Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
File: AS16509.roa (raw, json)
Hash identifier: ndjFsjCwwpJAB3OrQsb5Lj4d98bKWam3K8v6mH92cRc=
Subject key identifier: 85:76:21:5D:E2:DD:67:2A:8C:2A:F6:3F:12:E0:6A:44:79:0A:BE:B7
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 3C96DE71A82746F3B150A89A4473A852C0B2FF90
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
Signing time: Mon 18 Aug 2025 03:16:54 +0000
ROA not before: Mon 18 Aug 2025 03:11:54 +0000
ROA not after: Mon 17 Aug 2026 03:16:54 +0000
asID: 16509
IP address blocks: 96.62.208.0/22 maxlen: 22
140.233.128.0/19 maxlen: 24
143.14.132.0/24 maxlen: 24
145.223.64.0/24 maxlen: 24
145.223.65.0/24 maxlen: 24
146.103.60.0/24 maxlen: 24
146.103.62.0/23 maxlen: 24
148.135.180.0/24 maxlen: 24
148.135.186.0/24 maxlen: 24
155.117.60.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:96:de:71:a8:27:46:f3:b1:50:a8:9a:44:73:a8:52:c0:b2:ff:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Aug 18 03:11:54 2025 GMT
Not After : Aug 17 03:16:54 2026 GMT
Subject: CN=8576215DE2DD672A8C2AF63F12E06A44790ABEB7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:4d:2a:55:c6:c3:ad:19:21:32:44:4c:ac:10:
de:af:c9:8c:73:cd:80:21:5f:11:84:21:5b:ce:2c:
b2:a5:2e:29:4f:5e:4b:ef:11:a2:78:1f:6c:f7:e8:
4b:45:20:52:54:9a:11:bf:52:09:b3:93:97:36:ad:
58:bc:75:fc:54:e3:85:ea:43:36:2c:59:d3:f3:e5:
a9:fd:d7:83:df:c6:ad:fb:d9:f8:1f:5d:b7:6e:57:
96:9c:96:b3:0f:6b:f1:77:f2:46:79:12:e5:66:18:
56:cf:04:ef:cd:e5:71:96:e8:cc:c9:f8:3c:08:69:
59:95:04:dd:70:e1:c1:d0:26:70:de:56:5c:87:66:
e4:92:63:9b:ae:a6:f9:00:b4:79:3c:87:22:b7:7f:
d9:62:79:6b:c3:16:02:ad:e3:93:3d:71:1f:89:7a:
46:79:c9:66:82:24:17:1a:c7:89:8d:52:9a:63:2b:
a0:ca:88:e2:a9:30:b4:14:d5:2e:4b:ad:1f:c2:68:
1a:46:1e:55:db:3b:d1:1d:37:3d:f1:d8:0b:88:0b:
c7:4f:86:32:d6:53:c4:9f:bc:85:0f:ef:ee:f6:8c:
fe:91:ef:0b:c5:c3:57:17:da:a4:30:86:59:34:c6:
60:c1:90:af:90:4f:67:d4:3d:e9:3e:1f:3c:4b:e7:
f6:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:76:21:5D:E2:DD:67:2A:8C:2A:F6:3F:12:E0:6A:44:79:0A:BE:B7
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.208.0/22
140.233.128.0/19
143.14.132.0/24
145.223.64.0/23
146.103.60.0/24
146.103.62.0/23
148.135.180.0/24
148.135.186.0/24
155.117.60.0/24
Signature Algorithm: sha256WithRSAEncryption
0f:b9:c5:7c:5b:fb:cc:c2:b6:58:1f:ba:90:21:ac:76:d2:62:
9d:bb:8c:9f:b6:e5:b6:8f:9b:14:ac:3b:6b:02:34:c4:22:21:
06:11:cc:63:11:4b:f3:09:76:29:da:ac:9e:11:e3:4d:d6:40:
86:ee:85:41:cd:fe:f1:a8:1a:b9:cd:13:b6:bd:08:7f:10:94:
75:d8:98:74:42:81:db:80:22:72:38:5e:dc:0d:f8:49:d6:ce:
d7:82:d7:39:07:7f:3d:92:04:75:92:2f:b3:7a:8c:3a:64:e3:
78:bc:7b:50:8b:7a:4b:be:d8:98:2f:e1:ac:87:f9:05:88:d1:
62:84:e1:0a:78:4c:37:b1:70:1e:b4:c2:e9:6a:6b:cb:59:dc:
5d:df:ee:d1:66:f9:ed:45:ca:ec:58:3c:1d:1e:0f:51:cf:8c:
9e:73:65:3f:34:a0:3d:f3:06:46:81:03:7f:35:cf:c6:ad:a9:
fe:81:42:20:80:76:dc:12:3b:48:94:12:d9:2a:97:38:b7:e6:
12:e4:d8:51:5f:b7:9f:d5:d1:42:14:9b:a0:4b:55:7d:65:00:
27:07:ca:83:91:f1:86:fc:b9:3e:cb:14:bd:e0:88:70:85:1d:
2d:af:b3:20:98:6b:fb:fe:e2:3c:75:48:56:f0:8c:cf:aa:0a:
6d:dd:e4:1e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUPJbecagnRvOxUKiaRHOoUsCy/5AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MTgwMzExNTRaFw0yNjA4MTcwMzE2NTRaMDMxMTAvBgNV
BAMTKDg1NzYyMTVERTJERDY3MkE4QzJBRjYzRjEyRTA2QTQ0NzkwQUJFQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVTSpVxsOtGSEyREysEN6vyYxz
zYAhXxGEIVvOLLKlLilPXkvvEaJ4H2z36EtFIFJUmhG/Ugmzk5c2rVi8dfxU44Xq
QzYsWdPz5an914Pfxq372fgfXbduV5aclrMPa/F38kZ5EuVmGFbPBO/N5XGW6MzJ
+DwIaVmVBN1w4cHQJnDeVlyHZuSSY5uupvkAtHk8hyK3f9lieWvDFgKt45M9cR+J
ekZ5yWaCJBcax4mNUppjK6DKiOKpMLQU1S5LrR/CaBpGHlXbO9EdNz3x2AuIC8dP
hjLWU8SfvIUP7+72jP6R7wvFw1cX2qQwhlk0xmDBkK+QT2fUPek+HzxL5/atAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUhXYhXeLdZyqMKvY/EuBqRHkKvrcwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwTwYIKwYBBQUHAQcBAf8EQDA+MDwEAgABMDYDBAJgPtAD
BAWM6YADBACPDoQDBAGR30ADBACSZzwDBAGSZz4DBACUh7QDBACUh7oDBACbdTww
DQYJKoZIhvcNAQELBQADggEBAA+5xXxb+8zCtlgfupAhrHbSYp27jJ+25baPmxSs
O2sCNMQiIQYRzGMRS/MJdinarJ4R403WQIbuhUHN/vGoGrnNE7a9CH8QlHXYmHRC
gduAInI4XtwN+EnWzteC1zkHfz2SBHWSL7N6jDpk43i8e1CLeku+2Jgv4ayH+QWI
0WKE4Qp4TDexcB60wulqa8tZ3F3f7tFm+e1FyuxYPB0eD1HPjJ5zZT80oD3zBkaB
A381z8atqf6BQiCAdtwSO0iUEtkqlzi35hLk2FFft5/V0UIUm6BLVX1lACcHyoOR
8Yb8uT7LFL3giHCFHS2vsyCYa/v+4jx1SFbwjM+qCm3d5B4=
-----END CERTIFICATE-----
Generated at Sat Aug 23 15:33:06 2025 by rpki-client