Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9009.roa
File: AS9009.roa (raw, json)
Hash identifier: koAcaxrUsHaMknfwYr7SNEJpqKslE+ufp2i5AO4rADA=
Subject key identifier: 3A:9F:F7:49:AD:66:56:18:A4:41:E0:E5:86:6E:3A:A0:51:01:92:A0
Certificate issuer: /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial: 2F5674113994934C3CADF1274EB4E9F85EE4B2BE
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9009.roa
Signing time: Tue 24 Jun 2025 11:19:32 +0000
ROA not before: Tue 24 Jun 2025 11:14:32 +0000
ROA not after: Tue 23 Jun 2026 11:19:32 +0000
asID: 9009
IP address blocks: 2.58.172.0/24 maxlen: 24
5.45.38.0/24 maxlen: 24
5.181.125.0/24 maxlen: 24
5.181.126.0/24 maxlen: 24
5.181.127.0/24 maxlen: 24
5.182.109.0/24 maxlen: 24
37.143.60.0/24 maxlen: 24
45.95.14.0/24 maxlen: 24
45.95.37.0/24 maxlen: 24
45.133.175.0/24 maxlen: 24
45.137.132.0/24 maxlen: 24
45.137.133.0/24 maxlen: 24
45.137.134.0/24 maxlen: 24
45.137.135.0/24 maxlen: 24
92.242.185.0/24 maxlen: 24
130.185.124.0/24 maxlen: 24
179.61.131.0/24 maxlen: 24
179.61.133.0/24 maxlen: 24
179.61.150.0/24 maxlen: 24
179.61.165.0/24 maxlen: 24
179.61.171.0/24 maxlen: 24
179.61.183.0/24 maxlen: 24
179.61.186.0/24 maxlen: 24
179.61.201.0/24 maxlen: 24
181.41.216.0/24 maxlen: 24
181.214.5.0/24 maxlen: 24
181.214.27.0/24 maxlen: 24
181.214.45.0/24 maxlen: 24
181.214.55.0/24 maxlen: 24
181.214.71.0/24 maxlen: 24
181.214.72.0/24 maxlen: 24
181.214.92.0/24 maxlen: 24
181.214.98.0/24 maxlen: 24
181.214.115.0/24 maxlen: 24
181.214.121.0/24 maxlen: 24
181.214.127.0/24 maxlen: 24
181.214.170.0/24 maxlen: 24
181.214.175.0/24 maxlen: 24
181.214.204.0/24 maxlen: 24
181.214.207.0/24 maxlen: 24
181.214.251.0/24 maxlen: 24
181.215.107.0/24 maxlen: 24
181.215.116.0/24 maxlen: 24
181.215.119.0/24 maxlen: 24
181.215.124.0/24 maxlen: 24
181.215.130.0/24 maxlen: 24
181.215.132.0/24 maxlen: 24
181.215.137.0/24 maxlen: 24
181.215.149.0/24 maxlen: 24
181.215.151.0/24 maxlen: 24
181.215.157.0/24 maxlen: 24
181.215.192.0/24 maxlen: 24
181.215.199.0/24 maxlen: 24
181.215.209.0/24 maxlen: 24
181.215.228.0/24 maxlen: 24
181.215.235.0/24 maxlen: 24
181.215.251.0/24 maxlen: 24
185.135.156.0/24 maxlen: 24
185.143.231.0/24 maxlen: 24
185.145.36.0/24 maxlen: 24
185.145.39.0/24 maxlen: 24
185.151.56.0/24 maxlen: 24
185.151.57.0/24 maxlen: 24
185.172.66.0/24 maxlen: 24
185.173.35.0/24 maxlen: 24
191.96.23.0/24 maxlen: 24
191.96.65.0/24 maxlen: 24
191.96.147.0/24 maxlen: 24
191.96.172.0/24 maxlen: 24
191.96.195.0/24 maxlen: 24
191.96.210.0/24 maxlen: 24
191.96.213.0/24 maxlen: 24
191.96.215.0/24 maxlen: 24
191.96.222.0/24 maxlen: 24
191.96.232.0/24 maxlen: 24
191.101.6.0/24 maxlen: 24
191.101.23.0/24 maxlen: 24
191.101.72.0/24 maxlen: 24
191.101.74.0/24 maxlen: 24
191.101.75.0/24 maxlen: 24
191.101.77.0/24 maxlen: 24
191.101.90.0/24 maxlen: 24
191.101.98.0/24 maxlen: 24
191.101.105.0/24 maxlen: 24
191.101.107.0/24 maxlen: 24
191.101.108.0/24 maxlen: 24
191.101.115.0/24 maxlen: 24
191.101.117.0/24 maxlen: 24
191.101.156.0/24 maxlen: 24
191.101.226.0/24 maxlen: 24
191.101.236.0/24 maxlen: 24
191.101.238.0/24 maxlen: 24
193.58.107.0/24 maxlen: 24
194.53.141.0/24 maxlen: 24
194.110.15.0/24 maxlen: 24
194.110.242.0/24 maxlen: 24
213.109.168.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 01:56:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2f:56:74:11:39:94:93:4c:3c:ad:f1:27:4e:b4:e9:f8:5e:e4:b2:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Validity
Not Before: Jun 24 11:14:32 2025 GMT
Not After : Jun 23 11:19:32 2026 GMT
Subject: CN=3A9FF749AD665618A441E0E5866E3AA0510192A0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:15:8f:00:9c:b3:28:7e:f8:75:59:54:ac:83:
e7:78:16:b3:36:71:84:2a:aa:79:37:a2:d4:8d:38:
86:3a:33:13:6b:2a:b7:55:ff:42:88:58:4b:9c:6c:
16:5e:49:b2:15:5b:8b:8b:f2:76:a0:14:a1:7b:5f:
1a:d6:b8:b5:56:a4:68:19:7b:50:d0:19:10:ee:35:
86:3d:3d:87:14:12:5e:43:5e:84:85:32:67:42:91:
e7:ff:aa:27:2d:73:40:4e:eb:49:7d:66:0c:32:63:
12:f3:19:7b:91:bb:cd:f0:ed:80:2d:5e:e3:e5:94:
1e:f4:7b:58:30:6b:23:75:3a:f4:cc:7d:29:58:32:
21:57:af:5e:d4:8d:d7:24:30:a3:a1:78:96:1a:bd:
8e:07:55:4e:b0:27:c7:d0:d0:37:44:94:f7:db:c2:
27:f7:7d:bd:dc:d2:a4:8e:61:f8:67:95:35:7f:d5:
43:bc:ff:3c:ca:f6:87:4c:02:58:ee:4a:f1:93:83:
31:46:3f:21:95:fb:4d:a5:38:e9:95:74:0f:c4:ce:
2c:10:d8:46:b6:a9:b2:8f:5d:8c:a4:bf:ef:3c:f1:
16:f0:ba:22:18:83:8b:d5:f3:de:cc:84:24:05:73:
ed:01:99:db:88:39:5b:5f:39:07:35:8f:7d:fd:58:
78:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:9F:F7:49:AD:66:56:18:A4:41:E0:E5:86:6E:3A:A0:51:01:92:A0
X509v3 Authority Key Identifier:
keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9009.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.172.0/24
5.45.38.0/24
5.181.125.0-5.181.127.255
5.182.109.0/24
37.143.60.0/24
45.95.14.0/24
45.95.37.0/24
45.133.175.0/24
45.137.132.0/22
92.242.185.0/24
130.185.124.0/24
179.61.131.0/24
179.61.133.0/24
179.61.150.0/24
179.61.165.0/24
179.61.171.0/24
179.61.183.0/24
179.61.186.0/24
179.61.201.0/24
181.41.216.0/24
181.214.5.0/24
181.214.27.0/24
181.214.45.0/24
181.214.55.0/24
181.214.71.0-181.214.72.255
181.214.92.0/24
181.214.98.0/24
181.214.115.0/24
181.214.121.0/24
181.214.127.0/24
181.214.170.0/24
181.214.175.0/24
181.214.204.0/24
181.214.207.0/24
181.214.251.0/24
181.215.107.0/24
181.215.116.0/24
181.215.119.0/24
181.215.124.0/24
181.215.130.0/24
181.215.132.0/24
181.215.137.0/24
181.215.149.0/24
181.215.151.0/24
181.215.157.0/24
181.215.192.0/24
181.215.199.0/24
181.215.209.0/24
181.215.228.0/24
181.215.235.0/24
181.215.251.0/24
185.135.156.0/24
185.143.231.0/24
185.145.36.0/24
185.145.39.0/24
185.151.56.0/23
185.172.66.0/24
185.173.35.0/24
191.96.23.0/24
191.96.65.0/24
191.96.147.0/24
191.96.172.0/24
191.96.195.0/24
191.96.210.0/24
191.96.213.0/24
191.96.215.0/24
191.96.222.0/24
191.96.232.0/24
191.101.6.0/24
191.101.23.0/24
191.101.72.0/24
191.101.74.0/23
191.101.77.0/24
191.101.90.0/24
191.101.98.0/24
191.101.105.0/24
191.101.107.0-191.101.108.255
191.101.115.0/24
191.101.117.0/24
191.101.156.0/24
191.101.226.0/24
191.101.236.0/24
191.101.238.0/24
193.58.107.0/24
194.53.141.0/24
194.110.15.0/24
194.110.242.0/24
213.109.168.0/24
Signature Algorithm: sha256WithRSAEncryption
52:2a:e1:80:c9:8d:56:a7:b5:10:12:b0:6f:b9:63:8e:ff:09:
37:d8:ca:0a:f4:e8:3a:31:62:46:ec:9e:37:01:d9:bd:63:d6:
3b:99:96:39:cd:08:c3:8d:cf:67:79:40:0b:c8:b9:2b:b5:8e:
1f:af:dd:69:1e:4e:dc:bd:0c:1d:cc:92:f3:b0:80:14:49:ea:
af:20:fd:10:87:a2:88:89:93:61:8e:c4:d6:ee:8d:c2:e6:8d:
0b:f3:94:2b:db:36:ed:f2:78:49:bf:43:06:1a:09:67:9c:37:
00:5d:72:6b:ee:94:cc:56:f8:57:a7:ee:d3:77:3c:2a:4c:49:
3b:0f:1c:67:b2:68:35:43:51:cf:85:e4:9b:ad:15:0a:d4:80:
50:e0:42:b5:38:2c:bc:64:05:fc:c4:ea:f7:03:fd:45:f8:be:
1f:a8:1b:81:a5:ea:6e:d8:38:4d:98:7e:7b:15:bf:fd:99:e7:
ae:96:ec:57:4f:68:7c:bc:8a:6a:51:3a:93:b2:cb:17:39:cf:
5b:ba:8d:9b:58:88:41:0c:54:ef:e3:4d:09:b9:fb:38:b5:5a:
6d:5e:2a:00:03:93:cf:2e:a5:ea:6a:4f:37:5a:e6:a4:e3:c5:
a2:81:78:d4:cc:15:71:54:7c:a5:05:fd:c6:f5:8e:b4:78:d3:
d1:99:65:fb
-----BEGIN CERTIFICATE-----
MIIHKjCCBhKgAwIBAgIUL1Z0ETmUk0w8rfEnTrTp+F7ksr4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MjQxMTE0MzJaFw0yNjA2MjMxMTE5MzJaMDMxMTAvBgNV
BAMTKDNBOUZGNzQ5QUQ2NjU2MThBNDQxRTBFNTg2NkUzQUEwNTEwMTkyQTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoFY8AnLMofvh1WVSsg+d4FrM2
cYQqqnk3otSNOIY6MxNrKrdV/0KIWEucbBZeSbIVW4uL8nagFKF7XxrWuLVWpGgZ
e1DQGRDuNYY9PYcUEl5DXoSFMmdCkef/qictc0BO60l9ZgwyYxLzGXuRu83w7YAt
XuPllB70e1gwayN1OvTMfSlYMiFXr17UjdckMKOheJYavY4HVU6wJ8fQ0DdElPfb
wif3fb3c0qSOYfhnlTV/1UO8/zzK9odMAljuSvGTgzFGPyGV+02lOOmVdA/EziwQ
2Ea2qbKPXYykv+888RbwuiIYg4vV897MhCQFc+0BmduIOVtfOQc1j339WHhrAgMB
AAGjggQ0MIIEMDAdBgNVHQ4EFgQUOp/3Sa1mVhikQeDlhm46oFEBkqAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCCAkkGCCsGAQUFBwEHAQH/BIICODCCAjQwggIwBAIAATCC
AigDBAACOqwDBAAFLSYwDAMEAAW1fQMEBwW1AAMEAAW2bQMEACWPPAMEAC1fDgME
AC1fJQMEAC2FrwMEAi2JhAMEAFzyuQMEAIK5fAMEALM9gwMEALM9hQMEALM9lgME
ALM9pQMEALM9qwMEALM9twMEALM9ugMEALM9yQMEALUp2AMEALXWBQMEALXWGwME
ALXWLQMEALXWNzAMAwQAtdZHAwQAtdZIAwQAtdZcAwQAtdZiAwQAtdZzAwQAtdZ5
AwQAtdZ/AwQAtdaqAwQAtdavAwQAtdbMAwQAtdbPAwQAtdb7AwQAtddrAwQAtdd0
AwQAtdd3AwQAtdd8AwQAtdeCAwQAtdeEAwQAtdeJAwQAtdeVAwQAtdeXAwQAtded
AwQAtdfAAwQAtdfHAwQAtdfRAwQAtdfkAwQAtdfrAwQAtdf7AwQAuYecAwQAuY/n
AwQAuZEkAwQAuZEnAwQBuZc4AwQAuaxCAwQAua0jAwQAv2AXAwQAv2BBAwQAv2CT
AwQAv2CsAwQAv2DDAwQAv2DSAwQAv2DVAwQAv2DXAwQAv2DeAwQAv2DoAwQAv2UG
AwQAv2UXAwQAv2VIAwQBv2VKAwQAv2VNAwQAv2VaAwQAv2ViAwQAv2VpMAwDBAC/
ZWsDBAC/ZWwDBAC/ZXMDBAC/ZXUDBAC/ZZwDBAC/ZeIDBAC/ZewDBAC/Ze4DBADB
OmsDBADCNY0DBADCbg8DBADCbvIDBADVbagwDQYJKoZIhvcNAQELBQADggEBAFIq
4YDJjVantRASsG+5Y47/CTfYygr06DoxYkbsnjcB2b1j1juZljnNCMONz2d5QAvI
uSu1jh+v3WkeTty9DB3MkvOwgBRJ6q8g/RCHooiJk2GOxNbujcLmjQvzlCvbNu3y
eEm/QwYaCWecNwBdcmvulMxW+Fen7tN3PCpMSTsPHGeyaDVDUc+F5JutFQrUgFDg
QrU4LLxkBfzE6vcD/UX4vh+oG4Gl6m7YOE2YfnsVv/2Z566W7FdPaHy8impROpOy
yxc5z1u6jZtYiEEMVO/jTQm5+zi1Wm1eKgADk88upepqTzda5qTjxaKBeNTMFXFU
fKUF/cb1jrR409GZZfs=
-----END CERTIFICATE-----
Generated at Sat Jun 28 14:07:04 2025 by rpki-client