Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS9009.roa
File: AS9009.roa (raw, json)
Hash identifier: QgD8AkHm5paSt9JbTNULs3c+5iF3lKEby21ySxOWMGw=
Subject key identifier: AF:57:FB:BD:18:79:22:CB:2E:96:30:DF:AA:DB:B2:1C:6A:1B:13:7F
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 577E5FB84B22A9380300D9D83AB064AA97DC6AED
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS9009.roa
Signing time: Thu 10 Apr 2025 13:25:35 +0000
ROA not before: Thu 10 Apr 2025 13:20:35 +0000
ROA not after: Thu 09 Apr 2026 13:25:35 +0000
asID: 9009
IP address blocks: 82.21.146.0/24 maxlen: 24
82.21.147.0/24 maxlen: 24
82.21.196.0/24 maxlen: 24
82.21.197.0/24 maxlen: 24
82.23.7.0/24 maxlen: 24
82.23.8.0/24 maxlen: 24
82.23.9.0/24 maxlen: 24
82.23.10.0/24 maxlen: 24
82.23.11.0/24 maxlen: 24
82.23.12.0/24 maxlen: 24
82.23.13.0/24 maxlen: 24
82.23.14.0/24 maxlen: 24
82.26.121.0/24 maxlen: 24
82.29.113.0/24 maxlen: 24
82.29.114.0/24 maxlen: 24
82.29.116.0/24 maxlen: 24
82.29.117.0/24 maxlen: 24
2a13:9500:2::/48 maxlen: 48
2a13:9500:4::/48 maxlen: 48
2a13:9500:5::/48 maxlen: 48
2a13:9500:6::/48 maxlen: 48
2a13:9500:7::/48 maxlen: 48
2a13:9500:8::/48 maxlen: 48
2a13:9500:9::/48 maxlen: 48
2a13:9500:a::/48 maxlen: 48
2a13:9500:b::/48 maxlen: 48
2a13:9500:c::/48 maxlen: 48
2a13:9500:d::/48 maxlen: 48
2a13:9500:e::/48 maxlen: 48
2a13:9500:f::/48 maxlen: 48
2a13:9500:10::/48 maxlen: 48
2a13:9500:11::/48 maxlen: 48
2a13:9500:12::/48 maxlen: 48
2a13:9500:13::/48 maxlen: 48
2a13:9500:14::/48 maxlen: 48
2a13:9500:15::/48 maxlen: 48
2a13:9500:16::/48 maxlen: 48
2a13:9500:17::/48 maxlen: 48
2a13:9500:18::/48 maxlen: 48
2a13:9500:19::/48 maxlen: 48
2a13:9500:1a::/48 maxlen: 48
2a13:9500:1b::/48 maxlen: 48
2a13:9500:29::/48 maxlen: 48
2a13:9500:2a::/48 maxlen: 48
2a13:9500:2b::/48 maxlen: 48
2a13:9500:2c::/48 maxlen: 48
2a13:9500:2e::/48 maxlen: 48
2a13:9500:2f::/48 maxlen: 48
2a13:9500:30::/48 maxlen: 48
2a13:9500:31::/48 maxlen: 48
2a13:9500:34::/48 maxlen: 48
2a13:9500:35::/48 maxlen: 48
2a13:9500:3b::/48 maxlen: 48
2a13:9500:3c::/48 maxlen: 48
2a13:9500:3d::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 16 Apr 2025 15:22:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
57:7e:5f:b8:4b:22:a9:38:03:00:d9:d8:3a:b0:64:aa:97:dc:6a:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Apr 10 13:20:35 2025 GMT
Not After : Apr 9 13:25:35 2026 GMT
Subject: CN=AF57FBBD187922CB2E9630DFAADBB21C6A1B137F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:56:43:44:a8:40:b3:03:ca:5e:a7:10:16:7f:
c1:c1:4a:ed:b9:5f:3c:bd:11:63:8f:c2:03:b9:67:
f4:12:54:ce:cb:34:4c:4c:42:7a:19:81:0d:42:df:
ea:e6:bb:4b:ef:97:d9:0e:f9:06:51:57:a2:80:a5:
1a:15:09:4c:77:55:7c:b3:a2:20:5f:1e:07:58:8e:
b2:b1:62:20:85:3f:e9:da:ff:be:52:3f:96:e5:0c:
e5:7a:76:f4:a2:8e:d0:81:63:95:4c:20:54:a8:3a:
d6:67:e1:97:d7:fe:cc:67:4e:3b:e5:c4:84:97:95:
16:26:a3:bc:2a:21:b5:dc:ff:81:76:cc:11:9b:db:
d4:1d:04:d1:86:23:a6:1f:03:f5:81:ae:04:54:18:
10:71:59:87:70:e7:31:22:e2:03:54:ae:45:d0:23:
a5:7b:73:fd:ab:4d:4e:90:11:73:c5:d2:c2:c4:24:
18:3b:4d:2e:32:0e:fa:37:76:d6:79:0b:f4:dd:da:
17:c9:d8:d9:99:72:28:3b:56:6b:b9:0c:f0:62:8c:
9c:1b:78:ab:96:af:d9:43:6d:c3:1d:70:9d:ad:60:
dc:c8:ed:25:99:e8:54:f4:86:29:da:ec:9d:45:c9:
4e:4a:07:cb:7c:f6:65:51:8f:84:55:00:3f:75:4b:
98:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:57:FB:BD:18:79:22:CB:2E:96:30:DF:AA:DB:B2:1C:6A:1B:13:7F
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS9009.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.146.0/23
82.21.196.0/23
82.23.7.0-82.23.14.255
82.26.121.0/24
82.29.113.0-82.29.114.255
82.29.116.0/23
IPv6:
2a13:9500:2::/48
2a13:9500:4::-2a13:9500:1b:ffff:ffff:ffff:ffff:ffff
2a13:9500:29::-2a13:9500:2c:ffff:ffff:ffff:ffff:ffff
2a13:9500:2e::-2a13:9500:31:ffff:ffff:ffff:ffff:ffff
2a13:9500:34::/47
2a13:9500:3b::-2a13:9500:3d:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
36:c8:ad:65:df:e1:61:15:ef:d8:4b:6e:09:cd:e6:8a:0a:82:
84:f2:61:40:f4:4d:98:47:01:63:fc:03:99:d9:39:64:9f:09:
b2:89:8e:6b:f5:3c:f3:02:6e:b0:94:de:c6:47:c4:91:15:60:
6a:83:81:1e:62:82:cb:8f:a2:4c:df:d8:a7:db:8a:90:3e:3f:
4a:d4:2d:4e:5c:6d:d8:f4:02:fe:d8:76:a4:c3:3a:4d:db:76:
0b:ee:93:f1:0c:f2:68:50:7c:a5:91:96:7a:cb:70:59:55:38:
60:6e:42:a7:05:b1:7c:78:d6:03:c5:0e:3b:ad:20:5e:5a:5c:
ac:3c:04:21:83:a3:30:5e:32:7c:29:ec:f7:ef:a9:d6:de:ac:
61:43:ae:9f:cb:9f:b6:10:99:cd:1c:0a:44:8c:e0:69:50:5c:
cb:e1:51:d6:6d:44:68:31:8a:f5:4f:f5:c4:0b:d4:cf:39:db:
d0:91:85:c8:a3:61:4f:d4:27:24:82:c9:c5:30:07:e5:76:20:
19:96:90:ab:a2:93:24:77:72:b4:a4:37:a2:a4:6f:f2:8f:ae:
b9:b7:e0:bf:cd:1e:c4:6d:d8:48:f5:9d:32:c3:01:a8:11:a9:
fe:a3:82:52:34:2c:34:28:be:42:61:a2:3a:94:1e:99:de:ae:
99:4b:3a:d8
-----BEGIN CERTIFICATE-----
MIIFmTCCBIGgAwIBAgIUV35fuEsiqTgDANnYOrBkqpfcau0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA0MTAxMzIwMzVaFw0yNjA0MDkxMzI1MzVaMDMxMTAvBgNV
BAMTKEFGNTdGQkJEMTg3OTIyQ0IyRTk2MzBERkFBREJCMjFDNkExQjEzN0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1VkNEqECzA8pepxAWf8HBSu25
Xzy9EWOPwgO5Z/QSVM7LNExMQnoZgQ1C3+rmu0vvl9kO+QZRV6KApRoVCUx3VXyz
oiBfHgdYjrKxYiCFP+na/75SP5blDOV6dvSijtCBY5VMIFSoOtZn4ZfX/sxnTjvl
xISXlRYmo7wqIbXc/4F2zBGb29QdBNGGI6YfA/WBrgRUGBBxWYdw5zEi4gNUrkXQ
I6V7c/2rTU6QEXPF0sLEJBg7TS4yDvo3dtZ5C/Td2hfJ2NmZcig7Vmu5DPBijJwb
eKuWr9lDbcMdcJ2tYNzI7SWZ6FT0hina7J1FyU5KB8t89mVRj4RVAD91S5iZAgMB
AAGjggKjMIICnzAdBgNVHQ4EFgQUr1f7vRh5IssuljDfqtuyHGobE38wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCBuQYIKwYBBQUHAQcBAf8EgakwgaYwOgQCAAEwNAMEAVIV
kgMEAVIVxDAMAwQAUhcHAwQAUhcOAwQAUhp5MAwDBABSHXEDBABSHXIDBAFSHXQw
aAQCAAIwYgMHACoTlQAAAjASAwcCKhOVAAAEAwcCKhOVAAAYMBIDBwAqE5UAACkD
BwAqE5UAACwwEgMHASoTlQAALgMHASoTlQAAMAMHASoTlQAANDASAwcAKhOVAAA7
AwcBKhOVAAA8MA0GCSqGSIb3DQEBCwUAA4IBAQA2yK1l3+FhFe/YS24JzeaKCoKE
8mFA9E2YRwFj/AOZ2TlknwmyiY5r9TzzAm6wlN7GR8SRFWBqg4EeYoLLj6JM39in
24qQPj9K1C1OXG3Y9AL+2HakwzpN23YL7pPxDPJoUHylkZZ6y3BZVThgbkKnBbF8
eNYDxQ47rSBeWlysPAQhg6MwXjJ8Kez376nW3qxhQ66fy5+2EJnNHApEjOBpUFzL
4VHWbURoMYr1T/XEC9TPOdvQkYXIo2FP1CckgsnFMAfldiAZlpCropMkd3K0pDei
pG/yj665t+C/zR7EbdhI9Z0ywwGoEan+o4JSNCw0KL5CYaI6lB6Z3q6ZSzrY
-----END CERTIFICATE-----
Generated at Tue Apr 15 23:19:52 2025 by rpki-client