Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS9009.roa
File: AS9009.roa (raw, json)
Hash identifier: uvOLysbhJIQou7Rc/DsEgK2yAAaY6jJrxRJn/QOzeRA=
Subject key identifier: E2:8B:9E:DE:CC:DB:DB:0D:7F:22:D4:9A:58:93:F8:55:39:53:BC:88
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 3D93B8E6007C6A2FE0FAEFD31CFD6076D96B62B5
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS9009.roa
Signing time: Wed 29 Apr 2026 18:44:33 +0000
ROA not before: Wed 29 Apr 2026 18:39:33 +0000
ROA not after: Wed 28 Apr 2027 18:44:33 +0000
asID: 9009
IP address blocks: 82.21.138.0/24 maxlen: 24
82.21.146.0/24 maxlen: 24
82.21.147.0/24 maxlen: 24
82.21.196.0/24 maxlen: 24
82.21.197.0/24 maxlen: 24
82.21.217.0/24 maxlen: 24
82.21.240.0/24 maxlen: 24
82.22.242.0/24 maxlen: 24
82.23.7.0/24 maxlen: 24
82.23.8.0/24 maxlen: 24
82.23.9.0/24 maxlen: 24
82.23.10.0/24 maxlen: 24
82.23.11.0/24 maxlen: 24
82.23.12.0/24 maxlen: 24
82.23.216.0/24 maxlen: 24
82.23.232.0/24 maxlen: 24
82.24.8.0/24 maxlen: 24
82.24.86.0/24 maxlen: 24
82.24.223.0/24 maxlen: 24
82.24.230.0/24 maxlen: 24
82.25.214.0/24 maxlen: 24
82.25.227.0/24 maxlen: 24
82.26.121.0/24 maxlen: 24
82.26.217.0/24 maxlen: 24
82.27.226.0/24 maxlen: 24
82.29.95.0/24 maxlen: 24
82.29.113.0/24 maxlen: 24
82.29.114.0/24 maxlen: 24
82.29.116.0/24 maxlen: 24
82.29.117.0/24 maxlen: 24
82.29.238.0/24 maxlen: 24
82.38.14.0/24 maxlen: 24
82.47.252.0/23 maxlen: 24
178.83.10.0/24 maxlen: 24
2a13:9500:2::/48 maxlen: 48
2a13:9500:4::/48 maxlen: 48
2a13:9500:5::/48 maxlen: 48
2a13:9500:6::/48 maxlen: 48
2a13:9500:7::/48 maxlen: 48
2a13:9500:8::/48 maxlen: 48
2a13:9500:9::/48 maxlen: 48
2a13:9500:a::/48 maxlen: 48
2a13:9500:b::/48 maxlen: 48
2a13:9500:c::/48 maxlen: 48
2a13:9500:d::/48 maxlen: 48
2a13:9500:e::/48 maxlen: 48
2a13:9500:f::/48 maxlen: 48
2a13:9500:10::/48 maxlen: 48
2a13:9500:11::/48 maxlen: 48
2a13:9500:12::/48 maxlen: 48
2a13:9500:13::/48 maxlen: 48
2a13:9500:14::/48 maxlen: 48
2a13:9500:15::/48 maxlen: 48
2a13:9500:16::/48 maxlen: 48
2a13:9500:17::/48 maxlen: 48
2a13:9500:18::/48 maxlen: 48
2a13:9500:19::/48 maxlen: 48
2a13:9500:1a::/48 maxlen: 48
2a13:9500:1b::/48 maxlen: 48
2a13:9500:29::/48 maxlen: 48
2a13:9500:2a::/48 maxlen: 48
2a13:9500:2b::/48 maxlen: 48
2a13:9500:2c::/48 maxlen: 48
2a13:9500:2f::/48 maxlen: 48
2a13:9500:30::/48 maxlen: 48
2a13:9500:31::/48 maxlen: 48
2a13:9500:34::/48 maxlen: 48
2a13:9500:35::/48 maxlen: 48
2a13:9500:3b::/48 maxlen: 48
2a13:9500:3c::/48 maxlen: 48
2a13:9500:3d::/48 maxlen: 48
2a13:9500:58::/48 maxlen: 48
2a13:9500:59::/48 maxlen: 48
2a13:9500:5a::/48 maxlen: 48
2a13:9500:f1::/48 maxlen: 48
2a13:9500:f2::/48 maxlen: 48
2a13:9500:f3::/48 maxlen: 48
2a13:9500:f4::/48 maxlen: 48
2a13:9500:f5::/48 maxlen: 48
2a13:9500:f6::/48 maxlen: 48
2a13:9500:f7::/48 maxlen: 48
2a13:9500:f8::/48 maxlen: 48
2a13:9500:f9::/48 maxlen: 48
2a13:9500:16b::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:93:b8:e6:00:7c:6a:2f:e0:fa:ef:d3:1c:fd:60:76:d9:6b:62:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Apr 29 18:39:33 2026 GMT
Not After : Apr 28 18:44:33 2027 GMT
Subject: CN=E28B9EDECCDBDB0D7F22D49A5893F8553953BC88
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:46:a5:f7:1e:82:b7:2f:3d:8d:d6:90:54:1e:
1d:4a:db:5f:62:4c:64:e9:8e:13:1f:66:1f:be:3b:
39:9a:4b:76:e4:b5:50:94:34:d3:0f:ec:ee:f7:80:
3c:92:27:2e:28:00:e4:f6:0e:34:96:16:06:99:a1:
7a:22:4a:93:68:9a:4f:f2:76:e3:7d:43:9e:c0:47:
61:c0:76:26:6e:4d:bb:5f:57:33:76:3a:61:ad:11:
2e:3d:c4:4c:e1:10:1b:1d:39:7a:64:69:6c:7c:14:
51:42:87:dd:8b:8e:27:66:ca:ce:81:9f:04:f6:92:
8d:2d:0c:90:6b:ed:21:24:dc:a0:fb:77:9f:a3:81:
2a:d2:4a:2c:d0:98:79:e2:bd:1a:2b:0e:95:e2:5a:
0d:3d:c6:a2:29:8c:2a:e2:5b:3d:78:f9:42:be:fb:
07:29:41:ad:74:a6:b6:d6:b7:80:d3:75:12:02:72:
86:e8:db:83:b5:0f:30:25:77:f1:a4:d4:9e:d5:04:
0c:b0:32:41:85:ea:d6:19:fd:92:9a:23:5a:7b:6f:
c6:e1:02:3d:00:1a:c1:ec:af:97:28:fd:79:34:0b:
9a:2f:eb:14:b7:c3:90:af:4c:76:05:25:4c:ca:a8:
61:d3:b1:76:ef:db:ee:bc:1c:00:f9:13:46:6e:10:
42:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:8B:9E:DE:CC:DB:DB:0D:7F:22:D4:9A:58:93:F8:55:39:53:BC:88
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS9009.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.138.0/24
82.21.146.0/23
82.21.196.0/23
82.21.217.0/24
82.21.240.0/24
82.22.242.0/24
82.23.7.0-82.23.12.255
82.23.216.0/24
82.23.232.0/24
82.24.8.0/24
82.24.86.0/24
82.24.223.0/24
82.24.230.0/24
82.25.214.0/24
82.25.227.0/24
82.26.121.0/24
82.26.217.0/24
82.27.226.0/24
82.29.95.0/24
82.29.113.0-82.29.114.255
82.29.116.0/23
82.29.238.0/24
82.38.14.0/24
82.47.252.0/23
178.83.10.0/24
IPv6:
2a13:9500:2::/48
2a13:9500:4::-2a13:9500:1b:ffff:ffff:ffff:ffff:ffff
2a13:9500:29::-2a13:9500:2c:ffff:ffff:ffff:ffff:ffff
2a13:9500:2f::-2a13:9500:31:ffff:ffff:ffff:ffff:ffff
2a13:9500:34::/47
2a13:9500:3b::-2a13:9500:3d:ffff:ffff:ffff:ffff:ffff
2a13:9500:58::-2a13:9500:5a:ffff:ffff:ffff:ffff:ffff
2a13:9500:f1::-2a13:9500:f9:ffff:ffff:ffff:ffff:ffff
2a13:9500:16b::/48
Signature Algorithm: sha256WithRSAEncryption
90:38:cd:4d:04:eb:7b:9e:ab:39:91:66:1c:35:33:d8:09:e0:
32:e9:c1:f2:f1:af:92:66:37:9c:c6:20:95:32:fc:2f:3e:b7:
3f:f3:d9:e2:22:9e:db:58:ac:8e:c0:8f:3c:33:a5:a1:ec:45:
31:cd:8c:6f:c0:49:28:fd:68:01:3b:f9:e9:48:0d:3d:65:52:
6e:26:b8:37:3e:ec:7b:fc:4a:5f:31:6e:b9:2b:6e:b5:68:4f:
18:d0:16:06:8c:48:1d:51:5a:2e:19:d0:33:2f:67:2b:cf:50:
7c:34:f7:0e:6b:2f:3b:11:b5:47:83:58:d9:61:21:14:0e:c4:
c9:cf:5a:85:89:98:8e:10:8b:96:36:d5:df:ac:a7:b4:30:a7:
98:f4:a0:7d:55:6f:26:c1:1e:a6:74:02:6e:81:11:a2:59:d1:
9d:09:1f:fd:52:cc:6a:32:d5:4d:c4:a0:0e:f7:63:40:00:6f:
ff:e3:3a:24:73:e9:7a:2b:3d:f9:89:6d:66:83:95:5d:f4:18:
3f:ea:5b:eb:54:08:c8:ba:32:be:55:f8:0e:44:f1:72:5e:fe:
94:84:42:94:9d:96:30:fd:17:fe:bf:05:50:98:90:52:e1:49:
3a:b5:52:2e:cf:93:df:21:92:25:82:bb:d9:e4:c4:6b:13:32:
59:06:6b:72
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUPZO45gB8ai/g+u/THP1gdtlrYrUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjkxODM5MzNaFw0yNzA0MjgxODQ0MzNaMDMxMTAvBgNV
BAMTKEUyOEI5RURFQ0NEQkRCMEQ3RjIyRDQ5QTU4OTNGODU1Mzk1M0JDODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGRqX3HoK3Lz2N1pBUHh1K219i
TGTpjhMfZh++OzmaS3bktVCUNNMP7O73gDySJy4oAOT2DjSWFgaZoXoiSpNomk/y
duN9Q57AR2HAdiZuTbtfVzN2OmGtES49xEzhEBsdOXpkaWx8FFFCh92Ljidmys6B
nwT2ko0tDJBr7SEk3KD7d5+jgSrSSizQmHnivRorDpXiWg09xqIpjCriWz14+UK+
+wcpQa10prbWt4DTdRICcobo24O1DzAld/Gk1J7VBAywMkGF6tYZ/ZKaI1p7b8bh
Aj0AGsHsr5co/Xk0C5ov6xS3w5CvTHYFJUzKqGHTsXbv2+68HAD5E0ZuEEJ/AgMB
AAGjggNNMIIDSTAdBgNVHQ4EFgQU4oue3szb2w1/ItSaWJP4VTlTvIgwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCCAWIGCCsGAQUFBwEHAQH/BIIBUTCCAU0wga0EAgABMIGm
AwQAUhWKAwQBUhWSAwQBUhXEAwQAUhXZAwQAUhXwAwQAUhbyMAwDBABSFwcDBABS
FwwDBABSF9gDBABSF+gDBABSGAgDBABSGFYDBABSGN8DBABSGOYDBABSGdYDBABS
GeMDBABSGnkDBABSGtkDBABSG+IDBABSHV8wDAMEAFIdcQMEAFIdcgMEAVIddAME
AFId7gMEAFImDgMEAVIv/AMEALJTCjCBmgQCAAIwgZMDBwAqE5UAAAIwEgMHAioT
lQAABAMHAioTlQAAGDASAwcAKhOVAAApAwcAKhOVAAAsMBIDBwAqE5UAAC8DBwEq
E5UAADADBwEqE5UAADQwEgMHACoTlQAAOwMHASoTlQAAPDASAwcDKhOVAABYAwcA
KhOVAABaMBIDBwAqE5UAAPEDBwEqE5UAAPgDBwAqE5UAAWswDQYJKoZIhvcNAQEL
BQADggEBAJA4zU0E63ueqzmRZhw1M9gJ4DLpwfLxr5JmN5zGIJUy/C8+tz/z2eIi
nttYrI7AjzwzpaHsRTHNjG/ASSj9aAE7+elIDT1lUm4muDc+7Hv8Sl8xbrkrbrVo
TxjQFgaMSB1RWi4Z0DMvZyvPUHw09w5rLzsRtUeDWNlhIRQOxMnPWoWJmI4Qi5Y2
1d+sp7Qwp5j0oH1VbybBHqZ0Am6BEaJZ0Z0JH/1SzGoy1U3EoA73Y0AAb//jOiRz
6XorPfmJbWaDlV30GD/qW+tUCMi6Mr5V+A5E8XJe/pSEQpSdljD9F/6/BVCYkFLh
STq1Ui7Pk98hkiWCu9nkxGsTMlkGa3I=
-----END CERTIFICATE-----
Generated at Tue May 12 23:39:25 2026 by rpki-client