Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS9009.roa
File: AS9009.roa (raw, json)
Hash identifier: zV9+g19zrqxEDq9p+9ga1Q5HptgspcSsihZ9xHmnw6Q=
Subject key identifier: E7:BC:13:9E:D8:EE:DB:03:BE:70:03:0F:15:8D:57:A8:9B:EF:D5:62
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 20E99AF63A352DF70B2AF42D4E711DDC8EFE31EF
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS9009.roa
Signing time: Sun 01 Mar 2026 00:17:18 +0000
ROA not before: Sun 01 Mar 2026 00:12:18 +0000
ROA not after: Sun 28 Feb 2027 00:17:18 +0000
asID: 9009
IP address blocks: 82.21.138.0/24 maxlen: 24
82.21.146.0/24 maxlen: 24
82.21.147.0/24 maxlen: 24
82.21.196.0/24 maxlen: 24
82.21.197.0/24 maxlen: 24
82.21.217.0/24 maxlen: 24
82.21.240.0/24 maxlen: 24
82.22.242.0/24 maxlen: 24
82.23.7.0/24 maxlen: 24
82.23.8.0/24 maxlen: 24
82.23.9.0/24 maxlen: 24
82.23.10.0/24 maxlen: 24
82.23.11.0/24 maxlen: 24
82.23.12.0/24 maxlen: 24
82.23.216.0/24 maxlen: 24
82.23.232.0/24 maxlen: 24
82.24.8.0/24 maxlen: 24
82.24.86.0/24 maxlen: 24
82.24.223.0/24 maxlen: 24
82.24.230.0/24 maxlen: 24
82.25.214.0/24 maxlen: 24
82.25.227.0/24 maxlen: 24
82.26.121.0/24 maxlen: 24
82.26.217.0/24 maxlen: 24
82.27.226.0/24 maxlen: 24
82.29.113.0/24 maxlen: 24
82.29.114.0/24 maxlen: 24
82.29.116.0/24 maxlen: 24
82.29.117.0/24 maxlen: 24
82.29.238.0/24 maxlen: 24
82.38.14.0/24 maxlen: 24
2a13:9500:2::/48 maxlen: 48
2a13:9500:4::/48 maxlen: 48
2a13:9500:5::/48 maxlen: 48
2a13:9500:6::/48 maxlen: 48
2a13:9500:7::/48 maxlen: 48
2a13:9500:8::/48 maxlen: 48
2a13:9500:9::/48 maxlen: 48
2a13:9500:a::/48 maxlen: 48
2a13:9500:b::/48 maxlen: 48
2a13:9500:c::/48 maxlen: 48
2a13:9500:d::/48 maxlen: 48
2a13:9500:e::/48 maxlen: 48
2a13:9500:f::/48 maxlen: 48
2a13:9500:10::/48 maxlen: 48
2a13:9500:11::/48 maxlen: 48
2a13:9500:12::/48 maxlen: 48
2a13:9500:13::/48 maxlen: 48
2a13:9500:14::/48 maxlen: 48
2a13:9500:15::/48 maxlen: 48
2a13:9500:16::/48 maxlen: 48
2a13:9500:17::/48 maxlen: 48
2a13:9500:18::/48 maxlen: 48
2a13:9500:19::/48 maxlen: 48
2a13:9500:1a::/48 maxlen: 48
2a13:9500:1b::/48 maxlen: 48
2a13:9500:29::/48 maxlen: 48
2a13:9500:2a::/48 maxlen: 48
2a13:9500:2b::/48 maxlen: 48
2a13:9500:2c::/48 maxlen: 48
2a13:9500:2f::/48 maxlen: 48
2a13:9500:30::/48 maxlen: 48
2a13:9500:31::/48 maxlen: 48
2a13:9500:34::/48 maxlen: 48
2a13:9500:35::/48 maxlen: 48
2a13:9500:3b::/48 maxlen: 48
2a13:9500:3c::/48 maxlen: 48
2a13:9500:3d::/48 maxlen: 48
2a13:9500:58::/48 maxlen: 48
2a13:9500:59::/48 maxlen: 48
2a13:9500:5a::/48 maxlen: 48
2a13:9500:f1::/48 maxlen: 48
2a13:9500:f2::/48 maxlen: 48
2a13:9500:f3::/48 maxlen: 48
2a13:9500:f4::/48 maxlen: 48
2a13:9500:f5::/48 maxlen: 48
2a13:9500:f6::/48 maxlen: 48
2a13:9500:f7::/48 maxlen: 48
2a13:9500:f8::/48 maxlen: 48
2a13:9500:f9::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 09:38:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:e9:9a:f6:3a:35:2d:f7:0b:2a:f4:2d:4e:71:1d:dc:8e:fe:31:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Mar 1 00:12:18 2026 GMT
Not After : Feb 28 00:17:18 2027 GMT
Subject: CN=E7BC139ED8EEDB03BE70030F158D57A89BEFD562
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:b2:3b:8a:14:e4:c2:5d:08:48:06:32:12:42:
64:e3:3f:4d:28:af:59:27:52:7d:81:81:8b:24:d2:
b9:2a:19:41:74:01:57:fc:22:1d:4c:4f:84:50:c7:
21:d9:28:16:67:00:5d:50:52:70:02:d2:94:03:13:
1b:7d:5d:8c:f5:71:3b:2a:1b:a3:32:a1:77:73:7d:
b8:c9:e6:10:49:76:fe:fb:3c:e6:60:09:e5:db:65:
86:29:fe:0d:1e:cf:0a:00:c3:e3:ec:c5:04:05:b5:
0c:b1:ec:86:6a:a6:16:7e:2a:31:9c:f1:02:b8:3c:
6a:18:06:74:76:78:3e:2b:1d:3c:50:9c:aa:6f:5b:
46:1f:88:a0:62:cb:7f:cd:63:56:44:84:00:66:01:
50:b8:59:bc:90:ae:49:a9:71:2e:d8:51:7e:f2:a5:
7d:f6:cd:c6:25:03:22:2a:cd:d0:36:4c:b8:31:0f:
ae:c9:0c:ad:fa:18:2d:e7:75:5d:b8:0a:38:92:21:
9b:05:c7:1a:af:40:f4:d1:0f:41:37:0a:b6:e0:d7:
0f:4d:ee:e9:01:c5:2f:79:12:2e:84:ff:9d:f1:25:
d3:36:0c:9c:f2:df:63:2b:c9:45:97:07:28:53:71:
39:0e:38:fe:86:7b:66:56:73:88:19:c5:11:de:9b:
93:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:BC:13:9E:D8:EE:DB:03:BE:70:03:0F:15:8D:57:A8:9B:EF:D5:62
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS9009.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.138.0/24
82.21.146.0/23
82.21.196.0/23
82.21.217.0/24
82.21.240.0/24
82.22.242.0/24
82.23.7.0-82.23.12.255
82.23.216.0/24
82.23.232.0/24
82.24.8.0/24
82.24.86.0/24
82.24.223.0/24
82.24.230.0/24
82.25.214.0/24
82.25.227.0/24
82.26.121.0/24
82.26.217.0/24
82.27.226.0/24
82.29.113.0-82.29.114.255
82.29.116.0/23
82.29.238.0/24
82.38.14.0/24
IPv6:
2a13:9500:2::/48
2a13:9500:4::-2a13:9500:1b:ffff:ffff:ffff:ffff:ffff
2a13:9500:29::-2a13:9500:2c:ffff:ffff:ffff:ffff:ffff
2a13:9500:2f::-2a13:9500:31:ffff:ffff:ffff:ffff:ffff
2a13:9500:34::/47
2a13:9500:3b::-2a13:9500:3d:ffff:ffff:ffff:ffff:ffff
2a13:9500:58::-2a13:9500:5a:ffff:ffff:ffff:ffff:ffff
2a13:9500:f1::-2a13:9500:f9:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
35:eb:4d:fc:cd:4d:55:82:7d:e3:6e:76:be:dd:6e:73:6b:84:
b1:5f:64:31:28:24:6f:d6:bb:cc:61:a1:94:9e:1f:a1:88:98:
b6:cf:12:57:97:b9:a9:97:3b:87:b8:c3:e7:ba:e4:cc:0e:59:
81:e0:b8:c1:3a:dc:7b:e2:93:e3:11:0c:48:d8:ca:f3:ee:fe:
b3:ba:1b:c6:8e:6a:d2:fe:ed:a4:4e:14:87:21:c3:f0:a1:90:
80:32:21:61:3e:62:f8:80:52:77:42:21:d3:59:5a:86:ca:f6:
34:08:de:5c:2a:6c:88:a5:02:4a:17:b7:49:4a:13:3f:ad:3d:
2f:0b:ec:13:b0:3d:ce:b3:8d:88:21:1f:52:a5:9f:05:ca:fb:
2d:e3:26:7d:cf:f6:4f:2a:7f:ce:8f:5a:16:4b:85:1e:66:ac:
50:6e:81:7c:41:a2:22:ef:58:60:08:53:ac:3c:1c:38:7e:6b:
28:a0:36:83:5b:9f:95:ee:8e:c5:8c:e3:eb:e7:e8:a2:57:8a:
aa:ff:32:42:20:b3:4e:39:b6:4d:ed:b1:4b:15:cb:88:43:aa:
e3:53:a9:94:91:a9:4b:c3:f9:60:3a:a1:12:e7:ce:e5:a1:87:
85:74:d6:8f:0c:88:f4:b7:98:a0:a5:dd:1e:55:74:0d:52:f8:
6c:4e:a5:ca
-----BEGIN CERTIFICATE-----
MIIGKDCCBRCgAwIBAgIUIOma9jo1LfcLKvQtTnEd3I7+Me8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMDEwMDEyMThaFw0yNzAyMjgwMDE3MThaMDMxMTAvBgNV
BAMTKEU3QkMxMzlFRDhFRURCMDNCRTcwMDMwRjE1OEQ1N0E4OUJFRkQ1NjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrsjuKFOTCXQhIBjISQmTjP00o
r1knUn2BgYsk0rkqGUF0AVf8Ih1MT4RQxyHZKBZnAF1QUnAC0pQDExt9XYz1cTsq
G6MyoXdzfbjJ5hBJdv77POZgCeXbZYYp/g0ezwoAw+PsxQQFtQyx7IZqphZ+KjGc
8QK4PGoYBnR2eD4rHTxQnKpvW0YfiKBiy3/NY1ZEhABmAVC4WbyQrkmpcS7YUX7y
pX32zcYlAyIqzdA2TLgxD67JDK36GC3ndV24CjiSIZsFxxqvQPTRD0E3Crbg1w9N
7ukBxS95Ei6E/53xJdM2DJzy32MryUWXByhTcTkOOP6Ge2ZWc4gZxRHem5PbAgMB
AAGjggMyMIIDLjAdBgNVHQ4EFgQU57wTntju2wO+cAMPFY1XqJvv1WIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCCAUcGCCsGAQUFBwEHAQH/BIIBNjCCATIwgZsEAgABMIGU
AwQAUhWKAwQBUhWSAwQBUhXEAwQAUhXZAwQAUhXwAwQAUhbyMAwDBABSFwcDBABS
FwwDBABSF9gDBABSF+gDBABSGAgDBABSGFYDBABSGN8DBABSGOYDBABSGdYDBABS
GeMDBABSGnkDBABSGtkDBABSG+IwDAMEAFIdcQMEAFIdcgMEAVIddAMEAFId7gME
AFImDjCBkQQCAAIwgYoDBwAqE5UAAAIwEgMHAioTlQAABAMHAioTlQAAGDASAwcA
KhOVAAApAwcAKhOVAAAsMBIDBwAqE5UAAC8DBwEqE5UAADADBwEqE5UAADQwEgMH
ACoTlQAAOwMHASoTlQAAPDASAwcDKhOVAABYAwcAKhOVAABaMBIDBwAqE5UAAPED
BwEqE5UAAPgwDQYJKoZIhvcNAQELBQADggEBADXrTfzNTVWCfeNudr7dbnNrhLFf
ZDEoJG/Wu8xhoZSeH6GImLbPEleXuamXO4e4w+e65MwOWYHguME63Hvik+MRDEjY
yvPu/rO6G8aOatL+7aROFIchw/ChkIAyIWE+YviAUndCIdNZWobK9jQI3lwqbIil
AkoXt0lKEz+tPS8L7BOwPc6zjYghH1KlnwXK+y3jJn3P9k8qf86PWhZLhR5mrFBu
gXxBoiLvWGAIU6w8HDh+ayigNoNbn5XujsWM4+vn6KJXiqr/MkIgs045tk3tsUsV
y4hDquNTqZSRqUvD+WA6oRLnzuWhh4V01o8MiPS3mKCl3R5VdA1S+GxOpco=
-----END CERTIFICATE-----
Generated at Sun Mar 1 20:12:33 2026 by rpki-client