Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/zenqXOnJ9LzX6TpW36vng62ah20.roa
File:                     zenqXOnJ9LzX6TpW36vng62ah20.roa (raw, json)
Hash identifier:          v/dCMJWFgc7YTd3mxc1JKH5w/yHYrD1lnJkW7ZVhb04=
Subject key identifier:   CD:E9:EA:5C:E9:C9:F4:BC:D7:E9:3A:56:DF:AB:E7:83:AD:9A:87:6D
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       0198739EE318327DBB3BF2808B0AD034EF04
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/zenqXOnJ9LzX6TpW36vng62ah20.roa
Signing time:             Mon 04 Aug 2025 05:47:29 +0000
ROA not before:           Mon 04 Aug 2025 05:47:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39650
IP address blocks:        178.239.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 23:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:73:9e:e3:18:32:7d:bb:3b:f2:80:8b:0a:d0:34:ef:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Aug  4 05:47:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cde9ea5ce9c9f4bcd7e93a56dfabe783ad9a876d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:51:bf:34:3e:9f:0c:7a:5e:54:f6:55:29:eb:
                    96:f9:58:92:76:db:b6:c4:af:89:09:c6:72:d9:82:
                    fb:9a:2a:b9:c2:1a:e4:95:e8:a7:72:93:9a:ba:20:
                    4f:fa:c7:48:e3:16:b2:fe:d7:72:8f:c6:03:fd:f9:
                    e6:70:a2:ce:98:60:85:0b:28:46:82:8a:43:71:8c:
                    e6:eb:e0:72:98:7b:54:ca:98:d1:55:39:59:eb:d9:
                    52:91:dd:ef:d5:91:5a:d9:5b:28:3e:96:d1:56:42:
                    c6:37:97:04:25:f2:30:e0:96:f5:82:ab:8c:c0:4a:
                    09:fb:cd:3b:a1:b0:f6:f9:83:3c:28:e7:a1:eb:69:
                    cd:1d:73:b2:1c:fd:77:32:54:1d:fc:f4:12:0d:8e:
                    b7:a8:5f:42:e6:48:47:ed:6d:7a:a4:5e:5d:25:f6:
                    72:81:37:1d:d5:9a:91:1c:84:0a:27:3a:58:af:c5:
                    8c:3a:42:e6:5d:f3:ef:45:14:8e:fa:fb:6f:d0:b6:
                    bf:eb:95:f2:fb:49:36:e1:1c:05:b2:e8:76:96:eb:
                    07:72:0b:3c:8a:a3:8d:7c:db:78:5d:f9:42:27:fd:
                    d6:07:35:7c:02:5e:4c:de:b5:88:3a:d7:ca:1c:d6:
                    67:b0:75:8a:cd:95:16:d6:de:43:8a:75:1f:ba:ea:
                    fe:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:E9:EA:5C:E9:C9:F4:BC:D7:E9:3A:56:DF:AB:E7:83:AD:9A:87:6D
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/zenqXOnJ9LzX6TpW36vng62ah20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:0b:36:16:64:a4:89:6e:ca:b4:9c:a6:c3:3d:d6:33:4c:b1:
         35:92:5c:06:37:89:fb:5e:e6:db:a5:e1:b5:17:5d:df:f9:5c:
         3c:c1:5c:f4:48:3f:2c:65:9b:3a:a1:fa:f7:2f:8d:f2:43:e6:
         d0:03:cb:5f:94:40:fb:6e:00:e1:49:3f:e2:fd:4e:c6:51:78:
         45:f9:39:33:a3:83:a5:f8:c5:5e:4f:7e:08:2e:23:08:28:33:
         5e:fa:d1:c4:25:40:ac:27:36:13:d2:be:bf:0a:eb:f5:12:14:
         fe:3c:27:d0:ef:52:20:d0:d0:ab:c3:ed:76:ff:33:0b:9e:51:
         8c:e9:81:1f:64:69:84:e2:9b:83:9e:67:06:93:74:ce:f5:2d:
         f3:38:d3:60:10:9c:bf:b3:09:46:70:7a:4f:51:09:d6:9b:70:
         95:9f:7e:3d:e3:bf:e0:3e:de:29:83:5c:14:a0:71:8f:29:ed:
         55:48:b2:04:5a:bb:34:c3:94:10:d1:3a:5a:35:02:cd:67:a7:
         84:5e:db:32:52:8e:50:52:84:ca:4f:8f:a9:a9:c0:14:6f:6e:
         9e:5d:0c:3e:99:37:c4:dc:3f:2e:c9:ff:dd:00:b6:35:12:16:
         ff:af:bb:7a:ca:d8:73:ec:e4:8b:92:03:ed:7f:9e:4f:93:0b:
         52:e1:79:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhznuMYMn27O/KAiwrQNO8EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwODA0MDU0NzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGU5ZWE1Y2U5YzlmNGJjZDdlOTNhNTZkZmFiZTc4M2FkOWE4NzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVG/ND6fDHpeVPZVKeuW+ViSdtu2
xK+JCcZy2YL7miq5whrkleincpOauiBP+sdI4xay/tdyj8YD/fnmcKLOmGCFCyhG
gopDcYzm6+BymHtUypjRVTlZ69lSkd3v1ZFa2VsoPpbRVkLGN5cEJfIw4Jb1gquM
wEoJ+807obD2+YM8KOeh62nNHXOyHP13MlQd/PQSDY63qF9C5khH7W16pF5dJfZy
gTcd1ZqRHIQKJzpYr8WMOkLmXfPvRRSO+vtv0La/65Xy+0k24RwFsuh2lusHcgs8
iqONfNt4XflCJ/3WBzV8Al5M3rWIOtfKHNZnsHWKzZUW1t5DinUfuur+pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM3p6lzpyfS81+k6Vt+r54OtmodtMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvemVucVhPbko5THpYNlRwVzM2dm5nNjJhaDIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu+ZMA0G
CSqGSIb3DQEBCwUAA4IBAQCfCzYWZKSJbsq0nKbDPdYzTLE1klwGN4n7XubbpeG1
F13f+Vw8wVz0SD8sZZs6ofr3L43yQ+bQA8tflED7bgDhST/i/U7GUXhF+Tkzo4Ol
+MVeT34ILiMIKDNe+tHEJUCsJzYT0r6/Cuv1EhT+PCfQ71Ig0NCrw+12/zMLnlGM
6YEfZGmE4puDnmcGk3TO9S3zONNgEJy/swlGcHpPUQnWm3CVn34947/gPt4pg1wU
oHGPKe1VSLIEWrs0w5QQ0TpaNQLNZ6eEXtsyUo5QUoTKT4+pqcAUb26eXQw+mTfE
3D8uyf/dALY1Ehb/r7t6ythz7OSLkgPtf55PkwtS4Xkd
-----END CERTIFICATE-----