Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
File: AS9009.roa (raw, json)
Hash identifier: ZyXnOKFDiX6cSauz+YdfGgvA2P76WHEWEdc9KIfyy8o=
Subject key identifier: 3E:6B:C4:FE:AF:4F:4C:90:E4:ED:51:36:73:6A:DE:59:33:F3:6B:EB
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 17C192A528BAF30546CBB3C6FA0C7C099C2B1C50
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
Signing time: Tue 21 Oct 2025 12:29:48 +0000
ROA not before: Tue 21 Oct 2025 12:24:48 +0000
ROA not after: Tue 20 Oct 2026 12:29:48 +0000
asID: 9009
IP address blocks: 96.62.101.0/24 maxlen: 24
96.62.251.0/24 maxlen: 24
96.62.254.0/24 maxlen: 24
136.143.248.0/24 maxlen: 24
136.143.249.0/24 maxlen: 24
145.223.41.0/24 maxlen: 24
145.223.47.0/24 maxlen: 24
147.79.28.0/24 maxlen: 24
148.135.212.0/22 maxlen: 24
148.135.220.0/22 maxlen: 24
148.135.228.0/22 maxlen: 24
148.135.236.0/22 maxlen: 24
148.135.244.0/22 maxlen: 24
158.140.199.0/24 maxlen: 24
158.140.200.0/24 maxlen: 24
158.140.202.0/24 maxlen: 24
158.140.203.0/24 maxlen: 24
162.141.12.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 22:37:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
17:c1:92:a5:28:ba:f3:05:46:cb:b3:c6:fa:0c:7c:09:9c:2b:1c:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Oct 21 12:24:48 2025 GMT
Not After : Oct 20 12:29:48 2026 GMT
Subject: CN=3E6BC4FEAF4F4C90E4ED5136736ADE5933F36BEB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:82:b6:b5:88:0a:ac:d6:d7:fb:b7:78:67:e9:
f3:3d:64:ce:34:e6:3e:57:57:2d:e5:3e:fd:16:a1:
4b:b0:50:83:0e:15:a0:27:30:45:ae:59:b8:cd:f6:
23:50:e4:5d:13:71:73:35:e8:93:e6:3f:52:53:94:
62:03:25:ab:a6:1f:8d:4f:b5:56:7a:c9:35:09:da:
c3:f3:dc:11:9b:88:08:5f:18:46:8a:cc:75:13:1a:
92:a2:50:c8:48:f0:97:31:b8:dc:56:83:f0:4f:60:
25:7d:22:42:15:0b:48:c1:5d:ad:87:cd:d5:39:f7:
89:07:40:14:30:f6:3c:d5:0e:5a:6f:cc:d0:49:42:
58:34:bf:c6:63:76:15:93:2d:42:cd:09:99:ff:a7:
97:18:5f:4f:56:fc:35:e3:14:79:a9:f9:ee:32:68:
80:cc:23:10:4e:ab:67:a2:14:d0:47:13:47:c3:37:
a8:da:7d:9c:fc:77:4d:5d:58:8f:85:23:f5:35:da:
cc:26:a2:06:31:db:c5:52:51:09:09:4f:c4:ec:b8:
bf:65:b6:81:04:57:da:01:e6:80:d5:4e:56:41:a2:
2a:95:90:42:10:8c:a5:3c:ba:40:00:cf:f8:d3:28:
eb:c2:f7:eb:93:b5:d8:26:a6:49:f1:79:f0:1c:5f:
3c:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:6B:C4:FE:AF:4F:4C:90:E4:ED:51:36:73:6A:DE:59:33:F3:6B:EB
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9009.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.101.0/24
96.62.251.0/24
96.62.254.0/24
136.143.248.0/23
145.223.41.0/24
145.223.47.0/24
147.79.28.0/24
148.135.212.0/22
148.135.220.0/22
148.135.228.0/22
148.135.236.0/22
148.135.244.0/22
158.140.199.0-158.140.200.255
158.140.202.0/23
162.141.12.0/24
Signature Algorithm: sha256WithRSAEncryption
2a:7c:d3:46:c9:9f:cd:f4:01:df:26:86:67:9f:74:d4:86:cd:
ac:9b:1e:1b:13:c6:c6:58:17:9b:8c:5b:1d:ee:bf:e7:8a:2b:
24:76:fa:cc:94:04:96:71:cd:71:84:02:ae:1b:70:ba:f0:6f:
05:90:51:96:00:ef:e1:a7:5f:ad:f2:42:36:af:64:c7:a8:d7:
7a:25:89:a5:4a:ad:da:8a:d1:5c:23:13:ce:42:1e:d6:d6:5f:
10:2b:64:95:dc:dc:6d:cc:c6:ba:c4:cf:0f:59:d5:58:1c:83:
85:f0:03:73:56:d7:f1:fe:9d:6a:db:2a:be:83:c4:ac:8f:b4:
55:cf:0c:0d:64:f6:a5:d2:1b:aa:60:c8:8b:35:c0:78:c4:1f:
51:62:3d:6b:2b:be:7d:37:7d:48:e4:23:85:42:27:58:36:08:
fb:a0:e6:60:7d:53:b0:22:cf:3f:ba:a4:0b:b4:e0:01:99:4d:
1c:23:a9:4e:48:30:0e:65:39:99:f8:d7:b0:d8:ac:24:bc:35:
0f:9c:32:50:a4:bc:8d:ca:78:03:d6:2f:94:92:f4:8c:b5:3b:
97:d8:9c:5c:17:3e:04:bd:4f:59:5a:25:51:c2:c7:db:7e:b3:
91:37:9d:f5:38:40:9e:f3:05:3f:53:d1:88:2f:14:dc:cb:95:
4d:0e:7e:7f
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgIUF8GSpSi68wVGy7PG+gx8CZwrHFAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMjExMjI0NDhaFw0yNjEwMjAxMjI5NDhaMDMxMTAvBgNV
BAMTKDNFNkJDNEZFQUY0RjRDOTBFNEVENTEzNjczNkFERTU5MzNGMzZCRUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+gra1iAqs1tf7t3hn6fM9ZM40
5j5XVy3lPv0WoUuwUIMOFaAnMEWuWbjN9iNQ5F0TcXM16JPmP1JTlGIDJaumH41P
tVZ6yTUJ2sPz3BGbiAhfGEaKzHUTGpKiUMhI8JcxuNxWg/BPYCV9IkIVC0jBXa2H
zdU594kHQBQw9jzVDlpvzNBJQlg0v8ZjdhWTLULNCZn/p5cYX09W/DXjFHmp+e4y
aIDMIxBOq2eiFNBHE0fDN6jafZz8d01dWI+FI/U12swmogYx28VSUQkJT8TsuL9l
toEEV9oB5oDVTlZBoiqVkEIQjKU8ukAAz/jTKOvC9+uTtdgmpknxefAcXzxhAgMB
AAGjggJkMIICYDAdBgNVHQ4EFgQUPmvE/q9PTJDk7VE2c2reWTPza+swHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjB7BggrBgEFBQcBBwEB/wRsMGowaAQCAAEwYgMEAGA+ZQME
AGA++wMEAGA+/gMEAYiP+AMEAJHfKQMEAJHfLwMEAJNPHAMEApSH1AMEApSH3AME
ApSH5AMEApSH7AMEApSH9DAMAwQAnozHAwQAnozIAwQBnozKAwQAoo0MMA0GCSqG
SIb3DQEBCwUAA4IBAQAqfNNGyZ/N9AHfJoZnn3TUhs2smx4bE8bGWBebjFsd7r/n
iiskdvrMlASWcc1xhAKuG3C68G8FkFGWAO/hp1+t8kI2r2THqNd6JYmlSq3aitFc
IxPOQh7W1l8QK2SV3NxtzMa6xM8PWdVYHIOF8ANzVtfx/p1q2yq+g8Ssj7RVzwwN
ZPal0huqYMiLNcB4xB9RYj1rK759N31I5COFQidYNgj7oOZgfVOwIs8/uqQLtOAB
mU0cI6lOSDAOZTmZ+New2KwkvDUPnDJQpLyNyngD1i+UkvSMtTuX2JxcFz4EvU9Z
WiVRwsfbfrORN531OECe8wU/U9GILxTcy5VNDn5/
-----END CERTIFICATE-----
Generated at Wed Nov 5 07:43:30 2025 by rpki-client