Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
File: AS9009.roa (raw, json)
Hash identifier: ZU4Zmp683oV1s/3dqTxCtbcwK8wBcVVkxGvu/f6se6w=
Subject key identifier: 85:CE:05:3C:35:80:24:F5:08:BB:4C:2B:BB:45:8E:60:65:00:E3:2C
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 4CF20CA5E94B8303377AEC5027D0C8B6C4983FD1
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
Signing time: Sat 17 May 2025 12:50:40 +0000
ROA not before: Sat 17 May 2025 12:45:40 +0000
ROA not after: Sat 16 May 2026 12:50:40 +0000
asID: 9009
IP address blocks: 96.62.250.0/24 maxlen: 24
96.62.251.0/24 maxlen: 24
96.62.254.0/24 maxlen: 24
96.62.255.0/24 maxlen: 24
136.143.248.0/24 maxlen: 24
136.143.249.0/24 maxlen: 24
145.223.41.0/24 maxlen: 24
145.223.47.0/24 maxlen: 24
147.79.28.0/24 maxlen: 24
148.135.212.0/22 maxlen: 24
148.135.220.0/22 maxlen: 24
148.135.228.0/22 maxlen: 24
148.135.236.0/22 maxlen: 24
148.135.244.0/22 maxlen: 24
158.140.199.0/24 maxlen: 24
158.140.200.0/24 maxlen: 24
158.140.202.0/24 maxlen: 24
158.140.203.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Jun 2025 23:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4c:f2:0c:a5:e9:4b:83:03:37:7a:ec:50:27:d0:c8:b6:c4:98:3f:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: May 17 12:45:40 2025 GMT
Not After : May 16 12:50:40 2026 GMT
Subject: CN=85CE053C358024F508BB4C2BBB458E606500E32C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:89:44:57:21:bd:b5:50:c6:9e:b8:e5:99:b9:
af:3e:72:b4:b9:b2:c3:1c:fc:15:ac:37:b8:c5:e6:
71:39:5c:72:8c:91:5d:1f:3e:fd:bc:31:fd:92:6e:
2c:09:c5:57:ee:25:e8:f1:5b:35:f2:11:7b:ed:aa:
f9:ec:46:8b:8b:e1:b6:11:f5:9e:bb:5e:af:58:8f:
5b:4a:8e:24:52:f3:6f:d9:da:3d:2b:fb:e9:69:ef:
f5:3a:c7:a4:0e:da:a8:d6:24:21:a0:f0:47:1f:59:
21:a3:4f:25:46:12:e6:7e:25:10:59:db:36:3c:f5:
e1:f7:77:ee:e2:5c:bf:2b:96:af:2d:45:b8:9b:e8:
f9:b3:af:b6:79:b9:db:a5:81:9d:39:ce:64:e9:e5:
5a:66:6a:0e:65:c8:db:fd:8f:f0:74:21:1d:c7:86:
e8:62:fd:08:87:bf:97:c3:f9:7f:46:41:86:24:60:
f8:b0:5f:2f:25:e6:a8:2d:c0:79:47:7b:05:13:2a:
28:1b:0b:b5:cb:f6:21:a3:4d:a5:9e:45:13:69:15:
14:b2:fa:62:7e:f7:13:0f:3c:ea:5c:45:df:38:79:
34:e3:10:db:55:6d:06:f1:f3:05:9a:80:7f:0a:67:
cb:2d:cb:49:ad:d8:21:62:ef:ce:95:4c:9e:24:fc:
00:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:CE:05:3C:35:80:24:F5:08:BB:4C:2B:BB:45:8E:60:65:00:E3:2C
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.250.0/23
96.62.254.0/23
136.143.248.0/23
145.223.41.0/24
145.223.47.0/24
147.79.28.0/24
148.135.212.0/22
148.135.220.0/22
148.135.228.0/22
148.135.236.0/22
148.135.244.0/22
158.140.199.0-158.140.200.255
158.140.202.0/23
Signature Algorithm: sha256WithRSAEncryption
36:a1:5d:85:a8:32:7b:4a:c2:c6:dc:3f:ad:96:23:70:27:f1:
c5:c9:fe:6f:63:4b:d3:fa:a0:71:3d:a4:eb:8a:65:d8:14:f8:
08:c1:7a:15:c5:1f:70:d4:8c:26:bc:80:a0:87:b0:81:9d:eb:
9b:65:d0:f3:8c:01:47:c0:5b:c3:b3:6e:c4:9d:35:8b:93:3b:
6d:6d:e4:d3:54:f9:d3:c8:af:a4:2c:8a:40:1b:46:ef:81:e7:
5b:7b:9e:99:b3:14:8d:f8:c2:4f:7c:ac:32:25:81:3a:8b:41:
a5:9b:e0:ee:16:fa:ad:26:7d:47:71:5c:d8:93:7e:ce:07:67:
6f:55:16:dc:71:7a:bd:b3:d9:82:3c:19:06:80:eb:62:8f:e4:
6f:12:05:e9:f7:e8:56:1e:66:15:5f:95:78:ff:a7:34:3b:f9:
40:81:4d:d7:ab:e7:8c:e6:d1:0e:cd:00:cf:b5:6a:f4:b0:38:
da:46:e3:48:54:84:55:17:cb:6d:6c:f9:a1:00:f6:ef:ea:3c:
9c:41:f2:f5:0e:27:00:d4:d9:9e:b7:05:df:d4:6a:a7:41:01:
09:b1:ee:7d:a5:6c:d8:ee:e9:2f:ac:74:51:27:d9:0d:cb:17:
b3:bf:4d:d4:9f:c3:a0:a0:84:fe:82:80:df:73:e8:43:b5:4b:
46:95:f1:6f
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgIUTPIMpelLgwM3euxQJ9DItsSYP9EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MTcxMjQ1NDBaFw0yNjA1MTYxMjUwNDBaMDMxMTAvBgNV
BAMTKDg1Q0UwNTNDMzU4MDI0RjUwOEJCNEMyQkJCNDU4RTYwNjUwMEUzMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDciURXIb21UMaeuOWZua8+crS5
ssMc/BWsN7jF5nE5XHKMkV0fPv28Mf2SbiwJxVfuJejxWzXyEXvtqvnsRouL4bYR
9Z67Xq9Yj1tKjiRS82/Z2j0r++lp7/U6x6QO2qjWJCGg8EcfWSGjTyVGEuZ+JRBZ
2zY89eH3d+7iXL8rlq8tRbib6Pmzr7Z5udulgZ05zmTp5Vpmag5lyNv9j/B0IR3H
huhi/QiHv5fD+X9GQYYkYPiwXy8l5qgtwHlHewUTKigbC7XL9iGjTaWeRRNpFRSy
+mJ+9xMPPOpcRd84eTTjENtVbQbx8wWagH8KZ8sty0mt2CFi786VTJ4k/AAtAgMB
AAGjggJYMIICVDAdBgNVHQ4EFgQUhc4FPDWAJPUIu0wru0WOYGUA4ywwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBvBggrBgEFBQcBBwEB/wRgMF4wXAQCAAEwVgMEAWA++gME
AWA+/gMEAYiP+AMEAJHfKQMEAJHfLwMEAJNPHAMEApSH1AMEApSH3AMEApSH5AME
ApSH7AMEApSH9DAMAwQAnozHAwQAnozIAwQBnozKMA0GCSqGSIb3DQEBCwUAA4IB
AQA2oV2FqDJ7SsLG3D+tliNwJ/HFyf5vY0vT+qBxPaTrimXYFPgIwXoVxR9w1Iwm
vICgh7CBneubZdDzjAFHwFvDs27EnTWLkzttbeTTVPnTyK+kLIpAG0bvgedbe56Z
sxSN+MJPfKwyJYE6i0Glm+DuFvqtJn1HcVzYk37OB2dvVRbccXq9s9mCPBkGgOti
j+RvEgXp9+hWHmYVX5V4/6c0O/lAgU3Xq+eM5tEOzQDPtWr0sDjaRuNIVIRVF8tt
bPmhAPbv6jycQfL1DicA1NmetwXf1GqnQQEJse59pWzY7ukvrHRRJ9kNyxezv03U
n8OgoIT+goDfc+hDtUtGlfFv
-----END CERTIFICATE-----
Generated at Tue Jun 3 10:11:45 2025 by rpki-client