Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
File: AS9009.roa (raw, json)
Hash identifier: TiCpAeg+pV127RkOfHJJuS6oYvSKkQ8FSQAbBEqF6V0=
Subject key identifier: 06:CA:62:80:9F:2A:62:5E:19:2F:59:A3:F0:AF:6C:32:58:39:9E:53
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 6A72BEF43F321243DC3C0FA264C9D6AC30EE15E4
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
Signing time: Wed 16 Oct 2024 17:08:52 +0000
ROA not before: Wed 16 Oct 2024 17:03:52 +0000
ROA not after: Wed 15 Oct 2025 17:08:52 +0000
asID: 9009
IP address blocks: 145.223.41.0/24 maxlen: 24
145.223.47.0/24 maxlen: 24
147.79.28.0/24 maxlen: 24
148.135.212.0/22 maxlen: 24
148.135.220.0/22 maxlen: 24
148.135.228.0/22 maxlen: 24
148.135.236.0/22 maxlen: 24
148.135.244.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Nov 2024 09:57:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6a:72:be:f4:3f:32:12:43:dc:3c:0f:a2:64:c9:d6:ac:30:ee:15:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Oct 16 17:03:52 2024 GMT
Not After : Oct 15 17:08:52 2025 GMT
Subject: CN=06CA62809F2A625E192F59A3F0AF6C3258399E53
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:7e:ae:f3:4a:c2:41:74:a4:17:f4:5e:14:64:
c7:25:4c:a7:f9:63:9b:94:e6:7b:fd:c1:28:25:b6:
38:81:11:94:e6:74:ac:ff:89:68:e0:d0:d4:0c:aa:
2d:b3:d1:33:1e:53:57:11:80:f8:95:9b:9b:a2:6d:
5d:12:e7:80:7a:3d:bc:fb:df:8b:e0:cb:7a:cc:7a:
81:f4:d7:7e:40:6a:0f:7a:84:b5:18:36:e5:38:bd:
f2:41:63:21:bc:07:07:5a:f3:f1:a4:87:e5:3c:0a:
59:ab:77:59:b2:0d:6f:32:78:6d:b9:21:ed:98:72:
4f:5e:8e:3f:dc:92:0c:73:77:86:df:d5:ee:c0:94:
b4:90:6d:bf:db:f5:77:0c:55:7f:8d:ae:cb:5c:44:
bd:0e:ae:56:53:c3:51:e2:34:da:5a:26:dd:e8:b8:
91:0e:ab:b7:6d:fb:b9:0f:b9:42:43:92:3c:2f:c9:
5a:af:06:50:d2:0d:c4:c2:a0:ca:f1:90:f6:8f:ad:
63:b1:a0:48:f1:ce:38:39:38:68:8e:7d:94:26:ed:
ca:3d:8c:a8:9d:4a:52:60:16:c7:5e:37:98:4d:1c:
a9:5e:50:7d:7e:0b:82:fa:bf:4c:6f:fd:9d:c4:5d:
b9:41:14:08:5f:99:74:c4:44:e1:9a:b4:ef:93:0d:
82:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:CA:62:80:9F:2A:62:5E:19:2F:59:A3:F0:AF:6C:32:58:39:9E:53
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
145.223.41.0/24
145.223.47.0/24
147.79.28.0/24
148.135.212.0/22
148.135.220.0/22
148.135.228.0/22
148.135.236.0/22
148.135.244.0/22
Signature Algorithm: sha256WithRSAEncryption
6b:43:d5:96:38:a7:e4:f4:4c:97:dd:76:63:c8:4b:ee:3a:bb:
48:be:21:d9:b8:16:5a:99:83:ec:d6:e2:67:e3:98:fe:e3:8d:
83:b2:f6:07:49:4d:f0:04:a3:7a:0c:9b:94:33:87:c3:a6:97:
ac:f4:03:69:ea:98:21:8f:f1:02:ec:d8:c4:17:0a:34:76:af:
38:1f:d8:2d:cb:c9:a4:ab:69:dd:38:27:96:83:7c:e3:5e:c9:
b4:58:32:dc:ad:29:ce:a9:cc:57:7f:90:4d:b0:e6:51:d9:f9:
16:fe:86:58:a5:8d:88:a1:7c:df:77:88:19:da:c4:d7:01:88:
9e:9e:5d:df:11:01:df:95:4c:f9:df:c3:da:a8:60:2d:7e:9f:
6e:78:17:c8:ad:d7:42:fb:21:80:dc:5a:86:82:4e:b1:d2:32:
f3:c4:42:f9:7d:60:14:e8:c3:e1:c3:d8:f1:48:df:d5:ae:0d:
9d:e6:a9:89:ed:90:d5:3d:cc:ec:97:98:1d:8f:91:6c:71:8e:
6d:d9:21:32:1d:e4:e7:8c:5d:8d:92:5e:2f:9e:a7:34:ce:26:
78:79:8e:b5:aa:d6:f8:05:11:5d:a2:7f:aa:90:e4:22:af:5e:
2f:32:bb:04:7f:a0:05:a6:ce:16:c2:3d:eb:b2:41:1e:d2:49:
b0:a1:69:8a
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUanK+9D8yEkPcPA+iZMnWrDDuFeQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDEwMTYxNzAzNTJaFw0yNTEwMTUxNzA4NTJaMDMxMTAvBgNV
BAMTKDA2Q0E2MjgwOUYyQTYyNUUxOTJGNTlBM0YwQUY2QzMyNTgzOTlFNTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSfq7zSsJBdKQX9F4UZMclTKf5
Y5uU5nv9wSgltjiBEZTmdKz/iWjg0NQMqi2z0TMeU1cRgPiVm5uibV0S54B6Pbz7
34vgy3rMeoH0135Aag96hLUYNuU4vfJBYyG8Bwda8/Gkh+U8Clmrd1myDW8yeG25
Ie2Yck9ejj/ckgxzd4bf1e7AlLSQbb/b9XcMVX+NrstcRL0OrlZTw1HiNNpaJt3o
uJEOq7dt+7kPuUJDkjwvyVqvBlDSDcTCoMrxkPaPrWOxoEjxzjg5OGiOfZQm7co9
jKidSlJgFsdeN5hNHKleUH1+C4L6v0xv/Z3EXblBFAhfmXTEROGatO+TDYJ/AgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUBspigJ8qYl4ZL1mj8K9sMlg5nlMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBJBggrBgEFBQcBBwEB/wQ6MDgwNgQCAAEwMAMEAJHfKQME
AJHfLwMEAJNPHAMEApSH1AMEApSH3AMEApSH5AMEApSH7AMEApSH9DANBgkqhkiG
9w0BAQsFAAOCAQEAa0PVljin5PRMl912Y8hL7jq7SL4h2bgWWpmD7NbiZ+OY/uON
g7L2B0lN8ASjegyblDOHw6aXrPQDaeqYIY/xAuzYxBcKNHavOB/YLcvJpKtp3Tgn
loN8417JtFgy3K0pzqnMV3+QTbDmUdn5Fv6GWKWNiKF833eIGdrE1wGInp5d3xEB
35VM+d/D2qhgLX6fbngXyK3XQvshgNxahoJOsdIy88RC+X1gFOjD4cPY8Ujf1a4N
neapie2Q1T3M7JeYHY+RbHGObdkhMh3k54xdjZJeL56nNM4meHmOtarW+AURXaJ/
qpDkIq9eLzK7BH+gBabOFsI967JBHtJJsKFpig==
-----END CERTIFICATE-----
Generated at Thu Nov 21 14:22:16 2024 by rpki-client on console-ams.rpki-client.org