Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
File: AS16509.roa (raw, json)
Hash identifier: T7ta3SIH7JQ6UQ5DOZKv19bVq6l744LJyYweYaIfhBA=
Subject key identifier: 3C:FD:A1:C9:D9:87:63:F4:40:8F:1F:90:55:64:43:39:52:C1:97:68
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 2DA754AA18012CE70A2D8E9CD142B9605305DD84
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
Signing time: Sat 21 Feb 2026 06:01:55 +0000
ROA not before: Sat 21 Feb 2026 05:56:55 +0000
ROA not after: Sat 20 Feb 2027 06:01:55 +0000
asID: 16509
IP address blocks: 96.62.208.0/22 maxlen: 22
140.233.128.0/19 maxlen: 24
143.14.82.0/23 maxlen: 24
143.14.187.0/24 maxlen: 24
143.14.194.0/24 maxlen: 24
143.14.227.0/24 maxlen: 24
145.223.64.0/24 maxlen: 24
145.223.65.0/24 maxlen: 24
146.103.60.0/24 maxlen: 24
146.103.62.0/23 maxlen: 24
147.79.25.0/24 maxlen: 24
148.135.180.0/24 maxlen: 24
148.135.186.0/24 maxlen: 24
155.117.0.0/24 maxlen: 24
155.117.13.0/24 maxlen: 24
155.117.60.0/24 maxlen: 24
155.117.185.0/24 maxlen: 24
155.117.187.0/24 maxlen: 24
155.117.203.0/24 maxlen: 24
162.141.159.0/24 maxlen: 24
162.141.180.0/24 maxlen: 24
168.222.64.0/20 maxlen: 24
168.222.121.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 12:54:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:a7:54:aa:18:01:2c:e7:0a:2d:8e:9c:d1:42:b9:60:53:05:dd:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Feb 21 05:56:55 2026 GMT
Not After : Feb 20 06:01:55 2027 GMT
Subject: CN=3CFDA1C9D98763F4408F1F905564433952C19768
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:aa:c0:78:7c:cb:a4:85:ac:95:63:cc:b8:cf:
07:02:d9:ec:c1:39:fb:26:3b:12:66:3b:98:27:4c:
bc:a5:6e:d0:a0:ee:83:83:52:58:81:40:cf:89:bf:
df:b1:fe:12:ba:0d:b9:29:63:3f:6e:9d:f5:b4:f9:
d6:ff:8c:d0:89:2f:a9:6d:1b:30:5e:4a:17:3e:57:
8a:61:ee:16:b5:2d:6e:d9:6b:cb:9e:e9:ef:51:58:
3f:77:78:c2:f9:c5:55:d9:a0:50:a0:8d:cd:36:bf:
3a:b7:a8:ea:68:6b:38:84:63:b3:8b:c8:65:f2:0f:
80:3a:b9:97:87:a5:09:c5:23:65:e3:65:03:c1:31:
15:3d:f3:92:58:c3:a4:27:98:80:8d:06:c9:ee:53:
fb:e4:0c:f3:65:2d:16:80:f4:21:c8:b0:3a:1e:d5:
30:7f:7d:2b:7c:f6:f3:2b:89:51:74:eb:2b:c5:ab:
bb:16:d4:fc:eb:09:47:02:ef:2d:c7:8c:53:3d:02:
b1:30:e1:0b:60:40:48:4e:8c:e3:e0:a6:6d:9a:89:
3f:aa:d9:01:1d:50:19:bf:7f:6e:fd:a1:0f:1a:35:
6e:c8:f4:4b:a7:c7:6b:6b:8f:5a:c7:47:af:47:89:
ca:52:2f:91:e1:76:e7:7a:b7:00:4c:67:f6:a3:26:
f9:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:FD:A1:C9:D9:87:63:F4:40:8F:1F:90:55:64:43:39:52:C1:97:68
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS16509.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.208.0/22
140.233.128.0/19
143.14.82.0/23
143.14.187.0/24
143.14.194.0/24
143.14.227.0/24
145.223.64.0/23
146.103.60.0/24
146.103.62.0/23
147.79.25.0/24
148.135.180.0/24
148.135.186.0/24
155.117.0.0/24
155.117.13.0/24
155.117.60.0/24
155.117.185.0/24
155.117.187.0/24
155.117.203.0/24
162.141.159.0/24
162.141.180.0/24
168.222.64.0/20
168.222.121.0/24
Signature Algorithm: sha256WithRSAEncryption
52:d3:78:27:a5:9a:a8:fc:11:ee:40:30:3e:37:e6:9d:70:60:
db:85:d1:3c:8a:0c:ac:93:3d:80:ee:54:02:01:64:4e:bf:8d:
20:7a:8e:c4:1e:fd:de:13:10:fd:1e:fe:23:c4:b9:cc:19:93:
25:0f:96:e6:58:ab:9a:f8:24:87:de:59:05:2a:65:07:cf:58:
bd:24:0e:1a:d8:67:0e:1a:d1:58:ba:0a:93:df:93:bb:2c:f8:
35:f8:f9:37:46:53:f2:61:4c:d2:da:43:52:9e:58:a0:26:61:
bc:b5:cd:dd:3d:ea:77:17:df:e5:08:b1:24:c2:3a:bf:83:f2:
54:bd:34:ac:ba:42:6c:c7:c8:2a:d0:00:66:ac:7e:52:56:55:
e9:d1:d1:5b:88:e6:8a:14:e7:69:c6:15:90:5e:7f:91:94:f5:
97:3a:23:9f:42:cc:2c:e7:b7:e7:20:16:f0:11:29:68:7e:f6:
4d:8f:a3:09:f6:4a:f8:8a:eb:32:d6:16:8b:73:fe:48:ba:22:
69:76:41:3d:8f:5d:4f:79:8e:97:9d:d0:32:8a:55:da:5f:de:
a9:e9:7d:9d:80:7d:c6:25:41:ec:84:78:f6:e5:ca:56:84:51:
36:f5:26:d9:f7:6e:53:0b:2d:37:61:f1:2d:7b:8b:f3:04:97:
63:22:ea:62
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIULadUqhgBLOcKLY6c0UK5YFMF3YQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMjEwNTU2NTVaFw0yNzAyMjAwNjAxNTVaMDMxMTAvBgNV
BAMTKDNDRkRBMUM5RDk4NzYzRjQ0MDhGMUY5MDU1NjQ0MzM5NTJDMTk3NjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrqsB4fMukhayVY8y4zwcC2ezB
OfsmOxJmO5gnTLylbtCg7oODUliBQM+Jv9+x/hK6DbkpYz9unfW0+db/jNCJL6lt
GzBeShc+V4ph7ha1LW7Za8ue6e9RWD93eML5xVXZoFCgjc02vzq3qOpoaziEY7OL
yGXyD4A6uZeHpQnFI2XjZQPBMRU985JYw6QnmICNBsnuU/vkDPNlLRaA9CHIsDoe
1TB/fSt89vMriVF06yvFq7sW1PzrCUcC7y3HjFM9ArEw4QtgQEhOjOPgpm2aiT+q
2QEdUBm/f279oQ8aNW7I9Eunx2trj1rHR69HicpSL5Hhdud6twBMZ/ajJvmxAgMB
AAGjggKMMIICiDAdBgNVHQ4EFgQUPP2hydmHY/RAjx+QVWRDOVLBl2gwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgaEGCCsGAQUFBwEHAQH/BIGRMIGOMIGLBAIAATCBhAME
AmA+0AMEBYzpgAMEAY8OUgMEAI8OuwMEAI8OwgMEAI8O4wMEAZHfQAMEAJJnPAME
AZJnPgMEAJNPGQMEAJSHtAMEAJSHugMEAJt1AAMEAJt1DQMEAJt1PAMEAJt1uQME
AJt1uwMEAJt1ywMEAKKNnwMEAKKNtAMEBKjeQAMEAKjeeTANBgkqhkiG9w0BAQsF
AAOCAQEAUtN4J6WaqPwR7kAwPjfmnXBg24XRPIoMrJM9gO5UAgFkTr+NIHqOxB79
3hMQ/R7+I8S5zBmTJQ+W5lirmvgkh95ZBSplB89YvSQOGthnDhrRWLoKk9+Tuyz4
Nfj5N0ZT8mFM0tpDUp5YoCZhvLXN3T3qdxff5QixJMI6v4PyVL00rLpCbMfIKtAA
Zqx+UlZV6dHRW4jmihTnacYVkF5/kZT1lzojn0LMLOe35yAW8BEpaH72TY+jCfZK
+IrrMtYWi3P+SLoiaXZBPY9dT3mOl53QMopV2l/eqel9nYB9xiVB7IR49uXKVoRR
NvUm2fduUwstN2HxLXuL8wSXYyLqYg==
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:52:27 2026 by rpki-client