Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS9304.roa
File:                     AS9304.roa (raw, json)
Hash identifier:          8QFVUW5t+ko5AvAcAgEdMNYhNW6EjntKZa8wmFd8FIE=
Subject key identifier:   4B:B3:9B:F3:D5:87:75:D1:59:97:F6:F4:E9:03:2A:C5:12:85:5B:09
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       7CFC64A1E042C39F37A5A70106487D918353DF08
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS9304.roa
Signing time:             Wed 06 May 2026 14:07:37 +0000
ROA not before:           Wed 06 May 2026 14:02:37 +0000
ROA not after:            Wed 05 May 2027 14:07:37 +0000
asID:                     9304
IP address blocks:        51.241.40.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:fc:64:a1:e0:42:c3:9f:37:a5:a7:01:06:48:7d:91:83:53:df:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: May  6 14:02:37 2026 GMT
            Not After : May  5 14:07:37 2027 GMT
        Subject: CN=4BB39BF3D58775D15997F6F4E9032AC512855B09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9c:87:8f:1f:c4:b5:61:85:8b:e1:0d:8f:62:
                    29:1f:ca:81:88:89:4a:6a:3b:87:68:a0:20:47:de:
                    89:2a:40:60:eb:00:66:db:26:11:24:a5:34:60:94:
                    9c:3b:f1:15:e4:a5:26:49:79:a1:7f:c4:a2:66:d1:
                    d7:8b:57:0c:76:42:37:df:75:51:9c:9c:4b:4b:f8:
                    5e:1c:89:d9:5d:d2:93:2c:de:39:9f:20:f2:52:f6:
                    a7:1a:1d:a1:99:d7:89:df:0a:e4:24:a0:d6:36:a0:
                    1f:e9:bf:0a:f3:08:e3:b8:2c:2f:d7:21:a1:4f:78:
                    10:3b:a4:f5:62:91:c3:3e:0c:d0:66:af:d7:02:33:
                    b6:2b:8d:78:14:b1:6e:e4:f7:ea:25:b5:a4:f9:55:
                    2b:7a:c5:db:88:fc:cd:64:60:79:e6:c5:c4:42:a1:
                    93:1e:cc:0b:4f:a2:3d:5e:39:63:e1:e8:a3:5a:66:
                    b8:a5:93:66:76:d6:c7:5d:5a:cb:52:d8:0e:94:ce:
                    79:f1:0d:24:99:4c:7a:86:ca:03:ea:10:01:da:e5:
                    db:cd:0b:ce:1a:fc:47:b6:79:e9:db:06:4b:a9:ac:
                    20:5e:70:7c:75:f3:66:77:5b:40:e3:4d:7d:25:41:
                    07:9a:b7:3e:91:20:80:99:76:ed:b1:c9:7f:53:28:
                    5a:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:B3:9B:F3:D5:87:75:D1:59:97:F6:F4:E9:03:2A:C5:12:85:5B:09
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS9304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.241.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:b5:60:3c:32:a5:8d:4c:ab:25:b9:b7:12:22:66:a6:a6:6a:
         a2:84:c9:e7:16:cc:dd:17:0a:b0:82:58:79:ea:6d:0d:f6:8c:
         1a:fc:80:d4:a6:b9:c5:e1:d8:08:c1:da:88:98:bd:d7:df:fe:
         db:a1:51:d3:ae:bf:97:ea:63:a4:04:6a:eb:2d:a6:a4:19:cf:
         ce:96:fa:c8:31:1f:06:e0:d1:2e:f7:e1:93:92:78:da:ee:1a:
         f7:a8:98:2c:f0:06:f9:f1:50:e1:ec:c3:2a:0f:b1:53:3b:05:
         89:c2:30:45:0f:ca:c9:a0:98:38:d2:1f:5f:f7:36:92:e9:b2:
         eb:d0:33:c3:a6:83:b1:8c:09:97:2c:98:1e:c0:ee:eb:5b:c0:
         56:12:11:ce:79:b1:1b:c3:8e:ef:39:21:c4:a7:0f:7f:b7:a0:
         c5:a3:4c:51:c6:61:68:4d:9d:0e:2b:d2:cc:60:4a:10:c1:bc:
         3c:5c:1b:56:49:27:54:2d:fe:39:c6:11:bd:87:14:a1:d3:46:
         f0:f4:0c:7a:7b:3c:a0:6e:ad:27:f2:6c:b0:1a:48:f7:cd:6b:
         3e:c0:84:78:79:b1:2f:10:7d:80:57:3a:4d:ca:1b:5c:90:c3:
         39:07:5e:be:ce:e0:4a:26:01:22:79:4e:8e:c3:f8:ed:38:6a:
         08:78:85:41
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUfPxkoeBCw583pacBBkh9kYNT3wgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA1MDYxNDAyMzdaFw0yNzA1MDUxNDA3MzdaMDMxMTAvBgNV
BAMTKDRCQjM5QkYzRDU4Nzc1RDE1OTk3RjZGNEU5MDMyQUM1MTI4NTVCMDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnnIePH8S1YYWL4Q2PYikfyoGI
iUpqO4dooCBH3okqQGDrAGbbJhEkpTRglJw78RXkpSZJeaF/xKJm0deLVwx2Qjff
dVGcnEtL+F4cidld0pMs3jmfIPJS9qcaHaGZ14nfCuQkoNY2oB/pvwrzCOO4LC/X
IaFPeBA7pPVikcM+DNBmr9cCM7YrjXgUsW7k9+oltaT5VSt6xduI/M1kYHnmxcRC
oZMezAtPoj1eOWPh6KNaZrilk2Z21sddWstS2A6UznnxDSSZTHqGygPqEAHa5dvN
C84a/Ee2eenbBkuprCBecHx182Z3W0DjTX0lQQeatz6RIICZdu2xyX9TKFopAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUS7Ob89WHddFZl/b06QMqxRKFWwkwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTOTMwNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAjPxKDAN
BgkqhkiG9w0BAQsFAAOCAQEANLVgPDKljUyrJbm3EiJmpqZqooTJ5xbM3RcKsIJY
eeptDfaMGvyA1Ka5xeHYCMHaiJi919/+26FR066/l+pjpARq6y2mpBnPzpb6yDEf
BuDRLvfhk5J42u4a96iYLPAG+fFQ4ezDKg+xUzsFicIwRQ/KyaCYONIfX/c2kumy
69Azw6aDsYwJlyyYHsDu61vAVhIRznmxG8OO7zkhxKcPf7egxaNMUcZhaE2dDivS
zGBKEMG8PFwbVkknVC3+OcYRvYcUodNG8PQMens8oG6tJ/JssBpI981rPsCEeHmx
LxB9gFc6TcobXJDDOQdevs7gSiYBInlOjsP47ThqCHiFQQ==
-----END CERTIFICATE-----