Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9304.roa
File:                     AS9304.roa (raw, json)
Hash identifier:          M3I+FRO1nOpiz8UagSp/8ifmb45tsEmOzn8q0X+IzBw=
Subject key identifier:   0C:F3:74:63:EA:5A:1E:B0:68:7B:FB:C1:6F:54:95:FD:BE:78:75:03
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1EFB3B896BE5918D2CF09126785BFC47278381C2
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9304.roa
Signing time:             Mon 25 May 2026 12:16:56 +0000
ROA not before:           Mon 25 May 2026 12:11:56 +0000
ROA not after:            Mon 24 May 2027 12:16:56 +0000
asID:                     9304
IP address blocks:        5.252.74.0/24 maxlen: 24
                          45.139.182.0/24 maxlen: 24
                          191.101.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:32:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:fb:3b:89:6b:e5:91:8d:2c:f0:91:26:78:5b:fc:47:27:83:81:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 25 12:11:56 2026 GMT
            Not After : May 24 12:16:56 2027 GMT
        Subject: CN=0CF37463EA5A1EB0687BFBC16F5495FDBE787503
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:41:dc:79:81:e5:0f:2f:b8:e5:11:68:06:43:
                    b4:55:bf:dc:7c:91:66:2f:29:aa:aa:b4:5b:68:12:
                    1f:05:bf:38:f0:cd:7c:8c:72:01:2a:1e:25:01:a6:
                    48:98:21:d9:eb:9e:93:5a:57:54:d3:d9:c3:9a:ae:
                    b0:94:e9:8d:e0:d6:f2:8b:97:2f:12:2b:42:44:54:
                    ff:78:f6:aa:4e:a1:ea:a2:ca:d1:49:e8:db:8c:17:
                    ba:58:03:10:6d:46:e5:c8:8e:92:4f:b7:4f:7f:e3:
                    d4:ea:fa:10:52:6b:d8:42:75:8a:ab:ad:0d:ae:6e:
                    36:46:45:24:b5:75:2b:9a:cc:c6:78:48:90:e2:42:
                    67:00:26:6b:81:fb:85:ac:f9:8a:93:0d:3b:28:9a:
                    96:40:aa:4e:4f:20:27:0c:cb:77:87:e5:09:f5:03:
                    29:0a:a5:bb:91:9e:2c:2a:85:74:65:fc:54:80:dd:
                    19:fe:d7:65:84:71:70:05:70:06:a1:56:c5:18:c9:
                    b3:11:8f:c6:cd:e4:7c:67:20:60:99:c8:90:0e:cd:
                    4d:da:73:20:72:99:b3:ce:26:fc:75:36:42:b4:fe:
                    db:90:38:ea:c9:90:6a:cc:26:ad:75:f7:6d:01:c3:
                    91:cd:2e:e1:e7:95:37:e4:68:97:87:f8:ee:59:21:
                    79:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:F3:74:63:EA:5A:1E:B0:68:7B:FB:C1:6F:54:95:FD:BE:78:75:03
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.74.0/24
                  45.139.182.0/24
                  191.101.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:16:e4:87:f8:e0:c3:4f:05:15:b0:72:98:fd:c0:a2:87:6e:
         ef:17:6b:78:96:7b:77:a0:38:b8:e8:bf:d5:c8:3c:81:7f:14:
         b3:36:ac:b0:d2:6b:cb:1f:82:9b:46:42:84:b9:f8:4d:24:c7:
         6e:44:e7:9b:cf:a4:7e:e9:51:5d:8c:e7:6c:47:85:df:ab:4d:
         b2:18:f5:38:cd:f5:1a:66:25:4f:68:d4:fb:07:4e:1d:6b:01:
         ca:a7:36:8a:c4:e5:82:6a:b6:bc:16:92:cd:c1:e9:9e:9c:20:
         3a:12:54:db:46:6f:f5:d3:c8:5c:1c:31:0d:4f:93:8e:53:d5:
         17:28:db:df:08:f0:eb:cb:ff:4c:54:6a:41:87:18:6d:96:38:
         a9:79:eb:50:00:95:31:55:30:63:83:16:5e:51:91:b8:83:45:
         a2:ca:94:db:7a:94:7b:89:3a:fb:f0:32:35:5e:d6:a7:be:60:
         62:d2:76:ed:fc:74:73:e7:4d:b8:a5:dc:ba:4f:4c:8f:2b:74:
         bf:64:9a:7b:c5:d9:98:d7:ca:e0:0f:7a:f9:b7:a1:44:3b:cc:
         a5:d8:3d:e3:32:a2:f8:92:e5:ed:bb:c8:a4:a2:18:80:39:01:
         8d:ad:4a:81:6b:b1:1e:4b:18:d5:a2:fa:d8:c4:cb:db:ad:25:
         19:fd:78:8c
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUHvs7iWvlkY0s8JEmeFv8RyeDgcIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MjUxMjExNTZaFw0yNzA1MjQxMjE2NTZaMDMxMTAvBgNV
BAMTKDBDRjM3NDYzRUE1QTFFQjA2ODdCRkJDMTZGNTQ5NUZEQkU3ODc1MDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxQdx5geUPL7jlEWgGQ7RVv9x8
kWYvKaqqtFtoEh8FvzjwzXyMcgEqHiUBpkiYIdnrnpNaV1TT2cOarrCU6Y3g1vKL
ly8SK0JEVP949qpOoeqiytFJ6NuMF7pYAxBtRuXIjpJPt09/49Tq+hBSa9hCdYqr
rQ2ubjZGRSS1dSuazMZ4SJDiQmcAJmuB+4Ws+YqTDTsompZAqk5PICcMy3eH5Qn1
AykKpbuRniwqhXRl/FSA3Rn+12WEcXAFcAahVsUYybMRj8bN5HxnIGCZyJAOzU3a
cyBymbPOJvx1NkK0/tuQOOrJkGrMJq11920Bw5HNLuHnlTfkaJeH+O5ZIXmDAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUDPN0Y+paHrBoe/vBb1SV/b54dQMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTOTMwNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAAX8SgME
AC2LtgMEAL9lUzANBgkqhkiG9w0BAQsFAAOCAQEAdRbkh/jgw08FFbBymP3Aoodu
7xdreJZ7d6A4uOi/1cg8gX8UszassNJryx+Cm0ZChLn4TSTHbkTnm8+kfulRXYzn
bEeF36tNshj1OM31GmYlT2jU+wdOHWsByqc2isTlgmq2vBaSzcHpnpwgOhJU20Zv
9dPIXBwxDU+TjlPVFyjb3wjw68v/TFRqQYcYbZY4qXnrUACVMVUwY4MWXlGRuINF
osqU23qUe4k6+/AyNV7Wp75gYtJ27fx0c+dNuKXcuk9Mjyt0v2Sae8XZmNfK4A96
+behRDvMpdg94zKi+JLl7bvIpKIYgDkBja1KgWuxHksY1aL62MTL260lGf14jA==
-----END CERTIFICATE-----