Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9304.roa
File: AS9304.roa (raw, json)
Hash identifier: Cwgand7NxnsUjMQu6H4lRsIlCZyLwRx4NxI1Cwrl7Vo=
Subject key identifier: FC:2A:EF:27:59:01:CB:EA:9C:48:2A:F7:97:5A:DC:1C:B7:1C:27:21
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 5614F846D5A12475856EFC06ED885BB872E88B13
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9304.roa
Signing time: Sat 09 May 2026 08:52:30 +0000
ROA not before: Sat 09 May 2026 08:47:30 +0000
ROA not after: Sat 08 May 2027 08:52:30 +0000
asID: 9304
IP address blocks: 96.62.0.0/19 maxlen: 24
96.62.59.0/24 maxlen: 24
96.62.156.0/22 maxlen: 24
96.62.224.0/24 maxlen: 24
96.62.229.0/24 maxlen: 24
143.14.87.0/24 maxlen: 24
143.14.94.0/24 maxlen: 24
143.14.144.0/24 maxlen: 24
143.14.196.0/24 maxlen: 24
143.14.214.0/24 maxlen: 24
143.14.222.0/24 maxlen: 24
147.79.8.0/23 maxlen: 24
150.241.130.0/24 maxlen: 24
155.117.139.0/24 maxlen: 24
162.141.19.0/24 maxlen: 24
162.141.24.0/22 maxlen: 24
162.141.28.0/22 maxlen: 24
162.141.32.0/22 maxlen: 24
162.141.40.0/22 maxlen: 24
162.141.56.0/22 maxlen: 24
162.141.60.0/22 maxlen: 24
162.141.72.0/22 maxlen: 24
162.141.101.0/24 maxlen: 24
162.141.144.0/21 maxlen: 24
162.141.168.0/21 maxlen: 24
162.141.181.0/24 maxlen: 24
162.141.184.0/21 maxlen: 24
167.148.16.0/21 maxlen: 24
167.148.32.0/24 maxlen: 24
167.148.48.0/21 maxlen: 24
167.148.56.0/22 maxlen: 24
167.148.64.0/22 maxlen: 24
167.148.72.0/24 maxlen: 24
167.148.76.0/22 maxlen: 24
167.148.88.0/21 maxlen: 24
167.148.99.0/24 maxlen: 24
167.148.108.0/22 maxlen: 24
167.148.129.0/24 maxlen: 24
167.148.130.0/23 maxlen: 23
167.148.142.0/24 maxlen: 24
167.148.176.0/24 maxlen: 24
167.148.208.0/24 maxlen: 24
168.222.12.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
56:14:f8:46:d5:a1:24:75:85:6e:fc:06:ed:88:5b:b8:72:e8:8b:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: May 9 08:47:30 2026 GMT
Not After : May 8 08:52:30 2027 GMT
Subject: CN=FC2AEF275901CBEA9C482AF7975ADC1CB71C2721
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:90:2b:12:0b:2e:af:6f:44:10:35:07:ee:41:
ad:35:fd:8d:94:d2:59:cf:c0:ef:cb:0c:14:34:7d:
9b:86:a3:0f:02:a4:c5:a7:41:67:ac:63:a3:e4:6e:
5f:9b:4a:7d:53:a3:8c:ce:27:40:1f:9b:fc:46:8f:
56:c9:c3:b7:a7:bc:d1:bb:7e:66:a7:c9:56:33:29:
a9:d4:f5:00:0c:ca:35:d2:4d:60:a0:3a:6e:49:75:
41:09:09:45:e0:de:74:0b:e2:16:46:a6:d2:46:04:
e4:76:53:69:be:e1:1b:a8:e4:b8:fa:ae:d8:c4:be:
89:30:6d:54:dd:78:5c:ef:45:ca:71:e8:75:f3:99:
04:e8:17:8b:51:c2:c7:f7:92:58:d7:77:15:91:60:
75:56:98:ab:8f:1a:b8:de:f2:2b:43:22:1b:b6:7f:
fa:36:31:b2:a9:93:af:b9:60:e7:56:0b:fb:b5:82:
1b:c7:68:2d:54:8a:ad:c1:81:ac:0e:de:ed:0e:51:
3e:85:7f:4f:0d:c8:72:d8:c5:e1:43:17:1b:3c:7b:
a3:15:3f:bc:39:51:b4:0b:1b:09:70:98:b7:ed:59:
71:42:70:b7:71:8e:d9:51:19:e1:60:c6:fe:71:26:
eb:e3:11:86:84:4f:26:6d:cf:57:24:2d:d6:d8:ee:
3b:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:2A:EF:27:59:01:CB:EA:9C:48:2A:F7:97:5A:DC:1C:B7:1C:27:21
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9304.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.0.0/19
96.62.59.0/24
96.62.156.0/22
96.62.224.0/24
96.62.229.0/24
143.14.87.0/24
143.14.94.0/24
143.14.144.0/24
143.14.196.0/24
143.14.214.0/24
143.14.222.0/24
147.79.8.0/23
150.241.130.0/24
155.117.139.0/24
162.141.19.0/24
162.141.24.0-162.141.35.255
162.141.40.0/22
162.141.56.0/21
162.141.72.0/22
162.141.101.0/24
162.141.144.0/21
162.141.168.0/21
162.141.181.0/24
162.141.184.0/21
167.148.16.0/21
167.148.32.0/24
167.148.48.0-167.148.59.255
167.148.64.0/22
167.148.72.0/24
167.148.76.0/22
167.148.88.0/21
167.148.99.0/24
167.148.108.0/22
167.148.129.0-167.148.131.255
167.148.142.0/24
167.148.176.0/24
167.148.208.0/24
168.222.12.0/24
Signature Algorithm: sha256WithRSAEncryption
03:29:54:8a:9d:6c:d0:a4:0a:3d:bb:3e:e9:c7:7e:67:b2:1a:
61:4d:30:97:7c:86:7c:3a:97:c2:e2:e5:88:fb:ef:7e:5a:b7:
80:e7:ff:2b:ae:d3:1a:63:69:16:a2:90:40:69:47:22:73:6f:
dc:e8:e1:3f:e3:dd:62:a9:19:70:ee:e4:64:30:fb:e8:2d:1e:
f1:5f:5d:8c:b8:8f:de:b6:e8:38:bc:bc:67:e5:27:d0:08:98:
eb:ed:cb:87:5a:32:85:3d:38:32:9e:46:b6:6f:39:a6:f2:c6:
94:5a:9d:fc:23:c6:0b:2a:b8:d2:ae:40:a3:a5:21:37:3d:b5:
8c:f3:ce:72:0d:8e:d8:39:0a:c0:88:f3:23:61:aa:44:68:b1:
01:b6:9a:97:e0:bb:4b:f5:9c:24:79:c0:b4:08:77:ec:db:17:
f2:10:a9:fb:c7:50:d1:65:0c:d1:18:ba:66:68:6d:b8:5e:e7:
35:90:a5:16:98:4d:8c:f7:ba:6d:27:49:c1:2a:04:d3:1a:d1:
85:87:27:0c:d7:2a:d7:c7:af:ac:d8:4f:cc:46:81:74:50:a7:
fe:2c:e8:44:2a:ec:14:da:e9:34:1d:d1:cd:d7:06:92:fc:6e:
be:1d:18:fe:9d:64:2c:12:a8:58:99:f1:1e:42:8f:56:37:60:
3e:9e:4a:c6
-----BEGIN CERTIFICATE-----
MIIF/TCCBOWgAwIBAgIUVhT4RtWhJHWFbvwG7YhbuHLoixMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MDkwODQ3MzBaFw0yNzA1MDgwODUyMzBaMDMxMTAvBgNV
BAMTKEZDMkFFRjI3NTkwMUNCRUE5QzQ4MkFGNzk3NUFEQzFDQjcxQzI3MjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRkCsSCy6vb0QQNQfuQa01/Y2U
0lnPwO/LDBQ0fZuGow8CpMWnQWesY6Pkbl+bSn1To4zOJ0Afm/xGj1bJw7envNG7
fmanyVYzKanU9QAMyjXSTWCgOm5JdUEJCUXg3nQL4hZGptJGBOR2U2m+4Ruo5Lj6
rtjEvokwbVTdeFzvRcpx6HXzmQToF4tRwsf3kljXdxWRYHVWmKuPGrje8itDIhu2
f/o2MbKpk6+5YOdWC/u1ghvHaC1Uiq3BgawO3u0OUT6Ff08NyHLYxeFDFxs8e6MV
P7w5UbQLGwlwmLftWXFCcLdxjtlRGeFgxv5xJuvjEYaETyZtz1ckLdbY7ju9AgMB
AAGjggMHMIIDAzAdBgNVHQ4EFgQU/CrvJ1kBy+qcSCr3l1rcHLccJyEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTOTMwNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCCARwGCCsGAQUFBwEHAQH/BIIBCzCCAQcwggEDBAIAATCB
/AMEBWA+AAMEAGA+OwMEAmA+nAMEAGA+4AMEAGA+5QMEAI8OVwMEAI8OXgMEAI8O
kAMEAI8OxAMEAI8O1gMEAI8O3gMEAZNPCAMEAJbxggMEAJt1iwMEAKKNEzAMAwQD
oo0YAwQCoo0gAwQCoo0oAwQDoo04AwQCoo1IAwQAoo1lAwQDoo2QAwQDoo2oAwQA
oo21AwQDoo24AwQDp5QQAwQAp5QgMAwDBASnlDADBAKnlDgDBAKnlEADBACnlEgD
BAKnlEwDBAOnlFgDBACnlGMDBAKnlGwwDAMEAKeUgQMEAqeUgAMEAKeUjgMEAKeU
sAMEAKeU0AMEAKjeDDANBgkqhkiG9w0BAQsFAAOCAQEAAylUip1s0KQKPbs+6cd+
Z7IaYU0wl3yGfDqXwuLliPvvflq3gOf/K67TGmNpFqKQQGlHInNv3OjhP+PdYqkZ
cO7kZDD76C0e8V9djLiP3rboOLy8Z+Un0AiY6+3Lh1oyhT04Mp5Gtm85pvLGlFqd
/CPGCyq40q5Ao6UhNz21jPPOcg2O2DkKwIjzI2GqRGixAbaal+C7S/WcJHnAtAh3
7NsX8hCp+8dQ0WUM0Ri6ZmhtuF7nNZClFphNjPe6bSdJwSoE0xrRhYcnDNcq18ev
rNhPzEaBdFCn/izoRCrsFNrpNB3RzdcGkvxuvh0Y/p1kLBKoWJnxHkKPVjdgPp5K
xg==
-----END CERTIFICATE-----
Generated at Tue May 12 22:38:32 2026 by rpki-client