Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9318.roa
File:                     AS9318.roa (raw, json)
Hash identifier:          Og69YisFRF1EXwcOiFhduTJ79QHToaeqCFkMcp1zgHg=
Subject key identifier:   59:3C:D8:58:EB:CA:03:6C:D9:64:0C:A8:0B:F7:99:0A:46:96:3C:69
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       2C890A305DDA92194A352B4C25AE69C78C29A4E3
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9318.roa
Signing time:             Thu 05 Jun 2025 17:39:51 +0000
ROA not before:           Thu 05 Jun 2025 17:34:51 +0000
ROA not after:            Thu 04 Jun 2026 17:39:51 +0000
asID:                     9318
IP address blocks:        143.20.68.0/24 maxlen: 24
                          143.20.97.0/24 maxlen: 24
                          143.20.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:89:0a:30:5d:da:92:19:4a:35:2b:4c:25:ae:69:c7:8c:29:a4:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 17:34:51 2025 GMT
            Not After : Jun  4 17:39:51 2026 GMT
        Subject: CN=593CD858EBCA036CD9640CA80BF7990A46963C69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f8:5f:2d:e4:63:d1:20:4f:df:f6:da:ec:b8:
                    04:13:04:48:21:ec:28:8d:81:e9:e0:53:3b:48:4e:
                    d9:1e:af:8a:16:33:71:dc:48:11:21:1a:84:9d:4d:
                    db:ca:ec:30:21:58:de:2b:6a:dd:d6:2f:50:f0:97:
                    61:18:3f:b3:42:bf:ea:40:09:82:6e:ad:6f:c3:14:
                    28:92:25:65:3c:67:2e:fe:8c:dd:5b:4a:2d:1a:43:
                    8a:2d:a5:47:64:c3:5b:f7:88:70:45:31:1b:75:51:
                    33:06:50:f4:0e:f1:95:7c:56:1f:50:7e:97:89:b1:
                    d6:d0:ec:97:ee:c2:74:5b:74:be:4a:0f:03:ee:61:
                    81:65:e6:41:ba:18:19:4b:5d:e2:db:88:6b:92:a3:
                    76:35:16:de:5d:bf:eb:51:f4:74:30:3d:5c:d7:f1:
                    6f:5e:78:10:db:3b:57:5a:27:f6:4e:7f:b0:21:d8:
                    ae:dd:e6:f3:77:97:90:ac:3a:91:a5:47:de:a1:bc:
                    34:90:f4:07:b1:9f:3e:a3:12:2c:72:3d:b2:2e:4c:
                    aa:23:e9:f6:f0:19:3b:88:30:13:ae:0b:01:20:da:
                    08:52:c1:8c:1f:74:f1:51:bb:31:cb:14:ae:fc:4c:
                    75:20:c7:4e:ed:12:be:ae:15:63:d8:91:f4:9f:46:
                    f1:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:3C:D8:58:EB:CA:03:6C:D9:64:0C:A8:0B:F7:99:0A:46:96:3C:69
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9318.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.68.0/24
                  143.20.97.0/24
                  143.20.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:ec:a2:23:b7:ec:3a:eb:12:1f:91:80:03:17:43:2c:a4:66:
         cb:99:b9:76:d5:5b:5f:5f:a2:46:b7:30:33:99:26:1b:e9:5d:
         39:cf:92:4b:f9:46:d8:80:db:c1:6a:d1:f1:0d:06:4d:0b:74:
         80:55:9b:ed:ff:89:51:cd:88:b5:9b:73:3e:1f:fa:9d:3d:c8:
         75:3f:81:76:4a:16:73:ea:f6:d7:43:71:f5:63:85:df:62:81:
         88:9d:98:db:85:88:ec:01:07:cf:e2:b2:18:0f:56:94:92:e7:
         44:b6:55:38:0c:67:bf:33:0a:92:67:b8:fe:30:8c:c5:7c:72:
         ae:1e:2a:b8:a5:7b:61:fd:28:96:d4:e9:1c:26:23:47:ba:1f:
         0d:87:c5:f8:d1:f0:38:74:22:6b:10:4e:0a:59:81:9b:61:75:
         18:0f:1d:cc:92:d3:20:a6:86:d5:42:78:d3:d1:00:ce:eb:f3:
         92:44:e1:fd:06:8b:88:fa:d6:a0:b7:53:69:e8:74:c1:d4:d7:
         e7:80:53:ab:c3:fd:7a:9c:63:3c:f5:10:05:51:f6:08:a4:55:
         8e:29:f5:0a:cf:47:c5:55:e1:a2:2d:75:43:5e:ee:6f:38:8a:
         b8:10:e2:5d:c4:a1:28:f3:6c:98:42:c8:cc:d9:d1:5f:b0:29:
         1a:a1:cb:3b
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIULIkKMF3akhlKNStMJa5px4wppOMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDUxNzM0NTFaFw0yNjA2MDQxNzM5NTFaMDMxMTAvBgNV
BAMTKDU5M0NEODU4RUJDQTAzNkNEOTY0MENBODBCRjc5OTBBNDY5NjNDNjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ+F8t5GPRIE/f9trsuAQTBEgh
7CiNgengUztITtker4oWM3HcSBEhGoSdTdvK7DAhWN4rat3WL1Dwl2EYP7NCv+pA
CYJurW/DFCiSJWU8Zy7+jN1bSi0aQ4otpUdkw1v3iHBFMRt1UTMGUPQO8ZV8Vh9Q
fpeJsdbQ7JfuwnRbdL5KDwPuYYFl5kG6GBlLXeLbiGuSo3Y1Ft5dv+tR9HQwPVzX
8W9eeBDbO1daJ/ZOf7Ah2K7d5vN3l5CsOpGlR96hvDSQ9Aexnz6jEixyPbIuTKoj
6fbwGTuIMBOuCwEg2ghSwYwfdPFRuzHLFK78THUgx07tEr6uFWPYkfSfRvFrAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUWTzYWOvKA2zZZAyoC/eZCkaWPGkwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTOTMxOC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAI8URAME
AI8UYQMEAI8UezANBgkqhkiG9w0BAQsFAAOCAQEAXOyiI7fsOusSH5GAAxdDLKRm
y5m5dtVbX1+iRrcwM5kmG+ldOc+SS/lG2IDbwWrR8Q0GTQt0gFWb7f+JUc2ItZtz
Ph/6nT3IdT+BdkoWc+r210Nx9WOF32KBiJ2Y24WI7AEHz+KyGA9WlJLnRLZVOAxn
vzMKkme4/jCMxXxyrh4quKV7Yf0oltTpHCYjR7ofDYfF+NHwOHQiaxBOClmBm2F1
GA8dzJLTIKaG1UJ409EAzuvzkkTh/QaLiPrWoLdTaeh0wdTX54BTq8P9epxjPPUQ
BVH2CKRVjin1Cs9HxVXhoi11Q17ubziKuBDiXcShKPNsmELIzNnRX7ApGqHLOw==
-----END CERTIFICATE-----