Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS9009.roa
File: AS9009.roa (raw, json)
Hash identifier: MlfhV4LBDkEdENUsk2bc1kTIHxznLuP7ZBhyHrtVR/I=
Subject key identifier: 27:64:47:B6:0F:98:8D:3A:B7:AC:A2:EE:B9:1F:B8:C9:3E:08:7E:D1
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 0FB4915647374AA110A85F1F0A7948F538CA8A2C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS9009.roa
Signing time: Fri 03 Apr 2026 10:35:40 +0000
ROA not before: Fri 03 Apr 2026 10:30:40 +0000
ROA not after: Fri 02 Apr 2027 10:35:40 +0000
asID: 9009
IP address blocks: 82.21.138.0/24 maxlen: 24
82.21.146.0/24 maxlen: 24
82.21.147.0/24 maxlen: 24
82.21.196.0/24 maxlen: 24
82.21.197.0/24 maxlen: 24
82.21.217.0/24 maxlen: 24
82.21.240.0/24 maxlen: 24
82.22.242.0/24 maxlen: 24
82.23.7.0/24 maxlen: 24
82.23.8.0/24 maxlen: 24
82.23.9.0/24 maxlen: 24
82.23.10.0/24 maxlen: 24
82.23.11.0/24 maxlen: 24
82.23.12.0/24 maxlen: 24
82.23.216.0/24 maxlen: 24
82.23.232.0/24 maxlen: 24
82.24.8.0/24 maxlen: 24
82.24.86.0/24 maxlen: 24
82.24.223.0/24 maxlen: 24
82.24.230.0/24 maxlen: 24
82.25.214.0/24 maxlen: 24
82.25.227.0/24 maxlen: 24
82.26.121.0/24 maxlen: 24
82.26.217.0/24 maxlen: 24
82.27.226.0/24 maxlen: 24
82.29.95.0/24 maxlen: 24
82.29.113.0/24 maxlen: 24
82.29.114.0/24 maxlen: 24
82.29.116.0/24 maxlen: 24
82.29.117.0/24 maxlen: 24
82.29.238.0/24 maxlen: 24
82.38.14.0/24 maxlen: 24
178.83.10.0/24 maxlen: 24
2a13:9500:2::/48 maxlen: 48
2a13:9500:4::/48 maxlen: 48
2a13:9500:5::/48 maxlen: 48
2a13:9500:6::/48 maxlen: 48
2a13:9500:7::/48 maxlen: 48
2a13:9500:8::/48 maxlen: 48
2a13:9500:9::/48 maxlen: 48
2a13:9500:a::/48 maxlen: 48
2a13:9500:b::/48 maxlen: 48
2a13:9500:c::/48 maxlen: 48
2a13:9500:d::/48 maxlen: 48
2a13:9500:e::/48 maxlen: 48
2a13:9500:f::/48 maxlen: 48
2a13:9500:10::/48 maxlen: 48
2a13:9500:11::/48 maxlen: 48
2a13:9500:12::/48 maxlen: 48
2a13:9500:13::/48 maxlen: 48
2a13:9500:14::/48 maxlen: 48
2a13:9500:15::/48 maxlen: 48
2a13:9500:16::/48 maxlen: 48
2a13:9500:17::/48 maxlen: 48
2a13:9500:18::/48 maxlen: 48
2a13:9500:19::/48 maxlen: 48
2a13:9500:1a::/48 maxlen: 48
2a13:9500:1b::/48 maxlen: 48
2a13:9500:29::/48 maxlen: 48
2a13:9500:2a::/48 maxlen: 48
2a13:9500:2b::/48 maxlen: 48
2a13:9500:2c::/48 maxlen: 48
2a13:9500:2f::/48 maxlen: 48
2a13:9500:30::/48 maxlen: 48
2a13:9500:31::/48 maxlen: 48
2a13:9500:34::/48 maxlen: 48
2a13:9500:35::/48 maxlen: 48
2a13:9500:3b::/48 maxlen: 48
2a13:9500:3c::/48 maxlen: 48
2a13:9500:3d::/48 maxlen: 48
2a13:9500:58::/48 maxlen: 48
2a13:9500:59::/48 maxlen: 48
2a13:9500:5a::/48 maxlen: 48
2a13:9500:f1::/48 maxlen: 48
2a13:9500:f2::/48 maxlen: 48
2a13:9500:f3::/48 maxlen: 48
2a13:9500:f4::/48 maxlen: 48
2a13:9500:f5::/48 maxlen: 48
2a13:9500:f6::/48 maxlen: 48
2a13:9500:f7::/48 maxlen: 48
2a13:9500:f8::/48 maxlen: 48
2a13:9500:f9::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0f:b4:91:56:47:37:4a:a1:10:a8:5f:1f:0a:79:48:f5:38:ca:8a:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Apr 3 10:30:40 2026 GMT
Not After : Apr 2 10:35:40 2027 GMT
Subject: CN=276447B60F988D3AB7ACA2EEB91FB8C93E087ED1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:18:7a:0a:08:fa:59:27:c7:df:31:b3:00:d5:
2a:a4:87:0f:76:8d:ae:b8:e4:a1:e9:44:09:5f:62:
9c:30:f2:52:55:b6:c3:59:15:76:e7:82:22:b2:64:
1e:5a:8e:09:b8:f0:0a:fd:dc:37:57:c7:f1:be:98:
28:2a:27:79:ea:e6:79:75:56:6c:ae:a6:eb:7e:15:
9e:8b:65:0b:77:6c:ef:f2:6d:a7:37:32:c3:cb:ac:
ac:45:30:9d:a8:ea:84:78:9c:f8:86:92:6c:08:26:
e5:ad:f7:4d:bf:bb:f5:b7:54:c2:40:3c:27:60:a9:
d9:63:5d:0a:00:a9:2e:6e:57:b2:d7:a0:70:ad:34:
4d:a9:61:1f:10:e4:37:8b:dc:b2:c9:8e:98:d4:7e:
1d:08:d8:06:6c:0e:85:b5:5c:fe:b8:2b:72:56:bf:
96:79:78:c1:d2:82:f7:1d:1c:b7:bf:99:99:80:c6:
2e:a0:64:0e:11:7c:13:2e:00:1d:0d:d7:6a:69:0d:
64:47:12:cb:cf:2e:10:e8:2a:80:c1:01:29:f2:a3:
6b:9e:b4:4b:6d:74:b6:cb:11:33:76:02:ae:19:70:
3f:e2:41:28:ab:c7:a2:27:97:a8:b0:2f:8b:e0:40:
56:a5:26:cf:3d:2f:8e:6d:13:42:8c:4e:5a:17:be:
c3:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:64:47:B6:0F:98:8D:3A:B7:AC:A2:EE:B9:1F:B8:C9:3E:08:7E:D1
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS9009.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.138.0/24
82.21.146.0/23
82.21.196.0/23
82.21.217.0/24
82.21.240.0/24
82.22.242.0/24
82.23.7.0-82.23.12.255
82.23.216.0/24
82.23.232.0/24
82.24.8.0/24
82.24.86.0/24
82.24.223.0/24
82.24.230.0/24
82.25.214.0/24
82.25.227.0/24
82.26.121.0/24
82.26.217.0/24
82.27.226.0/24
82.29.95.0/24
82.29.113.0-82.29.114.255
82.29.116.0/23
82.29.238.0/24
82.38.14.0/24
178.83.10.0/24
IPv6:
2a13:9500:2::/48
2a13:9500:4::-2a13:9500:1b:ffff:ffff:ffff:ffff:ffff
2a13:9500:29::-2a13:9500:2c:ffff:ffff:ffff:ffff:ffff
2a13:9500:2f::-2a13:9500:31:ffff:ffff:ffff:ffff:ffff
2a13:9500:34::/47
2a13:9500:3b::-2a13:9500:3d:ffff:ffff:ffff:ffff:ffff
2a13:9500:58::-2a13:9500:5a:ffff:ffff:ffff:ffff:ffff
2a13:9500:f1::-2a13:9500:f9:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
21:e4:dd:a3:12:13:a9:56:c7:23:87:d9:fd:2b:da:84:c9:7f:
7b:33:2d:18:d7:0b:fc:c1:5d:9a:2c:83:c3:95:d4:cd:c7:58:
7c:94:91:de:64:2a:61:50:a4:a2:34:e2:d5:85:c4:fe:ec:bd:
65:14:87:7c:26:05:2d:d2:01:5e:5f:82:fa:09:ce:ed:d3:2f:
41:34:18:97:ec:15:4d:3a:cd:94:db:48:64:e6:78:cb:02:aa:
87:91:3d:00:95:62:33:1a:f0:d9:bb:a5:b8:2b:c6:ea:ad:a6:
ff:76:c7:f3:43:46:06:42:6c:ad:69:04:04:15:cd:49:0d:88:
c3:c1:49:60:c1:17:3b:7c:64:c4:6c:47:3b:5b:19:78:1e:c3:
ee:9f:0c:69:86:23:b1:58:a2:9c:aa:53:0b:bd:93:f4:f3:22:
02:d8:0c:1c:01:d8:0d:29:52:d8:b0:49:cc:fa:d3:5d:bf:64:
53:73:c9:dc:78:91:9c:23:75:dd:f0:40:55:32:16:d2:06:98:
b4:24:4f:eb:f9:bf:b7:97:c1:0b:c2:ab:8f:75:67:74:55:d1:
40:9b:fb:d9:8b:ba:2f:d7:8d:71:14:fd:38:d1:56:47:a2:ce:
4c:93:d7:23:45:58:a3:9a:25:56:77:98:31:bc:76:2f:36:36:
fb:c5:9d:4f
-----BEGIN CERTIFICATE-----
MIIGNDCCBRygAwIBAgIUD7SRVkc3SqEQqF8fCnlI9TjKiiwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MDMxMDMwNDBaFw0yNzA0MDIxMDM1NDBaMDMxMTAvBgNV
BAMTKDI3NjQ0N0I2MEY5ODhEM0FCN0FDQTJFRUI5MUZCOEM5M0UwODdFRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZGHoKCPpZJ8ffMbMA1Sqkhw92
ja645KHpRAlfYpww8lJVtsNZFXbngiKyZB5ajgm48Ar93DdXx/G+mCgqJ3nq5nl1
Vmyuput+FZ6LZQt3bO/ybac3MsPLrKxFMJ2o6oR4nPiGkmwIJuWt902/u/W3VMJA
PCdgqdljXQoAqS5uV7LXoHCtNE2pYR8Q5DeL3LLJjpjUfh0I2AZsDoW1XP64K3JW
v5Z5eMHSgvcdHLe/mZmAxi6gZA4RfBMuAB0N12ppDWRHEsvPLhDoKoDBASnyo2ue
tEttdLbLETN2Aq4ZcD/iQSirx6Inl6iwL4vgQFalJs89L45tE0KMTloXvsMXAgMB
AAGjggM+MIIDOjAdBgNVHQ4EFgQUJ2RHtg+YjTq3rKLuuR+4yT4IftEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCCAVMGCCsGAQUFBwEHAQH/BIIBQjCCAT4wgacEAgABMIGg
AwQAUhWKAwQBUhWSAwQBUhXEAwQAUhXZAwQAUhXwAwQAUhbyMAwDBABSFwcDBABS
FwwDBABSF9gDBABSF+gDBABSGAgDBABSGFYDBABSGN8DBABSGOYDBABSGdYDBABS
GeMDBABSGnkDBABSGtkDBABSG+IDBABSHV8wDAMEAFIdcQMEAFIdcgMEAVIddAME
AFId7gMEAFImDgMEALJTCjCBkQQCAAIwgYoDBwAqE5UAAAIwEgMHAioTlQAABAMH
AioTlQAAGDASAwcAKhOVAAApAwcAKhOVAAAsMBIDBwAqE5UAAC8DBwEqE5UAADAD
BwEqE5UAADQwEgMHACoTlQAAOwMHASoTlQAAPDASAwcDKhOVAABYAwcAKhOVAABa
MBIDBwAqE5UAAPEDBwEqE5UAAPgwDQYJKoZIhvcNAQELBQADggEBACHk3aMSE6lW
xyOH2f0r2oTJf3szLRjXC/zBXZosg8OV1M3HWHyUkd5kKmFQpKI04tWFxP7svWUU
h3wmBS3SAV5fgvoJzu3TL0E0GJfsFU06zZTbSGTmeMsCqoeRPQCVYjMa8Nm7pbgr
xuqtpv92x/NDRgZCbK1pBAQVzUkNiMPBSWDBFzt8ZMRsRztbGXgew+6fDGmGI7FY
opyqUwu9k/TzIgLYDBwB2A0pUtiwScz6012/ZFNzydx4kZwjdd3wQFUyFtIGmLQk
T+v5v7eXwQvCq491Z3RV0UCb+9mLui/XjXEU/TjRVkeizkyT1yNFWKOaJVZ3mDG8
di82NvvFnU8=
-----END CERTIFICATE-----
Generated at Fri Apr 17 05:57:11 2026 by rpki-client