Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
File: AS16509.roa (raw, json)
Hash identifier: dlbzPGbuKlCnfkv6whVJdc1ys0w8+ly0C8gIyMCyokw=
Subject key identifier: A4:7C:91:C8:E3:0C:E4:0E:7C:AA:D0:9D:F9:D0:2B:76:3B:F1:45:CD
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 610205151B870AB331EC527F6118CCE8745BBF9F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
Signing time: Tue 12 May 2026 02:11:08 +0000
ROA not before: Tue 12 May 2026 02:06:08 +0000
ROA not after: Tue 11 May 2027 02:11:08 +0000
asID: 16509
IP address blocks: 96.62.208.0/22 maxlen: 22
140.150.156.0/24 maxlen: 24
140.233.128.0/19 maxlen: 24
143.14.227.0/24 maxlen: 24
145.223.64.0/24 maxlen: 24
145.223.65.0/24 maxlen: 24
146.103.60.0/24 maxlen: 24
146.103.62.0/23 maxlen: 24
147.79.25.0/24 maxlen: 24
147.79.26.0/24 maxlen: 24
148.135.180.0/24 maxlen: 24
148.135.186.0/24 maxlen: 24
155.117.0.0/24 maxlen: 24
155.117.60.0/24 maxlen: 24
155.117.185.0/24 maxlen: 24
155.117.187.0/24 maxlen: 24
155.117.203.0/24 maxlen: 24
162.141.159.0/24 maxlen: 24
162.141.180.0/24 maxlen: 24
168.222.121.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 17:01:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:02:05:15:1b:87:0a:b3:31:ec:52:7f:61:18:cc:e8:74:5b:bf:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: May 12 02:06:08 2026 GMT
Not After : May 11 02:11:08 2027 GMT
Subject: CN=A47C91C8E30CE40E7CAAD09DF9D02B763BF145CD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:29:62:80:f2:ea:1f:f3:43:67:94:8e:3e:c6:
48:ad:7a:fe:34:e9:3a:3f:4c:0b:1d:4e:08:7f:73:
b0:bc:f9:e3:a3:9b:15:78:e6:84:38:1b:07:e5:e0:
9f:80:8f:ed:45:d2:27:ad:a5:d1:2f:2f:87:43:7f:
33:d6:f4:17:95:5f:b7:95:8a:db:58:ef:94:34:4b:
67:f5:23:40:a5:95:42:3b:48:c1:7e:c7:1a:6b:83:
ff:53:57:76:9e:31:82:d0:2b:d7:cc:a7:53:d4:f2:
87:a3:83:bd:31:65:bd:73:74:a2:73:55:31:a4:c5:
11:61:c9:27:76:46:b4:d7:ad:fb:12:a4:08:83:cc:
05:08:32:c1:38:72:1d:6c:0a:5f:33:31:42:ab:06:
9f:c1:69:e3:4a:20:91:25:54:e9:5a:30:b5:d3:05:
6b:b7:e2:54:bc:4f:91:f2:89:1f:cf:16:a3:c4:09:
b0:a3:47:33:39:34:72:f5:8c:85:07:e1:79:1c:34:
6a:92:37:b5:0a:08:b8:c2:f1:dd:1c:bf:18:32:77:
1d:fc:a1:a9:7c:b1:d0:99:d4:9f:18:5c:5f:cc:50:
e2:7d:29:f0:5e:5d:9f:be:1d:d1:eb:7f:78:7b:46:
58:87:a5:b0:36:3b:d0:99:55:7c:73:0d:db:8c:f7:
c0:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:7C:91:C8:E3:0C:E4:0E:7C:AA:D0:9D:F9:D0:2B:76:3B:F1:45:CD
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.208.0/22
140.150.156.0/24
140.233.128.0/19
143.14.227.0/24
145.223.64.0/23
146.103.60.0/24
146.103.62.0/23
147.79.25.0-147.79.26.255
148.135.180.0/24
148.135.186.0/24
155.117.0.0/24
155.117.60.0/24
155.117.185.0/24
155.117.187.0/24
155.117.203.0/24
162.141.159.0/24
162.141.180.0/24
168.222.121.0/24
Signature Algorithm: sha256WithRSAEncryption
6d:85:24:d5:9f:ed:d9:ed:80:cd:cd:49:4d:5f:46:c1:f6:c3:
54:80:67:2f:a1:86:63:05:75:89:40:94:08:39:74:a5:0b:c7:
c9:19:64:b6:1e:0c:4c:c9:8e:cf:ef:8a:4f:12:8a:6f:b3:01:
57:b2:e8:53:d5:4f:e1:65:30:3c:08:b4:cc:4a:72:6d:11:71:
7a:8f:39:e1:6d:48:c8:9a:50:5c:e4:f6:2e:51:5b:30:6a:4d:
ab:09:9e:05:bf:cb:47:fb:c7:3a:5f:cb:76:a9:ad:46:81:6f:
98:40:80:2e:c2:a0:7e:80:50:76:5c:2f:31:9a:1f:3f:8d:ae:
01:52:62:69:7e:4e:68:c5:7f:2f:82:7b:72:7c:9e:b5:6a:0d:
ed:1c:8b:3d:6c:6f:de:f0:ea:d5:36:ec:d6:34:36:54:ee:fb:
c1:2d:cb:46:ea:54:6f:3c:3b:f9:0a:cf:15:8f:a4:25:fa:fa:
5d:c8:42:80:30:c1:03:c0:09:3f:04:e0:51:a6:2e:0c:32:ed:
c5:58:67:29:8b:df:19:41:26:0a:3f:a5:93:54:da:7e:dc:b3:
e1:50:81:a7:5a:f5:f9:a0:74:c7:92:d6:94:11:13:6f:ab:cc:
34:4a:0c:f0:dd:64:10:cb:a4:a4:32:f2:6f:7e:97:5f:61:10:
82:bb:c9:f1
-----BEGIN CERTIFICATE-----
MIIFbjCCBFagAwIBAgIUYQIFFRuHCrMx7FJ/YRjM6HRbv58wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MTIwMjA2MDhaFw0yNzA1MTEwMjExMDhaMDMxMTAvBgNV
BAMTKEE0N0M5MUM4RTMwQ0U0MEU3Q0FBRDA5REY5RDAyQjc2M0JGMTQ1Q0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKKWKA8uof80NnlI4+xkitev40
6To/TAsdTgh/c7C8+eOjmxV45oQ4Gwfl4J+Aj+1F0ietpdEvL4dDfzPW9BeVX7eV
ittY75Q0S2f1I0CllUI7SMF+xxprg/9TV3aeMYLQK9fMp1PU8oejg70xZb1zdKJz
VTGkxRFhySd2RrTXrfsSpAiDzAUIMsE4ch1sCl8zMUKrBp/BaeNKIJElVOlaMLXT
BWu34lS8T5HyiR/PFqPECbCjRzM5NHL1jIUH4XkcNGqSN7UKCLjC8d0cvxgydx38
oal8sdCZ1J8YXF/MUOJ9KfBeXZ++HdHrf3h7RliHpbA2O9CZVXxzDduM98AZAgMB
AAGjggJ4MIICdDAdBgNVHQ4EFgQUpHyRyOMM5A58qtCd+dArdjvxRc0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgY0GCCsGAQUFBwEHAQH/BH4wfDB6BAIAATB0AwQCYD7Q
AwQAjJacAwQFjOmAAwQAjw7jAwQBkd9AAwQAkmc8AwQBkmc+MAwDBACTTxkDBACT
TxoDBACUh7QDBACUh7oDBACbdQADBACbdTwDBACbdbkDBACbdbsDBACbdcsDBACi
jZ8DBACijbQDBACo3nkwDQYJKoZIhvcNAQELBQADggEBAG2FJNWf7dntgM3NSU1f
RsH2w1SAZy+hhmMFdYlAlAg5dKULx8kZZLYeDEzJjs/vik8Sim+zAVey6FPVT+Fl
MDwItMxKcm0RcXqPOeFtSMiaUFzk9i5RWzBqTasJngW/y0f7xzpfy3aprUaBb5hA
gC7CoH6AUHZcLzGaHz+NrgFSYml+TmjFfy+Ce3J8nrVqDe0ciz1sb97w6tU27NY0
NlTu+8Ety0bqVG88O/kKzxWPpCX6+l3IQoAwwQPACT8E4FGmLgwy7cVYZymL3xlB
Jgo/pZNU2n7cs+FQgada9fmgdMeS1pQRE2+rzDRKDPDdZBDLpKQy8m9+l19hEIK7
yfE=
-----END CERTIFICATE-----
Generated at Wed May 13 08:42:37 2026 by rpki-client