Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
File: AS16509.roa (raw, json)
Hash identifier: ghzzcQhyXc5H6iYy0T/BFnrEkCc1HTQHkz7FsJZvi6g=
Subject key identifier: A4:31:D1:27:B2:57:C0:D9:1C:E4:2B:BE:46:7C:20:A3:28:4D:C1:B4
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 200A4DC4FDF5EDAEBFE05E5A2C4DD58B7C1DE574
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
Signing time: Tue 02 Jun 2026 12:58:24 +0000
ROA not before: Tue 02 Jun 2026 12:53:24 +0000
ROA not after: Tue 01 Jun 2027 12:58:24 +0000
asID: 16509
IP address blocks: 82.21.0.0/24 maxlen: 24
82.23.172.0/24 maxlen: 24
82.24.76.0/24 maxlen: 24
82.24.100.0/24 maxlen: 24
82.26.154.0/24 maxlen: 24
82.26.201.0/24 maxlen: 24
82.29.0.0/24 maxlen: 24
82.29.2.0/24 maxlen: 24
82.29.3.0/24 maxlen: 24
82.29.4.0/24 maxlen: 24
82.29.44.0/24 maxlen: 24
82.29.102.0/24 maxlen: 24
82.29.104.0/24 maxlen: 24
82.29.105.0/24 maxlen: 24
82.41.200.0/24 maxlen: 24
82.47.64.0/19 maxlen: 24
82.47.152.0/22 maxlen: 24
82.47.222.0/24 maxlen: 24
84.75.18.0/24 maxlen: 24
84.75.19.0/24 maxlen: 24
84.75.34.0/24 maxlen: 24
84.75.36.0/24 maxlen: 24
84.75.37.0/24 maxlen: 24
84.75.38.0/24 maxlen: 24
84.75.41.0/24 maxlen: 24
84.75.42.0/24 maxlen: 24
84.75.48.0/24 maxlen: 24
84.75.50.0/24 maxlen: 24
84.75.51.0/24 maxlen: 24
84.75.52.0/24 maxlen: 24
84.75.53.0/24 maxlen: 24
84.75.55.0/24 maxlen: 24
84.75.61.0/24 maxlen: 24
84.75.62.0/24 maxlen: 24
84.75.63.0/24 maxlen: 24
84.75.64.0/24 maxlen: 24
84.75.65.0/24 maxlen: 24
84.75.67.0/24 maxlen: 24
84.75.68.0/24 maxlen: 24
84.75.69.0/24 maxlen: 24
84.75.70.0/24 maxlen: 24
84.75.96.0/19 maxlen: 24
84.75.132.0/23 maxlen: 24
178.83.182.0/23 maxlen: 24
178.83.230.0/23 maxlen: 24
178.83.232.0/24 maxlen: 24
2a13:9500:110::/48 maxlen: 48
2a13:9500:126::/48 maxlen: 48
2a13:9500:127::/48 maxlen: 48
2a13:9500:13a::/48 maxlen: 48
2a13:9500:157::/48 maxlen: 48
2a13:9500:176::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 03 Jun 2026 15:55:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:0a:4d:c4:fd:f5:ed:ae:bf:e0:5e:5a:2c:4d:d5:8b:7c:1d:e5:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Jun 2 12:53:24 2026 GMT
Not After : Jun 1 12:58:24 2027 GMT
Subject: CN=A431D127B257C0D91CE42BBE467C20A3284DC1B4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:a0:4d:7d:e4:7e:08:c1:21:8b:5f:f7:3f:da:
50:ab:16:e5:2d:81:b9:cf:17:bf:a6:2e:be:19:26:
2e:d2:c1:ab:a4:a8:d4:56:a0:20:0e:24:e3:d3:1b:
35:68:b4:02:2a:35:2d:29:c8:32:dc:34:c1:65:3e:
56:c6:55:05:f3:1e:59:81:88:06:af:a7:04:f7:5e:
40:3f:54:81:6c:b8:1e:62:23:70:ba:87:be:ec:fd:
2b:c0:33:4a:b2:cf:4a:bf:35:c8:46:a5:ce:7e:72:
6c:b1:a8:ac:57:6e:70:27:27:1b:58:76:00:0f:0c:
29:67:a0:0f:ff:46:f4:61:1b:61:1e:bf:d8:3b:15:
69:e1:cf:2d:fc:dd:1b:c6:c7:5e:8a:d9:08:fe:9c:
f1:d7:0a:0f:d2:92:b7:1a:82:b0:0c:02:a1:de:26:
29:cc:fb:46:fb:0d:f4:47:ab:e2:45:ef:d0:47:4f:
8c:15:b7:ae:f5:06:09:ab:54:a9:6a:38:c8:09:d0:
35:30:97:c4:dd:25:7b:3d:e8:7b:07:cd:0c:b8:a4:
77:76:57:fa:5c:97:48:2f:b7:d8:41:8b:ea:40:0e:
86:4a:f3:86:a2:c5:e4:ff:b2:49:98:c2:93:f8:e2:
6b:9b:1a:bb:28:41:68:21:df:64:18:e6:d8:b8:d5:
6e:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:31:D1:27:B2:57:C0:D9:1C:E4:2B:BE:46:7C:20:A3:28:4D:C1:B4
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.0.0/24
82.23.172.0/24
82.24.76.0/24
82.24.100.0/24
82.26.154.0/24
82.26.201.0/24
82.29.0.0/24
82.29.2.0-82.29.4.255
82.29.44.0/24
82.29.102.0/24
82.29.104.0/23
82.41.200.0/24
82.47.64.0/19
82.47.152.0/22
82.47.222.0/24
84.75.18.0/23
84.75.34.0/24
84.75.36.0-84.75.38.255
84.75.41.0-84.75.42.255
84.75.48.0/24
84.75.50.0-84.75.53.255
84.75.55.0/24
84.75.61.0-84.75.65.255
84.75.67.0-84.75.70.255
84.75.96.0/19
84.75.132.0/23
178.83.182.0/23
178.83.230.0-178.83.232.255
IPv6:
2a13:9500:110::/48
2a13:9500:126::/47
2a13:9500:13a::/48
2a13:9500:157::/48
2a13:9500:176::/48
Signature Algorithm: sha256WithRSAEncryption
a1:22:09:6c:e7:bd:c1:14:5f:43:08:e6:f0:f7:c6:6c:6b:52:
dd:97:b8:a8:d7:a0:c4:68:9d:af:c9:50:aa:5f:9f:cf:69:ee:
00:16:1b:15:ac:8e:25:61:a0:05:56:44:93:37:f9:c8:bb:50:
1f:dc:16:d2:45:59:b4:6a:b7:a3:64:e9:24:59:a7:d1:71:fd:
83:56:45:ac:d1:56:27:d1:42:65:42:df:ba:6f:c3:3b:3c:61:
c6:ff:58:1c:f3:9f:c7:9b:9a:ff:10:26:5c:13:eb:e9:0f:06:
97:fe:8c:09:5a:87:b1:bf:f6:ba:fe:bb:c1:95:68:c5:d2:c9:
d7:f6:5f:dc:d3:68:95:3b:bc:85:35:5d:89:2a:86:78:1c:41:
6a:ac:25:13:cd:8d:76:fd:ad:cf:0d:42:f7:e2:61:4d:44:91:
e9:96:47:7e:02:f4:40:70:41:3a:bd:7b:b2:fc:ec:bc:6e:3c:
7d:81:6f:c7:e2:fd:27:73:80:53:16:f4:74:39:6f:1c:10:67:
41:b9:2b:41:78:2b:e6:98:bb:d1:76:59:f4:fc:0b:36:3e:38:
98:9d:86:29:32:70:1b:fa:d0:af:a1:6e:7c:bd:83:32:47:b3:
c8:55:cf:2a:a0:5d:63:5e:53:72:34:87:d3:5f:14:ef:7b:20:
95:db:33:10
-----BEGIN CERTIFICATE-----
MIIGFjCCBP6gAwIBAgIUIApNxP317a6/4F5aLE3Vi3wd5XQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDIxMjUzMjRaFw0yNzA2MDExMjU4MjRaMDMxMTAvBgNV
BAMTKEE0MzFEMTI3QjI1N0MwRDkxQ0U0MkJCRTQ2N0MyMEEzMjg0REMxQjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1oE195H4IwSGLX/c/2lCrFuUt
gbnPF7+mLr4ZJi7SwaukqNRWoCAOJOPTGzVotAIqNS0pyDLcNMFlPlbGVQXzHlmB
iAavpwT3XkA/VIFsuB5iI3C6h77s/SvAM0qyz0q/NchGpc5+cmyxqKxXbnAnJxtY
dgAPDClnoA//RvRhG2Eev9g7FWnhzy383RvGx16K2Qj+nPHXCg/SkrcagrAMAqHe
JinM+0b7DfRHq+JF79BHT4wVt671BgmrVKlqOMgJ0DUwl8TdJXs96HsHzQy4pHd2
V/pcl0gvt9hBi+pADoZK84aixeT/skmYwpP44mubGrsoQWgh32QY5ti41W4dAgMB
AAGjggMgMIIDHDAdBgNVHQ4EFgQUpDHRJ7JXwNkc5Cu+RnwgoyhNwbQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwggE0BggrBgEFBQcBBwEB/wSCASMwggEfMIHnBAIAATCB
4AMEAFIVAAMEAFIXrAMEAFIYTAMEAFIYZAMEAFIamgMEAFIayQMEAFIdADAMAwQB
Uh0CAwQAUh0EAwQAUh0sAwQAUh1mAwQBUh1oAwQAUinIAwQFUi9AAwQCUi+YAwQA
Ui/eAwQBVEsSAwQAVEsiMAwDBAJUSyQDBABUSyYwDAMEAFRLKQMEAFRLKgMEAFRL
MDAMAwQBVEsyAwQBVEs0AwQAVEs3MAwDBABUSz0DBAFUS0AwDAMEAFRLQwMEAFRL
RgMEBVRLYAMEAVRLhAMEAbJTtjAMAwQBslPmAwQAslPoMDMEAgACMC0DBwAqE5UA
ARADBwEqE5UAASYDBwAqE5UAAToDBwAqE5UAAVcDBwAqE5UAAXYwDQYJKoZIhvcN
AQELBQADggEBAKEiCWznvcEUX0MI5vD3xmxrUt2XuKjXoMRona/JUKpfn89p7gAW
GxWsjiVhoAVWRJM3+ci7UB/cFtJFWbRqt6Nk6SRZp9Fx/YNWRazRVifRQmVC37pv
wzs8Ycb/WBzzn8ebmv8QJlwT6+kPBpf+jAlah7G/9rr+u8GVaMXSydf2X9zTaJU7
vIU1XYkqhngcQWqsJRPNjXb9rc8NQvfiYU1EkemWR34C9EBwQTq9e7L87LxuPH2B
b8fi/SdzgFMW9HQ5bxwQZ0G5K0F4K+aYu9F2WfT8CzY+OJidhikycBv60K+hbny9
gzJHs8hVzyqgXWNeU3I0h9NfFO97IJXbMxA=
-----END CERTIFICATE-----
Generated at Tue Jun 2 21:10:59 2026 by rpki-client