Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9304.roa
File:                     AS9304.roa (raw, json)
Hash identifier:          7MPavUwpMFKfOkQ/FeCi/WuJVI2eklUXSACnPA19j4U=
Subject key identifier:   DF:36:2C:21:63:21:F4:D0:8E:D7:7C:7B:F5:F7:89:15:71:A9:62:85
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       13833D5DC5E6CDF3286E504D7F80559BBB4F543C
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9304.roa
Signing time:             Thu 10 Jul 2025 05:20:44 +0000
ROA not before:           Thu 10 Jul 2025 05:15:44 +0000
ROA not after:            Thu 09 Jul 2026 05:20:44 +0000
asID:                     9304
IP address blocks:        143.20.36.0/24 maxlen: 24
                          143.20.84.0/24 maxlen: 24
                          143.20.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:24:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:83:3d:5d:c5:e6:cd:f3:28:6e:50:4d:7f:80:55:9b:bb:4f:54:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 10 05:15:44 2025 GMT
            Not After : Jul  9 05:20:44 2026 GMT
        Subject: CN=DF362C216321F4D08ED77C7BF5F7891571A96285
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ec:e0:31:45:16:56:0a:cc:66:24:c7:fe:cf:
                    30:8a:5e:ad:26:fe:66:ba:24:df:6c:ac:fd:ed:cc:
                    61:46:b9:c5:6b:cb:dc:eb:dc:e9:72:51:6e:45:5d:
                    ac:63:74:c9:a9:b3:7d:1c:99:0c:55:7f:8e:46:4b:
                    69:aa:39:15:d6:a3:22:d6:5e:93:a8:d9:ff:2c:67:
                    c5:71:4b:1d:b2:38:67:60:52:39:aa:23:a6:8a:8f:
                    4d:5d:30:91:7e:91:d6:7f:c9:cb:8a:a2:03:ba:73:
                    0d:c2:d8:07:24:12:65:d5:55:b2:01:4c:e3:a9:6d:
                    dc:a1:0b:4d:e6:76:ad:40:f3:fc:f2:42:1b:73:e3:
                    45:ae:6d:a7:cb:9d:fa:93:bb:b6:b8:67:88:2d:5f:
                    ed:1a:82:9d:02:4a:ae:b3:e6:76:ff:ae:76:3a:bc:
                    98:ca:bf:d9:39:2c:38:3d:0f:7e:66:bc:67:be:4a:
                    41:fa:85:66:9b:13:b3:7f:2c:bc:68:a4:68:c2:ef:
                    84:28:7a:48:54:4d:99:ed:83:6f:e9:bb:1a:76:16:
                    61:a3:fa:f6:60:c6:8c:50:2e:cb:48:78:37:d3:0f:
                    03:5e:82:11:07:c2:b8:57:dc:c7:43:75:80:50:b8:
                    8f:53:2c:31:32:ca:70:a9:72:a7:75:6e:d1:f4:18:
                    29:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:36:2C:21:63:21:F4:D0:8E:D7:7C:7B:F5:F7:89:15:71:A9:62:85
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.36.0/24
                  143.20.84.0/24
                  143.20.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:a6:90:07:19:85:e1:88:8f:2c:a8:ae:a0:0b:cb:56:7e:c5:
         bd:57:86:7b:ab:41:c4:00:5f:5a:1d:ce:d8:11:f8:5d:bc:62:
         bf:b6:87:2a:18:30:18:e9:20:a9:e5:d3:eb:39:37:d3:eb:11:
         dd:1b:be:5b:5a:3e:a9:51:22:4c:e8:18:8b:4d:bc:ef:5c:8d:
         63:a2:9d:fe:5d:e5:3d:ad:71:f7:c3:1a:ca:81:f6:2f:8d:65:
         58:9f:27:07:16:aa:71:19:f0:9a:d8:e4:6e:4f:12:b3:73:4f:
         de:51:7d:ba:85:aa:4f:86:b1:02:85:12:e9:0f:2b:44:2d:ac:
         e2:a0:ee:3a:95:29:24:e7:47:5e:1c:59:7f:4a:7d:cf:e6:dc:
         01:c7:3d:80:3d:14:ba:61:de:70:78:21:6e:ca:85:66:62:99:
         8a:47:63:2c:c8:c0:fa:e8:5d:a9:cc:bc:02:cb:47:f5:cd:cb:
         07:29:48:8c:0e:f9:6c:10:31:be:d4:4e:8b:0d:d4:88:37:36:
         d1:67:5d:f9:fa:be:d0:15:41:cc:fd:f9:72:4c:d4:96:44:f2:
         36:2c:a6:39:2e:04:ec:56:05:5d:25:53:3f:5b:c2:78:fe:94:
         90:71:a1:13:a3:45:40:ce:06:f4:fb:82:c8:2b:bc:55:ce:ca:
         fb:e1:3f:49
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUE4M9XcXmzfMoblBNf4BVm7tPVDwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MTAwNTE1NDRaFw0yNjA3MDkwNTIwNDRaMDMxMTAvBgNV
BAMTKERGMzYyQzIxNjMyMUY0RDA4RUQ3N0M3QkY1Rjc4OTE1NzFBOTYyODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCE7OAxRRZWCsxmJMf+zzCKXq0m
/ma6JN9srP3tzGFGucVry9zr3OlyUW5FXaxjdMmps30cmQxVf45GS2mqORXWoyLW
XpOo2f8sZ8VxSx2yOGdgUjmqI6aKj01dMJF+kdZ/ycuKogO6cw3C2AckEmXVVbIB
TOOpbdyhC03mdq1A8/zyQhtz40WubafLnfqTu7a4Z4gtX+0agp0CSq6z5nb/rnY6
vJjKv9k5LDg9D35mvGe+SkH6hWabE7N/LLxopGjC74QoekhUTZntg2/puxp2FmGj
+vZgxoxQLstIeDfTDwNeghEHwrhX3MdDdYBQuI9TLDEyynCpcqd1btH0GClPAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQU3zYsIWMh9NCO13x79feJFXGpYoUwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTOTMwNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAI8UJAME
AI8UVAMEAI8UeDANBgkqhkiG9w0BAQsFAAOCAQEAPqaQBxmF4YiPLKiuoAvLVn7F
vVeGe6tBxABfWh3O2BH4Xbxiv7aHKhgwGOkgqeXT6zk30+sR3Ru+W1o+qVEiTOgY
i02871yNY6Kd/l3lPa1x98MayoH2L41lWJ8nBxaqcRnwmtjkbk8Ss3NP3lF9uoWq
T4axAoUS6Q8rRC2s4qDuOpUpJOdHXhxZf0p9z+bcAcc9gD0UumHecHghbsqFZmKZ
ikdjLMjA+uhdqcy8AstH9c3LBylIjA75bBAxvtROiw3UiDc20Wdd+fq+0BVBzP35
ckzUlkTyNiymOS4E7FYFXSVTP1vCeP6UkHGhE6NFQM4G9PuCyCu8Vc7K++E/SQ==
-----END CERTIFICATE-----