Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS9009.roa
File:                     AS9009.roa (raw, json)
Hash identifier:          HeIn3LUbPLqmFMnLZmgQe08tqcX0eAlPHd3caG3Qv+E=
Subject key identifier:   EE:E3:AF:7D:AC:C7:A2:49:BA:E8:1D:15:EE:73:72:D9:67:50:24:3F
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       0630B2FACCAFBCBD2034F7238E4C669CE9A89F4C
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS9009.roa
Signing time:             Tue 30 Sep 2025 10:03:15 +0000
ROA not before:           Tue 30 Sep 2025 09:58:15 +0000
ROA not after:            Tue 29 Sep 2026 10:03:15 +0000
asID:                     9009
IP address blocks:        46.236.241.0/24 maxlen: 24
                          82.139.225.0/24 maxlen: 24
                          82.139.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:30:b2:fa:cc:af:bc:bd:20:34:f7:23:8e:4c:66:9c:e9:a8:9f:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 30 09:58:15 2025 GMT
            Not After : Sep 29 10:03:15 2026 GMT
        Subject: CN=EEE3AF7DACC7A249BAE81D15EE7372D96750243F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:f3:f8:ba:6f:5d:8a:27:4b:d5:e7:f9:be:ae:
                    49:a3:f2:28:fd:97:1c:ee:f0:6c:ac:90:24:f1:7d:
                    4a:ba:97:cf:15:64:62:ae:5a:d7:a9:4d:ac:09:ff:
                    75:38:c2:7a:17:7b:39:18:cc:8c:d7:d6:ab:47:0d:
                    80:cd:06:ed:81:2d:fa:e7:98:09:29:78:96:ee:6f:
                    2f:ce:ab:98:4b:3b:c7:03:8b:43:b7:ce:77:c3:79:
                    9d:26:12:97:72:a2:7d:83:6d:ff:52:5d:ec:9a:85:
                    ab:c7:07:3b:ac:5b:af:ec:3f:b7:44:44:1c:9c:6c:
                    f6:3b:3b:1c:85:f2:86:f0:52:7f:59:c7:48:46:c1:
                    07:4e:39:45:8a:f1:43:f3:35:76:54:db:99:87:81:
                    3f:4a:bf:72:28:34:d0:45:84:f5:86:a4:8f:1f:36:
                    ed:0e:4b:2f:b4:ac:b5:82:a3:b6:62:c0:93:45:b9:
                    3c:da:e1:2f:9e:63:16:00:28:eb:44:3d:bf:5a:0f:
                    9c:ec:38:fa:9c:c9:c5:5f:5f:59:36:e0:a6:b4:97:
                    19:82:e9:b9:73:c0:bf:d4:bc:3f:88:83:9d:38:de:
                    0e:20:ff:c8:8c:41:7b:0e:1f:c0:87:84:ba:ee:5b:
                    9c:f4:89:99:3b:c9:f8:69:5c:da:ae:e3:f5:9a:c6:
                    96:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:E3:AF:7D:AC:C7:A2:49:BA:E8:1D:15:EE:73:72:D9:67:50:24:3F
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS9009.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.241.0/24
                  82.139.225.0/24
                  82.139.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:2e:0f:1e:56:df:46:78:01:9c:0a:51:b8:5f:e6:a6:4a:67:
         60:47:18:93:e9:ca:da:76:29:93:05:a6:45:40:c9:5f:2a:f2:
         ee:23:cf:71:1e:f7:68:17:15:d0:20:82:2d:83:06:6b:ad:23:
         be:c9:26:cf:70:9d:44:80:e6:2f:8b:c7:49:1c:08:d3:4b:ee:
         74:71:ff:e4:9e:00:3f:b8:6b:8d:6b:91:15:32:26:91:41:16:
         d3:ab:ac:31:30:bd:92:1a:78:74:9d:52:43:c7:2a:3c:29:6e:
         50:72:a8:6b:cc:f2:89:52:f7:73:e1:51:07:6d:d9:b9:14:cf:
         21:38:4d:45:80:42:de:43:61:ff:10:16:a8:f9:f7:d5:65:ff:
         b3:79:60:35:1c:6b:b9:3f:48:33:e3:24:a2:b2:a5:6e:28:69:
         2c:01:b3:64:a5:70:e4:5c:62:d9:54:cd:cf:20:9a:e9:74:ff:
         01:75:62:bd:81:dd:9b:b8:5a:b9:45:78:37:9b:0b:d3:96:4f:
         25:c6:d8:25:88:45:e8:fd:dd:84:2c:7a:02:b9:00:4c:65:cd:
         08:c7:ff:5d:5a:18:32:a6:ef:6c:78:7a:be:22:76:3b:ca:51:
         5e:2e:b0:b4:91:8c:0a:3f:96:8b:14:fc:ff:2b:49:a8:ba:fd:
         12:f6:d3:bb
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUBjCy+syvvL0gNPcjjkxmnOmon0wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MzAwOTU4MTVaFw0yNjA5MjkxMDAzMTVaMDMxMTAvBgNV
BAMTKEVFRTNBRjdEQUNDN0EyNDlCQUU4MUQxNUVFNzM3MkQ5Njc1MDI0M0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCC8/i6b12KJ0vV5/m+rkmj8ij9
lxzu8GyskCTxfUq6l88VZGKuWtepTawJ/3U4wnoXezkYzIzX1qtHDYDNBu2BLfrn
mAkpeJbuby/Oq5hLO8cDi0O3znfDeZ0mEpdyon2Dbf9SXeyahavHBzusW6/sP7dE
RBycbPY7OxyF8obwUn9Zx0hGwQdOOUWK8UPzNXZU25mHgT9Kv3IoNNBFhPWGpI8f
Nu0OSy+0rLWCo7ZiwJNFuTza4S+eYxYAKOtEPb9aD5zsOPqcycVfX1k24Ka0lxmC
6blzwL/UvD+Ig5043g4g/8iMQXsOH8CHhLruW5z0iZk7yfhpXNqu4/WaxpYBAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQU7uOvfazHokm66B0V7nNy2WdQJD8wHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAC7s8QME
AFKL4QMEAFKL6zANBgkqhkiG9w0BAQsFAAOCAQEAQS4PHlbfRngBnApRuF/mpkpn
YEcYk+nK2nYpkwWmRUDJXyry7iPPcR73aBcV0CCCLYMGa60jvskmz3CdRIDmL4vH
SRwI00vudHH/5J4AP7hrjWuRFTImkUEW06usMTC9khp4dJ1SQ8cqPCluUHKoa8zy
iVL3c+FRB23ZuRTPIThNRYBC3kNh/xAWqPn31WX/s3lgNRxruT9IM+MkorKlbihp
LAGzZKVw5Fxi2VTNzyCa6XT/AXVivYHdm7hauUV4N5sL05ZPJcbYJYhF6P3dhCx6
ArkATGXNCMf/XVoYMqbvbHh6viJ2O8pRXi6wtJGMCj+WixT8/ytJqLr9EvbTuw==
-----END CERTIFICATE-----