Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9009.roa
File: AS9009.roa (raw, json)
Hash identifier: o8iGCM/sKzlE8xpV2UBkn4eQtb3PPZYBKK71SgZt160=
Subject key identifier: CC:D1:CE:DE:BE:17:3F:68:2D:36:25:B7:FD:57:12:43:CE:ED:5A:9F
Certificate issuer: /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial: 7DA08B156C5F40FD9DD3AB561C82C4DF431DC5B9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9009.roa
Signing time: Tue 02 Sep 2025 08:59:59 +0000
ROA not before: Tue 02 Sep 2025 08:54:59 +0000
ROA not after: Tue 01 Sep 2026 08:59:59 +0000
asID: 9009
IP address blocks: 2.58.172.0/24 maxlen: 24
5.45.38.0/24 maxlen: 24
5.181.125.0/24 maxlen: 24
5.181.126.0/24 maxlen: 24
5.181.127.0/24 maxlen: 24
5.182.109.0/24 maxlen: 24
37.143.60.0/24 maxlen: 24
45.95.14.0/24 maxlen: 24
45.95.37.0/24 maxlen: 24
45.133.175.0/24 maxlen: 24
45.137.132.0/24 maxlen: 24
45.137.133.0/24 maxlen: 24
45.137.134.0/24 maxlen: 24
45.137.135.0/24 maxlen: 24
92.242.185.0/24 maxlen: 24
130.185.124.0/24 maxlen: 24
179.61.131.0/24 maxlen: 24
179.61.133.0/24 maxlen: 24
179.61.150.0/24 maxlen: 24
179.61.165.0/24 maxlen: 24
179.61.171.0/24 maxlen: 24
179.61.183.0/24 maxlen: 24
179.61.186.0/24 maxlen: 24
179.61.201.0/24 maxlen: 24
181.41.216.0/24 maxlen: 24
181.214.5.0/24 maxlen: 24
181.214.27.0/24 maxlen: 24
181.214.45.0/24 maxlen: 24
181.214.55.0/24 maxlen: 24
181.214.71.0/24 maxlen: 24
181.214.72.0/24 maxlen: 24
181.214.92.0/24 maxlen: 24
181.214.115.0/24 maxlen: 24
181.214.127.0/24 maxlen: 24
181.214.170.0/24 maxlen: 24
181.214.175.0/24 maxlen: 24
181.214.204.0/24 maxlen: 24
181.214.207.0/24 maxlen: 24
181.214.251.0/24 maxlen: 24
181.215.107.0/24 maxlen: 24
181.215.116.0/24 maxlen: 24
181.215.119.0/24 maxlen: 24
181.215.124.0/24 maxlen: 24
181.215.130.0/24 maxlen: 24
181.215.132.0/24 maxlen: 24
181.215.137.0/24 maxlen: 24
181.215.149.0/24 maxlen: 24
181.215.151.0/24 maxlen: 24
181.215.157.0/24 maxlen: 24
181.215.192.0/24 maxlen: 24
181.215.199.0/24 maxlen: 24
181.215.209.0/24 maxlen: 24
181.215.228.0/24 maxlen: 24
181.215.235.0/24 maxlen: 24
181.215.251.0/24 maxlen: 24
185.135.156.0/24 maxlen: 24
185.143.231.0/24 maxlen: 24
185.145.36.0/24 maxlen: 24
185.145.39.0/24 maxlen: 24
185.151.56.0/24 maxlen: 24
185.151.57.0/24 maxlen: 24
185.172.66.0/24 maxlen: 24
185.173.35.0/24 maxlen: 24
191.96.23.0/24 maxlen: 24
191.96.65.0/24 maxlen: 24
191.96.147.0/24 maxlen: 24
191.96.172.0/24 maxlen: 24
191.96.195.0/24 maxlen: 24
191.96.210.0/24 maxlen: 24
191.96.213.0/24 maxlen: 24
191.96.215.0/24 maxlen: 24
191.96.232.0/24 maxlen: 24
191.101.6.0/24 maxlen: 24
191.101.23.0/24 maxlen: 24
191.101.72.0/24 maxlen: 24
191.101.74.0/24 maxlen: 24
191.101.75.0/24 maxlen: 24
191.101.77.0/24 maxlen: 24
191.101.90.0/24 maxlen: 24
191.101.98.0/24 maxlen: 24
191.101.105.0/24 maxlen: 24
191.101.107.0/24 maxlen: 24
191.101.108.0/24 maxlen: 24
191.101.115.0/24 maxlen: 24
191.101.117.0/24 maxlen: 24
191.101.156.0/24 maxlen: 24
191.101.226.0/24 maxlen: 24
193.58.107.0/24 maxlen: 24
194.53.141.0/24 maxlen: 24
194.110.15.0/24 maxlen: 24
194.110.242.0/24 maxlen: 24
213.109.168.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 05 Sep 2025 21:34:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7d:a0:8b:15:6c:5f:40:fd:9d:d3:ab:56:1c:82:c4:df:43:1d:c5:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Validity
Not Before: Sep 2 08:54:59 2025 GMT
Not After : Sep 1 08:59:59 2026 GMT
Subject: CN=CCD1CEDEBE173F682D3625B7FD571243CEED5A9F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:a8:f1:f8:41:10:5c:7f:3d:8f:a3:e6:4a:9a:
9b:76:77:e8:02:f9:77:71:22:80:0e:a3:cb:0d:12:
af:37:7a:66:2d:35:d5:db:0d:4d:3a:f9:1f:b0:cd:
67:a4:11:76:34:c0:4b:6a:0b:a9:8d:5f:9b:b0:88:
90:47:dd:5b:9d:5f:dc:f1:24:4f:97:4f:d0:08:25:
cc:49:ec:fa:9f:47:ec:f4:84:3d:64:c8:26:54:cd:
90:f1:1d:db:dd:2b:82:c5:5a:4d:1e:99:68:a6:2a:
11:32:c6:73:46:f4:13:fe:9e:90:08:e3:22:26:7b:
a6:05:7a:f8:8d:ab:ac:8c:c2:30:d6:c5:6d:80:54:
c3:d4:d3:7a:cc:cd:8a:76:90:16:5c:81:44:93:5b:
0f:0d:23:66:af:ee:95:33:74:5a:bc:32:77:e9:0e:
78:b4:78:cd:bd:5f:5b:67:fc:31:95:29:84:27:80:
fc:16:2d:b1:cd:d6:e6:c1:b2:65:3e:9f:b1:c4:5e:
b4:fd:d4:f0:c3:07:67:4d:37:bc:88:e1:01:9d:21:
93:c6:ab:96:22:2f:2f:0a:fa:de:bd:10:3d:fa:fc:
df:34:83:5c:49:e1:28:c7:84:34:9d:bb:cf:8f:af:
a4:ba:37:fa:1b:0a:6f:2b:00:b0:74:8d:a1:1a:9f:
db:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:D1:CE:DE:BE:17:3F:68:2D:36:25:B7:FD:57:12:43:CE:ED:5A:9F
X509v3 Authority Key Identifier:
keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9009.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.172.0/24
5.45.38.0/24
5.181.125.0-5.181.127.255
5.182.109.0/24
37.143.60.0/24
45.95.14.0/24
45.95.37.0/24
45.133.175.0/24
45.137.132.0/22
92.242.185.0/24
130.185.124.0/24
179.61.131.0/24
179.61.133.0/24
179.61.150.0/24
179.61.165.0/24
179.61.171.0/24
179.61.183.0/24
179.61.186.0/24
179.61.201.0/24
181.41.216.0/24
181.214.5.0/24
181.214.27.0/24
181.214.45.0/24
181.214.55.0/24
181.214.71.0-181.214.72.255
181.214.92.0/24
181.214.115.0/24
181.214.127.0/24
181.214.170.0/24
181.214.175.0/24
181.214.204.0/24
181.214.207.0/24
181.214.251.0/24
181.215.107.0/24
181.215.116.0/24
181.215.119.0/24
181.215.124.0/24
181.215.130.0/24
181.215.132.0/24
181.215.137.0/24
181.215.149.0/24
181.215.151.0/24
181.215.157.0/24
181.215.192.0/24
181.215.199.0/24
181.215.209.0/24
181.215.228.0/24
181.215.235.0/24
181.215.251.0/24
185.135.156.0/24
185.143.231.0/24
185.145.36.0/24
185.145.39.0/24
185.151.56.0/23
185.172.66.0/24
185.173.35.0/24
191.96.23.0/24
191.96.65.0/24
191.96.147.0/24
191.96.172.0/24
191.96.195.0/24
191.96.210.0/24
191.96.213.0/24
191.96.215.0/24
191.96.232.0/24
191.101.6.0/24
191.101.23.0/24
191.101.72.0/24
191.101.74.0/23
191.101.77.0/24
191.101.90.0/24
191.101.98.0/24
191.101.105.0/24
191.101.107.0-191.101.108.255
191.101.115.0/24
191.101.117.0/24
191.101.156.0/24
191.101.226.0/24
193.58.107.0/24
194.53.141.0/24
194.110.15.0/24
194.110.242.0/24
213.109.168.0/24
Signature Algorithm: sha256WithRSAEncryption
36:1e:ab:a2:13:b2:6d:54:b4:78:bd:07:3d:41:c5:e5:97:a1:
5f:4a:ca:c8:94:c4:7e:7c:8e:07:5f:d1:a7:08:3e:32:f0:dc:
f6:82:2f:91:91:87:bd:80:16:db:5a:65:00:0e:ca:e9:e7:61:
ff:5a:0f:93:bc:24:0d:90:00:b5:46:80:c7:fb:ad:2d:cf:23:
eb:58:b6:a0:0e:3f:9e:95:d6:e0:44:91:4c:18:24:e5:0b:bf:
ab:ac:0f:06:3f:5e:0f:e8:ef:86:dd:c1:d8:fd:d1:2b:c6:0f:
a7:39:56:fa:27:2e:41:ce:a3:f2:60:3c:09:0a:75:c6:14:af:
db:36:e6:de:ca:81:6c:bd:a2:07:5e:bd:6d:48:17:66:9e:68:
42:78:4b:33:d8:5b:c7:07:5f:b9:e6:6f:d3:15:f2:c3:c8:38:
87:78:af:77:30:e3:ba:b2:dd:5e:09:0e:53:15:04:c0:41:2b:
42:74:a0:5c:d8:20:7e:ef:3c:06:c5:b2:4c:ef:b6:ce:32:b4:
2f:3f:d2:c4:8b:4a:fd:82:78:31:54:b5:ca:1b:b0:46:d8:96:
f0:46:33:ce:2a:63:2c:73:bb:1d:fe:ce:ff:37:60:7d:5b:ff:
91:b3:e0:b4:38:af:26:bb:53:f5:a8:8d:11:31:ba:d8:23:ab:
6f:b3:b2:a8
-----BEGIN CERTIFICATE-----
MIIHDDCCBfSgAwIBAgIUfaCLFWxfQP2d06tWHILE30MdxbkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA5MDIwODU0NTlaFw0yNjA5MDEwODU5NTlaMDMxMTAvBgNV
BAMTKENDRDFDRURFQkUxNzNGNjgyRDM2MjVCN0ZENTcxMjQzQ0VFRDVBOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSqPH4QRBcfz2Po+ZKmpt2d+gC
+XdxIoAOo8sNEq83emYtNdXbDU06+R+wzWekEXY0wEtqC6mNX5uwiJBH3VudX9zx
JE+XT9AIJcxJ7PqfR+z0hD1kyCZUzZDxHdvdK4LFWk0emWimKhEyxnNG9BP+npAI
4yIme6YFeviNq6yMwjDWxW2AVMPU03rMzYp2kBZcgUSTWw8NI2av7pUzdFq8Mnfp
Dni0eM29X1tn/DGVKYQngPwWLbHN1ubBsmU+n7HEXrT91PDDB2dNN7yI4QGdIZPG
q5YiLy8K+t69ED36/N80g1xJ4SjHhDSdu8+Pr6S6N/obCm8rALB0jaEan9vZAgMB
AAGjggQWMIIEEjAdBgNVHQ4EFgQUzNHO3r4XP2gtNiW3/VcSQ87tWp8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCCAisGCCsGAQUFBwEHAQH/BIICGjCCAhYwggISBAIAATCC
AgoDBAACOqwDBAAFLSYwDAMEAAW1fQMEBwW1AAMEAAW2bQMEACWPPAMEAC1fDgME
AC1fJQMEAC2FrwMEAi2JhAMEAFzyuQMEAIK5fAMEALM9gwMEALM9hQMEALM9lgME
ALM9pQMEALM9qwMEALM9twMEALM9ugMEALM9yQMEALUp2AMEALXWBQMEALXWGwME
ALXWLQMEALXWNzAMAwQAtdZHAwQAtdZIAwQAtdZcAwQAtdZzAwQAtdZ/AwQAtdaq
AwQAtdavAwQAtdbMAwQAtdbPAwQAtdb7AwQAtddrAwQAtdd0AwQAtdd3AwQAtdd8
AwQAtdeCAwQAtdeEAwQAtdeJAwQAtdeVAwQAtdeXAwQAtdedAwQAtdfAAwQAtdfH
AwQAtdfRAwQAtdfkAwQAtdfrAwQAtdf7AwQAuYecAwQAuY/nAwQAuZEkAwQAuZEn
AwQBuZc4AwQAuaxCAwQAua0jAwQAv2AXAwQAv2BBAwQAv2CTAwQAv2CsAwQAv2DD
AwQAv2DSAwQAv2DVAwQAv2DXAwQAv2DoAwQAv2UGAwQAv2UXAwQAv2VIAwQBv2VK
AwQAv2VNAwQAv2VaAwQAv2ViAwQAv2VpMAwDBAC/ZWsDBAC/ZWwDBAC/ZXMDBAC/
ZXUDBAC/ZZwDBAC/ZeIDBADBOmsDBADCNY0DBADCbg8DBADCbvIDBADVbagwDQYJ
KoZIhvcNAQELBQADggEBADYeq6ITsm1UtHi9Bz1BxeWXoV9KysiUxH58jgdf0acI
PjLw3PaCL5GRh72AFttaZQAOyunnYf9aD5O8JA2QALVGgMf7rS3PI+tYtqAOP56V
1uBEkUwYJOULv6usDwY/Xg/o74bdwdj90SvGD6c5VvonLkHOo/JgPAkKdcYUr9s2
5t7KgWy9ogdevW1IF2aeaEJ4SzPYW8cHX7nmb9MV8sPIOId4r3cw47qy3V4JDlMV
BMBBK0J0oFzYIH7vPAbFskzvts4ytC8/0sSLSv2CeDFUtcobsEbYlvBGM84qYyxz
ux3+zv83YH1b/5Gz4LQ4rya7U/WojRExutgjq2+zsqg=
-----END CERTIFICATE-----
Generated at Fri Sep 5 06:03:19 2025 by rpki-client