Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
File: AS16509.roa (raw, json)
Hash identifier: crv5GRoPamVEmnVIrg0RP7oqxkyNWP6QFCslISmktiY=
Subject key identifier: 49:2A:35:68:F5:17:EB:6D:93:32:13:B1:94:F4:B2:4D:20:08:92:97
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 3EF5E81F8E0D37D0AEAF72B864907DF3C42E8541
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
Signing time: Mon 28 Apr 2025 07:02:46 +0000
ROA not before: Mon 28 Apr 2025 06:57:46 +0000
ROA not after: Mon 27 Apr 2026 07:02:46 +0000
asID: 16509
IP address blocks: 140.233.128.0/19 maxlen: 24
145.223.64.0/24 maxlen: 24
145.223.65.0/24 maxlen: 24
146.103.60.0/24 maxlen: 24
146.103.62.0/23 maxlen: 24
148.135.180.0/24 maxlen: 24
148.135.186.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 05 May 2025 22:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3e:f5:e8:1f:8e:0d:37:d0:ae:af:72:b8:64:90:7d:f3:c4:2e:85:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Apr 28 06:57:46 2025 GMT
Not After : Apr 27 07:02:46 2026 GMT
Subject: CN=492A3568F517EB6D933213B194F4B24D20089297
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:76:dd:0e:75:1f:19:c6:8a:ed:81:6c:ea:3e:
7f:8a:ad:92:6f:13:da:30:bd:32:3c:89:65:62:59:
a5:94:1b:6f:db:31:7e:51:fe:0a:cf:0a:36:6d:ad:
04:36:44:63:2e:fe:9f:54:04:a7:3b:60:68:d6:a7:
99:e3:1c:ef:42:85:74:cd:16:8d:53:37:cf:1a:63:
bc:4f:1a:08:5b:aa:08:af:07:39:dd:68:36:88:b0:
89:22:43:84:51:12:35:94:55:d7:16:08:63:b1:c6:
cf:3b:88:c8:91:03:00:51:ac:9c:c9:ef:1f:b9:50:
f3:17:a6:f8:88:1e:a7:bd:c2:25:b1:29:a5:24:96:
d1:c6:04:b3:69:bd:17:c7:e9:39:3d:ed:02:e4:8e:
71:bc:a0:d5:f9:af:29:a5:7c:c3:39:2b:cb:1d:17:
85:17:1d:ba:52:de:28:2b:08:eb:97:36:91:00:c8:
04:4c:d7:41:3d:e8:85:c9:c9:c3:ab:7d:e1:44:97:
c1:36:40:01:1b:4a:50:12:f1:47:7e:1c:0d:22:bb:
a6:5a:60:83:c8:a5:b0:22:4f:9f:a8:a8:ec:7a:be:
29:b6:82:b5:20:59:d3:ee:56:1b:bc:4a:07:37:17:
95:93:4b:ab:db:21:90:d6:84:74:95:b1:bd:8f:22:
c1:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:2A:35:68:F5:17:EB:6D:93:32:13:B1:94:F4:B2:4D:20:08:92:97
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
140.233.128.0/19
145.223.64.0/23
146.103.60.0/24
146.103.62.0/23
148.135.180.0/24
148.135.186.0/24
Signature Algorithm: sha256WithRSAEncryption
85:ec:17:8f:36:f0:78:4e:08:00:eb:69:da:2e:d8:44:11:2a:
a9:74:3a:4c:96:6b:19:c9:e3:55:50:d1:15:b0:cf:c4:c3:1a:
40:dc:1c:f7:4b:d5:ff:05:d9:16:7e:05:30:17:c6:64:ba:58:
09:08:0e:28:65:ef:19:9a:65:ca:07:fa:dc:d7:0e:e4:9f:2d:
e7:b6:0d:85:7d:28:f1:27:33:b8:4b:3d:a6:37:08:49:7d:f6:
dd:73:af:75:81:13:64:7a:b6:43:2a:1a:e9:77:9f:00:70:55:
c7:ef:de:35:ee:89:05:82:98:16:50:fc:9e:e6:04:bb:7c:47:
06:db:e0:19:70:f6:ba:38:80:59:7d:08:6d:ac:9e:a0:1d:68:
0e:b9:f2:f6:f8:d9:c7:5f:9d:c9:ad:e6:f1:91:0e:9f:cf:02:
f4:c9:9d:37:3a:33:90:8e:dd:dc:bf:cb:ef:cc:30:cc:74:11:
b6:e0:75:c5:02:a5:d7:36:af:ab:0f:fd:b1:ff:31:42:f9:34:
b1:9a:80:de:50:5a:1c:f9:c1:7b:12:df:a7:c9:fa:b1:61:c7:
33:d8:38:de:48:a5:75:5f:b9:da:77:f5:ed:b5:c5:7b:0c:87:
52:8f:32:2b:f4:b0:11:26:31:a4:7e:e7:7d:fb:88:f4:55:f9:
76:88:ea:56
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgIUPvXoH44NN9Cur3K4ZJB988QuhUEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA0MjgwNjU3NDZaFw0yNjA0MjcwNzAyNDZaMDMxMTAvBgNV
BAMTKDQ5MkEzNTY4RjUxN0VCNkQ5MzMyMTNCMTk0RjRCMjREMjAwODkyOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCddt0OdR8ZxortgWzqPn+KrZJv
E9owvTI8iWViWaWUG2/bMX5R/grPCjZtrQQ2RGMu/p9UBKc7YGjWp5njHO9ChXTN
Fo1TN88aY7xPGghbqgivBzndaDaIsIkiQ4RREjWUVdcWCGOxxs87iMiRAwBRrJzJ
7x+5UPMXpviIHqe9wiWxKaUkltHGBLNpvRfH6Tk97QLkjnG8oNX5rymlfMM5K8sd
F4UXHbpS3igrCOuXNpEAyARM10E96IXJycOrfeFEl8E2QAEbSlAS8Ud+HA0iu6Za
YIPIpbAiT5+oqOx6vim2grUgWdPuVhu8Sgc3F5WTS6vbIZDWhHSVsb2PIsGdAgMB
AAGjggInMIICIzAdBgNVHQ4EFgQUSSo1aPUX622TMhOxlPSyTSAIkpcwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwPQYIKwYBBQUHAQcBAf8ELjAsMCoEAgABMCQDBAWM6YAD
BAGR30ADBACSZzwDBAGSZz4DBACUh7QDBACUh7owDQYJKoZIhvcNAQELBQADggEB
AIXsF4828HhOCADradou2EQRKql0OkyWaxnJ41VQ0RWwz8TDGkDcHPdL1f8F2RZ+
BTAXxmS6WAkIDihl7xmaZcoH+tzXDuSfLee2DYV9KPEnM7hLPaY3CEl99t1zr3WB
E2R6tkMqGul3nwBwVcfv3jXuiQWCmBZQ/J7mBLt8Rwbb4Blw9ro4gFl9CG2snqAd
aA658vb42cdfncmt5vGRDp/PAvTJnTc6M5CO3dy/y+/MMMx0EbbgdcUCpdc2r6sP
/bH/MUL5NLGagN5QWhz5wXsS36fJ+rFhxzPYON5IpXVfudp39e21xXsMh1KPMiv0
sBEmMaR+5337iPRV+XaI6lY=
-----END CERTIFICATE-----
Generated at Mon May 5 06:21:31 2025 by rpki-client