Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
File: AS16509.roa (raw, json)
Hash identifier: +Izlq+9ne2RGgsjvkMpRKVKxEinX4PUF3ey1hs899Go=
Subject key identifier: 00:F5:39:D4:BB:23:8C:1D:48:0D:0B:80:50:4C:37:8A:AF:26:1A:FB
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 3296A9DC4DBDD0EE456B34DDFF54D16FFD9AF81A
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
Signing time: Fri 15 Aug 2025 00:35:04 +0000
ROA not before: Fri 15 Aug 2025 00:30:04 +0000
ROA not after: Fri 14 Aug 2026 00:35:04 +0000
asID: 16509
IP address blocks: 82.21.28.0/22 maxlen: 24
82.24.100.0/24 maxlen: 24
82.26.154.0/24 maxlen: 24
82.26.201.0/24 maxlen: 24
82.29.0.0/24 maxlen: 24
82.29.2.0/24 maxlen: 24
82.29.3.0/24 maxlen: 24
82.29.4.0/24 maxlen: 24
82.29.102.0/24 maxlen: 24
82.29.104.0/24 maxlen: 24
82.29.105.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
32:96:a9:dc:4d:bd:d0:ee:45:6b:34:dd:ff:54:d1:6f:fd:9a:f8:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Aug 15 00:30:04 2025 GMT
Not After : Aug 14 00:35:04 2026 GMT
Subject: CN=00F539D4BB238C1D480D0B80504C378AAF261AFB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:29:ee:a2:bd:8a:f6:9c:ba:3e:bb:02:af:e6:
6d:39:c8:2b:de:1a:9f:8d:99:b8:f5:f1:4f:ef:74:
22:49:a0:72:e4:6e:81:78:47:69:d7:9d:c9:15:1f:
94:37:bb:b3:24:5c:cf:a7:ff:ad:91:fa:34:5e:d8:
90:4e:b2:bb:fb:59:20:65:02:33:ab:9e:c3:a2:c2:
56:76:6c:1f:eb:3a:af:94:58:69:24:92:0d:20:f5:
91:4e:c1:7f:27:34:5a:17:12:9f:f4:9b:65:ef:51:
05:78:cd:d9:c0:0a:1d:dd:5b:40:5e:71:3a:9e:80:
69:6a:ea:c7:8e:1b:26:58:ea:e2:ca:94:b7:de:7b:
0c:29:2c:45:40:a4:c4:eb:af:eb:f7:57:31:73:d2:
94:55:c7:d6:55:34:c8:9a:22:fa:14:e3:ad:c0:4b:
7a:b0:a8:99:6e:2f:f3:bf:8c:76:3a:8a:50:b5:88:
ce:38:34:8a:1f:20:f7:db:e2:6a:a2:97:82:d2:be:
5c:7c:3d:f2:57:86:d8:22:e8:f7:21:70:ef:d8:63:
7f:7a:0a:7d:e7:05:ed:1f:40:d5:47:b2:d7:d6:f9:
60:ae:eb:53:40:8a:92:c0:59:51:ee:a0:32:63:58:
bd:30:68:73:d1:51:50:97:97:fd:30:41:6a:33:9f:
77:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:F5:39:D4:BB:23:8C:1D:48:0D:0B:80:50:4C:37:8A:AF:26:1A:FB
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.28.0/22
82.24.100.0/24
82.26.154.0/24
82.26.201.0/24
82.29.0.0/24
82.29.2.0-82.29.4.255
82.29.102.0/24
82.29.104.0/23
Signature Algorithm: sha256WithRSAEncryption
0d:e6:5d:d6:90:77:ed:ef:8f:eb:6e:a5:2c:b4:1f:70:02:1d:
9f:9a:eb:e2:e8:f7:4e:ab:e5:f1:ee:20:75:6c:65:dd:a8:91:
02:af:d8:09:ed:e9:e9:94:69:2d:56:8b:eb:46:ea:a1:6a:ad:
70:39:c4:78:d3:32:ca:b6:51:7f:ad:32:27:4a:b5:46:ae:d1:
81:13:4f:86:4a:7c:d2:57:d9:f5:14:c5:59:2d:34:32:48:12:
e3:9e:45:37:a6:22:f0:80:8b:28:1a:ab:de:83:22:2b:34:05:
fa:41:30:6f:50:55:4b:f7:89:3d:4a:f1:8a:b0:ec:17:c3:c4:
63:fc:cf:a5:f1:3c:40:65:70:ba:a9:0c:fe:3d:09:04:c7:3d:
75:2b:9d:39:99:2f:31:87:ba:ec:17:62:38:25:69:a3:c7:11:
37:6c:a9:ab:94:74:60:5a:d9:a7:47:f7:01:ac:2b:5a:a1:b5:
18:55:ea:74:d0:23:e3:5c:e4:4f:a7:e1:6e:95:ad:38:43:47:
a4:97:85:9b:51:44:08:67:7d:4b:f8:c3:8a:03:78:60:87:55:
62:4a:4c:88:b3:7c:92:29:12:b7:d2:e8:0b:32:a3:da:e3:0a:
a8:b3:b6:0d:fd:5f:f0:23:7e:b5:4d:cd:5f:64:e5:29:f4:d4:
5f:90:bb:63
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMpap3E290O5FazTd/1TRb/2a+BowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MTUwMDMwMDRaFw0yNjA4MTQwMDM1MDRaMDMxMTAvBgNV
BAMTKDAwRjUzOUQ0QkIyMzhDMUQ0ODBEMEI4MDUwNEMzNzhBQUYyNjFBRkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmKe6ivYr2nLo+uwKv5m05yCve
Gp+Nmbj18U/vdCJJoHLkboF4R2nXnckVH5Q3u7MkXM+n/62R+jRe2JBOsrv7WSBl
AjOrnsOiwlZ2bB/rOq+UWGkkkg0g9ZFOwX8nNFoXEp/0m2XvUQV4zdnACh3dW0Be
cTqegGlq6seOGyZY6uLKlLfeewwpLEVApMTrr+v3VzFz0pRVx9ZVNMiaIvoU463A
S3qwqJluL/O/jHY6ilC1iM44NIofIPfb4mqil4LSvlx8PfJXhtgi6PchcO/YY396
Cn3nBe0fQNVHstfW+WCu61NAipLAWVHuoDJjWL0waHPRUVCXl/0wQWozn3e3AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUAPU51LsjjB1IDQuAUEw3iq8mGvswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwUQYIKwYBBQUHAQcBAf8EQjBAMD4EAgABMDgDBAJSFRwD
BABSGGQDBABSGpoDBABSGskDBABSHQAwDAMEAVIdAgMEAFIdBAMEAFIdZgMEAVId
aDANBgkqhkiG9w0BAQsFAAOCAQEADeZd1pB37e+P626lLLQfcAIdn5rr4uj3Tqvl
8e4gdWxl3aiRAq/YCe3p6ZRpLVaL60bqoWqtcDnEeNMyyrZRf60yJ0q1Rq7RgRNP
hkp80lfZ9RTFWS00MkgS455FN6Yi8ICLKBqr3oMiKzQF+kEwb1BVS/eJPUrxirDs
F8PEY/zPpfE8QGVwuqkM/j0JBMc9dSudOZkvMYe67BdiOCVpo8cRN2ypq5R0YFrZ
p0f3AawrWqG1GFXqdNAj41zkT6fhbpWtOENHpJeFm1FECGd9S/jDigN4YIdVYkpM
iLN8kikSt9LoCzKj2uMKqLO2Df1f8CN+tU3NX2TlKfTUX5C7Yw==
-----END CERTIFICATE-----
Generated at Sat Aug 23 11:50:05 2025 by rpki-client