Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/7b480b-b28d-419f-9d40-4306dd7a4a57/1/38aWt_jcvKGxj8mw7fpB9vQkhBc.roa
File:                     38aWt_jcvKGxj8mw7fpB9vQkhBc.roa (raw, json)
Hash identifier:          MMJUVIoLk4Fofifp+m30qgon2ze+SIx/GAO9K891lUA=
Subject key identifier:   DF:C6:96:B7:F8:DC:BC:A1:B1:8F:C9:B0:ED:FA:41:F6:F4:24:84:17
Certificate issuer:       /CN=b7ae676ffc66234f33db5238798ab979f986c82d
Certificate serial:       018CC80110F966D5E82A456A5BA3D8CC4A61
Authority key identifier: B7:AE:67:6F:FC:66:23:4F:33:DB:52:38:79:8A:B9:79:F9:86:C8:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t65nb_xmI08z21I4eYq5efmGyC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/7b480b-b28d-419f-9d40-4306dd7a4a57/1/38aWt_jcvKGxj8mw7fpB9vQkhBc.roa
Signing time:             Tue 02 Jan 2024 02:29:22 +0000
ROA not before:           Tue 02 Jan 2024 02:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31214
IP address blocks:        141.98.28.0/22 maxlen: 24
                          141.98.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/7b480b-b28d-419f-9d40-4306dd7a4a57/1/t65nb_xmI08z21I4eYq5efmGyC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/7b480b-b28d-419f-9d40-4306dd7a4a57/1/t65nb_xmI08z21I4eYq5efmGyC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t65nb_xmI08z21I4eYq5efmGyC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:10:f9:66:d5:e8:2a:45:6a:5b:a3:d8:cc:4a:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7ae676ffc66234f33db5238798ab979f986c82d
        Validity
            Not Before: Jan  2 02:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfc696b7f8dcbca1b18fc9b0edfa41f6f4248417
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ac:48:86:d7:d5:ca:42:ed:8b:e7:64:25:44:
                    62:17:87:22:2c:8a:04:ba:1a:94:38:4d:c3:62:8b:
                    54:ae:fe:ee:b5:bd:f1:65:01:e6:03:1b:f1:85:ae:
                    5f:3d:24:10:6b:02:35:a6:5a:59:67:d9:ca:ad:d3:
                    b3:56:26:45:8d:22:ee:be:9b:bd:7e:7a:24:43:a8:
                    68:93:4f:68:df:01:dd:8a:b4:71:ff:07:52:99:fd:
                    2c:4f:18:0f:84:52:35:80:c0:fa:19:de:01:ef:c8:
                    de:67:00:2e:de:23:39:5f:0d:97:74:12:23:15:06:
                    88:a4:d2:1f:33:34:bc:c4:4e:0b:3d:4b:e1:fd:a3:
                    bb:98:a3:a0:ac:35:91:74:d6:cb:69:30:48:57:a4:
                    25:3f:e8:2d:c9:20:e5:b9:28:82:5e:86:6c:aa:bd:
                    49:65:bc:3e:61:cd:28:6c:04:63:b7:a4:e4:45:da:
                    75:8f:f2:01:27:bc:e8:52:0f:79:c0:f0:8c:96:e7:
                    bc:57:a6:fe:de:85:3b:44:81:71:8a:b3:9d:f4:64:
                    8e:57:6e:e8:ca:88:75:27:14:0f:7c:f2:60:96:c1:
                    ae:1c:ac:78:c8:5b:ed:6d:4a:22:80:36:c0:4f:b1:
                    74:18:93:b5:34:a9:54:d5:cf:a2:4e:83:c8:39:a0:
                    c5:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:C6:96:B7:F8:DC:BC:A1:B1:8F:C9:B0:ED:FA:41:F6:F4:24:84:17
            X509v3 Authority Key Identifier:
                keyid:B7:AE:67:6F:FC:66:23:4F:33:DB:52:38:79:8A:B9:79:F9:86:C8:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t65nb_xmI08z21I4eYq5efmGyC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/7b480b-b28d-419f-9d40-4306dd7a4a57/1/38aWt_jcvKGxj8mw7fpB9vQkhBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/7b480b-b28d-419f-9d40-4306dd7a4a57/1/t65nb_xmI08z21I4eYq5efmGyC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         65:df:3c:fe:88:9d:4c:7f:c4:31:0d:32:45:4a:65:76:aa:65:
         db:9f:df:1e:c9:8c:e8:24:72:39:17:ee:a8:0a:29:5d:aa:06:
         75:ab:07:f2:11:18:4a:ab:aa:84:3c:57:89:5e:43:1c:60:ed:
         72:aa:ba:12:ce:a2:82:03:b7:3b:42:4b:5e:9c:c0:73:cc:1f:
         36:87:48:91:95:f9:dc:7c:b3:a2:29:e3:a7:db:f8:eb:51:cc:
         77:ed:eb:6f:6d:c2:85:1a:df:3e:1b:00:fb:43:bc:0d:cf:06:
         ae:10:49:a6:85:03:32:d2:26:da:76:fa:3c:a4:fa:96:61:b4:
         0d:de:c3:96:66:14:ee:cb:e2:e2:5c:58:82:35:fc:65:10:cf:
         06:73:d7:b0:69:3c:13:76:25:0e:05:81:45:52:94:6d:75:2a:
         ad:bb:0e:57:bc:fa:3f:91:69:6e:b3:08:65:83:fb:c6:7c:1b:
         c1:93:fc:5b:b4:c9:02:4e:85:cf:22:da:d1:5a:01:58:2d:38:
         66:a0:6c:9c:25:95:09:60:8b:02:22:cb:b5:84:26:13:13:fa:
         97:87:4b:74:a7:9d:5e:1c:b7:b8:1e:70:df:86:55:01:83:9b:
         b5:fe:0b:8e:58:62:03:c4:f7:09:ed:e5:a2:24:7b:0e:2b:41:
         f7:d3:e0:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIARD5ZtXoKkVqW6PYzEphMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3YWU2NzZmZmM2NjIzNGYzM2RiNTIzODc5OGFiOTc5Zjk4
NmM4MmQwHhcNMjQwMTAyMDIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmM2OTZiN2Y4ZGNiY2ExYjE4ZmM5YjBlZGZhNDFmNmY0MjQ4NDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6xIhtfVykLti+dkJURiF4ciLIoE
uhqUOE3DYotUrv7utb3xZQHmAxvxha5fPSQQawI1plpZZ9nKrdOzViZFjSLuvpu9
fnokQ6hok09o3wHdirRx/wdSmf0sTxgPhFI1gMD6Gd4B78jeZwAu3iM5Xw2XdBIj
FQaIpNIfMzS8xE4LPUvh/aO7mKOgrDWRdNbLaTBIV6QlP+gtySDluSiCXoZsqr1J
Zbw+Yc0obARjt6TkRdp1j/IBJ7zoUg95wPCMlue8V6b+3oU7RIFxirOd9GSOV27o
yoh1JxQPfPJglsGuHKx4yFvtbUoigDbAT7F0GJO1NKlU1c+iToPIOaDF2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/Glrf43LyhsY/JsO36Qfb0JIQXMB8GA1UdIwQY
MBaAFLeuZ2/8ZiNPM9tSOHmKuXn5hsgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDY1bmJfeG1JMDh6MjFJNGVZcTVlZm1HeUMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi83YjQ4MGItYjI4ZC00MTlmLTlkNDAt
NDMwNmRkN2E0YTU3LzEvMzhhV3RfamN2S0d4ajhtdzdmcEI5dlFraEJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi83YjQ4MGItYjI4ZC00MTlmLTlkNDAtNDMwNmRkN2E0YTU3
LzEvdDY1bmJfeG1JMDh6MjFJNGVZcTVlZm1HeUMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjWIcMA0G
CSqGSIb3DQEBCwUAA4IBAQBl3zz+iJ1Mf8QxDTJFSmV2qmXbn98eyYzoJHI5F+6o
CildqgZ1qwfyERhKq6qEPFeJXkMcYO1yqroSzqKCA7c7QktenMBzzB82h0iRlfnc
fLOiKeOn2/jrUcx37etvbcKFGt8+GwD7Q7wNzwauEEmmhQMy0ibadvo8pPqWYbQN
3sOWZhTuy+LiXFiCNfxlEM8Gc9ewaTwTdiUOBYFFUpRtdSqtuw5XvPo/kWluswhl
g/vGfBvBk/xbtMkCToXPItrRWgFYLThmoGycJZUJYIsCIsu1hCYTE/qXh0t0p51e
HLe4HnDfhlUBg5u1/guOWGIDxPcJ7eWiJHsOK0H30+Ce
-----END CERTIFICATE-----