Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9009.roa
File: AS9009.roa (raw, json)
Hash identifier: pktJBfvoFlII1L13gY83O8SzU9Q3DZ20YaR+UDB/08k=
Subject key identifier: 76:F9:1C:77:91:73:80:22:5F:B7:E6:6A:9A:35:B9:36:D0:31:46:7B
Certificate issuer: /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial: 2DC9937243AE14563EDCB06D1A56B03EF36FA2CA
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9009.roa
Signing time: Sun 01 Mar 2026 00:17:01 +0000
ROA not before: Sun 01 Mar 2026 00:12:01 +0000
ROA not after: Sun 28 Feb 2027 00:17:01 +0000
asID: 9009
IP address blocks: 2.58.172.0/24 maxlen: 24
5.45.38.0/24 maxlen: 24
5.181.125.0/24 maxlen: 24
5.181.126.0/24 maxlen: 24
5.181.127.0/24 maxlen: 24
5.182.109.0/24 maxlen: 24
37.143.60.0/24 maxlen: 24
45.95.14.0/24 maxlen: 24
45.95.37.0/24 maxlen: 24
45.133.175.0/24 maxlen: 24
45.137.132.0/24 maxlen: 24
45.137.133.0/24 maxlen: 24
45.137.134.0/24 maxlen: 24
45.137.135.0/24 maxlen: 24
92.242.185.0/24 maxlen: 24
130.185.124.0/24 maxlen: 24
179.61.131.0/24 maxlen: 24
179.61.133.0/24 maxlen: 24
179.61.165.0/24 maxlen: 24
179.61.171.0/24 maxlen: 24
179.61.183.0/24 maxlen: 24
179.61.186.0/24 maxlen: 24
179.61.201.0/24 maxlen: 24
181.41.205.0/24 maxlen: 24
181.41.216.0/24 maxlen: 24
181.214.5.0/24 maxlen: 24
181.214.27.0/24 maxlen: 24
181.214.45.0/24 maxlen: 24
181.214.55.0/24 maxlen: 24
181.214.65.0/24 maxlen: 24
181.214.71.0/24 maxlen: 24
181.214.72.0/24 maxlen: 24
181.214.92.0/24 maxlen: 24
181.214.115.0/24 maxlen: 24
181.214.127.0/24 maxlen: 24
181.214.170.0/24 maxlen: 24
181.214.175.0/24 maxlen: 24
181.214.204.0/24 maxlen: 24
181.214.207.0/24 maxlen: 24
181.214.251.0/24 maxlen: 24
181.215.107.0/24 maxlen: 24
181.215.116.0/24 maxlen: 24
181.215.119.0/24 maxlen: 24
181.215.124.0/24 maxlen: 24
181.215.130.0/24 maxlen: 24
181.215.132.0/24 maxlen: 24
181.215.137.0/24 maxlen: 24
181.215.150.0/24 maxlen: 24
181.215.151.0/24 maxlen: 24
181.215.157.0/24 maxlen: 24
181.215.192.0/24 maxlen: 24
181.215.199.0/24 maxlen: 24
181.215.209.0/24 maxlen: 24
181.215.228.0/24 maxlen: 24
181.215.235.0/24 maxlen: 24
181.215.251.0/24 maxlen: 24
185.135.156.0/24 maxlen: 24
185.143.231.0/24 maxlen: 24
185.145.36.0/24 maxlen: 24
185.145.39.0/24 maxlen: 24
185.151.56.0/24 maxlen: 24
185.151.57.0/24 maxlen: 24
185.172.66.0/24 maxlen: 24
191.96.23.0/24 maxlen: 24
191.96.35.0/24 maxlen: 24
191.96.147.0/24 maxlen: 24
191.96.172.0/24 maxlen: 24
191.96.195.0/24 maxlen: 24
191.96.210.0/24 maxlen: 24
191.96.213.0/24 maxlen: 24
191.96.215.0/24 maxlen: 24
191.96.232.0/24 maxlen: 24
191.101.6.0/24 maxlen: 24
191.101.23.0/24 maxlen: 24
191.101.72.0/24 maxlen: 24
191.101.74.0/24 maxlen: 24
191.101.75.0/24 maxlen: 24
191.101.77.0/24 maxlen: 24
191.101.90.0/24 maxlen: 24
191.101.98.0/24 maxlen: 24
191.101.105.0/24 maxlen: 24
191.101.107.0/24 maxlen: 24
191.101.108.0/24 maxlen: 24
191.101.115.0/24 maxlen: 24
191.101.117.0/24 maxlen: 24
191.101.156.0/24 maxlen: 24
191.101.159.0/24 maxlen: 24
191.101.226.0/24 maxlen: 24
193.58.107.0/24 maxlen: 24
194.53.141.0/24 maxlen: 24
194.110.15.0/24 maxlen: 24
194.110.242.0/24 maxlen: 24
213.109.168.0/24 maxlen: 24
2a00:d1a0::/48 maxlen: 48
2a00:d1a0:1::/48 maxlen: 48
2a00:d1a0:2::/48 maxlen: 48
2a00:d1a0:3::/48 maxlen: 48
2a00:d1a0:4::/48 maxlen: 48
2a00:d1a0:5::/48 maxlen: 48
2a00:d1a0:6::/48 maxlen: 48
2a00:d1a0:7::/48 maxlen: 48
2a00:d1a0:8::/48 maxlen: 48
2a00:d1a0:9::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:c9:93:72:43:ae:14:56:3e:dc:b0:6d:1a:56:b0:3e:f3:6f:a2:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Validity
Not Before: Mar 1 00:12:01 2026 GMT
Not After : Feb 28 00:17:01 2027 GMT
Subject: CN=76F91C77917380225FB7E66A9A35B936D031467B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:62:0f:09:c1:35:7a:f7:d4:74:25:da:23:9e:
84:19:cf:da:81:fe:8f:12:58:25:a0:3e:f4:3c:05:
db:ca:12:f5:99:38:d1:6e:a1:8b:2e:2c:c1:91:35:
ce:e2:8a:31:a5:2a:56:b2:d2:f7:25:9d:15:60:f7:
4a:85:2d:36:bd:88:d5:8d:d1:98:c8:e0:93:9e:c8:
3b:60:c0:ba:41:c5:64:41:36:86:95:c1:86:ec:b3:
11:80:a5:66:83:13:8b:2c:49:82:b2:07:e3:2c:b4:
24:4b:95:43:3a:ee:18:19:03:78:5f:96:2f:bf:77:
2b:bd:1e:47:95:db:ec:62:3a:34:2a:8e:6e:cb:77:
1c:21:d0:72:ad:ce:51:b0:1c:5f:af:98:70:48:7d:
84:77:db:ff:aa:63:a0:b6:3f:6e:ae:d1:4f:cc:bd:
59:54:85:f1:b4:12:1a:c3:9b:b6:73:d9:78:16:98:
7c:ed:f0:fc:9c:7f:fb:94:fd:ec:f0:28:9f:0f:04:
03:5f:45:e5:00:e4:97:54:d5:01:df:c7:ac:e4:37:
d9:96:67:31:5a:f1:3f:1d:07:98:91:b1:59:58:11:
e9:28:37:b1:8c:57:d7:9e:ed:46:df:6f:9e:90:11:
bc:6a:3c:25:76:a0:1b:de:87:19:6b:82:df:76:3c:
24:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:F9:1C:77:91:73:80:22:5F:B7:E6:6A:9A:35:B9:36:D0:31:46:7B
X509v3 Authority Key Identifier:
keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9009.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.172.0/24
5.45.38.0/24
5.181.125.0-5.181.127.255
5.182.109.0/24
37.143.60.0/24
45.95.14.0/24
45.95.37.0/24
45.133.175.0/24
45.137.132.0/22
92.242.185.0/24
130.185.124.0/24
179.61.131.0/24
179.61.133.0/24
179.61.165.0/24
179.61.171.0/24
179.61.183.0/24
179.61.186.0/24
179.61.201.0/24
181.41.205.0/24
181.41.216.0/24
181.214.5.0/24
181.214.27.0/24
181.214.45.0/24
181.214.55.0/24
181.214.65.0/24
181.214.71.0-181.214.72.255
181.214.92.0/24
181.214.115.0/24
181.214.127.0/24
181.214.170.0/24
181.214.175.0/24
181.214.204.0/24
181.214.207.0/24
181.214.251.0/24
181.215.107.0/24
181.215.116.0/24
181.215.119.0/24
181.215.124.0/24
181.215.130.0/24
181.215.132.0/24
181.215.137.0/24
181.215.150.0/23
181.215.157.0/24
181.215.192.0/24
181.215.199.0/24
181.215.209.0/24
181.215.228.0/24
181.215.235.0/24
181.215.251.0/24
185.135.156.0/24
185.143.231.0/24
185.145.36.0/24
185.145.39.0/24
185.151.56.0/23
185.172.66.0/24
191.96.23.0/24
191.96.35.0/24
191.96.147.0/24
191.96.172.0/24
191.96.195.0/24
191.96.210.0/24
191.96.213.0/24
191.96.215.0/24
191.96.232.0/24
191.101.6.0/24
191.101.23.0/24
191.101.72.0/24
191.101.74.0/23
191.101.77.0/24
191.101.90.0/24
191.101.98.0/24
191.101.105.0/24
191.101.107.0-191.101.108.255
191.101.115.0/24
191.101.117.0/24
191.101.156.0/24
191.101.159.0/24
191.101.226.0/24
193.58.107.0/24
194.53.141.0/24
194.110.15.0/24
194.110.242.0/24
213.109.168.0/24
IPv6:
2a00:d1a0::-2a00:d1a0:9:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
83:a3:63:a7:37:be:23:fd:d9:27:1d:a2:0a:21:44:3f:56:16:
41:2c:10:a5:ed:c9:31:44:e5:d2:e9:82:c2:72:eb:5f:90:0f:
d4:57:73:22:ba:06:5c:7d:23:fe:2a:74:d2:61:78:4c:9a:54:
fd:37:82:9b:63:ba:7a:10:e4:83:70:28:32:d9:16:65:1a:e5:
bf:47:74:50:d2:29:aa:aa:e1:2c:80:b3:1b:5b:45:11:32:2e:
f2:1d:ab:8c:4d:94:0c:6e:a3:44:1f:e4:d0:c2:ad:27:d4:86:
df:bc:b8:47:8e:bd:c7:cb:15:35:75:3d:76:e0:d6:cc:ca:7c:
a0:c8:ca:aa:a9:09:2b:6e:af:f5:a7:3a:81:f9:81:de:2c:01:
c3:8a:32:07:58:43:09:9f:b8:f8:c8:26:31:23:3b:0c:5c:14:
9f:ff:3d:ad:70:bd:88:e9:a5:4b:2a:41:60:12:01:0f:98:95:
a2:71:3a:34:bb:1a:04:9e:24:11:0a:45:64:66:ee:80:74:f9:
aa:7a:94:37:42:89:b1:6f:34:f2:c6:fe:78:91:c6:38:f7:98:
b1:fa:4c:55:5b:2a:f5:97:45:fb:9b:d0:aa:dd:d0:8a:4b:44:
db:9f:39:73:a5:d7:14:cd:e8:38:bc:62:1f:e1:37:7a:d6:d3:
82:ad:19:09
-----BEGIN CERTIFICATE-----
MIIHJjCCBg6gAwIBAgIULcmTckOuFFY+3LBtGlawPvNvosowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMDEwMDEyMDFaFw0yNzAyMjgwMDE3MDFaMDMxMTAvBgNV
BAMTKDc2RjkxQzc3OTE3MzgwMjI1RkI3RTY2QTlBMzVCOTM2RDAzMTQ2N0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPYg8JwTV699R0JdojnoQZz9qB
/o8SWCWgPvQ8BdvKEvWZONFuoYsuLMGRNc7iijGlKlay0vclnRVg90qFLTa9iNWN
0ZjI4JOeyDtgwLpBxWRBNoaVwYbssxGApWaDE4ssSYKyB+MstCRLlUM67hgZA3hf
li+/dyu9HkeV2+xiOjQqjm7Ldxwh0HKtzlGwHF+vmHBIfYR32/+qY6C2P26u0U/M
vVlUhfG0EhrDm7Zz2XgWmHzt8Pycf/uU/ezwKJ8PBANfReUA5JdU1QHfx6zkN9mW
ZzFa8T8dB5iRsVlYEekoN7GMV9ee7Ubfb56QEbxqPCV2oBvehxlrgt92PCS5AgMB
AAGjggQwMIIELDAdBgNVHQ4EFgQUdvkcd5FzgCJft+ZqmjW5NtAxRnswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCCAkUGCCsGAQUFBwEHAQH/BIICNDCCAjAwggISBAIAATCC
AgoDBAACOqwDBAAFLSYwDAMEAAW1fQMEBwW1AAMEAAW2bQMEACWPPAMEAC1fDgME
AC1fJQMEAC2FrwMEAi2JhAMEAFzyuQMEAIK5fAMEALM9gwMEALM9hQMEALM9pQME
ALM9qwMEALM9twMEALM9ugMEALM9yQMEALUpzQMEALUp2AMEALXWBQMEALXWGwME
ALXWLQMEALXWNwMEALXWQTAMAwQAtdZHAwQAtdZIAwQAtdZcAwQAtdZzAwQAtdZ/
AwQAtdaqAwQAtdavAwQAtdbMAwQAtdbPAwQAtdb7AwQAtddrAwQAtdd0AwQAtdd3
AwQAtdd8AwQAtdeCAwQAtdeEAwQAtdeJAwQBtdeWAwQAtdedAwQAtdfAAwQAtdfH
AwQAtdfRAwQAtdfkAwQAtdfrAwQAtdf7AwQAuYecAwQAuY/nAwQAuZEkAwQAuZEn
AwQBuZc4AwQAuaxCAwQAv2AXAwQAv2AjAwQAv2CTAwQAv2CsAwQAv2DDAwQAv2DS
AwQAv2DVAwQAv2DXAwQAv2DoAwQAv2UGAwQAv2UXAwQAv2VIAwQBv2VKAwQAv2VN
AwQAv2VaAwQAv2ViAwQAv2VpMAwDBAC/ZWsDBAC/ZWwDBAC/ZXMDBAC/ZXUDBAC/
ZZwDBAC/ZZ8DBAC/ZeIDBADBOmsDBADCNY0DBADCbg8DBADCbvIDBADVbagwGAQC
AAIwEjAQAwUFKgDRoAMHASoA0aAACDANBgkqhkiG9w0BAQsFAAOCAQEAg6Njpze+
I/3ZJx2iCiFEP1YWQSwQpe3JMUTl0umCwnLrX5AP1FdzIroGXH0j/ip00mF4TJpU
/TeCm2O6ehDkg3AoMtkWZRrlv0d0UNIpqqrhLICzG1tFETIu8h2rjE2UDG6jRB/k
0MKtJ9SG37y4R469x8sVNXU9duDWzMp8oMjKqqkJK26v9ac6gfmB3iwBw4oyB1hD
CZ+4+MgmMSM7DFwUn/89rXC9iOmlSypBYBIBD5iVonE6NLsaBJ4kEQpFZGbugHT5
qnqUN0KJsW808sb+eJHGOPeYsfpMVVsq9ZdF+5vQqt3QiktE2585c6XXFM3oOLxi
H+E3etbTgq0ZCQ==
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:54:28 2026 by rpki-client