Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9304.roa
File:                     AS9304.roa (raw, json)
Hash identifier:          54uqwWUMnzziXfcvp+Lc8xxB1YILrjQA8YIHvJYxP0Q=
Subject key identifier:   99:5B:EF:BA:59:76:59:29:4A:D5:15:F0:2D:B2:BF:7A:C4:0E:1D:38
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       129AF637961121C20DE20ACDDF77D21F162732C4
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9304.roa
Signing time:             Sun 22 Jun 2025 18:37:41 +0000
ROA not before:           Sun 22 Jun 2025 18:32:41 +0000
ROA not after:            Sun 21 Jun 2026 18:37:41 +0000
asID:                     9304
IP address blocks:        85.208.72.0/24 maxlen: 24
                          179.61.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 01:56:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:9a:f6:37:96:11:21:c2:0d:e2:0a:cd:df:77:d2:1f:16:27:32:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 22 18:32:41 2025 GMT
            Not After : Jun 21 18:37:41 2026 GMT
        Subject: CN=995BEFBA597659294AD515F02DB2BF7AC40E1D38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:fe:5e:4c:44:1c:a3:d2:5f:a1:dc:f7:0f:ca:
                    ae:71:f4:6c:31:46:fc:69:46:89:0f:24:da:82:4c:
                    3f:4c:c3:d4:5e:66:d5:89:b3:b2:88:b1:0c:fd:68:
                    48:ae:a5:35:2a:05:7b:c9:ac:45:a4:f6:fb:e5:b8:
                    79:d8:c2:1e:93:82:86:a0:d8:28:a7:16:28:14:f2:
                    d4:f1:55:12:33:b3:14:95:2e:39:85:6b:df:2d:6a:
                    75:1c:a0:06:29:1d:75:55:34:09:f3:f6:47:b1:05:
                    b7:b1:6c:74:fe:65:83:1a:07:6a:b0:f0:ec:3f:f9:
                    88:89:b7:aa:81:70:71:7f:48:a9:65:06:4a:fb:54:
                    54:62:f4:d4:30:50:39:1a:91:dc:ec:6e:76:23:75:
                    28:5e:46:4d:a3:b3:18:a7:b9:75:c2:55:4d:e4:74:
                    b1:7b:c2:af:96:54:f4:b6:de:2f:6e:97:90:0b:c8:
                    76:c2:d9:94:a3:5c:3c:8c:a8:c6:54:15:fb:22:40:
                    31:2c:68:d2:79:7b:26:5d:e7:64:da:7e:f6:2c:9b:
                    9c:85:84:2a:71:3f:a6:4f:a6:dd:22:48:9d:ff:5c:
                    e9:3c:44:d8:bd:e6:89:9e:a2:a8:17:49:08:c0:d6:
                    02:bc:59:55:1f:86:0e:e4:c5:74:5b:bd:54:c8:3b:
                    77:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:5B:EF:BA:59:76:59:29:4A:D5:15:F0:2D:B2:BF:7A:C4:0E:1D:38
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.72.0/24
                  179.61.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:e3:2a:42:79:9d:24:66:8f:e9:d0:96:e2:9e:d2:44:5f:f6:
         12:a0:d5:42:06:fd:48:68:52:71:47:32:7b:ad:20:07:1e:8e:
         c1:2b:1b:a6:2e:ce:a4:d8:68:81:15:10:d1:04:18:a8:61:66:
         4a:54:fd:b0:3a:cd:96:f4:95:5d:e5:bf:28:6b:8a:42:36:90:
         61:50:c2:87:45:8a:3e:4b:b7:31:d7:b7:17:a7:77:b4:94:b9:
         50:5f:55:73:98:98:78:5e:98:dc:fc:58:10:e3:59:fa:87:36:
         59:11:ec:ce:11:53:ca:1e:19:38:c3:7e:1b:ff:7e:63:bc:7e:
         b6:3f:94:c3:34:f4:48:25:f0:01:4f:b3:9b:23:04:b0:be:73:
         5a:82:26:44:a3:31:93:be:0f:8c:1d:b6:2f:bd:f2:3d:54:4f:
         86:1e:e4:fe:f0:a3:cb:c7:f2:a5:8b:34:7a:5b:e2:fa:16:f1:
         38:31:2c:f5:69:91:0b:eb:f2:c3:27:d9:1d:b7:16:03:30:8b:
         6e:0b:48:da:a2:b1:82:c2:7e:6d:da:8f:c9:39:b7:d0:10:98:
         ba:0f:47:ff:4f:42:f6:60:87:0a:76:59:5e:6c:b0:9d:ba:fd:
         8f:ef:5a:93:a0:91:03:66:00:b4:99:20:38:f3:16:c8:51:aa:
         d1:b4:a7:70
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIUEpr2N5YRIcIN4grN33fSHxYnMsQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MjIxODMyNDFaFw0yNjA2MjExODM3NDFaMDMxMTAvBgNV
BAMTKDk5NUJFRkJBNTk3NjU5Mjk0QUQ1MTVGMDJEQjJCRjdBQzQwRTFEMzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT/l5MRByj0l+h3PcPyq5x9Gwx
RvxpRokPJNqCTD9Mw9ReZtWJs7KIsQz9aEiupTUqBXvJrEWk9vvluHnYwh6Tgoag
2CinFigU8tTxVRIzsxSVLjmFa98tanUcoAYpHXVVNAnz9kexBbexbHT+ZYMaB2qw
8Ow/+YiJt6qBcHF/SKllBkr7VFRi9NQwUDkakdzsbnYjdSheRk2jsxinuXXCVU3k
dLF7wq+WVPS23i9ul5ALyHbC2ZSjXDyMqMZUFfsiQDEsaNJ5eyZd52TafvYsm5yF
hCpxP6ZPpt0iSJ3/XOk8RNi95omeoqgXSQjA1gK8WVUfhg7kxXRbvVTIO3eNAgMB
AAGjggIOMIICCjAdBgNVHQ4EFgQUmVvvull2WSlK1RXwLbK/esQOHTgwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTOTMwNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAFXQSAME
ALM98TANBgkqhkiG9w0BAQsFAAOCAQEAmeMqQnmdJGaP6dCW4p7SRF/2EqDVQgb9
SGhScUcye60gBx6OwSsbpi7OpNhogRUQ0QQYqGFmSlT9sDrNlvSVXeW/KGuKQjaQ
YVDCh0WKPku3Mde3F6d3tJS5UF9Vc5iYeF6Y3PxYEONZ+oc2WRHszhFTyh4ZOMN+
G/9+Y7x+tj+UwzT0SCXwAU+zmyMEsL5zWoImRKMxk74PjB22L73yPVRPhh7k/vCj
y8fypYs0elvi+hbxODEs9WmRC+vywyfZHbcWAzCLbgtI2qKxgsJ+bdqPyTm30BCY
ug9H/09C9mCHCnZZXmywnbr9j+9ak6CRA2YAtJkgOPMWyFGq0bSncA==
-----END CERTIFICATE-----