Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9294.roa
File:                     AS9294.roa (raw, json)
Hash identifier:          SCP7RmthrMs9rqGelF3fvQ3JVGLKvLUtfh9qbtWYeZs=
Subject key identifier:   49:77:D7:31:30:8A:CE:01:B2:D7:66:C7:2D:9B:54:79:28:C1:F2:04
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       563E5104F59ADF98DA46BE309AD96778752A4771
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9294.roa
Signing time:             Thu 21 Aug 2025 03:05:05 +0000
ROA not before:           Thu 21 Aug 2025 03:00:05 +0000
ROA not after:            Thu 20 Aug 2026 03:05:05 +0000
asID:                     9294
IP address blocks:        143.20.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:3e:51:04:f5:9a:df:98:da:46:be:30:9a:d9:67:78:75:2a:47:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Aug 21 03:00:05 2025 GMT
            Not After : Aug 20 03:05:05 2026 GMT
        Subject: CN=4977D731308ACE01B2D766C72D9B547928C1F204
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:3c:11:4d:ad:0e:dd:c5:a6:62:4a:e2:58:ff:
                    9f:32:28:55:ce:6f:a1:e9:e5:6c:17:5e:ea:46:4e:
                    68:87:19:c3:3a:ae:2d:c2:26:f8:3d:f9:bd:89:58:
                    45:ed:72:c0:38:03:26:83:07:e5:cd:b0:2c:4d:cc:
                    5a:56:a0:25:e0:d1:aa:4f:ad:83:47:14:7d:43:2e:
                    4d:28:a7:fd:25:5c:b1:8f:69:7e:91:88:6d:3f:9d:
                    6f:b6:ca:28:02:6e:cd:3b:ff:d2:96:03:50:6e:3a:
                    23:ed:da:70:25:78:29:d8:78:fc:16:f2:bd:e8:02:
                    c7:51:dc:99:7e:c3:e5:56:1d:43:13:b6:ec:e9:35:
                    a0:bf:04:a9:8f:fc:39:dc:35:b6:4f:2b:e8:b4:f1:
                    42:ed:ef:2e:7a:a7:13:9a:f6:b5:e9:68:33:aa:b3:
                    e0:fa:93:2a:11:ce:66:06:f7:41:92:16:60:5f:86:
                    64:9b:1e:3b:ee:b0:80:d8:32:d2:4f:bd:fb:97:8e:
                    1f:db:88:cb:25:82:6b:4c:02:26:e5:52:f0:ca:a5:
                    60:b8:cd:62:4f:c8:58:81:db:08:c4:7b:7e:75:a2:
                    e6:0b:a9:5c:ac:b2:fa:89:f3:f2:f5:7b:32:e2:cc:
                    68:0e:88:d3:a4:4e:a1:27:19:e5:99:9d:3e:c9:8b:
                    04:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:77:D7:31:30:8A:CE:01:B2:D7:66:C7:2D:9B:54:79:28:C1:F2:04
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9294.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:76:6b:92:bf:3c:fe:f5:f9:8a:04:62:97:8d:31:5a:55:df:
         54:4e:dc:c4:a5:ec:af:f2:99:d6:74:14:9d:b4:e2:9d:7b:38:
         67:6d:80:1f:c2:e2:75:a2:bf:c1:5e:6a:4e:cf:13:0f:53:6a:
         c2:6e:22:55:56:29:e2:66:da:8f:96:99:52:16:5c:6c:f2:f5:
         04:2d:5f:de:38:46:fd:2d:59:d9:a7:5a:cd:27:2f:d3:17:46:
         07:fd:e5:54:3c:a1:6f:48:3b:a0:a7:5d:b1:23:24:ab:d6:57:
         69:38:81:56:24:ab:9d:fc:7c:5f:77:a9:18:75:b9:47:42:7c:
         56:a5:e2:19:4c:03:4f:58:c6:c6:e2:21:ef:c3:e7:bf:4a:a6:
         ab:4f:af:27:0d:b2:75:35:49:8c:46:18:89:a7:ad:b7:23:a9:
         57:56:de:eb:eb:da:e8:09:33:08:79:ce:d6:96:d7:30:bf:84:
         fa:85:31:7d:b9:4b:e7:29:3e:93:a0:40:87:78:93:f4:43:d3:
         ee:5c:10:54:1b:5d:8b:5d:93:44:07:b8:48:52:94:8e:d7:8a:
         04:67:fb:f8:32:c8:dc:3c:25:40:3a:0c:06:d0:4a:57:fb:7a:
         16:01:b6:95:e8:a1:a6:dd:1a:c7:58:0d:c6:d8:54:90:b8:a9:
         8a:45:c3:0c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUVj5RBPWa35jaRr4wmtlneHUqR3EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA4MjEwMzAwMDVaFw0yNjA4MjAwMzA1MDVaMDMxMTAvBgNV
BAMTKDQ5NzdENzMxMzA4QUNFMDFCMkQ3NjZDNzJEOUI1NDc5MjhDMUYyMDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXPBFNrQ7dxaZiSuJY/58yKFXO
b6Hp5WwXXupGTmiHGcM6ri3CJvg9+b2JWEXtcsA4AyaDB+XNsCxNzFpWoCXg0apP
rYNHFH1DLk0op/0lXLGPaX6RiG0/nW+2yigCbs07/9KWA1BuOiPt2nAleCnYePwW
8r3oAsdR3Jl+w+VWHUMTtuzpNaC/BKmP/DncNbZPK+i08ULt7y56pxOa9rXpaDOq
s+D6kyoRzmYG90GSFmBfhmSbHjvusIDYMtJPvfuXjh/biMslgmtMAiblUvDKpWC4
zWJPyFiB2wjEe351ouYLqVyssvqJ8/L1ezLizGgOiNOkTqEnGeWZnT7JiwRRAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUSXfXMTCKzgGy12bHLZtUeSjB8gQwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTOTI5NC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8USDAN
BgkqhkiG9w0BAQsFAAOCAQEAmXZrkr88/vX5igRil40xWlXfVE7cxKXsr/KZ1nQU
nbTinXs4Z22AH8LidaK/wV5qTs8TD1Nqwm4iVVYp4mbaj5aZUhZcbPL1BC1f3jhG
/S1Z2adazScv0xdGB/3lVDyhb0g7oKddsSMkq9ZXaTiBViSrnfx8X3epGHW5R0J8
VqXiGUwDT1jGxuIh78Pnv0qmq0+vJw2ydTVJjEYYiaettyOpV1be6+va6AkzCHnO
1pbXML+E+oUxfblL5yk+k6BAh3iT9EPT7lwQVBtdi12TRAe4SFKUjteKBGf7+DLI
3DwlQDoMBtBKV/t6FgG2leihpt0ax1gNxthUkLipikXDDA==
-----END CERTIFICATE-----