Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
File: AS16509.roa (raw, json)
Hash identifier: gO/1wdTrd7nGbywfhoQrSslF8sWOfMr6tPfnTO04rD4=
Subject key identifier: 1B:12:21:98:96:AA:09:23:35:5D:4C:D0:6A:E2:C8:E8:A9:E7:57:C2
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 36D23548452130B6E1D35DD8E51FAEF728A0E3C3
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
Signing time: Fri 23 May 2025 09:30:19 +0000
ROA not before: Fri 23 May 2025 09:25:19 +0000
ROA not after: Fri 22 May 2026 09:30:19 +0000
asID: 16509
IP address blocks: 82.21.28.0/22 maxlen: 24
82.25.56.0/21 maxlen: 21
82.26.154.0/24 maxlen: 24
82.26.201.0/24 maxlen: 24
82.29.0.0/24 maxlen: 24
82.29.2.0/24 maxlen: 24
82.29.3.0/24 maxlen: 24
82.29.4.0/24 maxlen: 24
82.29.102.0/24 maxlen: 24
82.29.104.0/24 maxlen: 24
82.29.105.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 14 Jun 2025 14:20:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
36:d2:35:48:45:21:30:b6:e1:d3:5d:d8:e5:1f:ae:f7:28:a0:e3:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: May 23 09:25:19 2025 GMT
Not After : May 22 09:30:19 2026 GMT
Subject: CN=1B12219896AA0923355D4CD06AE2C8E8A9E757C2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:fb:47:6b:85:d1:fe:75:0b:50:70:89:35:16:
b9:9f:19:70:10:f8:1d:1a:7f:68:7a:0a:fa:f7:be:
98:f9:e1:4f:bb:8b:c4:4e:35:71:4d:f3:9f:c8:0b:
fd:e8:63:0e:e2:a5:db:42:e9:23:85:a5:7f:2f:e0:
63:b7:1e:35:7a:f5:19:1b:11:1e:49:06:45:9c:17:
89:7f:e4:58:67:77:f5:eb:fe:d1:03:72:a1:1e:ba:
a1:5b:19:8e:22:1f:32:55:b6:35:d6:89:c4:6d:c3:
b5:52:be:36:e1:65:62:04:32:a9:cf:fb:05:7f:94:
fd:28:9e:ea:5f:75:7b:94:cd:e8:9f:84:a3:bc:42:
49:ef:40:d9:02:3c:df:a6:ac:89:f5:ed:b6:54:90:
7a:53:a9:8d:c7:6d:b3:85:9a:6a:25:ac:c9:d1:0f:
90:c1:a1:c5:86:31:97:2a:f3:c4:39:47:45:1e:f1:
bb:4d:de:55:ca:e1:a4:fa:3c:8e:81:05:c7:ce:ae:
aa:4e:41:db:84:e3:1f:8f:f4:a7:e7:a0:d1:d1:86:
e0:47:6f:c5:66:50:72:57:5f:3e:bd:8b:c0:f5:d8:
ee:83:d3:db:13:7e:1b:bc:99:e7:9f:2d:8f:83:cc:
36:0e:a5:90:a0:16:4f:4f:6c:e2:aa:04:26:9a:71:
61:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:12:21:98:96:AA:09:23:35:5D:4C:D0:6A:E2:C8:E8:A9:E7:57:C2
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.28.0/22
82.25.56.0/21
82.26.154.0/24
82.26.201.0/24
82.29.0.0/24
82.29.2.0-82.29.4.255
82.29.102.0/24
82.29.104.0/23
Signature Algorithm: sha256WithRSAEncryption
0a:89:d5:31:0b:e3:58:12:31:1b:03:30:17:a4:24:94:81:8a:
ae:a7:93:2f:33:08:20:76:75:d9:3f:bb:0d:d9:6b:78:8c:90:
6f:d5:90:4b:d3:a3:c3:89:ca:d5:9c:4e:a8:25:68:5b:0b:b4:
f4:d9:41:f5:49:67:24:a9:51:57:1d:0e:89:4c:be:c2:29:17:
3a:2f:9a:89:63:29:91:ac:40:2a:07:a4:33:49:ca:1a:93:37:
c1:76:56:0e:1c:8b:ee:06:ef:26:84:59:7d:96:d7:6c:30:b3:
de:2f:b6:85:e7:0f:d3:07:ec:fc:07:10:13:5e:90:d6:cc:41:
81:41:dc:63:d2:c8:19:8f:af:72:97:68:ab:7d:4e:5b:63:d7:
ce:a5:22:ba:71:4d:8d:d7:37:3f:de:e8:50:0d:b4:f6:f6:f0:
b1:7f:e2:92:4f:7b:82:6f:3b:4b:1e:2c:04:c2:8b:fa:2a:0e:
92:db:92:32:48:d9:6e:c1:bd:38:86:e5:04:8b:f1:ec:ad:33:
23:41:63:82:95:fb:33:64:4d:13:26:fe:b7:76:9a:8e:76:68:
23:1d:ef:23:fc:81:a2:c8:fa:30:65:25:14:09:bf:aa:bf:aa:
34:e5:64:6c:ad:8d:37:53:a2:6e:dc:bf:3d:d2:ed:37:5d:74:
57:56:cf:90
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNtI1SEUhMLbh013Y5R+u9yig48MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MjMwOTI1MTlaFw0yNjA1MjIwOTMwMTlaMDMxMTAvBgNV
BAMTKDFCMTIyMTk4OTZBQTA5MjMzNTVENENEMDZBRTJDOEU4QTlFNzU3QzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ+0drhdH+dQtQcIk1FrmfGXAQ
+B0af2h6Cvr3vpj54U+7i8RONXFN85/IC/3oYw7ipdtC6SOFpX8v4GO3HjV69Rkb
ER5JBkWcF4l/5Fhnd/Xr/tEDcqEeuqFbGY4iHzJVtjXWicRtw7VSvjbhZWIEMqnP
+wV/lP0onupfdXuUzeifhKO8QknvQNkCPN+mrIn17bZUkHpTqY3HbbOFmmolrMnR
D5DBocWGMZcq88Q5R0Ue8btN3lXK4aT6PI6BBcfOrqpOQduE4x+P9KfnoNHRhuBH
b8VmUHJXXz69i8D12O6D09sTfhu8meefLY+DzDYOpZCgFk9PbOKqBCaacWGvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUGxIhmJaqCSM1XUzQauLI6KnnV8IwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwUQYIKwYBBQUHAQcBAf8EQjBAMD4EAgABMDgDBAJSFRwD
BANSGTgDBABSGpoDBABSGskDBABSHQAwDAMEAVIdAgMEAFIdBAMEAFIdZgMEAVId
aDANBgkqhkiG9w0BAQsFAAOCAQEAConVMQvjWBIxGwMwF6QklIGKrqeTLzMIIHZ1
2T+7DdlreIyQb9WQS9Ojw4nK1ZxOqCVoWwu09NlB9UlnJKlRVx0OiUy+wikXOi+a
iWMpkaxAKgekM0nKGpM3wXZWDhyL7gbvJoRZfZbXbDCz3i+2hecP0wfs/AcQE16Q
1sxBgUHcY9LIGY+vcpdoq31OW2PXzqUiunFNjdc3P97oUA209vbwsX/ikk97gm87
Sx4sBMKL+ioOktuSMkjZbsG9OIblBIvx7K0zI0FjgpX7M2RNEyb+t3aajnZoIx3v
I/yBosj6MGUlFAm/qr+qNOVkbK2NN1Oibty/PdLtN110V1bPkA==
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:36:50 2025 by rpki-client