Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/wm3FF6TcNdhmFRFUIxDvSQsFFHs.roa
File:                     wm3FF6TcNdhmFRFUIxDvSQsFFHs.roa (raw, json)
Hash identifier:          yN9Af3xDoVTZnaMiLHePewMhUBUJG8I+0XgRaKt0OxQ=
Subject key identifier:   C2:6D:C5:17:A4:DC:35:D8:66:15:11:54:23:10:EF:49:0B:05:14:7B
Certificate issuer:       /CN=3718b734349bf327d9453b96501e44b192e55142
Certificate serial:       0198A243AA7682875A57BF559237ECA88CBE
Authority key identifier: 37:18:B7:34:34:9B:F3:27:D9:45:3B:96:50:1E:44:B1:92:E5:51:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/wm3FF6TcNdhmFRFUIxDvSQsFFHs.roa
Signing time:             Wed 13 Aug 2025 07:10:00 +0000
ROA not before:           Wed 13 Aug 2025 07:10:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215269
IP address blocks:        31.14.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 09:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:43:aa:76:82:87:5a:57:bf:55:92:37:ec:a8:8c:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3718b734349bf327d9453b96501e44b192e55142
        Validity
            Not Before: Aug 13 07:10:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c26dc517a4dc35d8661511542310ef490b05147b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f0:4b:93:05:69:18:34:90:36:24:43:3b:06:
                    c5:99:46:9c:da:c2:80:03:09:c6:f1:53:49:32:69:
                    79:d9:66:c4:12:12:c8:1e:85:63:66:2f:06:74:23:
                    6c:8a:ae:3e:bf:d3:74:26:1b:9d:ce:21:f1:30:da:
                    79:0a:23:b0:b3:61:bf:ed:d8:ab:a6:17:86:65:62:
                    f8:06:13:d2:41:70:c0:dc:3c:6c:7d:12:10:9d:34:
                    ee:dd:69:3e:17:5f:ba:44:73:75:6f:43:0c:c3:f7:
                    12:a2:22:48:a5:ce:d8:70:af:27:25:93:49:cb:81:
                    28:e9:8f:f9:18:25:5b:ec:88:12:b0:c4:7c:73:21:
                    f6:79:da:c7:30:21:d9:72:1d:32:f2:25:9d:4f:85:
                    8a:2b:ca:c7:9a:05:05:98:1d:a4:f4:da:94:e5:ef:
                    23:6d:96:2d:45:8c:3f:b6:d3:2f:f4:ba:7f:b3:77:
                    73:7e:04:65:1f:7f:39:8e:37:73:87:44:ee:3d:73:
                    26:07:fc:f6:7a:ab:41:fc:96:fb:5d:13:fd:65:fb:
                    cd:cd:b9:3e:ce:7f:38:2e:e6:1b:29:17:55:05:4d:
                    1f:b4:ee:8a:e2:27:3e:3a:e7:04:c7:38:fa:69:49:
                    0f:43:1e:82:05:49:22:fe:f6:28:6c:55:b3:54:f7:
                    a2:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:6D:C5:17:A4:DC:35:D8:66:15:11:54:23:10:EF:49:0B:05:14:7B
            X509v3 Authority Key Identifier:
                keyid:37:18:B7:34:34:9B:F3:27:D9:45:3B:96:50:1E:44:B1:92:E5:51:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/wm3FF6TcNdhmFRFUIxDvSQsFFHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:af:4e:eb:b4:90:34:74:8f:b8:f3:ce:49:87:af:5f:c5:3a:
         bb:93:b3:d5:c7:e9:6a:22:f3:85:18:9f:63:98:a7:84:6e:96:
         49:a3:45:fa:3c:61:4e:5d:3c:d5:ae:22:5b:8d:0c:24:b2:1c:
         e4:15:0c:13:3c:e9:4b:08:1a:ba:21:5f:34:49:c3:8e:a5:49:
         4d:2e:1b:f5:2f:52:a5:29:35:99:01:b8:1d:2e:e3:9a:e8:c5:
         07:3d:73:d4:e1:43:10:67:65:90:93:21:5b:ac:76:38:79:1d:
         ca:87:dc:d4:42:88:e5:82:7d:5d:09:cb:01:6d:84:53:a8:41:
         6b:7e:1e:c4:39:a8:42:9e:13:2f:53:45:4d:2e:b3:de:08:a2:
         fb:20:49:b3:78:2e:3f:46:e3:37:4f:7b:b2:3e:a2:b2:b6:af:
         db:76:38:f4:e2:4f:76:ad:46:1a:a0:de:3d:92:1f:ec:2c:2b:
         0a:40:10:06:89:b9:00:90:66:af:56:68:44:af:31:3a:fb:35:
         d9:20:38:e7:a4:58:16:00:58:98:4b:d3:fd:25:cf:b3:61:1d:
         75:d0:6a:c5:3b:0b:00:9c:99:62:bf:98:9d:f4:00:19:2a:51:
         03:6d:cf:a5:69:dc:7b:67:13:7d:54:7c:ed:3f:25:36:4f:76:
         46:75:8c:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiiQ6p2godaV79VkjfsqIy+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MThiNzM0MzQ5YmYzMjdkOTQ1M2I5NjUwMWU0NGIxOTJl
NTUxNDIwHhcNMjUwODEzMDcxMDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjZkYzUxN2E0ZGMzNWQ4NjYxNTExNTQyMzEwZWY0OTBiMDUxNDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvBLkwVpGDSQNiRDOwbFmUac2sKA
AwnG8VNJMml52WbEEhLIHoVjZi8GdCNsiq4+v9N0JhudziHxMNp5CiOws2G/7dir
pheGZWL4BhPSQXDA3DxsfRIQnTTu3Wk+F1+6RHN1b0MMw/cSoiJIpc7YcK8nJZNJ
y4Eo6Y/5GCVb7IgSsMR8cyH2edrHMCHZch0y8iWdT4WKK8rHmgUFmB2k9NqU5e8j
bZYtRYw/ttMv9Lp/s3dzfgRlH385jjdzh0TuPXMmB/z2eqtB/Jb7XRP9ZfvNzbk+
zn84LuYbKRdVBU0ftO6K4ic+OucExzj6aUkPQx6CBUki/vYobFWzVPeiYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMJtxRek3DXYZhURVCMQ70kLBRR7MB8GA1UdIwQY
MBaAFDcYtzQ0m/Mn2UU7llAeRLGS5VFCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnhpM05EU2I4eWZaUlR1V1VCNUVzWkxsVVVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YmY4YTgtZTQ5Yy00MDZlLThlYjct
YzgyM2NjOGYzODM3LzEvd20zRkY2VGNOZGhtRlJGVUl4RHZTUXNGRkhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YmY4YTgtZTQ5Yy00MDZlLThlYjctYzgyM2NjOGYzODM3
LzEvTnhpM05EU2I4eWZaUlR1V1VCNUVzWkxsVVVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHw4lMA0G
CSqGSIb3DQEBCwUAA4IBAQCKr07rtJA0dI+4885Jh69fxTq7k7PVx+lqIvOFGJ9j
mKeEbpZJo0X6PGFOXTzVriJbjQwkshzkFQwTPOlLCBq6IV80ScOOpUlNLhv1L1Kl
KTWZAbgdLuOa6MUHPXPU4UMQZ2WQkyFbrHY4eR3Kh9zUQojlgn1dCcsBbYRTqEFr
fh7EOahCnhMvU0VNLrPeCKL7IEmzeC4/RuM3T3uyPqKytq/bdjj04k92rUYaoN49
kh/sLCsKQBAGibkAkGavVmhErzE6+zXZIDjnpFgWAFiYS9P9Jc+zYR110GrFOwsA
nJliv5id9AAZKlEDbc+ladx7ZxN9VHztPyU2T3ZGdYyA
-----END CERTIFICATE-----