Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/P_gtOxiumkBMWb7JzFhyd7asCjk.roa
File:                     P_gtOxiumkBMWb7JzFhyd7asCjk.roa (raw, json)
Hash identifier:          Lwuwc2FYN1hu35qGhI530gKOeE5DzuHWEPUrukqY5KI=
Subject key identifier:   3F:F8:2D:3B:18:AE:9A:40:4C:59:BE:C9:CC:58:72:77:B6:AC:0A:39
Certificate issuer:       /CN=3718b734349bf327d9453b96501e44b192e55142
Certificate serial:       018CCA294E56EBDF871ABCCEEE2215BF3FD7
Authority key identifier: 37:18:B7:34:34:9B:F3:27:D9:45:3B:96:50:1E:44:B1:92:E5:51:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/P_gtOxiumkBMWb7JzFhyd7asCjk.roa
Signing time:             Tue 02 Jan 2024 12:32:33 +0000
ROA not before:           Tue 02 Jan 2024 12:32:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212669
IP address blocks:        31.14.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 22:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:4e:56:eb:df:87:1a:bc:ce:ee:22:15:bf:3f:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3718b734349bf327d9453b96501e44b192e55142
        Validity
            Not Before: Jan  2 12:32:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ff82d3b18ae9a404c59bec9cc587277b6ac0a39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d2:d6:f3:9a:5c:a2:1d:72:a3:45:4a:2f:8f:
                    fe:00:2f:de:09:d9:33:09:69:4c:4a:02:7e:75:1c:
                    83:f2:0c:2f:c0:5f:45:00:80:d9:fd:6f:46:81:a2:
                    87:f1:68:17:7c:02:dd:37:ba:a9:70:05:fe:66:32:
                    f3:88:66:d3:e6:ca:14:3b:2a:27:2d:f9:a9:cf:f6:
                    11:f2:2b:b5:71:46:5a:c9:47:fa:91:9a:c1:12:fc:
                    5f:f7:b7:65:f6:95:03:bf:0c:41:38:9a:ed:18:29:
                    0d:2c:21:86:aa:ff:bd:4e:39:01:52:79:68:5b:ec:
                    fb:bf:22:d9:14:c1:f4:c9:bf:e2:b7:4c:bf:0c:93:
                    31:08:91:f6:c6:a9:69:a1:69:ff:4c:3a:8a:e6:76:
                    73:71:e1:57:68:5a:97:97:ba:1a:19:14:7a:a2:d5:
                    87:b9:cc:47:e6:fd:a3:55:70:11:91:41:e7:39:99:
                    2e:7b:7c:e7:9e:dc:f4:db:9f:14:77:5d:6d:8e:d1:
                    3d:ad:5c:40:b3:fa:03:75:85:92:b3:0f:eb:d4:78:
                    c1:7c:3f:1d:d6:f8:35:0a:eb:83:e9:e1:47:27:09:
                    77:4e:75:44:84:43:87:b4:97:d4:a1:06:64:1d:49:
                    50:8a:44:03:3b:e8:86:4f:00:4f:2f:77:47:f9:d9:
                    4a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:F8:2D:3B:18:AE:9A:40:4C:59:BE:C9:CC:58:72:77:B6:AC:0A:39
            X509v3 Authority Key Identifier:
                keyid:37:18:B7:34:34:9B:F3:27:D9:45:3B:96:50:1E:44:B1:92:E5:51:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/P_gtOxiumkBMWb7JzFhyd7asCjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:d2:40:38:fc:79:d9:a6:52:7c:67:ce:df:6e:e3:53:7d:e4:
         85:51:b1:9c:27:ef:06:17:37:57:38:af:cc:7d:d3:f5:f8:d3:
         87:30:e4:2b:21:9d:99:f7:0a:e7:e2:54:66:f3:26:7a:77:a6:
         c3:69:f0:14:c0:4d:b9:be:62:5b:1b:cc:09:c2:7f:24:06:6e:
         aa:13:83:a5:4b:49:15:54:bf:9e:d2:b7:ff:09:36:f6:ca:a3:
         57:52:c9:f1:77:ef:a5:34:b9:38:5d:ec:26:32:34:0a:db:ac:
         cf:a4:bb:ed:b8:c1:a1:af:16:c4:a0:08:43:04:83:99:41:d6:
         4a:d5:c9:65:8e:8b:23:5a:2f:af:34:23:85:1c:b1:55:b1:7d:
         d0:b4:88:7c:b7:c4:b2:b4:1a:d7:1a:a7:4e:c7:78:c4:18:03:
         d9:5f:b6:76:5e:dd:0a:1b:b5:e5:d7:0c:85:44:72:5d:c7:e8:
         be:ba:e0:29:9c:6a:de:74:a7:e4:bb:b1:50:6f:7e:95:a3:c5:
         32:c0:64:c3:79:03:39:40:e5:03:ca:6e:b7:71:a3:30:cf:66:
         69:09:e7:b2:91:c4:c7:b1:97:43:9c:aa:36:44:7b:b8:54:9b:
         8f:72:36:3c:63:3d:87:14:de:8d:f6:15:c9:0d:37:4f:e7:65:
         87:64:63:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKU5W69+HGrzO7iIVvz/XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MThiNzM0MzQ5YmYzMjdkOTQ1M2I5NjUwMWU0NGIxOTJl
NTUxNDIwHhcNMjQwMTAyMTIzMjMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmY4MmQzYjE4YWU5YTQwNGM1OWJlYzljYzU4NzI3N2I2YWMwYTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdLW85pcoh1yo0VKL4/+AC/eCdkz
CWlMSgJ+dRyD8gwvwF9FAIDZ/W9GgaKH8WgXfALdN7qpcAX+ZjLziGbT5soUOyon
Lfmpz/YR8iu1cUZayUf6kZrBEvxf97dl9pUDvwxBOJrtGCkNLCGGqv+9TjkBUnlo
W+z7vyLZFMH0yb/it0y/DJMxCJH2xqlpoWn/TDqK5nZzceFXaFqXl7oaGRR6otWH
ucxH5v2jVXARkUHnOZkue3znntz0258Ud11tjtE9rVxAs/oDdYWSsw/r1HjBfD8d
1vg1CuuD6eFHJwl3TnVEhEOHtJfUoQZkHUlQikQDO+iGTwBPL3dH+dlK9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/4LTsYrppATFm+ycxYcne2rAo5MB8GA1UdIwQY
MBaAFDcYtzQ0m/Mn2UU7llAeRLGS5VFCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnhpM05EU2I4eWZaUlR1V1VCNUVzWkxsVVVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YmY4YTgtZTQ5Yy00MDZlLThlYjct
YzgyM2NjOGYzODM3LzEvUF9ndE94aXVta0JNV2I3SnpGaHlkN2FzQ2prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YmY4YTgtZTQ5Yy00MDZlLThlYjctYzgyM2NjOGYzODM3
LzEvTnhpM05EU2I4eWZaUlR1V1VCNUVzWkxsVVVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHw4kMA0G
CSqGSIb3DQEBCwUAA4IBAQBo0kA4/HnZplJ8Z87fbuNTfeSFUbGcJ+8GFzdXOK/M
fdP1+NOHMOQrIZ2Z9wrn4lRm8yZ6d6bDafAUwE25vmJbG8wJwn8kBm6qE4OlS0kV
VL+e0rf/CTb2yqNXUsnxd++lNLk4XewmMjQK26zPpLvtuMGhrxbEoAhDBIOZQdZK
1clljosjWi+vNCOFHLFVsX3QtIh8t8SytBrXGqdOx3jEGAPZX7Z2Xt0KG7Xl1wyF
RHJdx+i+uuApnGredKfku7FQb36Vo8UywGTDeQM5QOUDym63caMwz2ZpCeeykcTH
sZdDnKo2RHu4VJuPcjY8Yz2HFN6N9hXJDTdP52WHZGPI
-----END CERTIFICATE-----