Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS9304.roa
File:                     AS9304.roa (raw, json)
Hash identifier:          aUIEjry/8xvMukgC7EuwoKO1J9r+3/lJ8rn3pcyNbyw=
Subject key identifier:   1D:43:83:3F:4B:40:5B:1E:4C:56:E1:2C:2C:78:DB:35:17:62:95:EB
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       618A847289B64AE2D4C9A39C0508F20C15D8A961
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS9304.roa
Signing time:             Mon 16 Feb 2026 11:34:07 +0000
ROA not before:           Mon 16 Feb 2026 11:29:07 +0000
ROA not after:            Mon 15 Feb 2027 11:34:07 +0000
asID:                     9304
IP address blocks:        185.155.222.0/24 maxlen: 24
                          192.166.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:19:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:8a:84:72:89:b6:4a:e2:d4:c9:a3:9c:05:08:f2:0c:15:d8:a9:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb 16 11:29:07 2026 GMT
            Not After : Feb 15 11:34:07 2027 GMT
        Subject: CN=1D43833F4B405B1E4C56E12C2C78DB35176295EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:12:ac:fc:8f:eb:34:ff:63:4e:9a:7b:12:c8:
                    51:f7:5c:e7:1c:16:ab:2f:18:36:9e:dd:54:7b:61:
                    1e:45:d6:4f:84:8b:0f:cf:27:88:81:de:3f:06:e3:
                    5c:0b:d8:34:eb:0d:39:5f:94:d2:63:f7:9f:db:43:
                    e0:32:ea:a4:8c:a6:60:13:f5:9f:b5:c6:06:fc:c9:
                    13:4e:f9:29:2d:08:24:8e:cc:9e:a0:a0:d0:4e:73:
                    66:6e:b6:0f:c9:b9:9c:a2:39:f6:fe:03:1a:7f:32:
                    8e:9d:bd:e1:7b:bf:7f:ff:9b:64:bd:fc:91:88:ce:
                    c1:ea:23:b9:13:d7:3b:c5:64:02:6e:a5:e3:b8:66:
                    1f:e1:01:42:97:39:8f:e7:0b:0a:3b:e0:1c:be:ba:
                    59:22:91:3c:cb:49:11:1c:3d:6c:f9:69:2c:5a:85:
                    79:5c:4a:04:de:71:01:0a:ff:4c:94:2b:8b:c5:21:
                    a3:47:f8:16:23:95:f1:75:8d:dc:ca:7c:31:a1:ed:
                    ce:2b:c5:6f:8d:0e:b9:7c:8a:4e:58:b2:f3:be:d6:
                    62:de:bc:56:b4:7d:af:74:95:9f:fa:f6:56:7a:b0:
                    9b:6b:f6:af:d8:dd:dd:46:6e:10:d9:90:04:3f:2d:
                    3c:4b:cd:c1:a1:94:94:0c:9b:5c:47:5c:0d:a0:7d:
                    6c:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:43:83:3F:4B:40:5B:1E:4C:56:E1:2C:2C:78:DB:35:17:62:95:EB
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS9304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.222.0/24
                  192.166.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:81:9c:99:13:bc:57:f6:cb:11:f5:e2:dd:45:14:74:29:76:
         35:4e:3d:21:41:cd:8b:d7:b1:36:4e:a3:f7:88:42:a8:f4:8e:
         87:66:16:28:3d:5e:c0:3e:87:01:15:42:7c:3a:d1:7b:1b:ef:
         3a:37:30:e5:f2:1e:64:07:40:ad:c6:7d:cc:8a:8b:9e:25:63:
         89:ee:9f:2a:11:c7:89:76:42:75:66:74:31:3a:5d:04:da:3f:
         b0:94:20:26:d3:68:f9:fb:3f:12:5f:a5:6a:a5:cd:a8:e6:3e:
         54:65:40:7b:85:b6:5d:f2:23:f4:f5:e2:1d:69:b9:30:67:13:
         86:c8:f6:d3:57:30:5f:23:04:40:20:00:e9:5d:fb:51:b3:46:
         c1:c7:86:94:1b:a6:40:ec:fb:4c:55:84:ff:f2:61:3d:61:8b:
         7d:ce:c6:b1:29:ff:c7:3f:77:15:d3:77:cc:3e:5d:06:96:65:
         61:cd:37:9e:48:06:c0:c6:42:1b:8d:69:9f:b9:7c:85:c5:36:
         8d:42:f9:30:a6:ea:a9:88:78:0b:0c:9d:49:8c:73:96:92:af:
         8d:84:ea:0d:29:fa:7a:d1:e6:68:3b:62:7c:2a:af:87:b3:c8:
         cb:e3:11:4e:c7:86:ee:c9:36:e2:37:dc:f0:c2:b7:b0:1a:62:
         96:99:19:29
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIUYYqEcom2SuLUyaOcBQjyDBXYqWEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAyMTYxMTI5MDdaFw0yNzAyMTUxMTM0MDdaMDMxMTAvBgNV
BAMTKDFENDM4MzNGNEI0MDVCMUU0QzU2RTEyQzJDNzhEQjM1MTc2Mjk1RUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+Eqz8j+s0/2NOmnsSyFH3XOcc
FqsvGDae3VR7YR5F1k+Eiw/PJ4iB3j8G41wL2DTrDTlflNJj95/bQ+Ay6qSMpmAT
9Z+1xgb8yRNO+SktCCSOzJ6goNBOc2Zutg/JuZyiOfb+Axp/Mo6dveF7v3//m2S9
/JGIzsHqI7kT1zvFZAJupeO4Zh/hAUKXOY/nCwo74By+ulkikTzLSREcPWz5aSxa
hXlcSgTecQEK/0yUK4vFIaNH+BYjlfF1jdzKfDGh7c4rxW+NDrl8ik5YsvO+1mLe
vFa0fa90lZ/69lZ6sJtr9q/Y3d1GbhDZkAQ/LTxLzcGhlJQMm1xHXA2gfWzRAgMB
AAGjggIOMIICCjAdBgNVHQ4EFgQUHUODP0tAWx5MVuEsLHjbNRdileswHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTOTMwNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEALmb3gME
AMCmcjANBgkqhkiG9w0BAQsFAAOCAQEAnYGcmRO8V/bLEfXi3UUUdCl2NU49IUHN
i9exNk6j94hCqPSOh2YWKD1ewD6HARVCfDrRexvvOjcw5fIeZAdArcZ9zIqLniVj
ie6fKhHHiXZCdWZ0MTpdBNo/sJQgJtNo+fs/El+laqXNqOY+VGVAe4W2XfIj9PXi
HWm5MGcThsj201cwXyMEQCAA6V37UbNGwceGlBumQOz7TFWE//JhPWGLfc7GsSn/
xz93FdN3zD5dBpZlYc03nkgGwMZCG41pn7l8hcU2jUL5MKbqqYh4CwydSYxzlpKv
jYTqDSn6etHmaDtifCqvh7PIy+MRTseG7sk24jfc8MK3sBpilpkZKQ==
-----END CERTIFICATE-----