Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9304.roa
File:                     AS9304.roa (raw, json)
Hash identifier:          qbQszpZHkH/n9u9/bvH6bTeXPm1cfhdh2I33OMBoOug=
Subject key identifier:   4C:C3:7D:C6:91:DA:B6:B2:B9:DD:40:70:02:1C:77:98:B9:80:FB:C8
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5BDBB05198DCC686320CD1B5CDEBD5504A2540B3
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9304.roa
Signing time:             Sat 21 Feb 2026 09:50:16 +0000
ROA not before:           Sat 21 Feb 2026 09:45:16 +0000
ROA not after:            Sat 20 Feb 2027 09:50:16 +0000
asID:                     9304
IP address blocks:        143.20.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:36:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:db:b0:51:98:dc:c6:86:32:0c:d1:b5:cd:eb:d5:50:4a:25:40:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Feb 21 09:45:16 2026 GMT
            Not After : Feb 20 09:50:16 2027 GMT
        Subject: CN=4CC37DC691DAB6B2B9DD4070021C7798B980FBC8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:5c:7a:7f:c9:0d:85:ac:6d:20:ae:25:05:69:
                    29:51:c8:c5:a3:83:b1:1b:32:b4:02:cd:d1:a4:ba:
                    af:44:be:14:37:c4:84:1a:74:28:79:d5:22:b6:09:
                    fd:55:78:84:e3:64:85:4b:1f:03:1c:e9:44:cb:6f:
                    78:f0:0c:fe:44:97:7f:3e:63:44:41:39:fb:1c:5d:
                    1c:5a:dd:c4:b0:86:8c:0b:53:16:10:80:46:bb:9f:
                    ca:18:2b:89:91:f5:2a:ee:64:c5:be:b7:ce:bc:79:
                    36:53:0d:c5:0c:90:63:f2:59:cd:04:16:8d:21:2d:
                    ba:86:fc:48:c3:0a:7b:7c:82:c4:80:98:e6:73:36:
                    a5:84:5a:9e:23:75:fa:0b:48:23:be:2b:43:35:32:
                    17:fd:7c:d0:e0:f1:6e:a2:21:e3:e8:c1:c7:2d:7f:
                    3a:93:d1:8f:7b:4f:39:6a:ef:34:39:c0:06:32:19:
                    b8:76:91:55:5a:d6:cc:bd:43:77:2c:ba:05:f5:51:
                    77:68:92:e6:6d:da:26:02:95:85:12:d0:12:e3:26:
                    82:54:a2:e9:2c:c1:df:a5:02:ec:73:7a:b0:de:f8:
                    40:a6:7e:af:4b:e5:01:e9:d6:74:1a:a4:a0:1e:a3:
                    ef:18:fe:5d:69:f8:62:3d:84:6a:b4:7b:87:e7:03:
                    8b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:C3:7D:C6:91:DA:B6:B2:B9:DD:40:70:02:1C:77:98:B9:80:FB:C8
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:03:29:3d:93:0b:de:1d:b0:4f:b4:5d:33:07:72:34:35:6a:
         15:cc:a9:71:1d:3c:1c:2b:4a:7f:bb:e0:26:2d:e6:67:dc:de:
         ee:b7:88:17:8b:82:0f:e0:3f:94:4b:2c:fd:47:44:bc:0c:07:
         34:d8:92:b6:e9:00:05:10:85:36:03:3d:5c:de:fc:57:d5:3c:
         50:e7:c5:4c:b8:b2:9c:bb:79:e2:c2:aa:5a:00:54:81:53:52:
         ab:6b:9e:d8:32:6d:6c:22:6a:5b:4f:7f:f2:b5:36:59:69:57:
         bd:45:66:02:c9:96:a5:1e:17:98:5a:46:93:56:1a:27:89:e9:
         4f:b3:32:1e:91:f5:9a:55:0e:16:f2:18:81:dd:25:9c:fc:13:
         b1:bf:1d:dd:f9:96:a2:93:2e:a4:12:67:83:c7:be:de:d9:db:
         63:dd:0c:2d:1b:e2:8c:97:28:86:a8:a0:48:33:98:2c:0e:6b:
         13:e1:5b:c2:49:a2:e6:92:da:9d:ce:7f:2f:83:4d:0e:be:4e:
         43:a2:6a:51:05:96:c4:d1:e2:38:59:e1:e0:94:88:dd:52:bc:
         f3:38:4e:36:ea:b4:8c:89:bb:4f:ef:32:79:e5:8f:c4:f0:7f:
         cb:62:d9:0d:cd:2d:76:85:11:67:cb:ae:40:83:af:92:65:ba:
         9d:1d:66:0b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUW9uwUZjcxoYyDNG1zevVUEolQLMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAyMjEwOTQ1MTZaFw0yNzAyMjAwOTUwMTZaMDMxMTAvBgNV
BAMTKDRDQzM3REM2OTFEQUI2QjJCOURENDA3MDAyMUM3Nzk4Qjk4MEZCQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYXHp/yQ2FrG0griUFaSlRyMWj
g7EbMrQCzdGkuq9EvhQ3xIQadCh51SK2Cf1VeITjZIVLHwMc6UTLb3jwDP5El38+
Y0RBOfscXRxa3cSwhowLUxYQgEa7n8oYK4mR9SruZMW+t868eTZTDcUMkGPyWc0E
Fo0hLbqG/EjDCnt8gsSAmOZzNqWEWp4jdfoLSCO+K0M1Mhf9fNDg8W6iIePowcct
fzqT0Y97Tzlq7zQ5wAYyGbh2kVVa1sy9Q3csugX1UXdokuZt2iYClYUS0BLjJoJU
oukswd+lAuxzerDe+ECmfq9L5QHp1nQapKAeo+8Y/l1p+GI9hGq0e4fnA4uxAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUTMN9xpHatrK53UBwAhx3mLmA+8gwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTOTMwNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8UVDAN
BgkqhkiG9w0BAQsFAAOCAQEAVwMpPZML3h2wT7RdMwdyNDVqFcypcR08HCtKf7vg
Ji3mZ9ze7reIF4uCD+A/lEss/UdEvAwHNNiStukABRCFNgM9XN78V9U8UOfFTLiy
nLt54sKqWgBUgVNSq2ue2DJtbCJqW09/8rU2WWlXvUVmAsmWpR4XmFpGk1YaJ4np
T7MyHpH1mlUOFvIYgd0lnPwTsb8d3fmWopMupBJng8e+3tnbY90MLRvijJcohqig
SDOYLA5rE+Fbwkmi5pLanc5/L4NNDr5OQ6JqUQWWxNHiOFnh4JSI3VK88zhONuq0
jIm7T+8yeeWPxPB/y2LZDc0tdoURZ8uuQIOvkmW6nR1mCw==
-----END CERTIFICATE-----