Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
File: AS9009.roa (raw, json)
Hash identifier: q0Mqw0+KYJytKnaSKCYhjxH925PVXjUK/Su7lN/mx04=
Subject key identifier: 04:19:D7:7B:8B:B3:FF:16:88:34:B6:14:EA:C0:54:81:22:BC:34:E2
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 7DC598C48FAF10360C5D9770E316B3181A1D98CF
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
Signing time: Mon 06 Oct 2025 16:23:59 +0000
ROA not before: Mon 06 Oct 2025 16:18:59 +0000
ROA not after: Mon 05 Oct 2026 16:23:59 +0000
asID: 9009
IP address blocks: 96.62.251.0/24 maxlen: 24
96.62.254.0/24 maxlen: 24
136.143.248.0/24 maxlen: 24
136.143.249.0/24 maxlen: 24
145.223.41.0/24 maxlen: 24
145.223.47.0/24 maxlen: 24
147.79.28.0/24 maxlen: 24
148.135.212.0/22 maxlen: 24
148.135.220.0/22 maxlen: 24
148.135.228.0/22 maxlen: 24
148.135.236.0/22 maxlen: 24
148.135.244.0/22 maxlen: 24
158.140.199.0/24 maxlen: 24
158.140.200.0/24 maxlen: 24
158.140.202.0/24 maxlen: 24
158.140.203.0/24 maxlen: 24
162.141.12.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7d:c5:98:c4:8f:af:10:36:0c:5d:97:70:e3:16:b3:18:1a:1d:98:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Oct 6 16:18:59 2025 GMT
Not After : Oct 5 16:23:59 2026 GMT
Subject: CN=0419D77B8BB3FF168834B614EAC0548122BC34E2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:3b:ff:40:f1:5c:30:cc:f9:f2:15:ac:c2:a9:
9d:e8:f5:36:b7:c9:74:6b:82:2c:64:9a:c9:a0:46:
c8:ee:70:37:12:ef:ee:a7:69:61:5d:f0:75:d9:6e:
c0:ce:70:10:df:3b:c7:77:8f:d0:70:0f:0a:03:fe:
10:81:f0:e8:22:37:f5:be:70:01:a7:43:43:27:10:
d1:0b:73:a0:ec:1d:e5:85:3b:00:f6:b1:7c:03:f2:
da:bb:9b:9d:83:ca:ec:22:93:b2:3d:aa:0a:84:d6:
be:d9:9d:1f:cd:7d:25:bd:9f:36:cf:99:cc:d3:60:
4c:5a:58:80:7d:5b:5f:cf:58:48:ba:28:8e:42:83:
9d:7a:14:08:35:e1:dc:da:bd:0d:63:e6:22:2b:75:
37:2c:6b:0a:c8:91:6f:e1:b8:83:f9:e9:2b:b2:60:
96:a2:0e:6d:13:0c:a1:40:5c:47:e4:da:d1:dd:33:
d6:db:93:9d:11:7b:f5:f9:1c:ab:40:c5:b0:a8:84:
c7:ab:5f:6b:ea:02:d5:a3:01:1f:65:95:0f:22:f6:
17:20:1a:8a:7b:09:e1:d3:ab:cc:01:fe:b8:58:20:
73:94:2b:70:bc:ba:72:d4:c8:cd:d3:e1:ec:2d:e2:
70:90:3c:b7:87:3b:42:85:39:dd:41:f0:79:4a:7d:
10:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:19:D7:7B:8B:B3:FF:16:88:34:B6:14:EA:C0:54:81:22:BC:34:E2
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.251.0/24
96.62.254.0/24
136.143.248.0/23
145.223.41.0/24
145.223.47.0/24
147.79.28.0/24
148.135.212.0/22
148.135.220.0/22
148.135.228.0/22
148.135.236.0/22
148.135.244.0/22
158.140.199.0-158.140.200.255
158.140.202.0/23
162.141.12.0/24
Signature Algorithm: sha256WithRSAEncryption
65:e9:b2:80:e7:67:27:a9:5a:35:e8:d4:61:7a:74:3b:4e:84:
39:42:db:a2:5b:5a:20:53:63:20:39:a9:a6:94:72:54:fb:9b:
cf:0c:79:80:59:c3:30:39:d3:af:a2:40:a2:56:a7:e6:5d:3e:
9f:8d:41:5e:d9:f0:12:70:67:65:c5:58:ef:e0:0b:2d:bd:d1:
05:2f:3e:e7:66:e7:ef:44:db:9c:9f:10:ec:34:1f:bd:d0:33:
62:12:53:26:90:72:56:fb:44:40:75:07:b2:f1:de:c3:2b:a0:
28:23:e1:06:87:9a:c2:e2:f2:b3:d9:95:c1:ef:e9:7d:4b:13:
ad:f8:55:b2:bf:89:4a:36:12:97:65:fd:ea:3f:0d:aa:f2:a1:
c9:3c:9e:f2:ae:68:2e:0d:21:9f:06:a8:47:11:d3:c3:ac:6c:
42:fd:34:db:6b:3e:57:38:85:86:71:92:31:59:03:f8:7c:9d:
25:d9:dd:bd:5d:ef:b4:b1:03:7c:79:0d:b0:74:b1:2b:0c:84:
40:6f:62:0a:81:66:c4:8b:4f:b1:2e:1b:a9:61:14:b5:6d:39:
8b:e2:a9:b6:11:2c:e1:44:22:55:1b:50:df:44:06:72:35:21:
73:50:5e:82:ab:b7:57:83:cf:2a:fb:1c:52:d8:34:52:e5:ca:
e8:65:13:71
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgIUfcWYxI+vEDYMXZdw4xazGBodmM8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMDYxNjE4NTlaFw0yNjEwMDUxNjIzNTlaMDMxMTAvBgNV
BAMTKDA0MTlENzdCOEJCM0ZGMTY4ODM0QjYxNEVBQzA1NDgxMjJCQzM0RTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwO/9A8VwwzPnyFazCqZ3o9Ta3
yXRrgixkmsmgRsjucDcS7+6naWFd8HXZbsDOcBDfO8d3j9BwDwoD/hCB8OgiN/W+
cAGnQ0MnENELc6DsHeWFOwD2sXwD8tq7m52Dyuwik7I9qgqE1r7ZnR/NfSW9nzbP
mczTYExaWIB9W1/PWEi6KI5Cg516FAg14dzavQ1j5iIrdTcsawrIkW/huIP56Suy
YJaiDm0TDKFAXEfk2tHdM9bbk50Re/X5HKtAxbCohMerX2vqAtWjAR9llQ8i9hcg
Gop7CeHTq8wB/rhYIHOUK3C8unLUyM3T4ewt4nCQPLeHO0KFOd1B8HlKfRBPAgMB
AAGjggJeMIICWjAdBgNVHQ4EFgQUBBnXe4uz/xaINLYU6sBUgSK8NOIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjB1BggrBgEFBQcBBwEB/wRmMGQwYgQCAAEwXAMEAGA++wME
AGA+/gMEAYiP+AMEAJHfKQMEAJHfLwMEAJNPHAMEApSH1AMEApSH3AMEApSH5AME
ApSH7AMEApSH9DAMAwQAnozHAwQAnozIAwQBnozKAwQAoo0MMA0GCSqGSIb3DQEB
CwUAA4IBAQBl6bKA52cnqVo16NRhenQ7ToQ5QtuiW1ogU2MgOammlHJU+5vPDHmA
WcMwOdOvokCiVqfmXT6fjUFe2fAScGdlxVjv4AstvdEFLz7nZufvRNucnxDsNB+9
0DNiElMmkHJW+0RAdQey8d7DK6AoI+EGh5rC4vKz2ZXB7+l9SxOt+FWyv4lKNhKX
Zf3qPw2q8qHJPJ7yrmguDSGfBqhHEdPDrGxC/TTbaz5XOIWGcZIxWQP4fJ0l2d29
Xe+0sQN8eQ2wdLErDIRAb2IKgWbEi0+xLhupYRS1bTmL4qm2ESzhRCJVG1DfRAZy
NSFzUF6Cq7dXg88q+xxS2DRS5croZRNx
-----END CERTIFICATE-----
Generated at Mon Oct 20 07:27:57 2025 by rpki-client