Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9304.roa
File: AS9304.roa (raw, json)
Hash identifier: mlS9x/JEgtPvElYAe68/zuBJ7XT5meZJUogbE5BZL6E=
Subject key identifier: 9D:06:28:92:35:03:E6:6B:55:67:0E:F1:E7:93:45:25:94:06:D3:18
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 6142DF4CD1F249D15B8479457358EBF2A68DD0AB
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9304.roa
Signing time: Tue 30 Sep 2025 12:24:05 +0000
ROA not before: Tue 30 Sep 2025 12:19:05 +0000
ROA not after: Tue 29 Sep 2026 12:24:05 +0000
asID: 9304
IP address blocks: 143.20.11.0/24 maxlen: 24
143.20.35.0/24 maxlen: 24
143.20.36.0/24 maxlen: 24
143.20.45.0/24 maxlen: 24
143.20.74.0/24 maxlen: 24
143.20.77.0/24 maxlen: 24
143.20.84.0/24 maxlen: 24
143.20.120.0/24 maxlen: 24
143.20.128.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:42:df:4c:d1:f2:49:d1:5b:84:79:45:73:58:eb:f2:a6:8d:d0:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Sep 30 12:19:05 2025 GMT
Not After : Sep 29 12:24:05 2026 GMT
Subject: CN=9D0628923503E66B55670EF1E79345259406D318
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:98:35:e4:b1:f3:4a:2a:1b:93:80:80:9a:15:
0b:94:9a:e2:c2:9c:73:04:3b:e4:89:0e:56:0d:1e:
ff:20:17:02:84:85:ee:6f:00:56:4a:97:4f:6f:3c:
4c:88:67:ea:73:73:d0:cc:c4:07:44:5b:3d:1c:fd:
db:eb:b0:af:f3:9c:99:86:d1:15:6d:e6:86:83:af:
2f:30:5a:73:96:e6:ac:a6:0d:8a:5f:0b:92:83:26:
53:18:c2:1c:02:67:7e:4d:e9:69:0b:96:32:74:d0:
5c:37:c3:3a:b6:61:4c:1a:81:83:46:d1:80:90:cb:
1b:04:e3:a3:d4:68:45:80:23:3a:cc:46:8b:24:90:
86:4f:8d:d4:ee:81:51:92:d9:93:63:09:fb:45:ab:
c5:04:b9:39:82:09:9e:ca:a5:58:06:18:1b:71:ee:
18:52:66:e2:a9:db:cb:6b:d8:32:95:94:13:47:fd:
08:25:ce:32:f5:32:02:d3:6b:ed:b9:e7:3f:23:9b:
11:0c:c6:06:8d:37:d4:27:f3:bf:0c:d5:78:9b:71:
ee:75:3b:22:73:e9:1a:cd:74:55:10:12:19:be:1f:
41:c2:85:1d:fb:2a:c3:51:a9:88:1b:0c:84:73:92:
81:55:e2:b7:68:30:0a:e8:23:cb:40:bb:66:a5:62:
e9:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:06:28:92:35:03:E6:6B:55:67:0E:F1:E7:93:45:25:94:06:D3:18
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9304.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.11.0/24
143.20.35.0-143.20.36.255
143.20.45.0/24
143.20.74.0/24
143.20.77.0/24
143.20.84.0/24
143.20.120.0/24
143.20.128.0/24
Signature Algorithm: sha256WithRSAEncryption
a0:d7:bb:2f:bb:c2:d3:2c:4e:a9:46:55:14:d1:ac:f7:a2:44:
9c:06:c3:16:b8:58:52:54:34:c6:00:72:1a:27:90:3a:67:c8:
6c:53:46:f1:f3:5e:e2:1e:e5:a4:88:92:a0:d9:8a:f4:ae:eb:
7d:49:8b:69:90:04:74:7c:61:f5:36:69:a5:58:7a:98:35:fd:
57:34:4d:d8:78:8b:77:7f:12:6a:56:a9:c2:97:cf:c9:f5:e7:
cd:e6:8f:b8:df:b6:3f:6d:4b:d8:f1:ab:2f:da:50:2e:3a:b1:
79:b7:89:c3:88:a4:d7:1f:23:7e:a2:04:10:8b:55:f7:6d:ee:
41:34:9f:b5:2a:2b:66:4a:9d:94:74:0b:90:ea:58:b5:d1:de:
2a:86:a7:d9:cc:f5:f4:dd:06:d4:29:03:80:96:b5:3f:cb:55:
dc:0d:b7:f8:54:60:ac:02:ad:50:10:07:18:08:a3:87:f5:26:
7b:fa:a1:60:fc:8b:77:87:45:11:f3:dc:07:2b:67:f8:48:86:
4c:07:88:44:5c:d5:dc:a3:11:0b:f5:24:9d:f0:bd:15:c4:3a:
c3:6b:a2:a6:b2:3d:00:9e:e1:38:61:56:f0:7a:3b:64:98:c5:
aa:ec:6a:85:d5:04:9d:c7:bc:0b:c1:67:c2:ff:ca:bc:e1:f1:
26:a3:79:5d
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUYULfTNHySdFbhHlFc1jr8qaN0KswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MzAxMjE5MDVaFw0yNjA5MjkxMjI0MDVaMDMxMTAvBgNV
BAMTKDlEMDYyODkyMzUwM0U2NkI1NTY3MEVGMUU3OTM0NTI1OTQwNkQzMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYmDXksfNKKhuTgICaFQuUmuLC
nHMEO+SJDlYNHv8gFwKEhe5vAFZKl09vPEyIZ+pzc9DMxAdEWz0c/dvrsK/znJmG
0RVt5oaDry8wWnOW5qymDYpfC5KDJlMYwhwCZ35N6WkLljJ00Fw3wzq2YUwagYNG
0YCQyxsE46PUaEWAIzrMRoskkIZPjdTugVGS2ZNjCftFq8UEuTmCCZ7KpVgGGBtx
7hhSZuKp28tr2DKVlBNH/QglzjL1MgLTa+255z8jmxEMxgaNN9Qn878M1Xibce51
OyJz6RrNdFUQEhm+H0HChR37KsNRqYgbDIRzkoFV4rdoMAroI8tAu2alYunzAgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQUnQYokjUD5mtVZw7x55NFJZQG0xgwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTOTMwNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBRBggrBgEFBQcBBwEB/wRCMEAwPgQCAAEwOAMEAI8UCzAM
AwQAjxQjAwQAjxQkAwQAjxQtAwQAjxRKAwQAjxRNAwQAjxRUAwQAjxR4AwQAjxSA
MA0GCSqGSIb3DQEBCwUAA4IBAQCg17svu8LTLE6pRlUU0az3okScBsMWuFhSVDTG
AHIaJ5A6Z8hsU0bx817iHuWkiJKg2Yr0rut9SYtpkAR0fGH1NmmlWHqYNf1XNE3Y
eIt3fxJqVqnCl8/J9efN5o+437Y/bUvY8asv2lAuOrF5t4nDiKTXHyN+ogQQi1X3
be5BNJ+1KitmSp2UdAuQ6li10d4qhqfZzPX03QbUKQOAlrU/y1XcDbf4VGCsAq1Q
EAcYCKOH9SZ7+qFg/It3h0UR89wHK2f4SIZMB4hEXNXcoxEL9SSd8L0VxDrDa6Km
sj0AnuE4YVbwejtkmMWq7GqF1QSdx7wLwWfC/8q84fEmo3ld
-----END CERTIFICATE-----
Generated at Sun Oct 19 18:35:07 2025 by rpki-client