Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
File: AS9009.roa (raw, json)
Hash identifier: OgS422gyJ6f84yMkgoRZeCUuX90maPqO+LGqX2CnWUs=
Subject key identifier: 40:B7:B5:71:E7:D3:CF:83:99:9F:FA:AD:92:08:13:86:AD:6D:DA:00
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 276239882AAD7F4AB047C614FB74D5D0A3B2F9BE
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
Signing time: Fri 22 May 2026 06:37:55 +0000
ROA not before: Fri 22 May 2026 06:32:55 +0000
ROA not after: Fri 21 May 2027 06:37:55 +0000
asID: 9009
IP address blocks: 96.62.251.0/24 maxlen: 24
96.62.254.0/24 maxlen: 24
136.143.248.0/24 maxlen: 24
136.143.249.0/24 maxlen: 24
136.143.250.0/24 maxlen: 24
140.150.232.0/23 maxlen: 24
145.223.41.0/24 maxlen: 24
145.223.47.0/24 maxlen: 24
147.79.28.0/24 maxlen: 24
148.135.212.0/22 maxlen: 24
148.135.220.0/22 maxlen: 24
148.135.228.0/22 maxlen: 24
148.135.236.0/22 maxlen: 24
148.135.244.0/22 maxlen: 24
150.241.174.0/24 maxlen: 24
150.241.234.0/24 maxlen: 24
158.140.194.0/24 maxlen: 24
158.140.196.0/24 maxlen: 24
158.140.199.0/24 maxlen: 24
158.140.200.0/24 maxlen: 24
158.140.202.0/24 maxlen: 24
158.140.203.0/24 maxlen: 24
158.140.205.0/24 maxlen: 24
158.140.214.0/24 maxlen: 24
162.141.12.0/24 maxlen: 24
162.141.48.0/24 maxlen: 24
162.141.116.0/24 maxlen: 24
162.141.138.0/24 maxlen: 24
167.148.136.0/24 maxlen: 24
167.148.162.0/24 maxlen: 24
203.160.116.0/24 maxlen: 24
203.160.125.0/24 maxlen: 24
203.160.127.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 04 Jun 2026 15:08:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
27:62:39:88:2a:ad:7f:4a:b0:47:c6:14:fb:74:d5:d0:a3:b2:f9:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: May 22 06:32:55 2026 GMT
Not After : May 21 06:37:55 2027 GMT
Subject: CN=40B7B571E7D3CF83999FFAAD92081386AD6DDA00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:8b:95:7f:9d:dd:c0:e1:d9:1d:a4:ee:30:c7:
b7:f2:f2:16:18:48:28:c6:81:ff:77:b7:a1:59:f9:
ba:09:d3:00:ec:5d:88:a0:88:c1:37:5e:56:4e:5f:
0c:99:de:d8:d3:f5:88:92:a6:0f:ef:db:95:cb:51:
f7:bb:31:89:79:42:14:4c:59:79:f9:9e:aa:f9:3b:
a4:92:52:76:2a:f8:9d:54:87:7d:f7:ec:ff:2a:84:
66:a2:54:44:32:c9:77:3a:95:34:af:d1:76:b3:62:
4e:71:61:94:90:c7:09:25:07:d8:61:a2:ca:9a:aa:
35:d1:e9:89:3c:1f:73:61:0d:ce:b1:b9:9d:fe:52:
08:8f:c2:f2:88:67:79:ab:12:3e:ef:9e:b7:4b:ec:
d8:98:8e:e4:3c:7d:3e:15:77:1c:de:59:7a:1d:7d:
89:85:95:e8:ae:36:11:87:a4:1c:81:82:51:b6:5a:
60:c1:6c:74:17:51:c3:ed:77:ed:5c:ee:48:7a:d5:
5c:23:45:31:1b:9c:40:e7:db:c5:05:1f:d5:5e:3d:
54:75:65:d5:27:75:fd:bf:ce:95:af:a2:32:53:58:
05:97:b8:5b:e4:ac:de:3b:d5:d1:bb:40:c0:65:7b:
35:5e:fe:c6:76:ab:23:47:0f:57:a8:dc:46:ea:a6:
3b:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:B7:B5:71:E7:D3:CF:83:99:9F:FA:AD:92:08:13:86:AD:6D:DA:00
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.251.0/24
96.62.254.0/24
136.143.248.0-136.143.250.255
140.150.232.0/23
145.223.41.0/24
145.223.47.0/24
147.79.28.0/24
148.135.212.0/22
148.135.220.0/22
148.135.228.0/22
148.135.236.0/22
148.135.244.0/22
150.241.174.0/24
150.241.234.0/24
158.140.194.0/24
158.140.196.0/24
158.140.199.0-158.140.200.255
158.140.202.0/23
158.140.205.0/24
158.140.214.0/24
162.141.12.0/24
162.141.48.0/24
162.141.116.0/24
162.141.138.0/24
167.148.136.0/24
167.148.162.0/24
203.160.116.0/24
203.160.125.0/24
203.160.127.0/24
Signature Algorithm: sha256WithRSAEncryption
56:f6:9e:37:3f:e2:d6:8f:1f:22:36:eb:2d:17:44:e9:e9:f0:
fe:91:fd:37:8e:4f:35:15:8f:5c:fc:13:31:b5:82:26:84:a5:
a2:26:1f:fb:34:7a:3e:8c:9b:f8:28:ff:27:f7:b3:51:a6:f9:
9f:a5:2a:b7:37:e9:7b:b0:18:4f:03:92:5d:12:f1:da:58:e7:
66:2b:df:1b:0d:d7:55:a8:7f:8c:e2:0c:18:18:04:20:a0:69:
d3:eb:10:fe:1e:c8:ac:c4:d2:3a:7c:9b:19:a8:15:dd:5f:93:
5c:e4:12:d7:42:3d:d1:ba:e1:0b:9e:bb:8a:4c:7d:84:83:86:
d3:00:11:e3:0b:29:8f:b5:bf:f1:47:03:0c:9c:ab:2f:af:bb:
85:b3:be:3e:a7:8e:d7:05:09:fe:6c:22:c8:75:0a:47:4f:97:
b7:75:c2:be:ae:89:61:72:91:55:6e:95:3b:39:4e:ab:eb:c1:
98:21:62:da:96:c5:4b:c3:21:2f:9c:1d:0a:73:a2:50:67:61:
86:31:b9:3d:81:c7:19:86:9f:14:0d:35:a6:69:e2:a1:dd:21:
85:ed:96:d0:b5:48:8f:88:8e:25:58:3a:3d:63:49:70:32:6e:
fe:a5:f6:5a:0d:0a:45:5b:cd:e9:70:6e:56:63:4a:47:a7:b1:
42:5a:78:15
-----BEGIN CERTIFICATE-----
MIIFuzCCBKOgAwIBAgIUJ2I5iCqtf0qwR8YU+3TV0KOy+b4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MjIwNjMyNTVaFw0yNzA1MjEwNjM3NTVaMDMxMTAvBgNV
BAMTKDQwQjdCNTcxRTdEM0NGODM5OTlGRkFBRDkyMDgxMzg2QUQ2RERBMDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvi5V/nd3A4dkdpO4wx7fy8hYY
SCjGgf93t6FZ+boJ0wDsXYigiME3XlZOXwyZ3tjT9YiSpg/v25XLUfe7MYl5QhRM
WXn5nqr5O6SSUnYq+J1Uh3337P8qhGaiVEQyyXc6lTSv0XazYk5xYZSQxwklB9hh
osqaqjXR6Yk8H3NhDc6xuZ3+UgiPwvKIZ3mrEj7vnrdL7NiYjuQ8fT4VdxzeWXod
fYmFleiuNhGHpByBglG2WmDBbHQXUcPtd+1c7kh61VwjRTEbnEDn28UFH9VePVR1
ZdUndf2/zpWvojJTWAWXuFvkrN471dG7QMBlezVe/sZ2qyNHD1eo3EbqpjvrAgMB
AAGjggLFMIICwTAdBgNVHQ4EFgQUQLe1cefTz4OZn/qtkggThq1t2gAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCB2wYIKwYBBQUHAQcBAf8EgcswgcgwgcUEAgABMIG+AwQA
YD77AwQAYD7+MAwDBAOIj/gDBACIj/oDBAGMlugDBACR3ykDBACR3y8DBACTTxwD
BAKUh9QDBAKUh9wDBAKUh+QDBAKUh+wDBAKUh/QDBACW8a4DBACW8eoDBACejMID
BACejMQwDAMEAJ6MxwMEAJ6MyAMEAZ6MygMEAJ6MzQMEAJ6M1gMEAKKNDAMEAKKN
MAMEAKKNdAMEAKKNigMEAKeUiAMEAKeUogMEAMugdAMEAMugfQMEAMugfzANBgkq
hkiG9w0BAQsFAAOCAQEAVvaeNz/i1o8fIjbrLRdE6enw/pH9N45PNRWPXPwTMbWC
JoSloiYf+zR6Poyb+Cj/J/ezUab5n6Uqtzfpe7AYTwOSXRLx2ljnZivfGw3XVah/
jOIMGBgEIKBp0+sQ/h7IrMTSOnybGagV3V+TXOQS10I90brhC567ikx9hIOG0wAR
4wspj7W/8UcDDJyrL6+7hbO+PqeO1wUJ/mwiyHUKR0+Xt3XCvq6JYXKRVW6VOzlO
q+vBmCFi2pbFS8MhL5wdCnOiUGdhhjG5PYHHGYafFA01pmniod0hhe2W0LVIj4iO
JVg6PWNJcDJu/qX2Wg0KRVvN6XBuVmNKR6exQlp4FQ==
-----END CERTIFICATE-----
Generated at Thu Jun 4 01:17:11 2026 by rpki-client