Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9087.roa
File:                     AS9087.roa (raw, json)
Hash identifier:          Vqf2nLj3VVwOKzqkEilwRXUvYjH4SgKDZ6YUORaOpwo=
Subject key identifier:   8B:CD:E8:7A:D5:AC:F2:8B:B6:2F:44:76:FD:BF:81:E9:D3:52:58:54
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       1503872C5A2E9331B56F649C571944379A757AA2
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9087.roa
Signing time:             Sat 18 Oct 2025 10:55:09 +0000
ROA not before:           Sat 18 Oct 2025 10:50:09 +0000
ROA not after:            Sat 17 Oct 2026 10:55:09 +0000
asID:                     9087
IP address blocks:        141.11.170.0/23 maxlen: 23
                          141.11.224.0/23 maxlen: 24
                          141.11.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:03:87:2c:5a:2e:93:31:b5:6f:64:9c:57:19:44:37:9a:75:7a:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 18 10:50:09 2025 GMT
            Not After : Oct 17 10:55:09 2026 GMT
        Subject: CN=8BCDE87AD5ACF28BB62F4476FDBF81E9D3525854
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:9f:75:76:6a:1a:d3:fa:de:0d:39:69:40:39:
                    7e:7c:9c:95:e2:76:a6:ed:f8:f2:8a:97:25:52:a2:
                    4b:cf:48:10:2b:2d:b2:de:a4:c0:cd:d6:7d:08:bf:
                    c1:a2:a7:50:d5:44:28:f0:f1:f4:50:76:12:cb:4d:
                    fa:24:85:0e:82:d4:5e:38:51:14:b4:3b:5b:9a:5a:
                    b2:0a:67:1f:53:15:16:1c:3d:1e:32:d1:5e:8b:2d:
                    ad:bb:75:a9:7c:54:90:e8:58:b7:11:fa:a4:25:cf:
                    29:2f:3b:3c:63:86:3f:65:fc:b5:69:51:27:8d:c2:
                    0c:b0:d9:7c:31:16:42:64:dc:9c:6d:bb:44:86:e5:
                    0a:23:db:1b:9e:05:b7:86:79:e4:3a:03:03:c5:4a:
                    72:d4:4c:ef:e7:d4:ce:83:c4:c0:a6:98:be:4a:76:
                    d1:f1:4d:7a:9a:95:f5:94:dc:24:bf:1a:bb:19:cb:
                    aa:21:fc:00:18:ce:a8:e4:ff:09:91:c0:c2:7f:9f:
                    87:65:a9:d3:7c:38:52:ae:c5:97:05:aa:91:d9:57:
                    3d:90:8f:28:09:27:45:60:6c:f5:97:fd:2e:fb:e9:
                    35:ca:2f:c2:da:43:7e:ba:05:2c:ce:c9:e0:75:82:
                    e8:99:b2:14:5a:1f:25:12:7f:da:a2:1e:e5:47:c2:
                    a7:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:CD:E8:7A:D5:AC:F2:8B:B6:2F:44:76:FD:BF:81:E9:D3:52:58:54
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS9087.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.170.0/23
                  141.11.224.0/23
                  141.11.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:4f:70:30:e0:a8:61:80:a6:22:8f:da:1b:65:97:0b:0a:83:
         f6:80:bf:ef:62:fa:d3:ab:b8:51:3b:70:7d:72:f6:28:6b:ee:
         d0:9d:7e:b0:da:7c:c4:ca:08:98:23:18:d2:3c:5a:c4:02:20:
         91:67:30:0e:ee:94:78:ce:0b:6a:cf:81:e5:ba:46:c3:69:f4:
         61:6f:a0:93:87:f3:eb:62:2f:1c:6d:03:7c:74:3e:ed:d4:64:
         e4:4d:cd:94:cf:02:5a:d2:83:89:d5:4b:f4:ae:d0:01:80:b4:
         23:28:2c:23:06:c5:f7:6f:70:10:7f:b6:ba:50:c1:14:64:b9:
         2c:80:59:9d:ac:eb:e1:20:65:45:72:4a:3f:73:31:94:bb:a7:
         17:5b:85:2d:42:2b:f9:e5:31:72:ce:e2:43:90:b1:c0:cb:a9:
         66:5e:c9:65:00:06:25:96:08:8d:08:f2:a6:f6:19:92:0c:89:
         e4:53:e5:b5:1e:07:9b:da:ae:3d:ca:8a:c6:36:23:35:83:85:
         6c:09:fb:28:40:42:1a:35:ca:24:95:b1:0a:93:0e:b9:fa:49:
         5c:04:db:af:49:b0:14:05:3c:c6:b7:41:09:ec:d5:a6:d4:26:
         96:a0:85:af:59:0f:c5:6c:85:90:9c:d3:f3:b7:77:53:3d:01:
         00:87:90:f4
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUFQOHLFoukzG1b2ScVxlEN5p1eqIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTEwMTgxMDUwMDlaFw0yNjEwMTcxMDU1MDlaMDMxMTAvBgNV
BAMTKDhCQ0RFODdBRDVBQ0YyOEJCNjJGNDQ3NkZEQkY4MUU5RDM1MjU4NTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLn3V2ahrT+t4NOWlAOX58nJXi
dqbt+PKKlyVSokvPSBArLbLepMDN1n0Iv8Gip1DVRCjw8fRQdhLLTfokhQ6C1F44
URS0O1uaWrIKZx9TFRYcPR4y0V6LLa27dal8VJDoWLcR+qQlzykvOzxjhj9l/LVp
USeNwgyw2XwxFkJk3Jxtu0SG5Qoj2xueBbeGeeQ6AwPFSnLUTO/n1M6DxMCmmL5K
dtHxTXqalfWU3CS/GrsZy6oh/AAYzqjk/wmRwMJ/n4dlqdN8OFKuxZcFqpHZVz2Q
jygJJ0VgbPWX/S776TXKL8LaQ366BSzOyeB1guiZshRaHyUSf9qiHuVHwqfnAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUi83oetWs8ou2L0R2/b+B6dNSWFQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTOTA4Ny5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAY0LqgME
AY0L4AMEAI0L+TANBgkqhkiG9w0BAQsFAAOCAQEAP09wMOCoYYCmIo/aG2WXCwqD
9oC/72L606u4UTtwfXL2KGvu0J1+sNp8xMoImCMY0jxaxAIgkWcwDu6UeM4Las+B
5bpGw2n0YW+gk4fz62IvHG0DfHQ+7dRk5E3NlM8CWtKDidVL9K7QAYC0IygsIwbF
929wEH+2ulDBFGS5LIBZnazr4SBlRXJKP3MxlLunF1uFLUIr+eUxcs7iQ5CxwMup
Zl7JZQAGJZYIjQjypvYZkgyJ5FPltR4Hm9quPcqKxjYjNYOFbAn7KEBCGjXKJJWx
CpMOufpJXATbr0mwFAU8xrdBCezVptQmlqCFr1kPxWyFkJzT87d3Uz0BAIeQ9A==
-----END CERTIFICATE-----