Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
File: AS9009.roa (raw, json)
Hash identifier: kIm7OkGorewg9ttUu31QSMxFCaQYOL12RAiDKhkjyyA=
Subject key identifier: C7:30:10:3E:4D:2E:95:5F:40:10:05:6C:08:02:D5:90:69:F3:60:C8
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 129397686F35C800DADBE2234A488FD7A9850FDA
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
Signing time: Thu 11 Jun 2026 10:43:08 +0000
ROA not before: Thu 11 Jun 2026 10:38:08 +0000
ROA not after: Thu 10 Jun 2027 10:43:08 +0000
asID: 9009
IP address blocks: 96.62.251.0/24 maxlen: 24
96.62.254.0/24 maxlen: 24
136.143.248.0/24 maxlen: 24
136.143.249.0/24 maxlen: 24
136.143.250.0/24 maxlen: 24
140.150.232.0/23 maxlen: 24
145.223.41.0/24 maxlen: 24
145.223.47.0/24 maxlen: 24
147.79.28.0/24 maxlen: 24
148.135.212.0/22 maxlen: 24
148.135.220.0/22 maxlen: 24
148.135.228.0/22 maxlen: 24
148.135.236.0/22 maxlen: 24
148.135.244.0/22 maxlen: 24
150.241.174.0/24 maxlen: 24
150.241.234.0/24 maxlen: 24
158.140.194.0/24 maxlen: 24
158.140.196.0/24 maxlen: 24
158.140.199.0/24 maxlen: 24
158.140.200.0/24 maxlen: 24
158.140.202.0/24 maxlen: 24
158.140.203.0/24 maxlen: 24
158.140.205.0/24 maxlen: 24
158.140.214.0/24 maxlen: 24
162.141.12.0/24 maxlen: 24
162.141.48.0/24 maxlen: 24
162.141.116.0/24 maxlen: 24
162.141.138.0/24 maxlen: 24
167.148.136.0/24 maxlen: 24
167.148.162.0/24 maxlen: 24
203.160.116.0/24 maxlen: 24
203.160.117.0/24 maxlen: 24
203.160.125.0/24 maxlen: 24
203.160.127.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 13 Jun 2026 19:43:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
12:93:97:68:6f:35:c8:00:da:db:e2:23:4a:48:8f:d7:a9:85:0f:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Jun 11 10:38:08 2026 GMT
Not After : Jun 10 10:43:08 2027 GMT
Subject: CN=C730103E4D2E955F4010056C0802D59069F360C8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:7b:95:35:fe:4d:60:e4:6d:f6:ad:08:15:3f:
4e:8a:04:05:69:ad:f0:83:b2:5f:90:af:24:83:22:
bb:1e:16:cc:78:77:a9:12:69:bf:d2:3e:74:29:04:
d7:b5:35:d2:4e:45:ff:a0:64:ba:3b:b7:90:99:07:
f1:02:d6:1c:1b:30:3b:78:9a:e0:da:19:21:e8:1a:
60:e5:fc:ab:6b:b7:80:2f:ed:c6:d4:98:e8:cd:61:
c8:64:c8:e6:ac:48:04:74:54:27:eb:77:8e:98:3c:
fb:51:68:d9:57:ff:d7:27:1f:23:cd:56:14:e2:eb:
ba:a9:0c:34:1a:b1:31:7a:29:ad:44:46:fe:a0:74:
c3:2b:da:d5:da:64:3b:81:ef:a2:69:cf:5b:30:6f:
63:21:87:e6:6e:7a:8e:23:05:5b:c4:ae:0e:47:13:
f4:46:65:d4:ee:f9:e4:b5:a2:50:b7:bc:4c:9e:5d:
63:62:1e:fe:c7:13:00:7c:a5:73:9c:d4:23:00:48:
47:5f:29:36:34:ba:a8:21:fd:a3:57:33:34:f7:33:
5e:a7:9a:22:18:91:77:3f:2b:19:ed:46:5c:98:28:
39:4b:f9:dd:48:c3:c8:3c:80:21:0a:40:f5:85:fe:
54:70:85:4f:0b:c4:33:4c:4f:bb:9a:fa:b1:b5:fe:
2b:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:30:10:3E:4D:2E:95:5F:40:10:05:6C:08:02:D5:90:69:F3:60:C8
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.251.0/24
96.62.254.0/24
136.143.248.0-136.143.250.255
140.150.232.0/23
145.223.41.0/24
145.223.47.0/24
147.79.28.0/24
148.135.212.0/22
148.135.220.0/22
148.135.228.0/22
148.135.236.0/22
148.135.244.0/22
150.241.174.0/24
150.241.234.0/24
158.140.194.0/24
158.140.196.0/24
158.140.199.0-158.140.200.255
158.140.202.0/23
158.140.205.0/24
158.140.214.0/24
162.141.12.0/24
162.141.48.0/24
162.141.116.0/24
162.141.138.0/24
167.148.136.0/24
167.148.162.0/24
203.160.116.0/23
203.160.125.0/24
203.160.127.0/24
Signature Algorithm: sha256WithRSAEncryption
74:69:6d:6a:20:89:f1:76:ba:93:81:6e:4c:15:6c:3a:01:8f:
26:99:01:68:66:10:d5:f0:36:00:7b:2e:8b:57:68:a6:83:17:
fd:1f:14:eb:6b:eb:16:6d:dc:04:96:50:5c:42:cf:bb:40:27:
27:c9:54:1c:05:cb:37:01:19:2e:8b:8d:bb:33:c2:8b:84:13:
d7:e5:17:28:3c:68:e6:37:45:0c:84:9e:e8:40:49:b5:33:f4:
30:3b:dc:38:6e:e9:18:ed:32:9b:6b:ee:01:46:95:59:d3:42:
c9:63:c3:3f:7b:7c:23:6c:45:2c:7c:74:b6:d3:4c:d7:9e:bd:
72:18:b9:42:8a:b9:73:8c:cc:92:76:8f:e3:02:30:42:8f:1c:
ed:cd:dd:d8:9d:bd:ae:1c:2b:7c:2a:37:f9:a5:44:df:52:51:
a8:63:ea:7b:3d:b9:8f:ca:d4:cf:a7:05:e6:b6:63:f0:3b:28:
6c:00:56:21:d5:42:da:15:9e:e5:cf:66:8b:b4:94:ac:ea:a4:
1d:26:97:02:25:50:05:3b:3d:8c:69:54:f7:3a:6a:a0:8f:51:
be:16:a9:a7:c3:1f:f5:2f:b9:b5:ad:e5:0a:33:52:bd:bc:c7:
90:15:c2:af:a0:da:2e:e0:59:c9:a5:c8:83:c8:d9:36:09:47:
29:7a:5a:03
-----BEGIN CERTIFICATE-----
MIIFuzCCBKOgAwIBAgIUEpOXaG81yADa2+IjSkiP16mFD9owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MTExMDM4MDhaFw0yNzA2MTAxMDQzMDhaMDMxMTAvBgNV
BAMTKEM3MzAxMDNFNEQyRTk1NUY0MDEwMDU2QzA4MDJENTkwNjlGMzYwQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCle5U1/k1g5G32rQgVP06KBAVp
rfCDsl+QrySDIrseFsx4d6kSab/SPnQpBNe1NdJORf+gZLo7t5CZB/EC1hwbMDt4
muDaGSHoGmDl/Ktrt4Av7cbUmOjNYchkyOasSAR0VCfrd46YPPtRaNlX/9cnHyPN
VhTi67qpDDQasTF6Ka1ERv6gdMMr2tXaZDuB76Jpz1swb2Mhh+Zueo4jBVvErg5H
E/RGZdTu+eS1olC3vEyeXWNiHv7HEwB8pXOc1CMASEdfKTY0uqgh/aNXMzT3M16n
miIYkXc/KxntRlyYKDlL+d1Iw8g8gCEKQPWF/lRwhU8LxDNMT7ua+rG1/it3AgMB
AAGjggLFMIICwTAdBgNVHQ4EFgQUxzAQPk0ulV9AEAVsCALVkGnzYMgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCB2wYIKwYBBQUHAQcBAf8EgcswgcgwgcUEAgABMIG+AwQA
YD77AwQAYD7+MAwDBAOIj/gDBACIj/oDBAGMlugDBACR3ykDBACR3y8DBACTTxwD
BAKUh9QDBAKUh9wDBAKUh+QDBAKUh+wDBAKUh/QDBACW8a4DBACW8eoDBACejMID
BACejMQwDAMEAJ6MxwMEAJ6MyAMEAZ6MygMEAJ6MzQMEAJ6M1gMEAKKNDAMEAKKN
MAMEAKKNdAMEAKKNigMEAKeUiAMEAKeUogMEAcugdAMEAMugfQMEAMugfzANBgkq
hkiG9w0BAQsFAAOCAQEAdGltaiCJ8Xa6k4FuTBVsOgGPJpkBaGYQ1fA2AHsui1do
poMX/R8U62vrFm3cBJZQXELPu0AnJ8lUHAXLNwEZLouNuzPCi4QT1+UXKDxo5jdF
DISe6EBJtTP0MDvcOG7pGO0ym2vuAUaVWdNCyWPDP3t8I2xFLHx0ttNM1569chi5
Qoq5c4zMknaP4wIwQo8c7c3d2J29rhwrfCo3+aVE31JRqGPqez25j8rUz6cF5rZj
8DsobABWIdVC2hWe5c9mi7SUrOqkHSaXAiVQBTs9jGlU9zpqoI9Rvhapp8Mf9S+5
ta3lCjNSvbzHkBXCr6DaLuBZyaXIg8jZNglHKXpaAw==
-----END CERTIFICATE-----
Generated at Sat Jun 13 07:03:49 2026 by rpki-client