Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
File: AS9009.roa (raw, json)
Hash identifier: ktVYtgvAonXOPvLWgQF2Tez1Z2EmFnyBbQqZmuc0GY8=
Subject key identifier: F9:46:FA:72:FD:A1:27:12:5F:66:6F:C9:2C:F9:3F:5B:9B:B2:BC:0F
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 529C93C46FBC98D5D3D76090278746FFBF02A36F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
Signing time: Tue 02 Sep 2025 11:39:14 +0000
ROA not before: Tue 02 Sep 2025 11:34:14 +0000
ROA not after: Tue 01 Sep 2026 11:39:14 +0000
asID: 9009
IP address blocks: 96.62.251.0/24 maxlen: 24
96.62.254.0/24 maxlen: 24
136.143.248.0/24 maxlen: 24
136.143.249.0/24 maxlen: 24
143.14.241.0/24 maxlen: 24
143.14.244.0/24 maxlen: 24
143.14.246.0/24 maxlen: 24
145.223.41.0/24 maxlen: 24
145.223.47.0/24 maxlen: 24
147.79.28.0/24 maxlen: 24
148.135.212.0/22 maxlen: 24
148.135.220.0/22 maxlen: 24
148.135.228.0/22 maxlen: 24
148.135.236.0/22 maxlen: 24
148.135.244.0/22 maxlen: 24
150.241.238.0/24 maxlen: 24
150.241.239.0/24 maxlen: 24
158.140.199.0/24 maxlen: 24
158.140.200.0/24 maxlen: 24
158.140.202.0/24 maxlen: 24
158.140.203.0/24 maxlen: 24
162.141.12.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 06 Sep 2025 01:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:9c:93:c4:6f:bc:98:d5:d3:d7:60:90:27:87:46:ff:bf:02:a3:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Sep 2 11:34:14 2025 GMT
Not After : Sep 1 11:39:14 2026 GMT
Subject: CN=F946FA72FDA127125F666FC92CF93F5B9BB2BC0F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:2f:30:f0:2f:40:67:a6:f4:80:19:37:73:98:
e5:5a:05:6c:f8:06:cc:42:76:b3:a5:b2:36:33:c1:
02:8e:ce:75:d0:3c:a1:4f:88:de:e3:fe:e6:a8:6a:
c6:dd:f7:14:c4:77:3b:bf:1b:1f:95:cb:e6:ba:89:
d4:b7:2c:24:d5:3c:79:90:68:0f:00:f6:1f:bd:c6:
f5:5d:d7:98:30:9c:1d:35:d3:62:77:1e:69:62:1a:
1b:e2:c7:00:ed:5c:63:54:b1:e0:99:be:d6:3a:af:
3a:9b:41:04:59:6a:9f:c0:c9:7c:e9:bc:fc:7f:94:
b2:a9:f5:cd:3f:60:dd:cb:11:62:db:4a:d3:f9:1a:
d7:7c:f9:65:a7:ef:aa:fa:7e:65:bd:b9:dd:22:83:
d8:18:ea:ea:ce:ff:36:da:b5:74:35:9f:ee:b6:d0:
74:9f:c4:ee:e6:d0:30:e5:2b:62:e2:ff:09:2d:42:
92:69:1b:63:89:b9:e3:25:34:fe:c9:17:40:4e:18:
8c:b0:a8:2a:9e:ee:da:1b:4f:05:07:70:20:45:3e:
7a:28:fd:92:e9:cb:69:9f:5c:91:aa:ed:75:aa:fc:
29:86:28:88:17:fa:21:9f:d9:e2:de:81:e5:c5:20:
30:61:d8:04:f2:3c:96:f0:81:5c:20:50:2d:81:01:
04:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:46:FA:72:FD:A1:27:12:5F:66:6F:C9:2C:F9:3F:5B:9B:B2:BC:0F
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.251.0/24
96.62.254.0/24
136.143.248.0/23
143.14.241.0/24
143.14.244.0/24
143.14.246.0/24
145.223.41.0/24
145.223.47.0/24
147.79.28.0/24
148.135.212.0/22
148.135.220.0/22
148.135.228.0/22
148.135.236.0/22
148.135.244.0/22
150.241.238.0/23
158.140.199.0-158.140.200.255
158.140.202.0/23
162.141.12.0/24
Signature Algorithm: sha256WithRSAEncryption
7d:8f:a5:be:9d:8d:b5:38:07:a7:2f:60:bf:4d:c4:b8:f0:1f:
a0:45:38:36:46:87:e1:4f:bc:64:81:ec:87:34:d0:66:b6:e9:
b1:5c:47:c3:a0:87:22:fe:40:3d:6d:96:c4:e0:8c:af:7a:8f:
d1:1d:d2:2f:c2:ac:c7:4c:03:3f:09:8d:89:72:c4:6c:9c:ec:
8d:7e:66:ea:df:f0:b7:71:25:b4:23:1d:c1:c3:f1:fc:6b:93:
e4:76:04:92:40:00:82:e0:40:d1:73:15:b1:30:26:9f:cf:27:
26:67:e7:69:a7:98:30:a1:39:81:82:05:e7:12:78:0f:24:36:
44:74:8b:8a:ed:da:88:e8:9c:f0:87:58:bf:29:95:65:06:b3:
0c:ce:74:6b:47:e0:e6:9a:06:d6:96:eb:76:b6:16:2a:77:a8:
c7:ac:9f:22:dc:98:ee:3e:c5:1e:3a:98:c3:52:69:f3:9e:87:
26:d9:be:7b:fb:6e:1a:d4:9f:58:92:d0:bb:93:96:3e:6c:9d:
cf:8e:af:0b:be:a5:ef:dc:95:45:10:70:b3:f9:9a:01:8b:f7:
77:d7:9f:9f:0d:88:f3:d8:33:e0:b0:c7:af:ef:92:8c:26:00:
94:f1:67:f1:86:71:9b:57:bd:81:b7:65:58:8b:08:ad:82:28:
44:5d:bf:90
-----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgIUUpyTxG+8mNXT12CQJ4dG/78Co28wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA5MDIxMTM0MTRaFw0yNjA5MDExMTM5MTRaMDMxMTAvBgNV
BAMTKEY5NDZGQTcyRkRBMTI3MTI1RjY2NkZDOTJDRjkzRjVCOUJCMkJDMEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTLzDwL0BnpvSAGTdzmOVaBWz4
BsxCdrOlsjYzwQKOznXQPKFPiN7j/uaoasbd9xTEdzu/Gx+Vy+a6idS3LCTVPHmQ
aA8A9h+9xvVd15gwnB0102J3HmliGhvixwDtXGNUseCZvtY6rzqbQQRZap/AyXzp
vPx/lLKp9c0/YN3LEWLbStP5Gtd8+WWn76r6fmW9ud0ig9gY6urO/zbatXQ1n+62
0HSfxO7m0DDlK2Li/wktQpJpG2OJueMlNP7JF0BOGIywqCqe7tobTwUHcCBFPnoo
/ZLpy2mfXJGq7XWq/CmGKIgX+iGf2eLegeXFIDBh2ATyPJbwgVwgUC2BAQQxAgMB
AAGjggJ3MIICczAdBgNVHQ4EFgQU+Ub6cv2hJxJfZm/JLPk/W5uyvA8wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCBjQYIKwYBBQUHAQcBAf8EfjB8MHoEAgABMHQDBABgPvsD
BABgPv4DBAGIj/gDBACPDvEDBACPDvQDBACPDvYDBACR3ykDBACR3y8DBACTTxwD
BAKUh9QDBAKUh9wDBAKUh+QDBAKUh+wDBAKUh/QDBAGW8e4wDAMEAJ6MxwMEAJ6M
yAMEAZ6MygMEAKKNDDANBgkqhkiG9w0BAQsFAAOCAQEAfY+lvp2NtTgHpy9gv03E
uPAfoEU4NkaH4U+8ZIHshzTQZrbpsVxHw6CHIv5APW2WxOCMr3qP0R3SL8Ksx0wD
PwmNiXLEbJzsjX5m6t/wt3EltCMdwcPx/GuT5HYEkkAAguBA0XMVsTAmn88nJmfn
aaeYMKE5gYIF5xJ4DyQ2RHSLiu3aiOic8IdYvymVZQazDM50a0fg5poG1pbrdrYW
Kneox6yfItyY7j7FHjqYw1Jp856HJtm+e/tuGtSfWJLQu5OWPmydz46vC76l79yV
RRBws/maAYv3d9efnw2I89gz4LDHr++SjCYAlPFn8YZxm1e9gbdlWIsIrYIoRF2/
kA==
-----END CERTIFICATE-----
Generated at Fri Sep 5 06:03:17 2025 by rpki-client