Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16509.roa
File: AS16509.roa (raw, json)
Hash identifier: bqkuw/pD4BymghKeZv4qAwbbqQLMCzmi2yCjbBEv+G0=
Subject key identifier: F4:9A:AC:24:67:EF:37:D7:86:1F:49:D1:7B:F5:A4:F2:F3:46:BC:E6
Certificate issuer: /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial: 7894BBBCC32B32905488F0E8C13FBAB362DC2178
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16509.roa
Signing time: Tue 05 May 2026 14:19:12 +0000
ROA not before: Tue 05 May 2026 14:14:12 +0000
ROA not after: Tue 04 May 2027 14:19:12 +0000
asID: 16509
IP address blocks: 2.57.18.0/24 maxlen: 24
181.214.94.0/24 maxlen: 24
181.214.110.0/24 maxlen: 24
181.215.206.0/23 maxlen: 24
185.137.13.0/24 maxlen: 24
191.96.204.0/24 maxlen: 24
191.101.111.0/24 maxlen: 24
2a00:d1a0:10::/48 maxlen: 48
2a00:d1a0:11::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 May 2026 02:24:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
78:94:bb:bc:c3:2b:32:90:54:88:f0:e8:c1:3f:ba:b3:62:dc:21:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Validity
Not Before: May 5 14:14:12 2026 GMT
Not After : May 4 14:19:12 2027 GMT
Subject: CN=F49AAC2467EF37D7861F49D17BF5A4F2F346BCE6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:ad:53:3a:2e:95:bb:78:af:f9:e5:9c:e9:7d:
e1:a7:20:b9:82:1c:2b:21:4c:0c:7c:2e:fc:d1:a3:
9f:0e:10:61:42:07:e4:88:6c:d3:a1:dd:95:67:4b:
a6:fc:07:b3:af:9a:aa:68:03:5b:ac:a9:81:c8:a7:
11:0f:03:e0:f6:e0:9c:2d:4d:c5:60:d2:71:01:94:
38:8f:6b:e8:97:15:7b:0b:5f:96:9c:a3:3b:b6:fd:
74:88:a3:7a:52:55:cb:fa:ef:bb:14:7c:01:3b:a5:
f1:19:b4:f8:6b:1e:e7:ba:af:bf:cb:d3:fa:82:c5:
c5:c0:ce:18:c3:62:a1:68:b2:cf:6c:28:1e:bd:b2:
df:d3:e8:25:f9:4f:ff:e5:3a:24:25:2d:ec:d3:0a:
58:1d:c0:3e:41:83:e4:ac:8c:64:fe:3c:dd:04:b0:
bf:fc:1e:b7:91:7f:64:61:8a:03:bc:87:a1:da:30:
85:2a:e9:0a:99:56:77:fd:bc:bc:6b:ab:60:e3:d3:
d1:fc:bb:89:d9:c8:b2:60:73:74:d2:dc:a6:f1:ed:
f6:f9:81:25:70:6c:93:3d:48:4a:10:12:2f:7f:7e:
1a:fb:17:e1:25:64:6c:9a:84:2c:b9:02:b3:21:23:
09:cb:54:0a:e2:df:fd:31:2a:d4:bf:7d:e6:e1:7a:
ee:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:9A:AC:24:67:EF:37:D7:86:1F:49:D1:7B:F5:A4:F2:F3:46:BC:E6
X509v3 Authority Key Identifier:
keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16509.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.18.0/24
181.214.94.0/24
181.214.110.0/24
181.215.206.0/23
185.137.13.0/24
191.96.204.0/24
191.101.111.0/24
IPv6:
2a00:d1a0:10::/47
Signature Algorithm: sha256WithRSAEncryption
95:c1:66:61:9e:eb:35:82:93:bd:a5:af:ff:79:46:0c:c3:db:
c0:c5:3c:72:8a:6c:aa:80:4c:7c:0d:6c:6c:3d:91:9e:22:7d:
6a:0e:79:bf:25:f6:37:7b:0d:68:04:0b:55:31:21:a4:e6:de:
d8:6a:9b:4a:82:63:5f:e7:b2:20:cd:68:10:f6:2a:4c:e5:c6:
49:4a:24:af:90:7c:eb:1c:bb:bc:03:e1:90:44:e1:fd:90:b1:
67:b7:6e:b7:81:47:9c:4c:f4:19:18:c9:f5:6a:f9:5b:a2:c0:
5c:13:17:a3:92:0c:c2:82:66:24:6f:77:83:1b:31:95:26:ff:
4d:be:c1:dc:03:ad:6c:7e:d8:f0:0e:ff:36:1c:d6:aa:45:a9:
54:07:9c:62:38:2f:69:89:98:22:43:a3:64:58:9e:15:a6:49:
97:d3:af:76:f2:2c:e3:04:f0:2d:84:6d:dc:79:7c:7c:1d:d4:
43:22:b8:79:5a:9f:a9:9d:f9:e0:a7:eb:fb:50:53:9a:ae:0c:
cd:df:9f:54:e2:d2:1e:e4:44:da:cb:16:2c:e5:6e:ee:84:f2:
51:73:2d:a4:68:5e:4b:8f:7f:32:0d:d2:f5:b4:c4:f4:95:ae:
32:da:04:22:c2:a7:d9:51:fb:ce:8c:7f:55:e4:20:2c:f4:a1:
a5:21:11:bd
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgIUeJS7vMMrMpBUiPDowT+6s2LcIXgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MDUxNDE0MTJaFw0yNzA1MDQxNDE5MTJaMDMxMTAvBgNV
BAMTKEY0OUFBQzI0NjdFRjM3RDc4NjFGNDlEMTdCRjVBNEYyRjM0NkJDRTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOrVM6LpW7eK/55ZzpfeGnILmC
HCshTAx8LvzRo58OEGFCB+SIbNOh3ZVnS6b8B7OvmqpoA1usqYHIpxEPA+D24Jwt
TcVg0nEBlDiPa+iXFXsLX5acozu2/XSIo3pSVcv677sUfAE7pfEZtPhrHue6r7/L
0/qCxcXAzhjDYqFoss9sKB69st/T6CX5T//lOiQlLezTClgdwD5Bg+SsjGT+PN0E
sL/8HreRf2RhigO8h6HaMIUq6QqZVnf9vLxrq2Dj09H8u4nZyLJgc3TS3Kbx7fb5
gSVwbJM9SEoQEi9/fhr7F+ElZGyahCy5ArMhIwnLVAri3/0xKtS/febheu41AgMB
AAGjggI+MIICOjAdBgNVHQ4EFgQU9JqsJGfvN9eGH0nRe/Wk8vNGvOYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwVAYIKwYBBQUHAQcBAf8ERTBDMDAEAgABMCoDBAACORID
BAC11l4DBAC11m4DBAG1184DBAC5iQ0DBAC/YMwDBAC/ZW8wDwQCAAIwCQMHASoA
0aAAEDANBgkqhkiG9w0BAQsFAAOCAQEAlcFmYZ7rNYKTvaWv/3lGDMPbwMU8cops
qoBMfA1sbD2RniJ9ag55vyX2N3sNaAQLVTEhpObe2GqbSoJjX+eyIM1oEPYqTOXG
SUokr5B86xy7vAPhkETh/ZCxZ7dut4FHnEz0GRjJ9Wr5W6LAXBMXo5IMwoJmJG93
gxsxlSb/Tb7B3AOtbH7Y8A7/NhzWqkWpVAecYjgvaYmYIkOjZFieFaZJl9OvdvIs
4wTwLYRt3Hl8fB3UQyK4eVqfqZ354Kfr+1BTmq4Mzd+fVOLSHuRE2ssWLOVu7oTy
UXMtpGheS49/Mg3S9bTE9JWuMtoEIsKn2VH7zox/VeQgLPShpSERvQ==
-----END CERTIFICATE-----
Generated at Wed May 13 10:50:17 2026 by rpki-client