Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9304.roa
File: AS9304.roa (raw, json)
Hash identifier: l2UJHvh/Ww2HNjv3VD4/XEwJnqZY0vQZ7vP3BWGqOIM=
Subject key identifier: 17:1F:4D:E1:8D:2F:64:EA:83:77:24:AD:9E:9F:A4:F2:AA:D7:5D:5D
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 6B019854FAB8807E2E634B8CDA4B7502C03C774E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9304.roa
Signing time: Wed 25 Mar 2026 07:44:47 +0000
ROA not before: Wed 25 Mar 2026 07:39:47 +0000
ROA not after: Wed 24 Mar 2027 07:44:47 +0000
asID: 9304
IP address blocks: 96.62.0.0/19 maxlen: 24
96.62.59.0/24 maxlen: 24
96.62.156.0/22 maxlen: 24
96.62.224.0/24 maxlen: 24
96.62.229.0/24 maxlen: 24
143.14.55.0/24 maxlen: 24
143.14.87.0/24 maxlen: 24
143.14.94.0/24 maxlen: 24
143.14.144.0/24 maxlen: 24
143.14.196.0/24 maxlen: 24
143.14.214.0/24 maxlen: 24
143.14.222.0/24 maxlen: 24
146.103.29.0/24 maxlen: 24
147.79.8.0/23 maxlen: 24
150.241.130.0/24 maxlen: 24
155.117.139.0/24 maxlen: 24
162.141.19.0/24 maxlen: 24
162.141.24.0/22 maxlen: 24
162.141.28.0/22 maxlen: 24
162.141.32.0/22 maxlen: 24
162.141.40.0/22 maxlen: 24
162.141.56.0/22 maxlen: 24
162.141.60.0/22 maxlen: 24
162.141.72.0/22 maxlen: 24
162.141.101.0/24 maxlen: 24
162.141.144.0/21 maxlen: 24
162.141.168.0/21 maxlen: 24
162.141.181.0/24 maxlen: 24
162.141.184.0/21 maxlen: 24
167.148.16.0/21 maxlen: 24
167.148.48.0/21 maxlen: 24
167.148.56.0/22 maxlen: 24
167.148.64.0/22 maxlen: 24
167.148.76.0/22 maxlen: 24
167.148.88.0/21 maxlen: 24
167.148.99.0/24 maxlen: 24
167.148.108.0/22 maxlen: 24
167.148.130.0/23 maxlen: 23
167.148.208.0/24 maxlen: 24
168.222.83.0/24 maxlen: 24
168.222.89.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Mar 2026 00:55:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6b:01:98:54:fa:b8:80:7e:2e:63:4b:8c:da:4b:75:02:c0:3c:77:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Mar 25 07:39:47 2026 GMT
Not After : Mar 24 07:44:47 2027 GMT
Subject: CN=171F4DE18D2F64EA837724AD9E9FA4F2AAD75D5D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:c5:d2:ce:f8:47:02:f3:6c:7d:53:26:85:d8:
e7:0f:fe:17:0e:1e:ed:9a:7f:44:80:37:b4:4d:25:
36:32:57:26:c6:e3:e3:93:d2:0a:67:23:89:31:e3:
1e:76:5d:f6:7a:66:40:7b:74:04:c0:1f:40:5c:85:
99:f6:88:57:58:a4:1b:46:13:63:38:9b:4c:18:af:
84:f1:a9:39:85:23:a3:81:50:ad:05:10:f8:de:52:
ae:0b:cd:85:62:da:96:17:48:55:65:24:48:5c:53:
f8:55:69:3b:27:a4:a6:97:5a:5a:59:64:bd:cd:0d:
ba:5a:98:e7:42:d4:a6:47:2d:f1:d5:42:85:fd:ff:
a3:48:4c:01:5b:09:9c:fd:7e:7d:eb:49:51:ab:e7:
05:81:4c:1c:44:39:00:27:ea:1c:b4:4b:13:32:7d:
38:89:ec:72:66:67:3c:ee:0f:d7:9d:db:ac:c4:8b:
02:ee:9d:40:ba:1b:f0:9e:9d:a6:5a:b0:7e:6d:24:
f7:10:bf:09:68:1f:a2:d7:e6:0a:1f:26:26:20:37:
22:1e:89:5a:99:f3:36:71:65:69:ae:84:14:f4:f2:
81:7e:a8:8a:6f:73:3b:04:4b:9c:86:b1:5b:3d:1c:
ca:e0:c0:ba:9b:a1:a9:8a:e1:af:7a:a5:bb:59:60:
18:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:1F:4D:E1:8D:2F:64:EA:83:77:24:AD:9E:9F:A4:F2:AA:D7:5D:5D
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9304.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.0.0/19
96.62.59.0/24
96.62.156.0/22
96.62.224.0/24
96.62.229.0/24
143.14.55.0/24
143.14.87.0/24
143.14.94.0/24
143.14.144.0/24
143.14.196.0/24
143.14.214.0/24
143.14.222.0/24
146.103.29.0/24
147.79.8.0/23
150.241.130.0/24
155.117.139.0/24
162.141.19.0/24
162.141.24.0-162.141.35.255
162.141.40.0/22
162.141.56.0/21
162.141.72.0/22
162.141.101.0/24
162.141.144.0/21
162.141.168.0/21
162.141.181.0/24
162.141.184.0/21
167.148.16.0/21
167.148.48.0-167.148.59.255
167.148.64.0/22
167.148.76.0/22
167.148.88.0/21
167.148.99.0/24
167.148.108.0/22
167.148.130.0/23
167.148.208.0/24
168.222.83.0/24
168.222.89.0/24
Signature Algorithm: sha256WithRSAEncryption
b2:e9:87:6c:0f:01:40:b0:aa:4c:3a:87:c3:a9:7d:1f:6a:12:
0c:e6:7a:0d:dc:e8:bf:f5:ae:c5:9e:7b:c1:3e:40:f7:71:a4:
fa:99:6b:5b:ef:f8:8b:40:b0:de:8c:62:21:6d:4c:7d:f8:44:
3c:ab:b6:69:49:1c:07:ef:d9:58:3a:4a:bb:60:5a:ca:56:8d:
71:e0:d6:58:80:a9:f7:fb:7f:7e:51:8b:20:cb:fe:6d:0c:d4:
e2:20:ac:8f:d3:b9:5c:cc:e9:b5:e9:eb:a5:f9:b5:ae:94:a6:
81:26:e3:96:ce:f4:4c:07:2f:bd:9e:d4:e8:15:35:88:59:1c:
de:ea:4b:6e:ea:79:09:3a:e9:d5:a1:38:0b:c2:16:e7:82:6e:
b3:3f:cb:ce:7c:ab:63:49:63:d1:09:57:18:4c:d9:23:64:45:
98:c1:0b:b7:f7:7a:0a:50:d2:d3:58:75:dd:f0:15:bf:ef:2c:
7e:c4:c7:b0:ad:60:8b:38:df:7f:24:ae:6b:f5:ce:69:7a:2f:
ba:d7:48:77:25:5c:cf:e3:63:8b:ee:0c:5f:a1:fc:55:50:ac:
63:68:86:77:f5:36:e1:35:c3:d9:e2:51:60:8b:95:97:c4:ce:
5a:e7:ba:35:61:88:b4:3f:7b:37:d1:a8:9f:af:17:cb:ef:e2:
e2:d8:0e:74
-----BEGIN CERTIFICATE-----
MIIF7DCCBNSgAwIBAgIUawGYVPq4gH4uY0uM2kt1AsA8d04wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMjUwNzM5NDdaFw0yNzAzMjQwNzQ0NDdaMDMxMTAvBgNV
BAMTKDE3MUY0REUxOEQyRjY0RUE4Mzc3MjRBRDlFOUZBNEYyQUFENzVENUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRxdLO+EcC82x9UyaF2OcP/hcO
Hu2af0SAN7RNJTYyVybG4+OT0gpnI4kx4x52XfZ6ZkB7dATAH0BchZn2iFdYpBtG
E2M4m0wYr4TxqTmFI6OBUK0FEPjeUq4LzYVi2pYXSFVlJEhcU/hVaTsnpKaXWlpZ
ZL3NDbpamOdC1KZHLfHVQoX9/6NITAFbCZz9fn3rSVGr5wWBTBxEOQAn6hy0SxMy
fTiJ7HJmZzzuD9ed26zEiwLunUC6G/CenaZasH5tJPcQvwloH6LX5gofJiYgNyIe
iVqZ8zZxZWmuhBT08oF+qIpvczsES5yGsVs9HMrgwLqboamK4a96pbtZYBgXAgMB
AAGjggL2MIIC8jAdBgNVHQ4EFgQUFx9N4Y0vZOqDdyStnp+k8qrXXV0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTOTMwNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCCAQsGCCsGAQUFBwEHAQH/BIH7MIH4MIH1BAIAATCB7gME
BWA+AAMEAGA+OwMEAmA+nAMEAGA+4AMEAGA+5QMEAI8ONwMEAI8OVwMEAI8OXgME
AI8OkAMEAI8OxAMEAI8O1gMEAI8O3gMEAJJnHQMEAZNPCAMEAJbxggMEAJt1iwME
AKKNEzAMAwQDoo0YAwQCoo0gAwQCoo0oAwQDoo04AwQCoo1IAwQAoo1lAwQDoo2Q
AwQDoo2oAwQAoo21AwQDoo24AwQDp5QQMAwDBASnlDADBAKnlDgDBAKnlEADBAKn
lEwDBAOnlFgDBACnlGMDBAKnlGwDBAGnlIIDBACnlNADBACo3lMDBACo3lkwDQYJ
KoZIhvcNAQELBQADggEBALLph2wPAUCwqkw6h8OpfR9qEgzmeg3c6L/1rsWee8E+
QPdxpPqZa1vv+ItAsN6MYiFtTH34RDyrtmlJHAfv2Vg6SrtgWspWjXHg1liAqff7
f35RiyDL/m0M1OIgrI/TuVzM6bXp66X5ta6UpoEm45bO9EwHL72e1OgVNYhZHN7q
S27qeQk66dWhOAvCFueCbrM/y858q2NJY9EJVxhM2SNkRZjBC7f3egpQ0tNYdd3w
Fb/vLH7Ex7CtYIs4338krmv1zml6L7rXSHclXM/jY4vuDF+h/FVQrGNohnf1NuE1
w9niUWCLlZfEzlrnujVhiLQ/ezfRqJ+vF8vv4uLYDnQ=
-----END CERTIFICATE-----
Generated at Sat Mar 28 11:23:06 2026 by rpki-client