Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9304.roa
File:                     AS9304.roa (raw, json)
Hash identifier:          UovuEtQ/OsRe4ZAUBoXs4hTE9+ccGMRkd0D96A/btjg=
Subject key identifier:   2A:F0:83:23:C5:DE:85:10:54:5A:10:F9:62:FA:84:9F:3F:9F:B8:86
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5E9BD5E29D13C8525F4B9EE72B9EEDEC94F6F964
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9304.roa
Signing time:             Fri 05 Jun 2026 06:29:16 +0000
ROA not before:           Fri 05 Jun 2026 06:24:16 +0000
ROA not after:            Fri 04 Jun 2027 06:29:16 +0000
asID:                     9304
IP address blocks:        143.20.32.0/24 maxlen: 24
                          143.20.35.0/24 maxlen: 24
                          143.20.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:39:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:9b:d5:e2:9d:13:c8:52:5f:4b:9e:e7:2b:9e:ed:ec:94:f6:f9:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 06:24:16 2026 GMT
            Not After : Jun  4 06:29:16 2027 GMT
        Subject: CN=2AF08323C5DE8510545A10F962FA849F3F9FB886
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:49:54:4a:41:2b:88:d6:46:3c:bd:0b:3e:96:
                    35:56:e4:68:7e:7f:b6:c0:4f:bb:94:09:2a:a9:ad:
                    76:7e:2e:83:f4:73:85:10:b0:81:6c:f9:fe:ba:c7:
                    d6:4b:df:80:aa:9c:64:5c:b1:28:b9:a8:d5:16:9a:
                    83:52:80:fa:6a:7f:ad:17:9a:cd:93:a5:aa:ce:54:
                    2d:bb:f8:41:ee:d1:8e:9f:83:bf:6a:41:30:c9:1f:
                    dc:7a:f5:3f:47:48:a3:34:88:37:9b:ef:ec:e5:76:
                    d4:b0:ca:05:d0:c8:24:90:a5:4b:8c:01:ff:11:52:
                    59:7b:96:72:cc:4d:b8:4e:83:d6:eb:11:a0:c9:2c:
                    3f:af:26:f3:ae:f3:b1:f8:93:0f:59:54:c5:0a:8c:
                    fb:03:bd:94:ad:33:76:2b:61:b2:55:14:ad:60:42:
                    79:8a:22:00:41:16:42:10:c9:2e:16:24:6c:73:ba:
                    fd:9c:55:2a:18:de:23:ef:da:ae:aa:61:80:aa:0a:
                    e1:b8:9e:9d:a0:20:d7:66:02:73:6c:0d:cf:5e:62:
                    97:d0:c9:9a:32:84:02:5a:c3:31:40:9e:ec:6b:e3:
                    8c:ed:58:71:00:a1:cd:b0:94:9b:42:36:e4:b3:6f:
                    7b:fd:59:51:49:88:df:5a:50:7e:5d:22:60:22:fb:
                    62:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:F0:83:23:C5:DE:85:10:54:5A:10:F9:62:FA:84:9F:3F:9F:B8:86
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.32.0/24
                  143.20.35.0/24
                  143.20.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:00:68:df:70:ef:6f:4f:b6:81:02:d6:75:2e:51:78:f3:fa:
         ab:6b:a4:88:21:18:39:44:f8:e3:10:02:60:4e:68:e2:25:ea:
         bb:e8:44:2e:09:3b:13:94:aa:aa:15:c4:d5:83:38:ae:dd:cf:
         30:cb:a7:cf:1f:8f:17:ff:96:99:65:f4:ba:ab:ca:7b:9d:3a:
         1e:98:80:11:fe:1d:41:2b:cc:97:17:ba:fd:e8:61:21:bc:40:
         d2:6d:80:15:f6:0c:bd:ab:5d:46:30:96:9f:d7:10:3e:7d:38:
         28:85:12:a0:f8:71:bc:44:ff:f3:2e:6f:d4:24:5c:f3:73:a0:
         69:b5:7d:73:14:7e:e7:34:4d:f5:d5:20:b3:1c:65:3a:1e:42:
         b6:32:6e:11:5c:9b:55:62:cd:97:e4:9e:b0:c1:d2:21:cb:3d:
         df:db:50:da:d3:02:80:60:0a:30:61:b7:b8:ab:5a:53:0f:4f:
         34:54:e1:41:2c:b1:b0:f9:7d:94:66:7b:65:cc:39:3d:ef:74:
         c0:d7:62:5f:51:ba:bd:e5:6c:e6:50:ef:08:fe:a4:43:23:ae:
         54:db:8f:e5:ba:1b:15:a7:6e:a9:76:0c:c5:72:37:2e:83:0d:
         b7:51:ca:df:af:d9:1a:53:f5:9e:1c:6d:00:47:58:1e:f2:3b:
         10:ee:7b:01
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUXpvV4p0TyFJfS57nK57t7JT2+WQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA2MDUwNjI0MTZaFw0yNzA2MDQwNjI5MTZaMDMxMTAvBgNV
BAMTKDJBRjA4MzIzQzVERTg1MTA1NDVBMTBGOTYyRkE4NDlGM0Y5RkI4ODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0SVRKQSuI1kY8vQs+ljVW5Gh+
f7bAT7uUCSqprXZ+LoP0c4UQsIFs+f66x9ZL34CqnGRcsSi5qNUWmoNSgPpqf60X
ms2TparOVC27+EHu0Y6fg79qQTDJH9x69T9HSKM0iDeb7+zldtSwygXQyCSQpUuM
Af8RUll7lnLMTbhOg9brEaDJLD+vJvOu87H4kw9ZVMUKjPsDvZStM3YrYbJVFK1g
QnmKIgBBFkIQyS4WJGxzuv2cVSoY3iPv2q6qYYCqCuG4np2gINdmAnNsDc9eYpfQ
yZoyhAJawzFAnuxr44ztWHEAoc2wlJtCNuSzb3v9WVFJiN9aUH5dImAi+2IxAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUKvCDI8XehRBUWhD5YvqEnz+fuIYwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTOTMwNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAI8UIAME
AI8UIwMEAI8UVDANBgkqhkiG9w0BAQsFAAOCAQEAOABo33Dvb0+2gQLWdS5RePP6
q2ukiCEYOUT44xACYE5o4iXqu+hELgk7E5SqqhXE1YM4rt3PMMunzx+PF/+WmWX0
uqvKe506HpiAEf4dQSvMlxe6/ehhIbxA0m2AFfYMvatdRjCWn9cQPn04KIUSoPhx
vET/8y5v1CRc83OgabV9cxR+5zRN9dUgsxxlOh5CtjJuEVybVWLNl+SesMHSIcs9
39tQ2tMCgGAKMGG3uKtaUw9PNFThQSyxsPl9lGZ7Zcw5Pe90wNdiX1G6veVs5lDv
CP6kQyOuVNuP5bobFaduqXYMxXI3LoMNt1HK36/ZGlP1nhxtAEdYHvI7EO57AQ==
-----END CERTIFICATE-----