Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16509.roa
File: AS16509.roa (raw, json)
Hash identifier: NxHtZJbSOIiISwUoj2KEdlLFyNYd64YSvtA2i2ke7Z4=
Subject key identifier: 59:0A:43:E0:E5:A8:AF:1B:33:32:81:C9:21:13:84:7E:EE:62:B9:6F
Certificate issuer: /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial: 419F09B76B01207093EA7D9A88CF45FD8F5204B9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16509.roa
Signing time: Thu 16 Apr 2026 09:09:19 +0000
ROA not before: Thu 16 Apr 2026 09:04:19 +0000
ROA not after: Thu 15 Apr 2027 09:09:19 +0000
asID: 16509
IP address blocks: 45.139.182.0/24 maxlen: 24
181.214.94.0/24 maxlen: 24
181.214.110.0/24 maxlen: 24
181.215.206.0/23 maxlen: 24
185.137.13.0/24 maxlen: 24
191.96.204.0/24 maxlen: 24
191.101.111.0/24 maxlen: 24
2a00:d1a0:10::/48 maxlen: 48
2a00:d1a0:11::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 15:58:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
41:9f:09:b7:6b:01:20:70:93:ea:7d:9a:88:cf:45:fd:8f:52:04:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Validity
Not Before: Apr 16 09:04:19 2026 GMT
Not After : Apr 15 09:09:19 2027 GMT
Subject: CN=590A43E0E5A8AF1B333281C92113847EEE62B96F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:d0:36:fc:6b:9b:e3:ec:d2:1e:83:be:d9:73:
0c:08:e7:d9:86:49:98:92:55:28:c5:f3:b2:ae:41:
4b:3f:e2:5f:fb:fc:15:34:ce:e0:43:b2:e6:25:01:
0a:0a:dc:ae:27:a0:24:48:95:70:47:d7:3a:83:1f:
b6:d6:4d:99:89:88:b5:55:5f:4b:33:0f:34:60:9c:
3e:c7:3c:d8:d1:2e:d3:62:39:08:5c:9a:9b:7d:56:
ef:7b:d0:7d:c6:bb:6a:1c:9b:9e:c9:4e:c0:07:8b:
4a:b0:e9:7e:ef:39:a2:9f:3e:b4:14:b5:7e:67:a7:
72:f8:43:4d:6b:f9:0f:43:e7:6a:f1:d4:32:df:ab:
d9:11:f7:1d:f7:a0:e0:4e:c4:3c:e8:a9:64:58:bd:
bb:3e:d6:a5:66:ce:bb:ce:55:d4:3d:7a:bf:9d:f8:
f4:c2:05:54:6a:02:24:db:8e:7b:7b:c9:6a:25:7d:
e3:8c:3e:84:53:a2:4f:f0:e4:bb:fc:4f:d9:0e:8f:
b1:64:1e:47:14:7e:20:19:48:ad:d5:fe:ed:60:44:
a0:d1:19:00:ca:81:f8:68:8d:e8:1c:c1:50:1a:69:
b8:5b:57:2a:66:4f:b5:60:30:2c:25:2f:ba:58:37:
7d:da:77:37:79:89:1d:a0:1e:97:06:85:ad:2f:ea:
7b:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:0A:43:E0:E5:A8:AF:1B:33:32:81:C9:21:13:84:7E:EE:62:B9:6F
X509v3 Authority Key Identifier:
keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16509.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.139.182.0/24
181.214.94.0/24
181.214.110.0/24
181.215.206.0/23
185.137.13.0/24
191.96.204.0/24
191.101.111.0/24
IPv6:
2a00:d1a0:10::/47
Signature Algorithm: sha256WithRSAEncryption
87:11:ef:8e:9c:69:41:f3:26:09:b5:04:f1:cc:0d:7d:86:2d:
2a:5e:df:41:a4:27:76:9d:e1:76:46:ad:bc:53:52:c6:cb:36:
06:d4:fa:ab:8a:b9:6e:d0:8a:84:1e:6f:bb:e1:83:42:8d:80:
b1:42:42:73:99:d6:ab:9c:e4:a5:ef:98:47:a3:a7:e5:1f:85:
6c:be:7f:14:02:74:18:37:00:67:84:23:96:29:ed:7d:dd:44:
1b:d1:eb:6a:a6:65:20:85:2d:92:b7:2e:2c:52:66:8a:65:51:
90:35:3c:f9:3e:f8:ce:9d:57:34:a2:65:62:38:4d:dd:fd:ea:
11:8d:af:57:23:4e:fe:cb:ef:60:2b:d4:99:73:65:3f:f9:23:
90:e7:fa:1c:9a:09:e9:c9:dd:cc:bb:75:47:85:03:a6:1d:1b:
d3:3d:56:d4:6d:51:e1:85:0a:6a:96:c2:d1:65:4b:65:ce:82:
54:f8:e3:45:e0:4c:74:83:ce:3f:f9:57:97:a4:14:74:00:38:
68:af:38:c5:a8:01:fb:1a:01:6f:ad:d6:73:4f:fa:fc:0f:ea:
57:31:5e:07:17:ca:95:18:4a:41:55:01:f1:00:bb:af:b5:1f:
ae:07:6d:00:f7:14:11:07:0d:5f:cc:34:80:4c:e7:fc:09:28:
56:e9:9b:9d
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgIUQZ8Jt2sBIHCT6n2aiM9F/Y9SBLkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA0MTYwOTA0MTlaFw0yNzA0MTUwOTA5MTlaMDMxMTAvBgNV
BAMTKDU5MEE0M0UwRTVBOEFGMUIzMzMyODFDOTIxMTM4NDdFRUU2MkI5NkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS0Db8a5vj7NIeg77ZcwwI59mG
SZiSVSjF87KuQUs/4l/7/BU0zuBDsuYlAQoK3K4noCRIlXBH1zqDH7bWTZmJiLVV
X0szDzRgnD7HPNjRLtNiOQhcmpt9Vu970H3Gu2ocm57JTsAHi0qw6X7vOaKfPrQU
tX5np3L4Q01r+Q9D52rx1DLfq9kR9x33oOBOxDzoqWRYvbs+1qVmzrvOVdQ9er+d
+PTCBVRqAiTbjnt7yWolfeOMPoRTok/w5Lv8T9kOj7FkHkcUfiAZSK3V/u1gRKDR
GQDKgfhojegcwVAaabhbVypmT7VgMCwlL7pYN33adzd5iR2gHpcGha0v6nttAgMB
AAGjggI+MIICOjAdBgNVHQ4EFgQUWQpD4OWorxszMoHJIROEfu5iuW8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwVAYIKwYBBQUHAQcBAf8ERTBDMDAEAgABMCoDBAAti7YD
BAC11l4DBAC11m4DBAG1184DBAC5iQ0DBAC/YMwDBAC/ZW8wDwQCAAIwCQMHASoA
0aAAEDANBgkqhkiG9w0BAQsFAAOCAQEAhxHvjpxpQfMmCbUE8cwNfYYtKl7fQaQn
dp3hdkatvFNSxss2BtT6q4q5btCKhB5vu+GDQo2AsUJCc5nWq5zkpe+YR6On5R+F
bL5/FAJ0GDcAZ4Qjlintfd1EG9HraqZlIIUtkrcuLFJmimVRkDU8+T74zp1XNKJl
YjhN3f3qEY2vVyNO/svvYCvUmXNlP/kjkOf6HJoJ6cndzLt1R4UDph0b0z1W1G1R
4YUKapbC0WVLZc6CVPjjReBMdIPOP/lXl6QUdAA4aK84xagB+xoBb63Wc0/6/A/q
VzFeBxfKlRhKQVUB8QC7r7UfrgdtAPcUEQcNX8w0gEzn/AkoVumbnQ==
-----END CERTIFICATE-----
Generated at Fri Apr 17 05:56:43 2026 by rpki-client