Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS9009.roa
File: AS9009.roa (raw, json)
Hash identifier: hstlCWLo1l6t8705QXh5rgRzlDoFmu1BrCMeEci0BRg=
Subject key identifier: DB:FC:CD:54:D7:D6:6D:A3:50:85:A0:70:0B:AE:1B:BF:FC:B1:BE:20
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 7CB60E7D8E14B55B45E9705E5FCBCEDD4768E63E
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS9009.roa
Signing time: Thu 16 Oct 2025 11:36:48 +0000
ROA not before: Thu 16 Oct 2025 11:31:48 +0000
ROA not after: Thu 15 Oct 2026 11:36:48 +0000
asID: 9009
IP address blocks: 82.21.146.0/24 maxlen: 24
82.21.147.0/24 maxlen: 24
82.21.196.0/24 maxlen: 24
82.21.197.0/24 maxlen: 24
82.21.217.0/24 maxlen: 24
82.21.240.0/24 maxlen: 24
82.22.242.0/24 maxlen: 24
82.23.7.0/24 maxlen: 24
82.23.8.0/24 maxlen: 24
82.23.9.0/24 maxlen: 24
82.23.10.0/24 maxlen: 24
82.23.11.0/24 maxlen: 24
82.23.12.0/24 maxlen: 24
82.23.13.0/24 maxlen: 24
82.23.14.0/24 maxlen: 24
82.23.216.0/24 maxlen: 24
82.23.232.0/24 maxlen: 24
82.24.223.0/24 maxlen: 24
82.24.230.0/24 maxlen: 24
82.25.214.0/24 maxlen: 24
82.25.227.0/24 maxlen: 24
82.26.121.0/24 maxlen: 24
82.26.217.0/24 maxlen: 24
82.27.226.0/24 maxlen: 24
82.29.113.0/24 maxlen: 24
82.29.114.0/24 maxlen: 24
82.29.116.0/24 maxlen: 24
82.29.117.0/24 maxlen: 24
82.29.238.0/24 maxlen: 24
2a13:9500:2::/48 maxlen: 48
2a13:9500:4::/48 maxlen: 48
2a13:9500:5::/48 maxlen: 48
2a13:9500:6::/48 maxlen: 48
2a13:9500:7::/48 maxlen: 48
2a13:9500:8::/48 maxlen: 48
2a13:9500:9::/48 maxlen: 48
2a13:9500:a::/48 maxlen: 48
2a13:9500:b::/48 maxlen: 48
2a13:9500:c::/48 maxlen: 48
2a13:9500:d::/48 maxlen: 48
2a13:9500:e::/48 maxlen: 48
2a13:9500:f::/48 maxlen: 48
2a13:9500:10::/48 maxlen: 48
2a13:9500:11::/48 maxlen: 48
2a13:9500:12::/48 maxlen: 48
2a13:9500:13::/48 maxlen: 48
2a13:9500:14::/48 maxlen: 48
2a13:9500:15::/48 maxlen: 48
2a13:9500:16::/48 maxlen: 48
2a13:9500:17::/48 maxlen: 48
2a13:9500:18::/48 maxlen: 48
2a13:9500:19::/48 maxlen: 48
2a13:9500:1a::/48 maxlen: 48
2a13:9500:1b::/48 maxlen: 48
2a13:9500:29::/48 maxlen: 48
2a13:9500:2a::/48 maxlen: 48
2a13:9500:2b::/48 maxlen: 48
2a13:9500:2c::/48 maxlen: 48
2a13:9500:2e::/48 maxlen: 48
2a13:9500:2f::/48 maxlen: 48
2a13:9500:30::/48 maxlen: 48
2a13:9500:31::/48 maxlen: 48
2a13:9500:34::/48 maxlen: 48
2a13:9500:35::/48 maxlen: 48
2a13:9500:3b::/48 maxlen: 48
2a13:9500:3c::/48 maxlen: 48
2a13:9500:3d::/48 maxlen: 48
2a13:9500:58::/48 maxlen: 48
2a13:9500:59::/48 maxlen: 48
2a13:9500:5a::/48 maxlen: 48
2a13:9500:f1::/48 maxlen: 48
2a13:9500:f2::/48 maxlen: 48
2a13:9500:f3::/48 maxlen: 48
2a13:9500:f4::/48 maxlen: 48
2a13:9500:f5::/48 maxlen: 48
2a13:9500:f6::/48 maxlen: 48
2a13:9500:f7::/48 maxlen: 48
2a13:9500:f8::/48 maxlen: 48
2a13:9500:f9::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7c:b6:0e:7d:8e:14:b5:5b:45:e9:70:5e:5f:cb:ce:dd:47:68:e6:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Oct 16 11:31:48 2025 GMT
Not After : Oct 15 11:36:48 2026 GMT
Subject: CN=DBFCCD54D7D66DA35085A0700BAE1BBFFCB1BE20
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:4c:7a:52:c5:91:c4:70:69:66:86:e6:32:8e:
d3:93:fe:1e:af:c9:db:37:0e:19:48:6b:e1:78:66:
e9:88:b8:17:43:e9:2e:6f:e0:73:87:f6:1a:50:c1:
8c:52:1c:6a:e1:b4:66:4b:ec:32:44:9d:3d:cf:20:
13:4a:1b:eb:51:7e:db:2f:2a:84:87:ba:83:a9:56:
5b:3f:a2:eb:f4:89:15:9f:cb:77:cf:5b:e4:5c:26:
92:bb:d0:17:02:14:db:a0:f4:ca:24:b6:ea:6e:4e:
e7:0b:f5:e0:3c:e4:5e:80:cd:9a:e7:7b:97:6a:b0:
fb:16:89:8e:70:c8:f4:cd:ef:76:20:48:2a:e0:a4:
b0:80:14:d3:7d:cb:95:75:fb:52:dc:40:1a:01:96:
6e:2d:40:71:7b:17:24:a1:10:8a:99:4f:14:fa:c7:
d8:a8:95:c4:21:b8:bd:6c:bf:6e:05:cc:78:33:77:
4c:ab:6e:1d:7e:81:0b:3a:0c:e7:f9:52:86:d8:23:
b8:9b:bb:b0:46:1d:10:ad:c5:e9:31:82:16:1e:4c:
d7:76:c3:18:2d:af:53:b4:a2:30:85:19:90:0c:7c:
20:f1:2f:5c:4a:dc:70:b5:3a:e8:38:17:4c:a6:0d:
2d:bc:16:22:a0:65:da:8b:c1:9c:59:14:f4:c6:84:
6c:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:FC:CD:54:D7:D6:6D:A3:50:85:A0:70:0B:AE:1B:BF:FC:B1:BE:20
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS9009.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.146.0/23
82.21.196.0/23
82.21.217.0/24
82.21.240.0/24
82.22.242.0/24
82.23.7.0-82.23.14.255
82.23.216.0/24
82.23.232.0/24
82.24.223.0/24
82.24.230.0/24
82.25.214.0/24
82.25.227.0/24
82.26.121.0/24
82.26.217.0/24
82.27.226.0/24
82.29.113.0-82.29.114.255
82.29.116.0/23
82.29.238.0/24
IPv6:
2a13:9500:2::/48
2a13:9500:4::-2a13:9500:1b:ffff:ffff:ffff:ffff:ffff
2a13:9500:29::-2a13:9500:2c:ffff:ffff:ffff:ffff:ffff
2a13:9500:2e::-2a13:9500:31:ffff:ffff:ffff:ffff:ffff
2a13:9500:34::/47
2a13:9500:3b::-2a13:9500:3d:ffff:ffff:ffff:ffff:ffff
2a13:9500:58::-2a13:9500:5a:ffff:ffff:ffff:ffff:ffff
2a13:9500:f1::-2a13:9500:f9:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
6e:5a:19:95:d3:18:66:62:6b:52:bf:e3:93:84:e8:52:58:1e:
b9:ab:ce:60:83:48:1a:f0:79:5d:4e:03:9e:23:d4:c7:e7:28:
02:7a:f1:aa:6b:ed:5a:7e:b0:da:96:e8:6a:36:e0:c6:d1:44:
c3:2e:3d:2e:18:58:36:b5:e9:26:2b:56:c4:ca:ce:80:6a:04:
c3:83:e7:aa:d7:51:ab:09:e8:7d:ac:0b:f7:10:bd:18:57:ce:
06:f9:25:57:28:23:9c:f1:a3:ac:86:ef:e9:4c:d0:20:47:ce:
57:b9:84:0f:5d:13:3f:1e:63:04:16:6b:9b:0c:e8:d5:60:57:
57:5c:a3:ae:9f:04:c4:63:b9:8f:a9:a4:a8:1f:7d:46:62:2f:
6e:30:90:76:f9:aa:47:b2:b0:ea:9a:a6:20:ef:b8:4e:64:a1:
ae:c9:57:15:73:82:18:c1:54:d7:35:b2:80:33:f7:1f:07:5b:
8a:19:33:12:c4:01:5f:0c:b0:02:44:d6:12:c6:b4:62:c0:09:
ff:c1:83:a7:0c:91:39:cf:1d:5f:76:7a:0b:1f:aa:99:8b:dd:
96:c0:e0:18:97:bd:03:ce:d1:f5:0e:12:72:03:a8:ec:73:49:
0b:d1:fe:11:2e:75:53:24:e8:9e:11:eb:32:d0:3c:73:c3:a2:
ca:b6:39:ff
-----BEGIN CERTIFICATE-----
MIIGDzCCBPegAwIBAgIUfLYOfY4UtVtF6XBeX8vO3Udo5j4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMTYxMTMxNDhaFw0yNjEwMTUxMTM2NDhaMDMxMTAvBgNV
BAMTKERCRkNDRDU0RDdENjZEQTM1MDg1QTA3MDBCQUUxQkJGRkNCMUJFMjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxTHpSxZHEcGlmhuYyjtOT/h6v
yds3DhlIa+F4ZumIuBdD6S5v4HOH9hpQwYxSHGrhtGZL7DJEnT3PIBNKG+tRftsv
KoSHuoOpVls/ouv0iRWfy3fPW+RcJpK70BcCFNug9MoktupuTucL9eA85F6AzZrn
e5dqsPsWiY5wyPTN73YgSCrgpLCAFNN9y5V1+1LcQBoBlm4tQHF7FyShEIqZTxT6
x9iolcQhuL1sv24FzHgzd0yrbh1+gQs6DOf5UobYI7ibu7BGHRCtxekxghYeTNd2
wxgtr1O0ojCFGZAMfCDxL1xK3HC1Oug4F0ymDS28FiKgZdqLwZxZFPTGhGxZAgMB
AAGjggMZMIIDFTAdBgNVHQ4EFgQU2/zNVNfWbaNQhaBwC64bv/yxviAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCCAS4GCCsGAQUFBwEHAQH/BIIBHTCCARkwgYIEAgABMHwD
BAFSFZIDBAFSFcQDBABSFdkDBABSFfADBABSFvIwDAMEAFIXBwMEAFIXDgMEAFIX
2AMEAFIX6AMEAFIY3wMEAFIY5gMEAFIZ1gMEAFIZ4wMEAFIaeQMEAFIa2QMEAFIb
4jAMAwQAUh1xAwQAUh1yAwQBUh10AwQAUh3uMIGRBAIAAjCBigMHACoTlQAAAjAS
AwcCKhOVAAAEAwcCKhOVAAAYMBIDBwAqE5UAACkDBwAqE5UAACwwEgMHASoTlQAA
LgMHASoTlQAAMAMHASoTlQAANDASAwcAKhOVAAA7AwcBKhOVAAA8MBIDBwMqE5UA
AFgDBwAqE5UAAFowEgMHACoTlQAA8QMHASoTlQAA+DANBgkqhkiG9w0BAQsFAAOC
AQEAbloZldMYZmJrUr/jk4ToUlgeuavOYINIGvB5XU4DniPUx+coAnrxqmvtWn6w
2pboajbgxtFEwy49LhhYNrXpJitWxMrOgGoEw4PnqtdRqwnofawL9xC9GFfOBvkl
VygjnPGjrIbv6UzQIEfOV7mED10TPx5jBBZrmwzo1WBXV1yjrp8ExGO5j6mkqB99
RmIvbjCQdvmqR7Kw6pqmIO+4TmShrslXFXOCGMFU1zWygDP3HwdbihkzEsQBXwyw
AkTWEsa0YsAJ/8GDpwyROc8dX3Z6Cx+qmYvdlsDgGJe9A87R9Q4ScgOo7HNJC9H+
ES51UyTonhHrMtA8c8OiyrY5/w==
-----END CERTIFICATE-----
Generated at Mon Oct 20 06:42:59 2025 by rpki-client