Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
File: AS16509.roa (raw, json)
Hash identifier: qB0KfuCJC7mYmsG4mt8ACoNj4rplnlX4/dE726XGkFY=
Subject key identifier: 18:1E:A6:1C:43:6B:15:4C:14:79:21:DD:5D:BF:B2:90:E5:D7:0D:3E
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 5350776AEAB39CF8C181B0039AB7A4814DB8F1B4
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
Signing time: Tue 24 Jun 2025 22:07:16 +0000
ROA not before: Tue 24 Jun 2025 22:02:16 +0000
ROA not after: Tue 23 Jun 2026 22:07:16 +0000
asID: 16509
IP address blocks: 82.21.28.0/22 maxlen: 24
82.24.100.0/24 maxlen: 24
82.25.56.0/21 maxlen: 21
82.26.154.0/24 maxlen: 24
82.26.201.0/24 maxlen: 24
82.29.0.0/24 maxlen: 24
82.29.2.0/24 maxlen: 24
82.29.3.0/24 maxlen: 24
82.29.4.0/24 maxlen: 24
82.29.102.0/24 maxlen: 24
82.29.104.0/24 maxlen: 24
82.29.105.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 11:27:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
53:50:77:6a:ea:b3:9c:f8:c1:81:b0:03:9a:b7:a4:81:4d:b8:f1:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Jun 24 22:02:16 2025 GMT
Not After : Jun 23 22:07:16 2026 GMT
Subject: CN=181EA61C436B154C147921DD5DBFB290E5D70D3E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:52:4b:e6:a1:91:8f:e7:c2:ea:69:1f:61:61:
be:f5:b7:56:ff:89:24:d6:db:23:d3:41:5e:cf:20:
7b:88:f2:35:74:46:08:42:cc:99:eb:cb:78:32:ef:
58:9d:54:be:de:62:7d:90:88:c2:e3:dc:16:9e:b7:
84:c1:84:b0:9e:89:1e:bd:48:6b:de:80:e2:82:3c:
f1:5b:0f:1e:07:5b:9a:48:9b:c8:06:ab:d4:31:21:
bd:64:a4:24:bd:33:29:86:5b:73:12:1c:46:89:5d:
25:b3:9a:db:b3:69:0c:92:67:d8:20:4e:e6:63:78:
54:fd:ac:b1:63:e6:37:fd:7c:c4:6e:ad:a8:6f:54:
0e:19:37:cc:f0:42:79:c3:5b:36:15:c4:40:b8:7f:
7a:2c:26:6d:82:f6:03:1b:e2:49:a7:85:63:56:de:
0b:44:48:ae:89:4c:6d:a3:f9:17:2a:12:2b:45:79:
e8:f1:b5:c1:66:26:db:53:6b:cb:8e:ae:43:02:74:
87:ce:9e:b9:16:44:95:95:cb:5a:70:c5:5c:2d:70:
41:27:a8:7e:49:73:72:99:86:f8:af:60:f0:ad:c2:
0a:dd:9e:54:e5:c3:12:25:21:e5:44:98:5b:bd:56:
4e:47:b6:11:4a:2d:71:fe:fd:d1:c7:18:d3:06:ac:
d8:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:1E:A6:1C:43:6B:15:4C:14:79:21:DD:5D:BF:B2:90:E5:D7:0D:3E
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.28.0/22
82.24.100.0/24
82.25.56.0/21
82.26.154.0/24
82.26.201.0/24
82.29.0.0/24
82.29.2.0-82.29.4.255
82.29.102.0/24
82.29.104.0/23
Signature Algorithm: sha256WithRSAEncryption
9f:fd:4c:c2:3e:a5:bb:14:ad:2a:ad:a2:ce:4d:67:ec:54:1a:
58:55:4e:04:9e:ba:67:5a:20:37:d2:78:8f:b6:07:d6:82:bd:
28:62:18:f0:a3:51:5d:70:18:b1:77:5d:6a:ed:93:7d:09:d6:
74:90:53:63:89:42:21:de:36:0d:08:13:77:ab:c0:cc:2c:a4:
3a:73:65:9a:37:f8:d8:96:96:fb:74:fe:21:95:ac:7c:78:bc:
24:c0:0b:d1:71:c5:ce:6c:99:69:02:20:33:e4:5a:cf:ef:97:
d2:db:30:58:c5:a7:18:b7:9c:32:5d:a6:a2:e3:9d:5d:15:86:
d3:73:25:e4:8d:f2:85:3f:68:60:bb:b5:64:c4:48:62:d1:50:
df:51:f2:a6:e3:f2:1b:fc:00:2e:04:b8:16:4a:13:e8:2e:db:
95:8d:7b:2f:a7:c0:67:c1:00:56:ff:f7:94:20:4f:94:c7:1f:
ba:c3:d8:e2:84:bb:01:e5:d8:df:76:a0:c4:13:55:50:8c:ab:
f6:de:e3:6b:0a:c7:e0:b9:c7:69:4d:91:7d:b5:a7:54:40:df:
cb:4e:bc:c8:32:34:06:31:6f:ea:03:23:5a:93:df:c3:b2:37:
4c:69:1a:ba:b0:f0:f8:74:7e:b4:6e:b2:3b:b3:c1:4b:17:6a:
3c:1c:20:7f
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUU1B3auqznPjBgbADmrekgU248bQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MjQyMjAyMTZaFw0yNjA2MjMyMjA3MTZaMDMxMTAvBgNV
BAMTKDE4MUVBNjFDNDM2QjE1NEMxNDc5MjFERDVEQkZCMjkwRTVENzBEM0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAUkvmoZGP58LqaR9hYb71t1b/
iSTW2yPTQV7PIHuI8jV0RghCzJnry3gy71idVL7eYn2QiMLj3Baet4TBhLCeiR69
SGvegOKCPPFbDx4HW5pIm8gGq9QxIb1kpCS9MymGW3MSHEaJXSWzmtuzaQySZ9gg
TuZjeFT9rLFj5jf9fMRurahvVA4ZN8zwQnnDWzYVxEC4f3osJm2C9gMb4kmnhWNW
3gtESK6JTG2j+RcqEitFeejxtcFmJttTa8uOrkMCdIfOnrkWRJWVy1pwxVwtcEEn
qH5Jc3KZhvivYPCtwgrdnlTlwxIlIeVEmFu9Vk5HthFKLXH+/dHHGNMGrNgFAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUGB6mHENrFUwUeSHdXb+ykOXXDT4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwVwYIKwYBBQUHAQcBAf8ESDBGMEQEAgABMD4DBAJSFRwD
BABSGGQDBANSGTgDBABSGpoDBABSGskDBABSHQAwDAMEAVIdAgMEAFIdBAMEAFId
ZgMEAVIdaDANBgkqhkiG9w0BAQsFAAOCAQEAn/1Mwj6luxStKq2izk1n7FQaWFVO
BJ66Z1ogN9J4j7YH1oK9KGIY8KNRXXAYsXddau2TfQnWdJBTY4lCId42DQgTd6vA
zCykOnNlmjf42JaW+3T+IZWsfHi8JMAL0XHFzmyZaQIgM+Raz++X0tswWMWnGLec
Ml2mouOdXRWG03Ml5I3yhT9oYLu1ZMRIYtFQ31HypuPyG/wALgS4FkoT6C7blY17
L6fAZ8EAVv/3lCBPlMcfusPY4oS7AeXY33agxBNVUIyr9t7jawrH4LnHaU2RfbWn
VEDfy068yDI0BjFv6gMjWpPfw7I3TGkaurDw+HR+tG6yO7PBSxdqPBwgfw==
-----END CERTIFICATE-----
Generated at Sat Jun 28 23:49:59 2025 by rpki-client