:65:78:f2:4e:92:eb:
                    c2:e4:79:92:9e:c0:60:21:fe:d6:be:6d:30:0f:47:
                    1d:32:6a:4a:f5:5c:33:8f:e4:6a:8f:39:df:7a:37:
                    30:07:25:51:f6:48:3b:e4:5d:85:c9:a5:44:fa:c4:
                    76:09:a8:83:e0:8a:fa:11:0d:b5:76:e0:d2:ef:1e:
                    35:18:b5:1e:2f:35:19:2c:96:0f:7c:ab:d8:b2:f6:
                    40:e7:d3:b7:3b:ee:71:df:c6:4c:c3:d0:6c:1c:8a:
                    f9:29:3e:34:f9:c1:e7:38:e8:81:49:9f:4b:29:bb:
                    c9:df:4f:19:8e:25:7d:49:d5:92:3b:d8:6e:84:39:
                    f3:cb:74:fb:e6:40:a5:5d:13:71:c4:78:aa:32:ba:
                    7c:e2:c8:30:26:98:33:9f:d5:ea:1d:17:6a:a7:a4:
                    42:bc:9c:33:3e:67:55:3f:6d:5d:e0:42:a5:25:8a:
                    2a:49:ea:c9:e7:40:18:43:29:e9:37:09:b4:41:8b:
                    f2:f7:49:06:c6:28:9c:1d:b3:67:23:9e:6a:28:5b:
                    a4:3a:b7:63:d3:66:f5:51:1e:67:05:d8:e9:64:ca:
                    4a:35:6b:a0:69:71:8b:08:79:c1:62:11:37:ff:24:
                    4c:67:ef:4f:62:5f:8b:01:85:e9:cc:b9:2e:fd:d3:
                    b0:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:7E:69:6A:DE:2F:CC:40:35:D1:22:0C:D1:B6:CB:B1:89:92:AE:8C
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.0.0/24
                  82.24.76.0/24
                  82.26.154.0/24
                  82.26.201.0/24
                  82.29.0.0/24
                  82.29.2.0-82.29.4.255
                  82.29.44.0/24
                  82.29.102.0/24
                  82.29.104.0/23
                  82.41.98.0/24
                  82.41.168.0/24
                  82.41.200.0/24
                  82.47.64.0/19
                  84.75.18.0/23
                  84.75.34.0/24
                  84.75.36.0-84.75.38.255
                  84.75.41.0-84.75.42.255
                  84.75.48.0/24
                  84.75.50.0-84.75.53.255
                  84.75.55.0/24
                  84.75.61.0-84.75.65.255
                  84.75.67.0-84.75.70.255
                  84.75.96.0/19
                IPv6:
                  2a13:9500:110::/48
                  2a13:9500:126::/47
                  2a13:9500:13a::/48
                  2a13:9500:157::/48
                  2a13:9500:176::/48
                  2a13:9500:1a1::/48
                  2a13:9500:1a3::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:7a:e2:5f:a5:06:19:16:c0:40:2c:45:e1:56:d6:fe:16:23:
         3d:29:68:61:eb:4f:74:02:04:2e:b2:ae:83:ea:bd:32:1b:58:
         f5:74:b4:49:a7:54:c0:dd:40:62:a2:4d:67:85:ee:d7:77:00:
         9c:b1:ad:1d:39:48:06:34:82:c8:e4:55:ee:5a:61:31:67:ab:
         86:31:65:55:9f:c0:9e:5d:8b:a3:20:0c:8b:56:3a:2a:b1:27:
         2f:95:99:73:80:0d:67:bb:b9:e5:56:eb:c5:cb:d7:13:94:f9:
         29:bf:e0:85:7a:5e:6b:ed:b6:37:f9:37:b0:24:64:94:7a:e6:
         1c:3b:bb:e6:c3:1f:ce:bc:16:a9:49:65:2d:c5:d9:83:2b:db:
         07:6e:aa:87:50:b2:c8:c1:67:30:f0:50:1a:6d:2c:24:98:99:
         e9:4b:4d:64:48:73:f0:0c:cf:30:51:6a:d4:fa:0e:0c:b7:e9:
         12:b2:fd:22:98:48:f9:ad:08:f0:f3:67:0e:51:44:dd:a6:6f:
         54:46:a3:59:aa:27:78:47:a9:e5:4d:97:a6:be:ce:b3:18:11:
         37:d2:1f:be:bb:09:38:58:e2:76:c0:c2:a5:a4:1b:b8:1b:93:
         82:0c:9e:14:1c:d4:5c:9b:f0:11:17:a1:a4:b8:e0:83:c6:6c:
         ec:6a:9a:88
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgIUInbLyiPfCqeYSngyjRvgx3CtQhcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA3MTYxNTU1NDVaFw0yNzA3MTUxNjAwNDVaMDMxMTAvBgNV
BAMTKEQ5N0U2OTZBREUyRkNDNDAzNUQxMjIwQ0QxQjZDQkIxODk5MkFFOEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZW/9PHitQ+WV48k6S68LkeZKe
wGAh/ta+bTAPRx0yakr1XDOP5GqPOd96NzAHJVH2SDvkXYXJpUT6xHYJqIPgivoR
DbV24NLvHjUYtR4vNRkslg98q9iy9kDn07c77nHfxkzD0GwcivkpPjT5wec46IFJ
n0spu8nfTxmOJX1J1ZI72G6EOfPLdPvmQKVdE3HEeKoyunziyDAmmDOf1eodF2qn
pEK8nDM+Z1U/bV3gQqUliipJ6snnQBhDKek3CbRBi/L3SQbGKJwds2cjnmooW6Q6
t2PTZvVRHmcF2Olkyko1a6BpcYsIecFiETf/JExn709iX4sBhenMuS7907D5AgMB
AAGjggMMMIIDCDAdBgNVHQ4EFgQU2X5pat4vzEA10SIM0bbLsYmSrowwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwggEgBggrBgEFBQcBBwEB/wSCAQ8wggELMIHBBAIAATCB
ugMEAFIVAAMEAFIYTAMEAFIamgMEAFIayQMEAFIdADAMAwQBUh0CAwQAUh0EAwQA
Uh0sAwQAUh1mAwQBUh1oAwQAUiliAwQAUimoAwQAUinIAwQFUi9AAwQBVEsSAwQA
VEsiMAwDBAJUSyQDBABUSyYwDAMEAFRLKQMEAFRLKgMEAFRLMDAMAwQBVEsyAwQB
VEs0AwQAVEs3MAwDBABUSz0DBAFUS0AwDAMEAFRLQwMEAFRLRgMEBVRLYDBFBAIA
AjA/AwcAKhOVAAEQAwcBKhOVAAEmAwcAKhOVAAE6AwcAKhOVAAFXAwcAKhOVAAF2
AwcAKhOVAAGhAwcAKhOVAAGjMA0GCSqGSIb3DQEBCwUAA4IBAQAYeuJfpQYZFsBA
LEXhVtb+FiM9KWhh6090AgQusq6D6r0yG1j1dLRJp1TA3UBiok1nhe7XdwCcsa0d
OUgGNILI5FXuWmExZ6uGMWVVn8CeXYujIAyLVjoqsScvlZlzgA1nu7nlVuvFy9cT
lPkpv+CFel5r7bY3+TewJGSUeuYcO7vmwx/OvBapSWUtxdmDK9sHbqqHULLIwWcw
8FAabSwkmJnpS01kSHPwDM8wUWrU+g4Mt+kSsv0imEj5rQjw82cOUUTdpm9URqNZ
qid4R6nlTZemvs6zGBE30h++uwk4WOJ2wMKlpBu4G5OCDJ4UHNRcm/ARF6GkuOCD
xmzsapqI
-----END CERTIFICATE-----
Generated at Fri Jul 17 23:07:06 2026 by rpki-client