Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9304.roa
File:                     AS9304.roa (raw, json)
Hash identifier:          O0+V1OIsW3V2FS2xNgQspwDWmuQWQ8AfKX1Yuljvp4I=
Subject key identifier:   B3:34:B6:E0:10:C7:AE:36:C9:B8:34:D2:0E:74:6F:A8:56:6A:FA:8B
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3E9D3CD7AF3CF4BCF211FFC39A5F791DA961F1E2
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9304.roa
Signing time:             Thu 05 Jun 2025 17:39:51 +0000
ROA not before:           Thu 05 Jun 2025 17:34:51 +0000
ROA not after:            Thu 04 Jun 2026 17:39:51 +0000
asID:                     9304
IP address blocks:        143.20.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:9d:3c:d7:af:3c:f4:bc:f2:11:ff:c3:9a:5f:79:1d:a9:61:f1:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 17:34:51 2025 GMT
            Not After : Jun  4 17:39:51 2026 GMT
        Subject: CN=B334B6E010C7AE36C9B834D20E746FA8566AFA8B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:8a:86:29:d4:ca:6c:d1:ca:fe:55:3a:c0:83:
                    03:d3:25:04:df:6c:55:95:ea:9e:d6:6e:88:93:1e:
                    f1:7f:9d:a2:8b:8f:1a:cc:a6:26:3a:b3:cf:ae:35:
                    dc:c4:c3:6c:0f:d3:fb:a3:99:97:22:01:88:50:5a:
                    9d:21:e5:de:02:42:d1:38:6b:f8:5b:b8:01:9e:4e:
                    be:95:54:49:70:18:db:e7:69:ed:98:a3:3c:1f:00:
                    d7:52:24:cd:4e:70:5d:28:34:b5:91:dc:fd:1a:67:
                    0b:71:a7:b3:20:56:5f:af:ed:69:63:d0:7c:c7:3d:
                    27:ba:14:0c:2d:35:24:c4:3f:98:45:2e:f6:bf:33:
                    1e:15:7e:09:82:68:1c:df:81:c2:e5:ec:05:55:ae:
                    8f:71:7f:20:98:cb:1c:b1:73:5a:30:ee:a9:d0:eb:
                    12:24:f8:96:99:de:e6:a1:76:df:4c:af:3a:16:0e:
                    52:1b:dd:ed:88:a6:51:6b:46:42:83:7d:74:8a:55:
                    66:2d:72:ec:04:36:1d:5d:a0:59:77:0b:b5:6c:d3:
                    10:d3:53:ea:9b:22:22:1e:0c:e4:4a:09:10:69:af:
                    2f:5a:4e:58:37:9c:18:a0:f9:48:72:bf:14:08:42:
                    9d:da:33:7d:f7:47:ec:e0:0f:f5:83:cf:38:a5:57:
                    62:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:34:B6:E0:10:C7:AE:36:C9:B8:34:D2:0E:74:6F:A8:56:6A:FA:8B
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:c2:7d:66:9f:33:67:ea:59:d2:40:ff:84:c6:99:8b:be:92:
         95:3c:5a:82:5f:f3:70:25:d3:c5:1f:fc:10:4f:b1:fc:e9:00:
         a9:15:2e:47:05:26:50:b7:f8:d8:e7:8d:08:43:2e:49:28:f5:
         42:60:1c:b1:6e:e2:9b:2f:fe:38:89:f8:5c:f2:ae:65:3e:35:
         33:c3:8c:ca:0e:88:2d:df:cd:e3:79:78:e1:47:51:21:4d:51:
         bb:d6:12:9b:3b:03:0b:0e:98:1f:b5:ef:0d:9d:a6:e5:c8:64:
         9a:d5:29:17:60:f5:01:9e:94:9d:48:de:e4:88:89:f4:52:63:
         b6:2c:05:3d:76:53:fd:92:f1:54:c8:25:ad:9f:dc:b5:e4:df:
         18:33:47:20:04:47:22:c4:e4:c0:b9:c4:03:92:b8:85:20:d3:
         5b:4c:d6:59:3c:14:e7:97:e5:29:66:19:58:05:9b:65:a8:80:
         04:3f:72:eb:03:20:3f:d1:33:a5:7e:a4:7e:00:ec:33:ee:8c:
         52:00:64:4d:74:da:8b:19:50:d0:d2:71:c0:fa:c0:b0:d5:99:
         08:11:d5:c9:85:d5:e1:45:3d:f0:ce:67:82:eb:1a:b4:33:4c:
         e4:b5:f9:92:02:ea:ed:b7:0e:9c:0b:76:82:d6:b3:53:76:ff:
         85:c9:ba:ad
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUPp0816889LzyEf/Dml95Halh8eIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDUxNzM0NTFaFw0yNjA2MDQxNzM5NTFaMDMxMTAvBgNV
BAMTKEIzMzRCNkUwMTBDN0FFMzZDOUI4MzREMjBFNzQ2RkE4NTY2QUZBOEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgioYp1Mps0cr+VTrAgwPTJQTf
bFWV6p7WboiTHvF/naKLjxrMpiY6s8+uNdzEw2wP0/ujmZciAYhQWp0h5d4CQtE4
a/hbuAGeTr6VVElwGNvnae2YozwfANdSJM1OcF0oNLWR3P0aZwtxp7MgVl+v7Wlj
0HzHPSe6FAwtNSTEP5hFLva/Mx4VfgmCaBzfgcLl7AVVro9xfyCYyxyxc1ow7qnQ
6xIk+JaZ3uahdt9MrzoWDlIb3e2IplFrRkKDfXSKVWYtcuwENh1doFl3C7Vs0xDT
U+qbIiIeDORKCRBpry9aTlg3nBig+UhyvxQIQp3aM333R+zgD/WDzzilV2ITAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUszS24BDHrjbJuDTSDnRvqFZq+oswHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTOTMwNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8UVDAN
BgkqhkiG9w0BAQsFAAOCAQEAgMJ9Zp8zZ+pZ0kD/hMaZi76SlTxagl/zcCXTxR/8
EE+x/OkAqRUuRwUmULf42OeNCEMuSSj1QmAcsW7imy/+OIn4XPKuZT41M8OMyg6I
Ld/N43l44UdRIU1Ru9YSmzsDCw6YH7XvDZ2m5chkmtUpF2D1AZ6UnUje5IiJ9FJj
tiwFPXZT/ZLxVMglrZ/cteTfGDNHIARHIsTkwLnEA5K4hSDTW0zWWTwU55flKWYZ
WAWbZaiABD9y6wMgP9EzpX6kfgDsM+6MUgBkTXTaixlQ0NJxwPrAsNWZCBHVyYXV
4UU98M5ngusatDNM5LX5kgLq7bcOnAt2gtazU3b/hcm6rQ==
-----END CERTIFICATE-----