Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9009.roa
File:                     AS9009.roa (raw, json)
Hash identifier:          dY70Ry8Vbcp0jF3+j0fpOqYIWAEHOYqE569fY99FFiQ=
Subject key identifier:   B3:09:CB:BC:35:6C:62:F0:76:24:EE:AF:DA:BE:F1:3A:94:A1:6C:F6
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       437474BE83F03AE154CDE66E077F16AEC955CCAB
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9009.roa
Signing time:             Tue 23 Sep 2025 00:02:16 +0000
ROA not before:           Mon 22 Sep 2025 23:57:16 +0000
ROA not after:            Tue 22 Sep 2026 00:02:16 +0000
asID:                     9009
IP address blocks:        141.11.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:74:74:be:83:f0:3a:e1:54:cd:e6:6e:07:7f:16:ae:c9:55:cc:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Sep 22 23:57:16 2025 GMT
            Not After : Sep 22 00:02:16 2026 GMT
        Subject: CN=B309CBBC356C62F07624EEAFDABEF13A94A16CF6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b1:65:fe:f1:42:b8:1b:b0:bf:f4:97:df:2c:
                    8f:b9:28:5a:6f:cc:9b:18:55:4d:f0:ac:75:02:e0:
                    e6:79:14:e6:5a:a1:29:4a:77:5c:e2:65:b7:ae:be:
                    7c:bb:ab:bc:3c:4a:63:d6:a3:b7:06:c7:82:36:6e:
                    62:42:28:52:ed:3f:b9:1a:4f:27:a1:c4:18:8b:9c:
                    4c:d9:2a:45:f8:f3:5a:73:1f:4f:08:af:c7:a2:b5:
                    80:5b:4f:96:df:90:21:99:f9:37:9c:87:b9:1d:b7:
                    d4:48:1b:bb:3e:6f:fe:f2:4f:b7:f8:20:d1:b9:94:
                    c6:c1:55:99:58:43:3d:56:b6:cf:4f:e6:24:1e:ca:
                    ab:7e:82:24:88:7a:78:3b:f5:32:6f:08:29:0e:ca:
                    7a:40:ea:90:f2:90:ec:cf:6d:f7:cd:33:e6:92:f9:
                    33:6c:ee:ef:be:2c:f6:a4:94:8e:37:ab:e0:bb:47:
                    ae:f9:0d:e5:f0:7c:79:11:d5:8e:77:af:22:27:ae:
                    8c:83:59:72:0b:7c:0e:98:56:3d:20:ed:52:3f:fb:
                    c7:39:4d:6e:fc:27:04:11:20:a0:fd:4e:43:f3:8c:
                    6f:00:48:f7:2f:bd:37:e9:7f:6b:76:67:12:a3:a6:
                    ee:ca:12:65:78:b2:c2:e6:54:60:86:91:b6:3a:ca:
                    16:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:09:CB:BC:35:6C:62:F0:76:24:EE:AF:DA:BE:F1:3A:94:A1:6C:F6
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9009.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:01:72:0b:09:86:87:07:84:02:7b:51:2d:7f:c4:bc:3c:2e:
         db:62:3d:d1:5b:91:dd:ce:f2:7b:93:98:cd:95:e8:af:d6:fa:
         cc:07:50:ad:3f:bb:f7:d3:4e:c8:8b:15:fe:79:8a:31:08:61:
         e1:78:4c:23:63:2b:8b:82:d5:f4:09:18:de:01:68:99:38:1e:
         b0:85:88:1c:a2:af:8f:d7:45:c9:77:5c:c7:06:5d:98:77:56:
         5d:78:92:83:90:7e:60:ea:8c:d1:91:d1:f5:84:f9:37:33:65:
         17:0c:e3:51:50:de:6c:e1:20:52:11:fd:74:a8:08:d0:e9:7c:
         89:8c:59:d6:d3:bf:da:13:77:6b:65:fe:10:d9:bb:6c:ef:c8:
         5d:48:55:99:76:9d:50:69:a4:3b:b1:e7:b2:a6:46:fd:55:d2:
         5c:74:af:e2:4c:aa:77:28:5f:2d:1e:be:1d:ea:f7:42:46:16:
         bc:13:09:e7:57:3c:cb:84:78:f4:8b:49:c1:57:1a:7b:1f:1b:
         eb:b0:2b:9d:06:e3:3b:bb:01:05:75:53:c1:49:59:05:80:de:
         f7:ac:d7:56:10:a9:2e:5c:bf:6b:ae:95:b5:70:d8:02:a7:9c:
         56:1a:6a:bb:59:b8:2b:5e:74:6f:a0:b6:69:1c:c6:6e:0e:9c:
         97:67:cf:29
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUQ3R0voPwOuFUzeZuB38WrslVzKswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA5MjIyMzU3MTZaFw0yNjA5MjIwMDAyMTZaMDMxMTAvBgNV
BAMTKEIzMDlDQkJDMzU2QzYyRjA3NjI0RUVBRkRBQkVGMTNBOTRBMTZDRjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEsWX+8UK4G7C/9JffLI+5KFpv
zJsYVU3wrHUC4OZ5FOZaoSlKd1ziZbeuvny7q7w8SmPWo7cGx4I2bmJCKFLtP7ka
TyehxBiLnEzZKkX481pzH08Ir8eitYBbT5bfkCGZ+Tech7kdt9RIG7s+b/7yT7f4
ING5lMbBVZlYQz1Wts9P5iQeyqt+giSIeng79TJvCCkOynpA6pDykOzPbffNM+aS
+TNs7u++LPaklI43q+C7R675DeXwfHkR1Y53ryInroyDWXILfA6YVj0g7VI/+8c5
TW78JwQRIKD9TkPzjG8ASPcvvTfpf2t2ZxKjpu7KEmV4ssLmVGCGkbY6yhZ5AgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUswnLvDVsYvB2JO6v2r7xOpShbPYwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI0LYDAN
BgkqhkiG9w0BAQsFAAOCAQEAGQFyCwmGhweEAntRLX/EvDwu22I90VuR3c7ye5OY
zZXor9b6zAdQrT+799NOyIsV/nmKMQhh4XhMI2Mri4LV9AkY3gFomTgesIWIHKKv
j9dFyXdcxwZdmHdWXXiSg5B+YOqM0ZHR9YT5NzNlFwzjUVDebOEgUhH9dKgI0Ol8
iYxZ1tO/2hN3a2X+ENm7bO/IXUhVmXadUGmkO7HnsqZG/VXSXHSv4kyqdyhfLR6+
Her3QkYWvBMJ51c8y4R49ItJwVcaex8b67ArnQbjO7sBBXVTwUlZBYDe96zXVhCp
Lly/a66VtXDYAqecVhpqu1m4K150b6C2aRzGbg6cl2fPKQ==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:33:52 2025 by rpki-client