Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS9304.roa
File:                     AS9304.roa (raw, json)
Hash identifier:          sPbjLS4wKZskMFbeCJaeHvx4FDAARPLusX9D/eokFig=
Subject key identifier:   F4:21:6E:0A:C6:79:AB:24:3B:6A:1A:2C:7C:A0:39:DE:9D:F0:05:3E
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       4978CE142B398256618F62D8E922731BB2028BB0
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS9304.roa
Signing time:             Fri 05 Jun 2026 13:51:34 +0000
ROA not before:           Fri 05 Jun 2026 13:46:34 +0000
ROA not after:            Fri 04 Jun 2027 13:51:34 +0000
asID:                     9304
IP address blocks:        147.78.120.0/24 maxlen: 24
                          193.5.11.0/24 maxlen: 24
                          193.164.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 17:54:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:78:ce:14:2b:39:82:56:61:8f:62:d8:e9:22:73:1b:b2:02:8b:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun  5 13:46:34 2026 GMT
            Not After : Jun  4 13:51:34 2027 GMT
        Subject: CN=F4216E0AC679AB243B6A1A2C7CA039DE9DF0053E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:23:d5:d5:56:98:08:9d:43:53:aa:c6:04:d6:
                    1e:78:03:3f:4f:ed:ac:61:39:04:fa:83:c1:d7:07:
                    e6:1d:64:06:f2:4d:f4:65:b4:c4:e3:f7:b7:8a:45:
                    c9:b4:10:c0:11:21:cd:ba:e8:0d:b1:bd:48:44:95:
                    54:5b:56:11:27:3d:ca:41:f7:e8:b6:c9:c7:0c:08:
                    97:eb:c0:cb:2f:01:86:7e:a7:48:8b:a1:96:13:f0:
                    05:3e:6a:22:84:9e:4d:8e:5d:95:fd:4a:19:da:81:
                    4b:73:d2:c9:cb:0e:4b:44:37:12:d5:05:f6:da:b0:
                    9d:c2:33:66:c1:cc:6d:fb:6b:ef:69:82:c1:ec:29:
                    2b:4f:57:28:1d:eb:88:6d:35:50:00:37:10:25:49:
                    2e:52:e2:15:db:6f:0a:d2:d2:be:75:c5:83:ef:41:
                    d7:a8:02:e8:74:5c:23:9f:75:01:2f:19:b8:64:eb:
                    e2:69:69:25:4f:af:72:65:c9:f6:ae:78:a9:d6:be:
                    52:c6:d1:a7:3e:95:54:30:2c:fd:29:fd:18:54:c1:
                    43:09:ce:4a:4b:cc:01:d8:f9:ad:de:a6:6b:ef:dc:
                    19:8d:18:2c:c7:69:41:57:ee:31:be:d0:20:00:51:
                    53:7d:cc:91:19:2d:4a:d6:81:a2:53:45:ea:6d:52:
                    ce:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:21:6E:0A:C6:79:AB:24:3B:6A:1A:2C:7C:A0:39:DE:9D:F0:05:3E
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS9304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.120.0/24
                  193.5.11.0/24
                  193.164.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:38:07:37:1b:1a:5d:6f:fc:c4:01:37:f1:d3:7c:dd:e9:58:
         f6:8f:d3:36:f3:38:cd:35:a2:c3:ed:9f:9d:c0:e5:12:1f:9c:
         dc:48:b1:33:29:05:1d:14:17:03:cd:42:1e:27:df:08:2a:fa:
         a6:84:d1:31:bf:c6:77:cf:76:8f:06:5c:89:24:92:d4:50:8d:
         ce:31:8e:8d:77:10:9b:85:25:e5:22:42:d9:1a:49:10:b5:31:
         d4:72:ca:67:5c:35:72:fa:98:25:13:6d:2d:f6:61:ee:65:03:
         5b:fe:ed:5d:1f:4a:7a:3c:3b:a4:a2:45:da:8b:f4:7f:76:85:
         94:8a:92:07:43:8f:e6:8c:cd:3f:df:de:d1:ad:45:45:ca:8c:
         12:8a:6a:3b:35:fc:34:70:63:3d:e3:1f:2d:9b:b6:05:72:e2:
         a4:37:51:a2:2a:cf:4b:bd:33:9d:da:e9:19:12:9c:31:9b:7e:
         d9:8c:ae:02:87:41:f1:10:2d:cc:fd:46:be:30:86:27:90:c3:
         ea:22:d3:62:08:1b:37:e4:3b:ca:f6:ba:e8:69:b5:c3:c2:06:
         0f:05:00:e0:bc:5f:9f:e1:8e:7b:ee:99:ed:ed:55:97:ca:5c:
         fe:61:6f:c6:13:27:25:7c:b4:97:9c:35:dc:c5:d9:71:8a:5b:
         11:3f:6a:9f
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUSXjOFCs5glZhj2LY6SJzG7ICi7AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA2MDUxMzQ2MzRaFw0yNzA2MDQxMzUxMzRaMDMxMTAvBgNV
BAMTKEY0MjE2RTBBQzY3OUFCMjQzQjZBMUEyQzdDQTAzOURFOURGMDA1M0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1I9XVVpgInUNTqsYE1h54Az9P
7axhOQT6g8HXB+YdZAbyTfRltMTj97eKRcm0EMARIc266A2xvUhElVRbVhEnPcpB
9+i2yccMCJfrwMsvAYZ+p0iLoZYT8AU+aiKEnk2OXZX9ShnagUtz0snLDktENxLV
BfbasJ3CM2bBzG37a+9pgsHsKStPVygd64htNVAANxAlSS5S4hXbbwrS0r51xYPv
QdeoAuh0XCOfdQEvGbhk6+JpaSVPr3JlyfaueKnWvlLG0ac+lVQwLP0p/RhUwUMJ
zkpLzAHY+a3epmvv3BmNGCzHaUFX7jG+0CAAUVN9zJEZLUrWgaJTReptUs7NAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQU9CFuCsZ5qyQ7ahosfKA53p3wBT4wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTOTMwNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAJNOeAME
AMEFCwMEAMGkATANBgkqhkiG9w0BAQsFAAOCAQEAcTgHNxsaXW/8xAE38dN83elY
9o/TNvM4zTWiw+2fncDlEh+c3EixMykFHRQXA81CHiffCCr6poTRMb/Gd892jwZc
iSSS1FCNzjGOjXcQm4Ul5SJC2RpJELUx1HLKZ1w1cvqYJRNtLfZh7mUDW/7tXR9K
ejw7pKJF2ov0f3aFlIqSB0OP5ozNP9/e0a1FRcqMEopqOzX8NHBjPeMfLZu2BXLi
pDdRoirPS70zndrpGRKcMZt+2YyuAodB8RAtzP1GvjCGJ5DD6iLTYggbN+Q7yva6
6Gm1w8IGDwUA4Lxfn+GOe+6Z7e1Vl8pc/mFvxhMnJXy0l5w13MXZcYpbET9qnw==
-----END CERTIFICATE-----