Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
File: AS16509.roa (raw, json)
Hash identifier: WzRArDUn9srqgELx6wU3P5QsoeHeE6QN2FKueGByBqk=
Subject key identifier: 52:3E:D3:0C:67:1B:12:E2:26:60:61:7D:8F:F7:4E:81:84:E5:16:0F
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 7E6F76FA6FF6496894AAB19470A54FD450C62102
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
Signing time: Fri 05 Sep 2025 11:22:06 +0000
ROA not before: Fri 05 Sep 2025 11:17:06 +0000
ROA not after: Fri 04 Sep 2026 11:22:06 +0000
asID: 16509
IP address blocks: 96.62.208.0/22 maxlen: 22
140.233.128.0/19 maxlen: 24
143.14.132.0/24 maxlen: 24
145.223.64.0/24 maxlen: 24
145.223.65.0/24 maxlen: 24
146.103.60.0/24 maxlen: 24
146.103.62.0/23 maxlen: 24
147.79.25.0/24 maxlen: 24
148.135.180.0/24 maxlen: 24
148.135.186.0/24 maxlen: 24
155.117.0.0/24 maxlen: 24
155.117.60.0/24 maxlen: 24
155.117.185.0/24 maxlen: 24
155.117.187.0/24 maxlen: 24
162.141.159.0/24 maxlen: 24
162.141.180.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7e:6f:76:fa:6f:f6:49:68:94:aa:b1:94:70:a5:4f:d4:50:c6:21:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Sep 5 11:17:06 2025 GMT
Not After : Sep 4 11:22:06 2026 GMT
Subject: CN=523ED30C671B12E22660617D8FF74E8184E5160F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:e0:9a:32:70:14:00:87:4b:10:44:42:f3:2d:
49:b9:e3:86:b3:d7:15:71:31:22:c4:aa:91:25:9b:
73:ed:b9:fe:10:b2:48:ce:5f:38:91:6e:3e:16:8f:
a9:3b:ff:7e:00:cb:8a:92:38:4f:a7:40:d4:6d:29:
bd:98:e9:79:21:6e:7a:be:38:d5:5a:ec:a9:e5:6a:
eb:a4:eb:05:69:a5:a7:43:84:a5:e9:81:8b:64:9e:
a3:f7:d0:72:27:5c:12:2d:38:5b:c2:87:32:ec:7e:
24:dc:9c:90:93:34:6d:6c:40:32:f5:c1:9d:b7:f0:
e3:88:c4:e2:3e:44:75:b7:68:4f:18:49:e7:76:00:
bc:44:20:05:66:07:d0:cc:82:a3:a1:3e:00:75:e3:
84:3d:13:b7:5c:ed:23:6c:25:e9:9a:2c:9a:66:16:
bc:ed:cb:27:ef:27:9e:72:65:e2:55:3a:72:f0:80:
ca:0b:1d:40:4b:59:ff:50:e6:3f:fb:5f:c1:3c:a3:
b5:f4:68:a5:4a:b9:05:43:cf:c8:ca:c9:0a:d7:8e:
3a:60:90:70:12:ac:05:6e:59:04:09:19:07:19:05:
c8:06:c5:97:48:c9:f6:5c:b7:58:fe:3a:61:a5:dd:
14:d9:82:64:b0:3e:63:a4:64:b5:45:f7:54:35:d9:
22:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:3E:D3:0C:67:1B:12:E2:26:60:61:7D:8F:F7:4E:81:84:E5:16:0F
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.208.0/22
140.233.128.0/19
143.14.132.0/24
145.223.64.0/23
146.103.60.0/24
146.103.62.0/23
147.79.25.0/24
148.135.180.0/24
148.135.186.0/24
155.117.0.0/24
155.117.60.0/24
155.117.185.0/24
155.117.187.0/24
162.141.159.0/24
162.141.180.0/24
Signature Algorithm: sha256WithRSAEncryption
08:33:55:b7:db:5e:b1:3a:a2:a4:ce:45:a9:9f:46:97:93:9a:
ac:ec:6c:11:1d:18:67:2c:95:3a:35:33:fe:e1:c1:07:48:6e:
62:8c:5b:a6:79:b7:23:6b:20:d5:b3:f3:4b:79:11:72:9f:91:
61:cf:c4:91:c5:0a:44:67:a0:5e:d8:e5:29:8b:57:b2:7b:af:
08:36:80:04:ca:01:5a:4b:ca:24:a0:77:dc:eb:8b:4b:91:45:
b5:76:57:7f:15:b3:bd:a3:f3:67:f4:89:39:fb:8a:90:05:52:
7b:a9:a8:b6:4e:c2:f0:d6:ee:89:7d:3e:8f:f0:f2:a7:fb:2c:
d4:2f:b4:0a:b9:8d:cf:15:12:d9:58:61:9d:47:70:c2:58:89:
97:c5:67:77:08:54:00:97:2d:11:a9:30:36:33:1b:62:ed:2a:
66:0b:ac:6d:36:60:48:4b:b3:5f:58:ed:71:d1:da:dd:e6:38:
c0:88:16:49:60:d3:79:7f:a1:af:72:f0:e8:c1:42:f2:85:23:
47:1f:9f:73:c2:66:a5:d7:6a:04:be:5d:4c:87:88:d9:d6:cf:
02:b6:75:f8:b0:01:f5:c5:cb:2a:37:d7:79:75:57:87:0a:9e:
97:9b:6a:c7:2b:97:bc:e3:8c:cc:6a:b4:eb:2b:dc:97:bb:be:
c7:5c:c8:17
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgIUfm92+m/2SWiUqrGUcKVP1FDGIQIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA5MDUxMTE3MDZaFw0yNjA5MDQxMTIyMDZaMDMxMTAvBgNV
BAMTKDUyM0VEMzBDNjcxQjEyRTIyNjYwNjE3RDhGRjc0RTgxODRFNTE2MEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDX4JoycBQAh0sQRELzLUm544az
1xVxMSLEqpElm3Ptuf4QskjOXziRbj4Wj6k7/34Ay4qSOE+nQNRtKb2Y6Xkhbnq+
ONVa7Knlauuk6wVppadDhKXpgYtknqP30HInXBItOFvChzLsfiTcnJCTNG1sQDL1
wZ238OOIxOI+RHW3aE8YSed2ALxEIAVmB9DMgqOhPgB144Q9E7dc7SNsJemaLJpm
FrztyyfvJ55yZeJVOnLwgMoLHUBLWf9Q5j/7X8E8o7X0aKVKuQVDz8jKyQrXjjpg
kHASrAVuWQQJGQcZBcgGxZdIyfZct1j+OmGl3RTZgmSwPmOkZLVF91Q12SLZAgMB
AAGjggJdMIICWTAdBgNVHQ4EFgQUUj7TDGcbEuImYGF9j/dOgYTlFg8wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwcwYIKwYBBQUHAQcBAf8EZDBiMGAEAgABMFoDBAJgPtAD
BAWM6YADBACPDoQDBAGR30ADBACSZzwDBAGSZz4DBACTTxkDBACUh7QDBACUh7oD
BACbdQADBACbdTwDBACbdbkDBACbdbsDBACijZ8DBACijbQwDQYJKoZIhvcNAQEL
BQADggEBAAgzVbfbXrE6oqTORamfRpeTmqzsbBEdGGcslTo1M/7hwQdIbmKMW6Z5
tyNrINWz80t5EXKfkWHPxJHFCkRnoF7Y5SmLV7J7rwg2gATKAVpLyiSgd9zri0uR
RbV2V38Vs72j82f0iTn7ipAFUnupqLZOwvDW7ol9Po/w8qf7LNQvtAq5jc8VEtlY
YZ1HcMJYiZfFZ3cIVACXLRGpMDYzG2LtKmYLrG02YEhLs19Y7XHR2t3mOMCIFklg
03l/oa9y8OjBQvKFI0cfn3PCZqXXagS+XUyHiNnWzwK2dfiwAfXFyyo313l1V4cK
npebascrl7zjjMxqtOsr3Je7vsdcyBc=
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:07:48 2025 by rpki-client