Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS9304.roa
File:                     AS9304.roa (raw, json)
Hash identifier:          jfLGzmpsxxMuLj1OZ7wa01nYM1EjXi22ynhGI8qIf/E=
Subject key identifier:   D0:4A:C5:CD:57:15:86:AA:65:6A:74:C4:6A:B0:1E:CA:61:A3:B2:0C
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7B8328740FDC5E1D835C54F195797CEC56C85F56
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS9304.roa
Signing time:             Thu 23 Oct 2025 02:08:06 +0000
ROA not before:           Thu 23 Oct 2025 02:03:06 +0000
ROA not after:            Thu 22 Oct 2026 02:08:06 +0000
asID:                     9304
IP address blocks:        91.206.2.0/24 maxlen: 24
                          194.5.147.0/24 maxlen: 24
                          194.147.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:83:28:74:0f:dc:5e:1d:83:5c:54:f1:95:79:7c:ec:56:c8:5f:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct 23 02:03:06 2025 GMT
            Not After : Oct 22 02:08:06 2026 GMT
        Subject: CN=D04AC5CD571586AA656A74C46AB01ECA61A3B20C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d1:43:40:4b:e1:5c:8d:c0:70:ae:22:37:b7:
                    f5:c5:fd:49:07:ac:8b:17:e1:f6:c5:a0:9e:b6:10:
                    ce:f3:e1:a5:2a:96:58:3a:96:df:a4:06:77:01:ec:
                    61:e0:ed:a4:07:74:38:7d:33:1e:a9:8b:f6:6d:ac:
                    c7:75:12:1d:4e:cc:ed:07:42:db:f8:d9:33:d2:71:
                    c8:a8:a5:6e:6d:40:a4:6f:6b:26:32:83:ff:8e:19:
                    a2:9f:1a:59:f3:08:75:c8:c5:71:2e:0d:d6:e9:8d:
                    2d:2f:a6:8f:29:c2:f3:d5:ff:fc:0a:cc:22:35:03:
                    ba:30:71:89:a5:7b:73:4e:6d:88:48:ce:37:5c:4e:
                    03:e4:c1:99:59:22:ad:4e:b6:3b:97:10:55:69:73:
                    d9:98:65:3a:04:ed:84:13:8e:16:8d:b8:66:4b:4c:
                    eb:b6:d8:e9:26:9b:19:5f:3e:a2:20:1b:68:58:f8:
                    c7:3a:8b:0d:5a:da:36:dd:03:41:af:c9:4c:51:b5:
                    2f:eb:1d:d4:88:33:2e:55:29:43:82:79:87:31:f7:
                    3f:46:3c:88:56:74:a6:e0:79:a8:a2:33:fb:91:10:
                    9b:ad:68:be:5b:bd:6f:8f:37:42:0b:90:48:34:d5:
                    38:30:da:71:27:84:29:39:ff:91:92:e4:56:c4:77:
                    11:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:4A:C5:CD:57:15:86:AA:65:6A:74:C4:6A:B0:1E:CA:61:A3:B2:0C
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS9304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.2.0/24
                  194.5.147.0/24
                  194.147.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:64:2c:a8:d9:1e:8f:54:b9:b1:19:1b:43:b8:7a:bf:89:ac:
         81:f5:ce:89:5a:06:59:d6:8b:55:fe:21:38:25:dd:4e:f0:9f:
         7b:7b:cd:64:cc:c4:35:a4:a1:33:a9:ff:02:e2:7d:3f:2b:9f:
         c4:8f:3a:bd:ce:e6:d4:16:21:b4:07:48:b3:0e:c5:8d:30:ad:
         8f:37:a6:c7:c5:6b:24:83:d6:45:33:53:b2:92:7b:b6:51:80:
         c0:c8:f0:fc:eb:3f:c1:bf:30:d5:01:eb:b4:bb:08:20:f4:81:
         90:7c:42:f8:3e:98:ac:f1:c2:04:6f:4a:9d:b1:27:5f:1c:d2:
         58:5f:c6:58:0b:2e:fc:e3:76:e0:b7:41:65:40:ca:8c:84:83:
         7d:6e:59:d3:58:fb:21:a6:92:27:b7:89:12:df:88:a7:72:25:
         cf:75:59:13:0f:26:79:fc:e7:36:c6:fe:1f:c3:59:da:ef:f7:
         bd:51:fc:45:bd:56:ba:37:85:ca:6b:29:dd:73:14:fb:3e:b2:
         0c:87:71:eb:35:fa:f4:2d:59:9a:2f:4c:3b:9f:71:c9:8c:11:
         f6:d9:f1:2b:a2:9a:63:aa:fb:a9:46:80:e3:fe:e0:93:76:6d:
         75:34:f0:8f:40:6c:1c:66:8a:49:3f:b0:cc:00:a1:0b:fc:db:
         d4:1b:0d:7d
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUe4ModA/cXh2DXFTxlXl87FbIX1YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTEwMjMwMjAzMDZaFw0yNjEwMjIwMjA4MDZaMDMxMTAvBgNV
BAMTKEQwNEFDNUNENTcxNTg2QUE2NTZBNzRDNDZBQjAxRUNBNjFBM0IyMEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz0UNAS+FcjcBwriI3t/XF/UkH
rIsX4fbFoJ62EM7z4aUqllg6lt+kBncB7GHg7aQHdDh9Mx6pi/ZtrMd1Eh1OzO0H
Qtv42TPScciopW5tQKRvayYyg/+OGaKfGlnzCHXIxXEuDdbpjS0vpo8pwvPV//wK
zCI1A7owcYmle3NObYhIzjdcTgPkwZlZIq1OtjuXEFVpc9mYZToE7YQTjhaNuGZL
TOu22OkmmxlfPqIgG2hY+Mc6iw1a2jbdA0GvyUxRtS/rHdSIMy5VKUOCeYcx9z9G
PIhWdKbgeaiiM/uREJutaL5bvW+PN0ILkEg01Tgw2nEnhCk5/5GS5FbEdxHPAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQU0ErFzVcVhqplanTEarAeymGjsgwwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTOTMwNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAFvOAgME
AMIFkwMEAMKTBDANBgkqhkiG9w0BAQsFAAOCAQEAW2QsqNkej1S5sRkbQ7h6v4ms
gfXOiVoGWdaLVf4hOCXdTvCfe3vNZMzENaShM6n/AuJ9PyufxI86vc7m1BYhtAdI
sw7FjTCtjzemx8VrJIPWRTNTspJ7tlGAwMjw/Os/wb8w1QHrtLsIIPSBkHxC+D6Y
rPHCBG9KnbEnXxzSWF/GWAsu/ON24LdBZUDKjISDfW5Z01j7IaaSJ7eJEt+Ip3Il
z3VZEw8mefznNsb+H8NZ2u/3vVH8Rb1WujeFymsp3XMU+z6yDIdx6zX69C1Zmi9M
O59xyYwR9tnxK6KaY6r7qUaA4/7gk3ZtdTTwj0BsHGaKST+wzAChC/zb1BsNfQ==
-----END CERTIFICATE-----