Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS9318.roa
File:                     AS9318.roa (raw, json)
Hash identifier:          UvVGnT/CSqXvz0bdEyjoDE7fI1pHYlKuGJRpeSmjjs4=
Subject key identifier:   F1:AE:B2:48:DA:EA:61:AB:E1:E0:1D:41:9A:48:C8:A6:A0:50:B2:0D
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       0BEBAFE8B2FA800A56EBF15D9035EC87565DB2F6
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS9318.roa
Signing time:             Mon 09 Jun 2025 19:00:14 +0000
ROA not before:           Mon 09 Jun 2025 18:55:14 +0000
ROA not after:            Mon 08 Jun 2026 19:00:14 +0000
asID:                     9318
IP address blocks:        178.93.124.0/24 maxlen: 24
                          178.94.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:eb:af:e8:b2:fa:80:0a:56:eb:f1:5d:90:35:ec:87:56:5d:b2:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun  9 18:55:14 2025 GMT
            Not After : Jun  8 19:00:14 2026 GMT
        Subject: CN=F1AEB248DAEA61ABE1E01D419A48C8A6A050B20D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:26:a0:69:43:97:c2:e5:bb:88:91:72:49:9d:
                    b3:47:37:e3:7f:23:cf:ec:b8:08:46:c1:c1:ed:cd:
                    ec:de:ad:4b:2b:6e:5e:69:f9:80:ef:3d:39:1c:aa:
                    7a:52:0d:2b:8b:8b:32:77:0e:f7:5d:34:d9:9c:a1:
                    94:30:2a:f8:f2:28:5c:9f:35:30:b9:a1:3b:e9:9c:
                    7e:30:33:fc:6d:16:3a:99:3a:4d:72:34:2f:1f:4c:
                    00:30:73:b2:0b:49:36:62:be:55:38:93:a5:85:5b:
                    b4:93:63:0b:a3:0a:f1:0b:b4:be:74:3e:ff:00:75:
                    63:ed:e0:e8:4c:75:94:0f:39:ea:da:1a:74:af:ce:
                    40:6e:69:56:15:2a:c3:fa:9b:c1:60:5f:a2:0e:79:
                    1f:8d:40:83:35:df:42:f0:ad:44:63:98:8a:6b:7d:
                    f5:5d:b8:56:54:4d:e7:98:f7:44:2a:2d:0f:bd:8d:
                    4c:66:4e:ae:24:c3:93:b2:c7:aa:3a:41:fa:2e:56:
                    f5:c2:54:23:1f:92:18:34:43:29:6a:04:1e:97:25:
                    12:a6:00:70:c6:61:7c:08:e1:02:2f:e3:8c:11:de:
                    61:06:3e:a3:9c:31:2c:f2:88:db:42:fe:e7:8c:b5:
                    d4:f7:b8:1d:cc:80:af:0e:97:84:04:d3:4c:b4:36:
                    b5:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:AE:B2:48:DA:EA:61:AB:E1:E0:1D:41:9A:48:C8:A6:A0:50:B2:0D
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS9318.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.93.124.0/24
                  178.94.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:b6:00:7a:05:1f:e8:06:b8:fd:1a:7f:c8:4a:98:e6:49:4d:
         87:f2:32:79:c9:eb:2e:26:b8:b2:a9:e9:4d:3d:fe:f5:44:91:
         9f:cb:36:a3:c2:22:b6:b6:bc:91:e3:20:86:5a:2f:9e:b4:62:
         af:a5:79:5f:aa:80:58:f3:f4:eb:33:1b:8c:6e:a4:e4:56:65:
         db:71:34:af:6d:c6:94:88:c7:2e:46:6d:5f:ae:f5:de:3a:47:
         29:67:40:a5:bd:68:71:45:f1:c9:a8:58:cb:3e:cc:3a:74:15:
         74:5c:bc:98:81:f9:80:e7:42:40:00:d4:cc:2d:17:aa:78:6b:
         ba:fc:b9:5d:50:ec:8c:d7:9c:73:31:42:c0:6d:cb:09:9b:1d:
         61:00:2a:20:b1:07:68:fe:3e:f5:6d:e8:3d:02:6e:0a:c7:b6:
         05:50:81:a8:aa:40:6d:3f:ef:d5:ce:19:da:d6:97:46:c4:a8:
         a1:bd:2a:0b:81:ab:cb:ec:be:01:a4:57:31:d3:86:45:79:ed:
         4a:77:e3:fa:ea:27:a0:be:b8:1f:56:c9:f8:f5:26:4b:e1:6f:
         49:0c:0a:71:6f:f2:89:4c:ae:f5:0f:ff:44:3a:47:c7:cc:88:
         17:29:72:8b:6e:38:43:ff:5d:c5:73:19:a8:f0:69:aa:5c:ab:
         90:40:27:80
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIUC+uv6LL6gApW6/FdkDXsh1ZdsvYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA2MDkxODU1MTRaFw0yNjA2MDgxOTAwMTRaMDMxMTAvBgNV
BAMTKEYxQUVCMjQ4REFFQTYxQUJFMUUwMUQ0MTlBNDhDOEE2QTA1MEIyMEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaJqBpQ5fC5buIkXJJnbNHN+N/
I8/suAhGwcHtzezerUsrbl5p+YDvPTkcqnpSDSuLizJ3DvddNNmcoZQwKvjyKFyf
NTC5oTvpnH4wM/xtFjqZOk1yNC8fTAAwc7ILSTZivlU4k6WFW7STYwujCvELtL50
Pv8AdWPt4OhMdZQPOeraGnSvzkBuaVYVKsP6m8FgX6IOeR+NQIM130LwrURjmIpr
ffVduFZUTeeY90QqLQ+9jUxmTq4kw5Oyx6o6QfouVvXCVCMfkhg0QylqBB6XJRKm
AHDGYXwI4QIv44wR3mEGPqOcMSzyiNtC/ueMtdT3uB3MgK8Ol4QE00y0NrWtAgMB
AAGjggIOMIICCjAdBgNVHQ4EFgQU8a6ySNrqYavh4B1BmkjIpqBQsg0wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTOTMxOC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEALJdfAME
ALJerDANBgkqhkiG9w0BAQsFAAOCAQEAb7YAegUf6Aa4/Rp/yEqY5klNh/Iyecnr
Lia4sqnpTT3+9USRn8s2o8Iitra8keMghlovnrRir6V5X6qAWPP06zMbjG6k5FZl
23E0r23GlIjHLkZtX6713jpHKWdApb1ocUXxyahYyz7MOnQVdFy8mIH5gOdCQADU
zC0Xqnhruvy5XVDsjNecczFCwG3LCZsdYQAqILEHaP4+9W3oPQJuCse2BVCBqKpA
bT/v1c4Z2taXRsSoob0qC4Gry+y+AaRXMdOGRXntSnfj+uonoL64H1bJ+PUmS+Fv
SQwKcW/yiUyu9Q//RDpHx8yIFylyi244Q/9dxXMZqPBpqlyrkEAngA==
-----END CERTIFICATE-----