Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/7d20a2-b881-461c-bbf5-2b6809339702/1/MrFVnYuunyYqj52C0TU0lmSPTXg.roa
File:                     MrFVnYuunyYqj52C0TU0lmSPTXg.roa (raw, json)
Hash identifier:          ljln46yVkZsOtpPQJmKKh1SIfrut83LNqzZr9pL6HBY=
Subject key identifier:   32:B1:55:9D:8B:AE:9F:26:2A:8F:9D:82:D1:35:34:96:64:8F:4D:78
Certificate issuer:       /CN=4bd1f50df263fe509fc5de9c5a473a28e3812639
Certificate serial:       018CC94DAA4A8D0BAA0F739497306EC1A2FD
Authority key identifier: 4B:D1:F5:0D:F2:63:FE:50:9F:C5:DE:9C:5A:47:3A:28:E3:81:26:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S9H1DfJj_lCfxd6cWkc6KOOBJjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/7d20a2-b881-461c-bbf5-2b6809339702/1/MrFVnYuunyYqj52C0TU0lmSPTXg.roa
Signing time:             Tue 02 Jan 2024 08:32:39 +0000
ROA not before:           Tue 02 Jan 2024 08:32:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212597
IP address blocks:        98.158.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/7d20a2-b881-461c-bbf5-2b6809339702/1/S9H1DfJj_lCfxd6cWkc6KOOBJjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/7d20a2-b881-461c-bbf5-2b6809339702/1/S9H1DfJj_lCfxd6cWkc6KOOBJjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S9H1DfJj_lCfxd6cWkc6KOOBJjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:aa:4a:8d:0b:aa:0f:73:94:97:30:6e:c1:a2:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4bd1f50df263fe509fc5de9c5a473a28e3812639
        Validity
            Not Before: Jan  2 08:32:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32b1559d8bae9f262a8f9d82d1353496648f4d78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:c5:e0:f1:9e:71:1f:80:f5:8b:cc:86:d4:ef:
                    1d:6e:90:38:11:e2:2d:41:c0:5f:01:6f:ff:92:53:
                    bb:df:72:7e:42:5c:d6:d1:94:a4:b7:13:4b:07:02:
                    5e:bd:7a:1f:5e:f5:d6:ac:23:36:d9:cd:98:c4:67:
                    8e:a7:8f:0a:51:ec:22:cd:bf:26:40:6e:13:57:c1:
                    5d:70:35:f9:4e:2b:0c:d5:1a:33:f5:ee:51:a9:8f:
                    d3:c2:1e:93:40:eb:cf:0f:de:81:86:f7:f7:2b:9a:
                    3e:45:e0:7d:ff:d8:ce:41:a1:b4:e4:44:89:04:a3:
                    e1:72:d4:c3:b0:6e:bc:03:48:bd:16:bd:fb:46:68:
                    95:c6:d0:a8:84:36:7b:38:5d:df:4f:76:1a:02:10:
                    04:fb:6d:19:a8:2c:63:5d:d6:43:0b:84:9e:99:b0:
                    1a:b0:8c:78:8f:db:51:9a:71:29:00:9a:18:b8:7d:
                    89:31:57:37:60:7f:db:04:47:43:3d:08:e6:47:94:
                    cc:ef:e3:ad:be:ae:82:7c:be:f0:a7:ed:8d:8b:f2:
                    73:f9:ef:5e:41:09:14:0f:2c:76:2f:9e:2b:39:b5:
                    a8:93:a4:9a:7e:eb:e2:6f:67:65:18:ad:3c:d1:de:
                    2c:5b:e3:0d:41:39:29:ac:b3:ee:d3:5f:f1:fb:37:
                    c1:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:B1:55:9D:8B:AE:9F:26:2A:8F:9D:82:D1:35:34:96:64:8F:4D:78
            X509v3 Authority Key Identifier:
                keyid:4B:D1:F5:0D:F2:63:FE:50:9F:C5:DE:9C:5A:47:3A:28:E3:81:26:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S9H1DfJj_lCfxd6cWkc6KOOBJjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/7d20a2-b881-461c-bbf5-2b6809339702/1/MrFVnYuunyYqj52C0TU0lmSPTXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/7d20a2-b881-461c-bbf5-2b6809339702/1/S9H1DfJj_lCfxd6cWkc6KOOBJjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  98.158.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:08:b7:ea:a2:f5:8c:d2:74:9d:dc:ca:a5:e3:16:c2:41:04:
         db:20:86:72:45:07:dd:0a:48:0f:db:b9:24:56:5d:6b:a5:6d:
         a6:78:02:15:0e:bb:c3:66:1b:09:ab:14:1a:1d:f1:66:fb:54:
         2f:55:d7:2e:97:3a:97:79:27:80:61:f3:4a:e4:11:c4:b4:d3:
         81:1c:13:d0:1a:fe:34:8b:c5:9e:84:8e:7a:ff:48:6b:e5:a1:
         f1:9d:0a:e2:98:3e:2b:77:de:08:3c:5e:ef:42:f4:89:09:3c:
         0b:3a:87:51:ec:d8:fb:15:9c:a1:8e:ba:3c:ac:ed:30:6e:04:
         c9:b3:9e:ef:ae:ad:0e:cf:b6:7e:02:d9:ba:ee:95:f3:ab:7e:
         76:50:b6:db:a5:40:e4:70:42:77:1a:30:32:5c:c4:b4:b1:c1:
         2f:f8:45:19:6f:48:1d:ea:d5:3d:15:14:16:00:22:6a:17:49:
         74:bb:aa:e6:83:1a:8b:6a:15:50:87:15:94:bf:29:f8:ef:c9:
         d9:40:b9:16:a2:26:5a:9e:0b:23:e9:54:b3:58:c8:9b:93:e9:
         85:59:55:f0:75:42:26:7a:73:c1:03:32:4c:39:50:c8:c7:9f:
         f4:c2:b9:6e:00:fe:1e:26:a2:ef:aa:62:81:39:11:12:3d:78:
         80:07:3c:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTapKjQuqD3OUlzBuwaL9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZDFmNTBkZjI2M2ZlNTA5ZmM1ZGU5YzVhNDczYTI4ZTM4
MTI2MzkwHhcNMjQwMTAyMDgzMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmIxNTU5ZDhiYWU5ZjI2MmE4ZjlkODJkMTM1MzQ5NjY0OGY0ZDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgcXg8Z5xH4D1i8yG1O8dbpA4EeIt
QcBfAW//klO733J+QlzW0ZSktxNLBwJevXofXvXWrCM22c2YxGeOp48KUewizb8m
QG4TV8FdcDX5TisM1Roz9e5RqY/Twh6TQOvPD96Bhvf3K5o+ReB9/9jOQaG05ESJ
BKPhctTDsG68A0i9Fr37RmiVxtCohDZ7OF3fT3YaAhAE+20ZqCxjXdZDC4SembAa
sIx4j9tRmnEpAJoYuH2JMVc3YH/bBEdDPQjmR5TM7+Otvq6CfL7wp+2Ni/Jz+e9e
QQkUDyx2L54rObWok6Safuvib2dlGK080d4sW+MNQTkprLPu01/x+zfB5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDKxVZ2Lrp8mKo+dgtE1NJZkj014MB8GA1UdIwQY
MBaAFEvR9Q3yY/5Qn8XenFpHOijjgSY5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzlIMURmSmpfbENmeGQ2Y1drYzZLT09CSmprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83ZDIwYTItYjg4MS00NjFjLWJiZjUt
MmI2ODA5MzM5NzAyLzEvTXJGVm5ZdXVueVlxajUyQzBUVTBsbVNQVFhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83ZDIwYTItYjg4MS00NjFjLWJiZjUtMmI2ODA5MzM5NzAy
LzEvUzlIMURmSmpfbENmeGQ2Y1drYzZLT09CSmprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAYp7uMA0G
CSqGSIb3DQEBCwUAA4IBAQBICLfqovWM0nSd3Mql4xbCQQTbIIZyRQfdCkgP27kk
Vl1rpW2meAIVDrvDZhsJqxQaHfFm+1QvVdculzqXeSeAYfNK5BHEtNOBHBPQGv40
i8WehI56/0hr5aHxnQrimD4rd94IPF7vQvSJCTwLOodR7Nj7FZyhjro8rO0wbgTJ
s57vrq0Oz7Z+Atm67pXzq352ULbbpUDkcEJ3GjAyXMS0scEv+EUZb0gd6tU9FRQW
ACJqF0l0u6rmgxqLahVQhxWUvyn478nZQLkWoiZangsj6VSzWMibk+mFWVXwdUIm
enPBAzJMOVDIx5/0wrluAP4eJqLvqmKBORESPXiABzwj
-----END CERTIFICATE-----