Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9304.roa
File:                     AS9304.roa (raw, json)
Hash identifier:          xTQPTSKucH6YvPusOK+jiD29eNV//Qt5eYeByjsgyUM=
Subject key identifier:   EE:CB:A6:FA:4F:74:0F:E8:1D:7D:65:76:98:9E:FB:9C:BA:90:D2:BA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       02E4B664965280E4AA9B6A71C1113A0D853642F8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9304.roa
Signing time:             Thu 25 Jun 2026 12:02:36 +0000
ROA not before:           Thu 25 Jun 2026 11:57:36 +0000
ROA not after:            Thu 24 Jun 2027 12:02:36 +0000
asID:                     9304
IP address blocks:        5.252.74.0/24 maxlen: 24
                          191.101.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Jul 2026 17:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:e4:b6:64:96:52:80:e4:aa:9b:6a:71:c1:11:3a:0d:85:36:42:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 25 11:57:36 2026 GMT
            Not After : Jun 24 12:02:36 2027 GMT
        Subject: CN=EECBA6FA4F740FE81D7D6576989EFB9CBA90D2BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:39:ee:63:13:7d:df:c3:99:d0:74:36:16:99:
                    d2:b7:b6:1b:6d:2f:3c:52:36:68:a0:15:41:d4:e5:
                    67:f9:f5:0d:77:bf:94:0b:20:ef:ba:8c:19:1d:92:
                    da:93:79:c9:27:1e:60:0a:d0:b8:21:81:09:f7:ea:
                    5e:3a:fe:f9:81:d0:f4:00:32:35:11:d0:ec:6f:72:
                    c8:bd:ef:61:47:ee:6b:4f:05:df:15:ee:a8:10:e4:
                    69:09:c1:d8:54:98:c1:ca:b2:40:e6:3a:66:bb:60:
                    b2:3e:56:ac:91:b7:21:86:97:48:3e:00:15:1b:d7:
                    4e:68:62:6c:d9:4e:2d:93:52:10:8b:c9:bb:9f:be:
                    c6:8d:f3:ef:54:8a:80:23:0e:3d:af:0d:84:8d:b3:
                    cd:a0:4c:ad:27:ee:e5:b1:fb:b0:6b:a0:48:14:86:
                    89:8c:86:37:23:20:3f:4c:de:1a:84:c0:b6:9b:95:
                    d1:ef:4a:de:ea:31:fb:cc:da:f5:7b:ae:04:2f:bc:
                    44:05:0b:f2:94:5e:6b:e2:3a:12:bd:23:ec:7c:3f:
                    4a:ec:ea:87:c0:f9:2d:3f:af:3c:9a:9a:ad:28:18:
                    59:95:91:00:f3:b6:c8:fd:ff:d6:3a:11:9a:9c:05:
                    42:bf:aa:da:b1:91:ce:2d:40:3f:14:86:83:89:67:
                    72:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:CB:A6:FA:4F:74:0F:E8:1D:7D:65:76:98:9E:FB:9C:BA:90:D2:BA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.74.0/24
                  191.101.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:cb:0d:a9:ea:8d:30:59:4c:24:47:43:9b:ae:a4:37:b8:9e:
         d1:e1:c4:d4:e9:6d:f5:88:62:9a:bd:b1:65:5b:01:67:b3:f7:
         eb:a0:af:7c:0c:e9:f6:43:94:09:48:0f:c8:9a:75:0b:02:cb:
         86:36:23:1b:12:73:9a:ae:60:82:e8:c6:90:ba:6d:fe:f4:a2:
         72:93:ad:8f:da:76:43:1f:fa:48:21:a0:c2:87:1b:72:3d:45:
         b7:eb:28:fc:2b:e7:0c:fd:0a:a4:90:25:fa:59:dc:93:5c:08:
         ec:48:c9:3b:e3:6c:01:38:89:07:58:98:14:69:f2:f6:2a:c2:
         90:65:27:76:51:3e:84:55:4d:08:7b:a0:a4:03:b1:ad:7f:04:
         e3:e0:eb:bc:66:51:ce:d3:53:b5:ef:0a:28:d0:ad:82:27:9d:
         39:78:63:5b:fe:00:e9:b7:7e:8b:7c:9a:72:e2:c3:57:a3:fe:
         c9:30:b2:b9:08:f4:24:76:28:3e:90:87:62:13:fe:32:5f:52:
         98:07:b1:c3:e9:54:8b:4d:d1:e8:bc:6a:22:63:8b:c3:b3:04:
         6d:d4:2a:e9:d6:8e:7e:3f:b7:8c:fe:d4:fd:5b:5a:02:1d:89:
         da:d4:2d:eb:2c:56:c2:e1:d5:b4:8d:a8:17:f6:aa:d6:4e:86:
         33:c4:cd:39
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIUAuS2ZJZSgOSqm2pxwRE6DYU2QvgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA2MjUxMTU3MzZaFw0yNzA2MjQxMjAyMzZaMDMxMTAvBgNV
BAMTKEVFQ0JBNkZBNEY3NDBGRTgxRDdENjU3Njk4OUVGQjlDQkE5MEQyQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtOe5jE33fw5nQdDYWmdK3thtt
LzxSNmigFUHU5Wf59Q13v5QLIO+6jBkdktqTecknHmAK0LghgQn36l46/vmB0PQA
MjUR0Oxvcsi972FH7mtPBd8V7qgQ5GkJwdhUmMHKskDmOma7YLI+VqyRtyGGl0g+
ABUb105oYmzZTi2TUhCLybufvsaN8+9UioAjDj2vDYSNs82gTK0n7uWx+7BroEgU
homMhjcjID9M3hqEwLabldHvSt7qMfvM2vV7rgQvvEQFC/KUXmviOhK9I+x8P0rs
6ofA+S0/rzyamq0oGFmVkQDztsj9/9Y6EZqcBUK/qtqxkc4tQD8UhoOJZ3JxAgMB
AAGjggIOMIICCjAdBgNVHQ4EFgQU7sum+k90D+gdfWV2mJ77nLqQ0rowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTOTMwNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAAX8SgME
AL9lUzANBgkqhkiG9w0BAQsFAAOCAQEASMsNqeqNMFlMJEdDm66kN7ie0eHE1Olt
9Yhimr2xZVsBZ7P366CvfAzp9kOUCUgPyJp1CwLLhjYjGxJzmq5ggujGkLpt/vSi
cpOtj9p2Qx/6SCGgwocbcj1Ft+so/CvnDP0KpJAl+lnck1wI7EjJO+NsATiJB1iY
FGny9irCkGUndlE+hFVNCHugpAOxrX8E4+DrvGZRztNTte8KKNCtgiedOXhjW/4A
6bd+i3yacuLDV6P+yTCyuQj0JHYoPpCHYhP+Ml9SmAexw+lUi03R6LxqImOLw7ME
bdQq6daOfj+3jP7U/VtaAh2J2tQt6yxWwuHVtI2oF/aq1k6GM8TNOQ==
-----END CERTIFICATE-----
Generated at Sat Jul 18 01:48:43 2026 by rpki-client