Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS9009.roa
File: AS9009.roa (raw, json)
Hash identifier: CbSZskaQalMXqkmd6f16rG84fviCXZeimK7RylpQE9A=
Subject key identifier: 31:D3:AE:48:4C:7A:DB:43:44:55:0D:31:11:57:4F:65:3C:95:E0:1B
Certificate issuer: /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial: 2E807ADA724A3630A8534A322158B256AABBD2BA
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS9009.roa
Signing time: Sun 01 Mar 2026 00:17:16 +0000
ROA not before: Sun 01 Mar 2026 00:12:16 +0000
ROA not after: Sun 28 Feb 2027 00:17:16 +0000
asID: 9009
IP address blocks: 46.202.100.0/22 maxlen: 24
46.202.228.0/22 maxlen: 24
46.202.236.0/22 maxlen: 24
46.202.244.0/22 maxlen: 24
46.203.16.0/23 maxlen: 24
46.203.94.0/23 maxlen: 24
46.203.100.0/23 maxlen: 24
46.203.122.0/23 maxlen: 24
46.203.132.0/23 maxlen: 24
46.203.158.0/24 maxlen: 24
46.203.162.0/23 maxlen: 24
46.203.236.0/22 maxlen: 24
46.203.242.0/24 maxlen: 24
46.203.244.0/22 maxlen: 24
46.203.252.0/22 maxlen: 24
91.124.31.0/24 maxlen: 24
91.124.140.0/24 maxlen: 24
91.124.220.0/24 maxlen: 24
91.124.243.0/24 maxlen: 24
91.124.252.0/24 maxlen: 24
92.112.2.0/23 maxlen: 24
92.112.59.0/24 maxlen: 24
92.112.72.0/23 maxlen: 24
92.112.79.0/24 maxlen: 24
92.112.100.0/22 maxlen: 24
92.112.120.0/22 maxlen: 24
92.112.214.0/24 maxlen: 24
92.112.215.0/24 maxlen: 24
92.112.218.0/24 maxlen: 24
92.112.219.0/24 maxlen: 24
92.112.220.0/24 maxlen: 24
92.112.221.0/24 maxlen: 24
92.112.223.0/24 maxlen: 24
92.112.224.0/24 maxlen: 24
92.112.225.0/24 maxlen: 24
92.112.226.0/24 maxlen: 24
92.112.229.0/24 maxlen: 24
92.112.230.0/24 maxlen: 24
92.112.232.0/24 maxlen: 24
92.112.233.0/24 maxlen: 24
92.112.234.0/24 maxlen: 24
92.112.237.0/24 maxlen: 24
92.113.2.0/24 maxlen: 24
92.113.5.0/24 maxlen: 24
92.113.8.0/24 maxlen: 24
92.113.94.0/23 maxlen: 24
92.113.96.0/22 maxlen: 24
92.113.108.0/22 maxlen: 24
92.113.120.0/22 maxlen: 24
92.113.130.0/23 maxlen: 24
95.134.8.0/22 maxlen: 22
95.134.24.0/22 maxlen: 22
95.134.36.0/22 maxlen: 22
95.134.44.0/22 maxlen: 22
95.134.56.0/22 maxlen: 22
95.134.72.0/22 maxlen: 22
95.134.102.0/24 maxlen: 24
95.134.144.0/22 maxlen: 22
95.134.188.0/22 maxlen: 22
95.134.208.0/22 maxlen: 22
95.134.216.0/22 maxlen: 22
95.135.96.0/22 maxlen: 22
95.135.120.0/22 maxlen: 22
95.135.137.0/24 maxlen: 24
95.135.197.0/24 maxlen: 24
95.135.209.0/24 maxlen: 24
95.135.217.0/24 maxlen: 24
95.135.218.0/24 maxlen: 24
95.135.225.0/24 maxlen: 24
95.135.229.0/24 maxlen: 24
95.135.234.0/24 maxlen: 24
95.135.237.0/24 maxlen: 24
95.135.248.0/24 maxlen: 24
178.93.116.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 08:09:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2e:80:7a:da:72:4a:36:30:a8:53:4a:32:21:58:b2:56:aa:bb:d2:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Validity
Not Before: Mar 1 00:12:16 2026 GMT
Not After : Feb 28 00:17:16 2027 GMT
Subject: CN=31D3AE484C7ADB4344550D3111574F653C95E01B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:11:41:d1:b0:b9:02:5d:2f:e7:94:92:b6:22:
8d:dc:ce:1a:56:9a:e9:13:78:0f:96:6c:2f:fd:74:
54:9c:69:3d:b7:2e:9f:c4:62:7d:4f:6c:40:df:f0:
96:42:de:bd:bd:3d:bf:2e:51:dd:25:5b:bb:60:48:
61:dc:45:23:75:95:78:ac:f0:74:72:95:3f:a2:37:
98:f2:0f:6c:15:ce:5d:77:c8:9b:c5:ab:7d:4d:55:
26:f1:75:d6:f0:36:83:e1:64:59:74:32:03:63:bc:
c8:9b:95:f0:61:64:97:6f:99:48:d2:d7:4f:55:24:
31:2c:d5:1f:63:cf:2f:c3:ed:a3:23:49:1a:67:b0:
52:b1:9c:9a:ac:71:61:4f:56:9b:3b:f6:24:77:c7:
68:0f:5d:e1:ed:6f:0c:11:62:cf:21:81:a8:19:33:
ac:2f:0e:7a:8a:95:cd:df:94:33:f1:0d:ac:71:4d:
07:4c:80:cb:f6:0b:d3:06:6d:66:a8:d0:e5:f5:a4:
aa:22:5d:b7:93:b7:70:6d:27:22:2a:5f:47:98:03:
e2:ad:50:9a:31:48:5e:a6:50:d3:6b:0f:36:71:6c:
fe:42:2f:37:19:a9:6d:3b:98:42:d7:7d:cf:d6:a9:
d7:69:55:2d:11:a7:63:73:0f:5c:0e:cd:a0:77:9b:
83:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:D3:AE:48:4C:7A:DB:43:44:55:0D:31:11:57:4F:65:3C:95:E0:1B
X509v3 Authority Key Identifier:
keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS9009.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.202.100.0/22
46.202.228.0/22
46.202.236.0/22
46.202.244.0/22
46.203.16.0/23
46.203.94.0/23
46.203.100.0/23
46.203.122.0/23
46.203.132.0/23
46.203.158.0/24
46.203.162.0/23
46.203.236.0/22
46.203.242.0/24
46.203.244.0/22
46.203.252.0/22
91.124.31.0/24
91.124.140.0/24
91.124.220.0/24
91.124.243.0/24
91.124.252.0/24
92.112.2.0/23
92.112.59.0/24
92.112.72.0/23
92.112.79.0/24
92.112.100.0/22
92.112.120.0/22
92.112.214.0/23
92.112.218.0-92.112.221.255
92.112.223.0-92.112.226.255
92.112.229.0-92.112.230.255
92.112.232.0-92.112.234.255
92.112.237.0/24
92.113.2.0/24
92.113.5.0/24
92.113.8.0/24
92.113.94.0-92.113.99.255
92.113.108.0/22
92.113.120.0/22
92.113.130.0/23
95.134.8.0/22
95.134.24.0/22
95.134.36.0/22
95.134.44.0/22
95.134.56.0/22
95.134.72.0/22
95.134.102.0/24
95.134.144.0/22
95.134.188.0/22
95.134.208.0/22
95.134.216.0/22
95.135.96.0/22
95.135.120.0/22
95.135.137.0/24
95.135.197.0/24
95.135.209.0/24
95.135.217.0-95.135.218.255
95.135.225.0/24
95.135.229.0/24
95.135.234.0/24
95.135.237.0/24
95.135.248.0/24
178.93.116.0/24
Signature Algorithm: sha256WithRSAEncryption
98:26:50:de:79:d4:ca:1f:5d:44:72:95:fe:dd:61:d1:7b:f6:
d3:ec:60:a3:84:58:1f:32:4f:6a:85:55:32:a1:1e:f0:af:d5:
90:fd:c4:cf:db:92:57:d3:6d:53:f4:08:0c:71:dd:a5:0d:3d:
6f:b0:3d:1c:33:45:6d:4f:a9:e6:3b:22:e9:78:a3:0e:23:2b:
a8:04:f8:e2:51:1c:34:07:b1:ed:e7:ca:2c:be:b0:3d:48:49:
35:e4:2c:0b:22:9e:3e:d8:92:50:2a:51:d3:20:77:cd:bc:93:
0a:72:b0:19:81:49:92:8a:72:a0:3b:68:d9:50:5a:12:ae:3f:
fe:d6:be:13:70:e3:ea:dd:ec:cb:31:5d:8c:01:ec:21:3a:a7:
ba:35:a4:1a:bb:c7:56:22:61:fe:44:a8:b2:55:a6:5c:ce:f9:
1d:36:e2:e0:05:e3:07:bf:7e:84:64:05:2e:cd:eb:81:1b:87:
e5:22:09:be:fd:d6:e7:c3:42:69:ad:52:9c:7e:6f:73:9d:bf:
8d:f1:d6:d3:1f:7b:c3:f4:33:cd:15:58:82:7c:5f:f6:c6:8e:
8b:6f:ce:ff:6e:11:d8:04:41:e9:6c:29:72:e5:93:38:44:b3:
c1:21:f4:3f:db:01:2b:e9:9a:c7:7d:2b:30:d1:1d:a9:0e:ef:
7a:90:8d:89
-----BEGIN CERTIFICATE-----
MIIGpjCCBY6gAwIBAgIULoB62nJKNjCoU0oyIViyVqq70rowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAzMDEwMDEyMTZaFw0yNzAyMjgwMDE3MTZaMDMxMTAvBgNV
BAMTKDMxRDNBRTQ4NEM3QURCNDM0NDU1MEQzMTExNTc0RjY1M0M5NUUwMUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnEUHRsLkCXS/nlJK2Io3czhpW
mukTeA+WbC/9dFScaT23Lp/EYn1PbEDf8JZC3r29Pb8uUd0lW7tgSGHcRSN1lXis
8HRylT+iN5jyD2wVzl13yJvFq31NVSbxddbwNoPhZFl0MgNjvMiblfBhZJdvmUjS
109VJDEs1R9jzy/D7aMjSRpnsFKxnJqscWFPVps79iR3x2gPXeHtbwwRYs8hgagZ
M6wvDnqKlc3flDPxDaxxTQdMgMv2C9MGbWao0OX1pKoiXbeTt3BtJyIqX0eYA+Kt
UJoxSF6mUNNrDzZxbP5CLzcZqW07mELXfc/WqddpVS0Rp2NzD1wOzaB3m4NlAgMB
AAGjggOwMIIDrDAdBgNVHQ4EFgQUMdOuSEx620NEVQ0xEVdPZTyV4BswHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCCAcUGCCsGAQUFBwEHAQH/BIIBtDCCAbAwggGsBAIAATCC
AaQDBAIuymQDBAIuyuQDBAIuyuwDBAIuyvQDBAEuyxADBAEuy14DBAEuy2QDBAEu
y3oDBAEuy4QDBAAuy54DBAEuy6IDBAIuy+wDBAAuy/IDBAIuy/QDBAIuy/wDBABb
fB8DBABbfIwDBABbfNwDBABbfPMDBABbfPwDBAFccAIDBABccDsDBAFccEgDBABc
cE8DBAJccGQDBAJccHgDBAFccNYwDAMEAVxw2gMEAVxw3DAMAwQAXHDfAwQAXHDi
MAwDBABccOUDBABccOYwDAMEA1xw6AMEAFxw6gMEAFxw7QMEAFxxAgMEAFxxBQME
AFxxCDAMAwQBXHFeAwQCXHFgAwQCXHFsAwQCXHF4AwQBXHGCAwQCX4YIAwQCX4YY
AwQCX4YkAwQCX4YsAwQCX4Y4AwQCX4ZIAwQAX4ZmAwQCX4aQAwQCX4a8AwQCX4bQ
AwQCX4bYAwQCX4dgAwQCX4d4AwQAX4eJAwQAX4fFAwQAX4fRMAwDBABfh9kDBABf
h9oDBABfh+EDBABfh+UDBABfh+oDBABfh+0DBABfh/gDBACyXXQwDQYJKoZIhvcN
AQELBQADggEBAJgmUN551MofXURylf7dYdF79tPsYKOEWB8yT2qFVTKhHvCv1ZD9
xM/bklfTbVP0CAxx3aUNPW+wPRwzRW1PqeY7Iul4ow4jK6gE+OJRHDQHse3nyiy+
sD1ISTXkLAsinj7YklAqUdMgd828kwpysBmBSZKKcqA7aNlQWhKuP/7WvhNw4+rd
7MsxXYwB7CE6p7o1pBq7x1YiYf5EqLJVplzO+R024uAF4we/foRkBS7N64Ebh+Ui
Cb791ufDQmmtUpx+b3Odv43x1tMfe8P0M80VWIJ8X/bGjotvzv9uEdgEQelsKXLl
kzhEs8Eh9D/bASvpmsd9KzDRHakO73qQjYk=
-----END CERTIFICATE-----
Generated at Sun Mar 1 20:10:45 2026 by rpki-client