Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
File: AS9009.roa (raw, json)
Hash identifier: FP5tSrn9rK8TOcRXIdqDZxpxm3N36FIud1yLUtcFlrY=
Subject key identifier: 6E:57:30:87:6D:7E:9B:D1:46:F8:15:F3:F6:F8:ED:7F:FD:B3:75:4D
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 73D16DF480AB67B928F913412FCD4E45C80098E3
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
Signing time: Fri 11 Jul 2025 21:37:42 +0000
ROA not before: Fri 11 Jul 2025 21:32:42 +0000
ROA not after: Fri 10 Jul 2026 21:37:42 +0000
asID: 9009
IP address blocks: 96.62.251.0/24 maxlen: 24
96.62.254.0/24 maxlen: 24
96.62.255.0/24 maxlen: 24
136.143.248.0/24 maxlen: 24
136.143.249.0/24 maxlen: 24
145.223.41.0/24 maxlen: 24
145.223.47.0/24 maxlen: 24
147.79.28.0/24 maxlen: 24
148.135.212.0/22 maxlen: 24
148.135.220.0/22 maxlen: 24
148.135.228.0/22 maxlen: 24
148.135.236.0/22 maxlen: 24
148.135.244.0/22 maxlen: 24
158.140.199.0/24 maxlen: 24
158.140.200.0/24 maxlen: 24
158.140.202.0/24 maxlen: 24
158.140.203.0/24 maxlen: 24
162.141.12.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 03:57:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
73:d1:6d:f4:80:ab:67:b9:28:f9:13:41:2f:cd:4e:45:c8:00:98:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Jul 11 21:32:42 2025 GMT
Not After : Jul 10 21:37:42 2026 GMT
Subject: CN=6E5730876D7E9BD146F815F3F6F8ED7FFDB3754D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:0b:23:db:a8:2a:6d:31:64:0a:65:fc:1d:26:
fd:7d:46:9f:ce:f3:9b:c4:d0:ed:dc:0c:cc:eb:d0:
f5:3f:59:95:61:f2:ea:54:94:1f:2c:59:6d:21:9f:
00:9f:69:69:75:50:88:2a:28:a0:13:73:c1:05:24:
e5:e4:39:94:0b:29:57:65:30:bc:92:76:b6:2c:84:
b0:7e:e7:b7:11:94:3e:82:8a:3f:de:ee:0d:23:7f:
cc:51:8e:78:a5:76:66:7a:ec:6e:01:66:9f:a1:f2:
5b:db:83:c6:c8:f5:a2:50:ec:13:e0:82:1a:87:90:
49:69:a1:4a:4a:3b:24:4b:39:76:e3:45:aa:b9:db:
d8:c9:a5:cc:fe:c5:5d:bd:d5:9d:8f:c2:6b:11:01:
f4:34:a7:74:55:16:23:5b:67:64:12:74:39:41:61:
02:52:f0:ec:21:2a:8e:1b:3a:bc:83:53:c1:e2:53:
d9:0a:b1:b4:da:44:e5:fe:c8:75:9f:24:1d:2d:e9:
f8:2d:1c:77:d1:0b:c2:47:8a:71:c6:05:30:79:d5:
f7:71:c2:71:6b:87:42:13:21:13:c1:08:15:da:00:
37:7f:d4:b5:58:1f:c0:7b:b5:f2:90:f7:91:54:b7:
1b:a9:4b:8f:38:6f:dc:ba:20:17:12:ed:7e:6c:70:
fc:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:57:30:87:6D:7E:9B:D1:46:F8:15:F3:F6:F8:ED:7F:FD:B3:75:4D
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.251.0/24
96.62.254.0/23
136.143.248.0/23
145.223.41.0/24
145.223.47.0/24
147.79.28.0/24
148.135.212.0/22
148.135.220.0/22
148.135.228.0/22
148.135.236.0/22
148.135.244.0/22
158.140.199.0-158.140.200.255
158.140.202.0/23
162.141.12.0/24
Signature Algorithm: sha256WithRSAEncryption
70:56:d3:1e:54:9a:25:9b:a4:1a:88:69:5e:ab:43:b1:cf:5f:
4f:59:1b:38:42:d2:37:25:7d:78:94:2a:97:97:01:fc:98:4c:
43:5b:d2:b8:72:6e:28:9f:1a:83:a4:06:e7:0c:67:bb:80:eb:
fd:1c:f8:57:da:d0:b3:2c:53:5e:e2:ad:cc:9f:f1:3e:10:58:
29:ad:4f:ff:f0:85:e7:0e:b6:c2:4b:b7:ff:48:ac:72:3e:8a:
68:fa:59:d5:63:38:69:35:18:e2:6c:09:8b:84:f9:b5:41:75:
63:9a:89:4a:b3:a9:97:73:d6:7e:04:54:d8:55:53:8e:2e:91:
2a:da:42:95:f2:d9:2a:2b:dd:69:40:a1:2b:06:15:a3:dc:86:
a3:09:09:68:6a:ef:56:00:45:ba:ce:b9:6d:e0:d0:9b:93:03:
a3:c4:70:38:30:c7:bf:81:95:0c:b5:14:5c:75:43:1a:f4:b1:
23:8c:a5:6e:6e:51:c1:f6:77:30:e5:a6:65:8c:89:27:04:e1:
1e:97:97:ef:66:2e:3d:c2:00:52:e7:a9:87:3e:9f:c7:23:bd:
5a:1f:84:20:23:bb:93:17:69:22:c4:ec:9c:4c:31:67:75:88:
c2:a4:4f:f3:b6:8d:be:dd:65:13:84:18:61:be:5d:24:37:9b:
65:89:03:5c
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgIUc9Ft9ICrZ7ko+RNBL81ORcgAmOMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MTEyMTMyNDJaFw0yNjA3MTAyMTM3NDJaMDMxMTAvBgNV
BAMTKDZFNTczMDg3NkQ3RTlCRDE0NkY4MTVGM0Y2RjhFRDdGRkRCMzc1NEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgCyPbqCptMWQKZfwdJv19Rp/O
85vE0O3cDMzr0PU/WZVh8upUlB8sWW0hnwCfaWl1UIgqKKATc8EFJOXkOZQLKVdl
MLySdrYshLB+57cRlD6Cij/e7g0jf8xRjnildmZ67G4BZp+h8lvbg8bI9aJQ7BPg
ghqHkElpoUpKOyRLOXbjRaq529jJpcz+xV291Z2PwmsRAfQ0p3RVFiNbZ2QSdDlB
YQJS8OwhKo4bOryDU8HiU9kKsbTaROX+yHWfJB0t6fgtHHfRC8JHinHGBTB51fdx
wnFrh0ITIRPBCBXaADd/1LVYH8B7tfKQ95FUtxupS484b9y6IBcS7X5scPxlAgMB
AAGjggJeMIICWjAdBgNVHQ4EFgQUblcwh21+m9FG+BXz9vjtf/2zdU0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjB1BggrBgEFBQcBBwEB/wRmMGQwYgQCAAEwXAMEAGA++wME
AWA+/gMEAYiP+AMEAJHfKQMEAJHfLwMEAJNPHAMEApSH1AMEApSH3AMEApSH5AME
ApSH7AMEApSH9DAMAwQAnozHAwQAnozIAwQBnozKAwQAoo0MMA0GCSqGSIb3DQEB
CwUAA4IBAQBwVtMeVJolm6QaiGleq0Oxz19PWRs4QtI3JX14lCqXlwH8mExDW9K4
cm4onxqDpAbnDGe7gOv9HPhX2tCzLFNe4q3Mn/E+EFgprU//8IXnDrbCS7f/SKxy
Popo+lnVYzhpNRjibAmLhPm1QXVjmolKs6mXc9Z+BFTYVVOOLpEq2kKV8tkqK91p
QKErBhWj3IajCQloau9WAEW6zrlt4NCbkwOjxHA4MMe/gZUMtRRcdUMa9LEjjKVu
blHB9ncw5aZljIknBOEel5fvZi49wgBS56mHPp/HI71aH4QgI7uTF2kixOycTDFn
dYjCpE/zto2+3WUThBhhvl0kN5tliQNc
-----END CERTIFICATE-----
Generated at Sun Jul 20 11:10:07 2025 by rpki-client