Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
File: AS9009.roa (raw, json)
Hash identifier: JqYCxzLOKMArbKmptZn4eIgC8vREdsP2CbjohnrRsWU=
Subject key identifier: C5:D7:81:9C:9A:23:21:99:8B:81:CF:D1:6B:57:46:85:E1:A1:2C:84
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 1EECDBB4260E04EF8D2FB4E0B8C91B668CD0A0B8
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
Signing time: Thu 23 Apr 2026 08:10:03 +0000
ROA not before: Thu 23 Apr 2026 08:05:03 +0000
ROA not after: Thu 22 Apr 2027 08:10:03 +0000
asID: 9009
IP address blocks: 96.62.251.0/24 maxlen: 24
96.62.254.0/24 maxlen: 24
136.143.248.0/24 maxlen: 24
136.143.249.0/24 maxlen: 24
136.143.250.0/24 maxlen: 24
140.150.232.0/23 maxlen: 24
145.223.41.0/24 maxlen: 24
145.223.47.0/24 maxlen: 24
147.79.28.0/24 maxlen: 24
148.135.212.0/22 maxlen: 24
148.135.220.0/22 maxlen: 24
148.135.228.0/22 maxlen: 24
148.135.236.0/22 maxlen: 24
148.135.244.0/22 maxlen: 24
158.140.194.0/24 maxlen: 24
158.140.196.0/24 maxlen: 24
158.140.199.0/24 maxlen: 24
158.140.200.0/24 maxlen: 24
158.140.202.0/24 maxlen: 24
158.140.203.0/24 maxlen: 24
158.140.205.0/24 maxlen: 24
158.140.214.0/24 maxlen: 24
162.141.12.0/24 maxlen: 24
203.160.116.0/24 maxlen: 24
203.160.125.0/24 maxlen: 24
203.160.127.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1e:ec:db:b4:26:0e:04:ef:8d:2f:b4:e0:b8:c9:1b:66:8c:d0:a0:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Apr 23 08:05:03 2026 GMT
Not After : Apr 22 08:10:03 2027 GMT
Subject: CN=C5D7819C9A2321998B81CFD16B574685E1A12C84
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:dc:31:7d:94:cc:a8:c3:67:95:36:e7:75:06:
cd:b7:b4:f3:6b:fd:f2:1a:aa:fd:67:80:92:65:4d:
77:11:72:14:23:cb:7f:dd:51:de:15:ac:17:5f:e3:
32:cf:73:cf:11:61:af:99:66:09:e4:d3:0e:53:30:
cb:10:ab:20:63:9e:f1:19:36:13:a2:6e:74:f9:ff:
f4:14:c5:98:e1:c3:5f:48:3c:1a:14:59:8d:77:ad:
eb:98:53:63:69:98:9b:46:af:e7:8a:9a:50:5e:b3:
a2:43:21:c9:b2:83:4c:e4:29:ad:50:2f:2a:2e:69:
10:82:07:dd:f7:74:96:fd:bc:66:27:d8:a5:c2:e3:
c2:bf:89:e8:f0:47:33:3b:71:48:e5:59:eb:76:f2:
cb:eb:1d:dd:af:ec:db:e6:93:64:d1:f3:aa:85:5f:
14:3f:24:59:37:07:dd:7c:5c:e2:6a:40:01:67:46:
b1:a6:03:28:fb:15:ca:89:35:46:88:1a:96:7f:63:
91:20:20:e6:7b:8d:dd:fe:b6:c2:72:40:b7:6f:a0:
9a:31:02:32:61:e8:a7:38:87:55:66:4f:db:0b:6a:
31:d6:6b:a3:c2:0f:ff:1f:ca:b6:3c:57:4d:99:e5:
cd:f4:9b:3f:3a:a7:2f:4c:22:15:46:52:20:63:8b:
0b:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:D7:81:9C:9A:23:21:99:8B:81:CF:D1:6B:57:46:85:E1:A1:2C:84
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.251.0/24
96.62.254.0/24
136.143.248.0-136.143.250.255
140.150.232.0/23
145.223.41.0/24
145.223.47.0/24
147.79.28.0/24
148.135.212.0/22
148.135.220.0/22
148.135.228.0/22
148.135.236.0/22
148.135.244.0/22
158.140.194.0/24
158.140.196.0/24
158.140.199.0-158.140.200.255
158.140.202.0/23
158.140.205.0/24
158.140.214.0/24
162.141.12.0/24
203.160.116.0/24
203.160.125.0/24
203.160.127.0/24
Signature Algorithm: sha256WithRSAEncryption
64:ae:8d:ba:34:7a:ef:55:cc:eb:31:2b:ad:0c:04:12:78:5f:
5c:80:ec:46:cb:a3:64:ad:1b:ca:e9:43:06:82:52:d7:6c:1e:
2f:69:11:7d:92:7e:de:86:20:60:d0:3e:d5:af:af:fb:9d:96:
2e:c8:cb:4c:89:a2:46:3b:9e:45:9f:1d:9d:16:7b:43:36:19:
ab:31:74:37:47:26:c3:5e:e0:0b:9b:7e:60:c7:bf:c6:b0:d2:
8a:30:ad:a9:1a:06:13:ff:53:0d:1d:2e:74:02:51:a8:f5:13:
67:09:6f:e4:8f:6f:d7:5e:05:60:0e:a1:45:2b:2b:c9:1e:55:
73:35:e9:c0:65:34:a3:50:45:1f:d9:a9:aa:be:fc:68:7c:9a:
a3:d8:0c:fa:50:a7:65:f7:69:97:89:9c:89:6f:85:f4:05:10:
09:60:fa:72:18:6b:d5:22:60:84:e9:56:6d:95:56:78:45:67:
6a:d8:27:86:01:b4:3c:5a:b3:40:81:cf:9d:17:1d:60:28:bc:
69:bf:ea:3f:ba:13:3a:c8:d2:d2:3c:70:57:c8:de:ec:b0:e9:
7d:0e:d0:4b:52:5e:c1:4d:71:db:71:09:ca:2d:51:94:31:aa:
31:66:1e:b9:cd:19:d6:0b:e9:1e:5f:25:bf:bf:fa:f5:36:67:
f1:58:4a:3d
-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgIUHuzbtCYOBO+NL7TguMkbZozQoLgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MjMwODA1MDNaFw0yNzA0MjIwODEwMDNaMDMxMTAvBgNV
BAMTKEM1RDc4MTlDOUEyMzIxOTk4QjgxQ0ZEMTZCNTc0Njg1RTFBMTJDODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm3DF9lMyow2eVNud1Bs23tPNr
/fIaqv1ngJJlTXcRchQjy3/dUd4VrBdf4zLPc88RYa+ZZgnk0w5TMMsQqyBjnvEZ
NhOibnT5//QUxZjhw19IPBoUWY13reuYU2NpmJtGr+eKmlBes6JDIcmyg0zkKa1Q
LyouaRCCB933dJb9vGYn2KXC48K/iejwRzM7cUjlWet28svrHd2v7Nvmk2TR86qF
XxQ/JFk3B918XOJqQAFnRrGmAyj7FcqJNUaIGpZ/Y5EgIOZ7jd3+tsJyQLdvoJox
AjJh6Kc4h1VmT9sLajHWa6PCD/8fyrY8V02Z5c30mz86py9MIhVGUiBjiwtdAgMB
AAGjggKbMIIClzAdBgNVHQ4EFgQUxdeBnJojIZmLgc/Ra1dGheGhLIQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCBsQYIKwYBBQUHAQcBAf8EgaEwgZ4wgZsEAgABMIGUAwQA
YD77AwQAYD7+MAwDBAOIj/gDBACIj/oDBAGMlugDBACR3ykDBACR3y8DBACTTxwD
BAKUh9QDBAKUh9wDBAKUh+QDBAKUh+wDBAKUh/QDBACejMIDBACejMQwDAMEAJ6M
xwMEAJ6MyAMEAZ6MygMEAJ6MzQMEAJ6M1gMEAKKNDAMEAMugdAMEAMugfQMEAMug
fzANBgkqhkiG9w0BAQsFAAOCAQEAZK6NujR671XM6zErrQwEEnhfXIDsRsujZK0b
yulDBoJS12weL2kRfZJ+3oYgYNA+1a+v+52WLsjLTImiRjueRZ8dnRZ7QzYZqzF0
N0cmw17gC5t+YMe/xrDSijCtqRoGE/9TDR0udAJRqPUTZwlv5I9v114FYA6hRSsr
yR5VczXpwGU0o1BFH9mpqr78aHyao9gM+lCnZfdpl4mciW+F9AUQCWD6chhr1SJg
hOlWbZVWeEVnatgnhgG0PFqzQIHPnRcdYCi8ab/qP7oTOsjS0jxwV8je7LDpfQ7Q
S1JewU1x23EJyi1RlDGqMWYeuc0Z1gvpHl8lv7/69TZn8VhKPQ==
-----END CERTIFICATE-----
Generated at Tue May 12 22:37:39 2026 by rpki-client