Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9304.roa
File:                     AS9304.roa (raw, json)
Hash identifier:          riBDXwlv1vTa/1khUX5rOxEf4AbBzl4tduUXAxa1IMk=
Subject key identifier:   D0:DE:7A:0F:4D:02:70:E4:3A:59:66:BF:18:A2:EF:4C:D5:F7:13:F2
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3226E6C384691FB3B3EA2F628D16DE081D735856
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9304.roa
Signing time:             Sun 22 Mar 2026 10:29:10 +0000
ROA not before:           Sun 22 Mar 2026 10:24:10 +0000
ROA not after:            Sun 21 Mar 2027 10:29:10 +0000
asID:                     9304
IP address blocks:        5.252.74.0/24 maxlen: 24
                          191.101.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:26:e6:c3:84:69:1f:b3:b3:ea:2f:62:8d:16:de:08:1d:73:58:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 22 10:24:10 2026 GMT
            Not After : Mar 21 10:29:10 2027 GMT
        Subject: CN=D0DE7A0F4D0270E43A5966BF18A2EF4CD5F713F2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:15:08:0f:79:75:2b:73:cd:3a:22:95:bb:c7:
                    c2:c7:07:6c:b7:3a:90:c4:a7:f1:72:59:0f:56:4a:
                    df:7f:02:6b:b8:c7:ad:62:fd:07:e1:ac:e9:82:1a:
                    24:5f:9e:3c:14:7c:d9:6a:23:fa:dc:cf:85:1c:33:
                    8d:ba:fe:ce:6b:60:f0:a3:98:83:ca:e6:75:a6:8e:
                    d4:a8:4f:92:5e:24:9c:3a:11:ed:9b:8b:0a:32:da:
                    c4:07:c3:56:9c:09:0d:9c:f9:a3:36:ed:83:78:fe:
                    92:71:93:9c:43:61:0a:ed:4f:c7:cd:a9:fa:a3:6c:
                    88:1a:ed:01:81:d7:b5:29:45:55:fb:ac:4a:7e:47:
                    75:cc:b7:be:e7:a9:eb:f4:a5:61:52:fd:ed:f1:d8:
                    e2:18:25:7a:69:ea:23:0c:38:81:8d:8a:98:74:83:
                    c2:06:c3:b3:49:b1:d9:55:78:a8:e7:f4:6f:2f:86:
                    14:93:d7:ee:f1:04:78:69:f8:49:74:be:c7:17:27:
                    2a:8d:73:2d:8e:79:7e:98:38:fa:01:86:0b:90:fe:
                    ba:eb:e6:24:69:f6:82:a4:4b:67:eb:f7:f5:d0:aa:
                    26:9b:12:dc:0f:34:74:d5:03:ef:5a:7b:82:68:64:
                    65:f1:8c:ad:fe:e9:6b:c6:c9:be:2b:23:c6:49:4f:
                    0d:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:DE:7A:0F:4D:02:70:E4:3A:59:66:BF:18:A2:EF:4C:D5:F7:13:F2
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.74.0/24
                  191.101.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:a3:a3:b0:88:f9:ec:e6:9f:28:71:41:5d:c3:2c:ad:74:18:
         bd:8e:35:c4:2b:47:b5:19:3b:ba:79:be:be:7a:c7:66:ef:0d:
         06:c8:38:04:6b:94:ff:c7:bb:30:bd:84:80:94:a7:71:6b:2f:
         a4:ba:0a:72:92:4e:46:12:45:1a:73:c9:34:d0:fd:5b:e0:9d:
         d6:9a:ea:69:59:7f:1e:03:0c:cc:6e:12:ad:21:ea:ba:00:dd:
         19:82:1b:ec:54:79:a4:7d:9a:c3:ba:b7:18:50:95:35:c6:b4:
         8a:6c:28:89:15:2c:13:8f:fc:84:e8:7d:7a:75:6f:ff:cb:75:
         4c:b8:f9:59:3b:29:ef:89:30:61:88:ec:21:80:bb:02:76:d3:
         08:77:e1:98:16:d5:b3:9f:51:37:d6:df:37:50:7f:db:a9:36:
         ce:12:f7:05:95:2f:c9:e1:ef:1a:e5:ce:b4:45:99:51:ef:ad:
         5d:82:a3:05:50:4b:7f:4d:f4:97:79:7e:71:ce:b8:00:57:69:
         06:68:7e:f2:a9:fe:2e:a7:56:5c:6e:0d:31:98:e8:ef:37:9f:
         ac:57:c1:98:7f:2c:e7:19:2e:9c:59:48:ee:4a:44:1f:47:31:
         67:8c:9e:dc:8a:54:cd:a9:51:a7:d9:b7:a7:07:a8:61:07:7c:
         63:04:db:2f
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIUMibmw4RpH7Oz6i9ijRbeCB1zWFYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMjIxMDI0MTBaFw0yNzAzMjExMDI5MTBaMDMxMTAvBgNV
BAMTKEQwREU3QTBGNEQwMjcwRTQzQTU5NjZCRjE4QTJFRjRDRDVGNzEzRjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXFQgPeXUrc806IpW7x8LHB2y3
OpDEp/FyWQ9WSt9/Amu4x61i/QfhrOmCGiRfnjwUfNlqI/rcz4UcM426/s5rYPCj
mIPK5nWmjtSoT5JeJJw6Ee2biwoy2sQHw1acCQ2c+aM27YN4/pJxk5xDYQrtT8fN
qfqjbIga7QGB17UpRVX7rEp+R3XMt77nqev0pWFS/e3x2OIYJXpp6iMMOIGNiph0
g8IGw7NJsdlVeKjn9G8vhhST1+7xBHhp+El0vscXJyqNcy2OeX6YOPoBhguQ/rrr
5iRp9oKkS2fr9/XQqiabEtwPNHTVA+9ae4JoZGXxjK3+6WvGyb4rI8ZJTw37AgMB
AAGjggIOMIICCjAdBgNVHQ4EFgQU0N56D00CcOQ6WWa/GKLvTNX3E/IwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTOTMwNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAAX8SgME
AL9lUzANBgkqhkiG9w0BAQsFAAOCAQEAQaOjsIj57OafKHFBXcMsrXQYvY41xCtH
tRk7unm+vnrHZu8NBsg4BGuU/8e7ML2EgJSncWsvpLoKcpJORhJFGnPJNND9W+Cd
1prqaVl/HgMMzG4SrSHqugDdGYIb7FR5pH2aw7q3GFCVNca0imwoiRUsE4/8hOh9
enVv/8t1TLj5WTsp74kwYYjsIYC7AnbTCHfhmBbVs59RN9bfN1B/26k2zhL3BZUv
yeHvGuXOtEWZUe+tXYKjBVBLf030l3l+cc64AFdpBmh+8qn+LqdWXG4NMZjo7zef
rFfBmH8s5xkunFlI7kpEH0cxZ4ye3IpUzalRp9m3pweoYQd8YwTbLw==
-----END CERTIFICATE-----