Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
File: AS16509.roa (raw, json)
Hash identifier: Zo9V/XxxI11SMq2g8YYwVHLNaXa0h44dwKuO6tizHPs=
Subject key identifier: 41:1F:CD:CE:53:D1:C4:E9:52:E5:F3:ED:74:31:B8:20:5B:3D:8A:7B
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 1DEFE51F193FEA94A3E08C3A534BCC9FE729930A
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
Signing time: Mon 13 Apr 2026 13:10:26 +0000
ROA not before: Mon 13 Apr 2026 13:05:26 +0000
ROA not after: Mon 12 Apr 2027 13:10:26 +0000
asID: 16509
IP address blocks: 82.21.28.0/22 maxlen: 24
82.24.76.0/24 maxlen: 24
82.24.100.0/24 maxlen: 24
82.26.154.0/24 maxlen: 24
82.26.201.0/24 maxlen: 24
82.29.0.0/24 maxlen: 24
82.29.2.0/24 maxlen: 24
82.29.3.0/24 maxlen: 24
82.29.4.0/24 maxlen: 24
82.29.102.0/24 maxlen: 24
82.29.104.0/24 maxlen: 24
82.29.105.0/24 maxlen: 24
82.41.200.0/24 maxlen: 24
82.47.64.0/19 maxlen: 24
84.75.18.0/24 maxlen: 24
84.75.19.0/24 maxlen: 24
84.75.34.0/24 maxlen: 24
84.75.36.0/24 maxlen: 24
84.75.37.0/24 maxlen: 24
84.75.38.0/24 maxlen: 24
84.75.41.0/24 maxlen: 24
84.75.42.0/24 maxlen: 24
84.75.48.0/24 maxlen: 24
84.75.50.0/24 maxlen: 24
84.75.51.0/24 maxlen: 24
84.75.52.0/24 maxlen: 24
84.75.53.0/24 maxlen: 24
84.75.55.0/24 maxlen: 24
84.75.61.0/24 maxlen: 24
84.75.62.0/24 maxlen: 24
84.75.63.0/24 maxlen: 24
84.75.64.0/24 maxlen: 24
84.75.65.0/24 maxlen: 24
84.75.67.0/24 maxlen: 24
84.75.68.0/24 maxlen: 24
84.75.69.0/24 maxlen: 24
84.75.70.0/24 maxlen: 24
84.75.96.0/19 maxlen: 24
178.83.112.0/22 maxlen: 22
2a13:9500:110::/48 maxlen: 48
2a13:9500:126::/48 maxlen: 48
2a13:9500:127::/48 maxlen: 48
2a13:9500:13a::/48 maxlen: 48
2a13:9500:157::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1d:ef:e5:1f:19:3f:ea:94:a3:e0:8c:3a:53:4b:cc:9f:e7:29:93:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Apr 13 13:05:26 2026 GMT
Not After : Apr 12 13:10:26 2027 GMT
Subject: CN=411FCDCE53D1C4E952E5F3ED7431B8205B3D8A7B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:cc:7e:ec:83:8f:15:0b:bc:2f:66:26:b3:60:
e6:49:22:f1:61:84:33:f4:4c:7e:98:b5:25:8c:52:
cc:8b:77:8f:89:42:93:43:e3:82:ac:92:0a:ab:d3:
b4:bf:54:31:04:3b:b4:14:bc:14:a2:b2:d0:1e:f6:
51:0e:07:46:3d:7c:13:e7:12:32:25:24:86:81:d5:
b8:23:75:4b:96:03:74:21:b7:ea:12:37:c5:2b:67:
75:7c:de:ba:8e:c5:23:82:fd:fb:6c:09:e7:8f:84:
72:63:18:9b:6f:3e:40:18:ed:96:5b:54:75:87:93:
e3:f5:05:27:54:43:82:2e:1f:36:70:e7:a2:a1:76:
5f:21:29:3a:56:ef:c4:81:d0:5b:a2:69:2a:fc:87:
00:18:a9:3d:1c:86:a5:a7:1d:3f:4e:48:4a:03:27:
6b:fe:1d:67:a7:f0:f9:ab:90:91:1d:34:a3:5c:6b:
e7:3d:f2:02:69:d8:73:cb:89:1e:f2:01:36:86:8c:
44:f8:4a:29:39:a7:45:3f:10:77:fb:b8:f7:1e:fe:
34:e6:cb:74:5a:25:c5:86:7f:8c:d3:f6:31:6a:d5:
ba:ca:02:64:c6:8e:3f:ed:c1:d0:07:77:7b:85:19:
9f:cc:aa:8a:ac:7a:8e:36:5c:c5:c8:98:26:1f:61:
00:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:1F:CD:CE:53:D1:C4:E9:52:E5:F3:ED:74:31:B8:20:5B:3D:8A:7B
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS16509.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.28.0/22
82.24.76.0/24
82.24.100.0/24
82.26.154.0/24
82.26.201.0/24
82.29.0.0/24
82.29.2.0-82.29.4.255
82.29.102.0/24
82.29.104.0/23
82.41.200.0/24
82.47.64.0/19
84.75.18.0/23
84.75.34.0/24
84.75.36.0-84.75.38.255
84.75.41.0-84.75.42.255
84.75.48.0/24
84.75.50.0-84.75.53.255
84.75.55.0/24
84.75.61.0-84.75.65.255
84.75.67.0-84.75.70.255
84.75.96.0/19
178.83.112.0/22
IPv6:
2a13:9500:110::/48
2a13:9500:126::/47
2a13:9500:13a::/48
2a13:9500:157::/48
Signature Algorithm: sha256WithRSAEncryption
2c:1c:05:78:65:ea:d9:b9:71:e3:71:28:c9:ed:c4:dc:e3:a8:
d3:c8:2a:12:d7:b2:bf:fd:57:53:45:72:05:7a:41:42:e0:11:
30:1a:18:a8:e7:e4:cf:ff:ee:b3:f4:f0:54:c4:2e:f5:3b:cb:
40:b8:17:a3:6e:b7:3f:de:d1:11:bd:95:96:15:83:b1:dc:93:
05:11:ba:6e:6f:bd:16:aa:96:6a:2e:34:dd:cb:de:74:75:a5:
6b:68:0d:d3:cf:ad:19:6e:4d:07:ff:7e:18:53:6e:1e:3f:cc:
39:1b:c8:63:dd:54:09:9e:32:b7:4a:f0:39:0e:4f:b4:d4:13:
6e:7a:93:82:10:6d:24:0a:1d:ad:71:10:37:84:03:67:1d:20:
fb:39:cd:7d:df:02:31:90:ee:e4:20:87:71:0a:17:c8:4a:44:
65:d6:98:11:fe:1e:8f:aa:c6:cc:45:e1:21:4f:be:8d:53:79:
5c:56:bd:1f:aa:ee:a5:fc:ce:43:83:e6:27:ef:03:5d:1b:86:
a9:fd:0b:28:85:3b:3c:6f:53:4b:6b:7d:3d:93:74:a4:79:ae:
13:51:00:57:ee:8f:4a:80:e8:5e:64:7b:95:57:1c:fd:eb:72:
25:f3:ac:4e:27:ae:8f:2f:58:f6:a5:38:e1:62:45:2f:1f:6e:
e7:6f:5e:e4
-----BEGIN CERTIFICATE-----
MIIF3jCCBMagAwIBAgIUHe/lHxk/6pSj4Iw6U0vMn+cpkwowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTMxMzA1MjZaFw0yNzA0MTIxMzEwMjZaMDMxMTAvBgNV
BAMTKDQxMUZDRENFNTNEMUM0RTk1MkU1RjNFRDc0MzFCODIwNUIzRDhBN0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+zH7sg48VC7wvZiazYOZJIvFh
hDP0TH6YtSWMUsyLd4+JQpND44Kskgqr07S/VDEEO7QUvBSistAe9lEOB0Y9fBPn
EjIlJIaB1bgjdUuWA3Qht+oSN8UrZ3V83rqOxSOC/ftsCeePhHJjGJtvPkAY7ZZb
VHWHk+P1BSdUQ4IuHzZw56Khdl8hKTpW78SB0FuiaSr8hwAYqT0chqWnHT9OSEoD
J2v+HWen8PmrkJEdNKNca+c98gJp2HPLiR7yATaGjET4Sik5p0U/EHf7uPce/jTm
y3RaJcWGf4zT9jFq1brKAmTGjj/twdAHd3uFGZ/Mqoqseo42XMXImCYfYQBdAgMB
AAGjggLoMIIC5DAdBgNVHQ4EFgQUQR/NzlPRxOlS5fPtdDG4IFs9inswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgf0GCCsGAQUFBwEHAQH/BIHtMIHqMIG7BAIAATCBtAME
AlIVHAMEAFIYTAMEAFIYZAMEAFIamgMEAFIayQMEAFIdADAMAwQBUh0CAwQAUh0E
AwQAUh1mAwQBUh1oAwQAUinIAwQFUi9AAwQBVEsSAwQAVEsiMAwDBAJUSyQDBABU
SyYwDAMEAFRLKQMEAFRLKgMEAFRLMDAMAwQBVEsyAwQBVEs0AwQAVEs3MAwDBABU
Sz0DBAFUS0AwDAMEAFRLQwMEAFRLRgMEBVRLYAMEArJTcDAqBAIAAjAkAwcAKhOV
AAEQAwcBKhOVAAEmAwcAKhOVAAE6AwcAKhOVAAFXMA0GCSqGSIb3DQEBCwUAA4IB
AQAsHAV4ZerZuXHjcSjJ7cTc46jTyCoS17K//VdTRXIFekFC4BEwGhio5+TP/+6z
9PBUxC71O8tAuBejbrc/3tERvZWWFYOx3JMFEbpub70WqpZqLjTdy950daVraA3T
z60Zbk0H/34YU24eP8w5G8hj3VQJnjK3SvA5Dk+01BNuepOCEG0kCh2tcRA3hANn
HSD7Oc193wIxkO7kIIdxChfISkRl1pgR/h6PqsbMReEhT76NU3lcVr0fqu6l/M5D
g+Yn7wNdG4ap/QsohTs8b1NLa309k3Skea4TUQBX7o9KgOheZHuVVxz963Il86xO
J66PL1j2pTjhYkUvH27nb17k
-----END CERTIFICATE-----
Generated at Fri Apr 17 05:56:54 2026 by rpki-client