Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/1baff1-dda3-4304-b1b3-5182eede2a29/1/ExtdgMK7e8X4xonP4pu_LVfy_Rw.roa
File:                     ExtdgMK7e8X4xonP4pu_LVfy_Rw.roa (raw, json)
Hash identifier:          rW3kaGxLSOe6L0plkRxrt/76I5qqFiA7Tjb4w7+107s=
Subject key identifier:   13:1B:5D:80:C2:BB:7B:C5:F8:C6:89:CF:E2:9B:BF:2D:57:F2:FD:1C
Certificate issuer:       /CN=64366a73915f9090d4b1083897aa402577e163de
Certificate serial:       018D4F84BEF7A6D44E72E45A026445C47CE7
Authority key identifier: 64:36:6A:73:91:5F:90:90:D4:B1:08:38:97:AA:40:25:77:E1:63:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZDZqc5FfkJDUsQg4l6pAJXfhY94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/1baff1-dda3-4304-b1b3-5182eede2a29/1/ExtdgMK7e8X4xonP4pu_LVfy_Rw.roa
Signing time:             Sun 28 Jan 2024 10:01:56 +0000
ROA not before:           Sun 28 Jan 2024 10:01:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210509
IP address blocks:        212.23.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/1baff1-dda3-4304-b1b3-5182eede2a29/1/ZDZqc5FfkJDUsQg4l6pAJXfhY94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/1baff1-dda3-4304-b1b3-5182eede2a29/1/ZDZqc5FfkJDUsQg4l6pAJXfhY94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZDZqc5FfkJDUsQg4l6pAJXfhY94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:4f:84:be:f7:a6:d4:4e:72:e4:5a:02:64:45:c4:7c:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64366a73915f9090d4b1083897aa402577e163de
        Validity
            Not Before: Jan 28 10:01:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=131b5d80c2bb7bc5f8c689cfe29bbf2d57f2fd1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ed:19:72:7a:e0:3d:48:a1:d0:b3:fa:00:1b:
                    20:03:c2:71:1b:70:6f:f4:7d:33:ee:b4:2a:dc:98:
                    3b:4e:81:12:80:40:43:e4:f0:14:1f:a2:ef:3f:bc:
                    a2:05:65:f7:a3:ca:13:01:d5:df:63:11:82:ec:01:
                    51:b8:3c:78:f4:9f:c8:e8:51:f2:4c:33:c1:79:f9:
                    58:b0:21:23:f8:30:ee:2e:25:18:55:dc:c6:9b:6c:
                    83:d6:7c:5d:16:d3:6e:04:f8:c0:5c:92:8e:6c:3e:
                    3e:50:5f:0e:8e:f3:7f:bc:95:8a:e2:ce:53:00:99:
                    ed:3f:e2:fb:c4:6a:dd:93:b7:0f:aa:fd:74:2a:56:
                    5b:ff:d2:65:4c:0b:7a:62:64:b9:7f:ce:f3:86:3b:
                    67:4e:3d:bb:9b:a4:4c:19:cd:25:d6:29:d8:20:39:
                    d7:96:3b:e5:28:c7:f7:e6:47:19:f2:98:26:54:a4:
                    8e:4e:b5:98:8e:43:cc:b0:3d:22:d5:32:db:7b:9c:
                    08:f5:e9:4e:2e:b1:93:80:13:d7:0e:65:e0:c5:74:
                    41:02:e4:2e:d2:20:c6:0e:9c:ec:51:b9:d4:cc:27:
                    8e:ec:8a:8d:ff:fe:bb:83:df:ac:ef:35:54:29:20:
                    1c:0c:93:8d:a4:b8:10:5b:8f:9e:8a:ce:b3:73:76:
                    00:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:1B:5D:80:C2:BB:7B:C5:F8:C6:89:CF:E2:9B:BF:2D:57:F2:FD:1C
            X509v3 Authority Key Identifier:
                keyid:64:36:6A:73:91:5F:90:90:D4:B1:08:38:97:AA:40:25:77:E1:63:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZDZqc5FfkJDUsQg4l6pAJXfhY94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/1baff1-dda3-4304-b1b3-5182eede2a29/1/ExtdgMK7e8X4xonP4pu_LVfy_Rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/1baff1-dda3-4304-b1b3-5182eede2a29/1/ZDZqc5FfkJDUsQg4l6pAJXfhY94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.23.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:26:36:c0:5d:91:c8:dd:f6:7f:af:c3:54:23:1a:26:d4:5d:
         2c:7f:0a:33:84:f7:ce:6f:d1:3e:1e:8b:fc:74:05:9b:a7:17:
         89:41:8a:b3:e6:4c:c6:c7:e6:80:09:06:7a:a2:63:36:7c:62:
         c0:8c:d4:00:1f:4a:14:7e:1a:4a:ef:fb:68:86:67:1c:04:93:
         41:6c:b0:15:79:a7:59:3a:4d:94:de:4c:db:3d:6e:92:e3:d0:
         fb:c9:77:c5:36:7c:a2:7f:90:36:10:f0:e6:5a:d7:3e:8a:96:
         d7:48:3f:b8:52:2a:b8:fa:59:ac:33:c3:4e:de:e5:70:fe:10:
         ca:27:fe:bb:29:e3:a0:dd:b0:5b:33:2f:97:4a:54:98:b2:16:
         87:72:9e:53:ce:56:4a:fd:fe:41:8f:a2:83:1d:54:ce:b8:77:
         f8:2c:3e:8b:b4:56:70:f1:f7:00:6e:7b:03:29:dd:89:05:55:
         05:2c:88:99:97:99:b8:e2:79:1b:7a:52:65:ca:bf:d6:da:6a:
         cb:a6:3e:b0:b8:fb:30:20:34:88:fc:19:c0:46:7f:98:03:5b:
         35:d8:aa:c9:01:e2:ae:08:18:b1:30:a9:40:5d:d9:00:07:04:
         44:d9:ad:06:e9:ce:d6:04:9c:d2:c5:c1:a4:1e:fc:42:31:ce:
         8a:2f:fb:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1PhL73ptROcuRaAmRFxHznMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MzY2YTczOTE1ZjkwOTBkNGIxMDgzODk3YWE0MDI1Nzdl
MTYzZGUwHhcNMjQwMTI4MTAwMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzFiNWQ4MGMyYmI3YmM1ZjhjNjg5Y2ZlMjliYmYyZDU3ZjJmZDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+0ZcnrgPUih0LP6ABsgA8JxG3Bv
9H0z7rQq3Jg7ToESgEBD5PAUH6LvP7yiBWX3o8oTAdXfYxGC7AFRuDx49J/I6FHy
TDPBeflYsCEj+DDuLiUYVdzGm2yD1nxdFtNuBPjAXJKObD4+UF8OjvN/vJWK4s5T
AJntP+L7xGrdk7cPqv10KlZb/9JlTAt6YmS5f87zhjtnTj27m6RMGc0l1inYIDnX
ljvlKMf35kcZ8pgmVKSOTrWYjkPMsD0i1TLbe5wI9elOLrGTgBPXDmXgxXRBAuQu
0iDGDpzsUbnUzCeO7IqN//67g9+s7zVUKSAcDJONpLgQW4+eis6zc3YAiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBMbXYDCu3vF+MaJz+Kbvy1X8v0cMB8GA1UdIwQY
MBaAFGQ2anORX5CQ1LEIOJeqQCV34WPeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkRacWM1RmZrSkRVc1FnNGw2cEFKWGZoWTk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8xYmFmZjEtZGRhMy00MzA0LWIxYjMt
NTE4MmVlZGUyYTI5LzEvRXh0ZGdNSzdlOFg0eG9uUDRwdV9MVmZ5X1J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8xYmFmZjEtZGRhMy00MzA0LWIxYjMtNTE4MmVlZGUyYTI5
LzEvWkRacWM1RmZrSkRVc1FnNGw2cEFKWGZoWTk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BfZMA0G
CSqGSIb3DQEBCwUAA4IBAQBJJjbAXZHI3fZ/r8NUIxom1F0sfwozhPfOb9E+Hov8
dAWbpxeJQYqz5kzGx+aACQZ6omM2fGLAjNQAH0oUfhpK7/tohmccBJNBbLAVeadZ
Ok2U3kzbPW6S49D7yXfFNnyif5A2EPDmWtc+ipbXSD+4Uiq4+lmsM8NO3uVw/hDK
J/67KeOg3bBbMy+XSlSYshaHcp5TzlZK/f5Bj6KDHVTOuHf4LD6LtFZw8fcAbnsD
Kd2JBVUFLIiZl5m44nkbelJlyr/W2mrLpj6wuPswIDSI/BnARn+YA1s12KrJAeKu
CBixMKlAXdkABwRE2a0G6c7WBJzSxcGkHvxCMc6KL/tM
-----END CERTIFICATE-----