Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/IitFlexYZfX-UU71f3XpZrGvWsM.roa
File:                     IitFlexYZfX-UU71f3XpZrGvWsM.roa (raw, json)
Hash identifier:          tylWdlOxFACp9bND59PH/ucvG9vvleDVIVW12I3eErQ=
Subject key identifier:   22:2B:45:95:EC:58:65:F5:FE:51:4E:F5:7F:75:E9:66:B1:AF:5A:C3
Certificate issuer:       /CN=e1856c3082ab2fc8dd1b359a7b3991368538b4d0
Certificate serial:       018CC424FD25B2C0F2AE909FA84A3784E55D
Authority key identifier: E1:85:6C:30:82:AB:2F:C8:DD:1B:35:9A:7B:39:91:36:85:38:B4:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4YVsMIKrL8jdGzWaezmRNoU4tNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/IitFlexYZfX-UU71f3XpZrGvWsM.roa
Signing time:             Mon 01 Jan 2024 08:30:07 +0000
ROA not before:           Mon 01 Jan 2024 08:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44486
IP address blocks:        37.44.215.0/24 maxlen: 24
                          176.116.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/4YVsMIKrL8jdGzWaezmRNoU4tNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/4YVsMIKrL8jdGzWaezmRNoU4tNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4YVsMIKrL8jdGzWaezmRNoU4tNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 22:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:fd:25:b2:c0:f2:ae:90:9f:a8:4a:37:84:e5:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1856c3082ab2fc8dd1b359a7b3991368538b4d0
        Validity
            Not Before: Jan  1 08:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=222b4595ec5865f5fe514ef57f75e966b1af5ac3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d2:91:fb:0e:4f:cb:26:31:15:ae:2e:67:cb:
                    c8:bc:b5:26:d2:83:08:93:32:ac:a1:b0:06:7c:a1:
                    66:fc:84:9b:4c:9b:3a:b0:73:35:d9:33:5c:40:cb:
                    61:c4:db:3c:68:15:4d:43:31:d9:e6:ec:58:be:24:
                    ab:04:df:cf:ba:10:a3:96:1e:08:f4:ec:ec:fb:d2:
                    e3:77:38:cc:f1:91:96:ab:67:00:36:1d:04:d5:1a:
                    01:e3:68:86:41:50:b7:e4:d9:53:d2:4f:db:e3:04:
                    44:f5:ce:f9:9e:11:be:b8:68:c1:2a:58:7b:1d:7c:
                    ff:32:c7:d8:86:98:e9:38:2b:6a:4a:e6:d9:cd:24:
                    cf:ce:a1:6d:d7:7f:fa:e3:2d:a6:01:d6:08:bb:08:
                    fb:a0:d8:3b:75:6b:f0:63:f7:53:90:fd:de:8b:2b:
                    01:df:be:8b:5a:7f:48:72:6d:75:e9:01:6b:70:f0:
                    13:b9:5c:38:fc:d9:e7:6d:5e:de:91:27:01:65:34:
                    84:0d:22:33:e4:65:18:00:24:14:cc:6f:a0:f4:6f:
                    ed:08:46:2b:1f:87:fb:27:f8:22:3d:20:60:cc:b4:
                    1a:d2:e7:ee:74:ef:e5:d8:73:44:11:48:35:64:5b:
                    7b:05:42:2b:66:2d:af:9f:6d:3a:6f:f8:46:47:25:
                    40:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:2B:45:95:EC:58:65:F5:FE:51:4E:F5:7F:75:E9:66:B1:AF:5A:C3
            X509v3 Authority Key Identifier:
                keyid:E1:85:6C:30:82:AB:2F:C8:DD:1B:35:9A:7B:39:91:36:85:38:B4:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4YVsMIKrL8jdGzWaezmRNoU4tNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/IitFlexYZfX-UU71f3XpZrGvWsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/4YVsMIKrL8jdGzWaezmRNoU4tNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.44.215.0/24
                  176.116.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:c3:b1:0c:aa:78:be:41:c6:5b:6e:3e:cf:fe:9d:68:46:79:
         27:a7:92:bd:02:7e:e6:45:22:60:07:02:3e:4b:57:94:e6:a2:
         8d:9d:a9:75:3b:cc:79:bb:e7:1e:0d:6d:36:dd:e9:24:0f:3d:
         2d:4c:d4:5b:da:76:c7:32:cf:88:ac:2b:bc:57:9f:ad:78:f4:
         fc:10:30:0b:bb:18:7e:4a:e3:42:d8:3b:68:3a:7a:11:c9:9e:
         06:43:1e:ad:d3:f8:11:62:4b:6b:0b:7f:b5:56:67:cd:81:1c:
         ce:96:8c:8f:4c:d0:4f:dc:5e:5b:29:fe:82:ce:da:61:b2:99:
         ad:a6:38:fc:bb:5b:86:83:e6:c7:b5:91:e9:bb:21:b7:26:f3:
         6c:c0:a3:87:38:bf:b2:fc:ce:a8:37:ce:ca:46:0c:56:e2:c3:
         18:5e:4c:f9:7b:13:a1:9f:35:fe:16:31:87:21:fe:4e:39:ea:
         a9:0e:20:b4:ff:4e:3c:3d:4b:b6:f0:18:d2:f9:30:15:d3:1a:
         de:75:ae:7a:a5:19:a2:1e:8e:6e:2a:2e:3d:a9:f7:07:44:df:
         e0:2d:6f:05:7e:91:47:9b:95:4e:c9:44:12:b9:6f:9f:e8:83:
         6d:c7:20:c1:91:71:fc:30:73:92:cb:e3:1e:0c:42:09:79:c8:
         43:0e:d0:06
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJP0lssDyrpCfqEo3hOVdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxODU2YzMwODJhYjJmYzhkZDFiMzU5YTdiMzk5MTM2ODUz
OGI0ZDAwHhcNMjQwMTAxMDgzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjJiNDU5NWVjNTg2NWY1ZmU1MTRlZjU3Zjc1ZTk2NmIxYWY1YWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldKR+w5PyyYxFa4uZ8vIvLUm0oMI
kzKsobAGfKFm/ISbTJs6sHM12TNcQMthxNs8aBVNQzHZ5uxYviSrBN/PuhCjlh4I
9Ozs+9LjdzjM8ZGWq2cANh0E1RoB42iGQVC35NlT0k/b4wRE9c75nhG+uGjBKlh7
HXz/MsfYhpjpOCtqSubZzSTPzqFt13/64y2mAdYIuwj7oNg7dWvwY/dTkP3eiysB
376LWn9Icm116QFrcPATuVw4/NnnbV7ekScBZTSEDSIz5GUYACQUzG+g9G/tCEYr
H4f7J/giPSBgzLQa0ufudO/l2HNEEUg1ZFt7BUIrZi2vn206b/hGRyVAOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCIrRZXsWGX1/lFO9X916Waxr1rDMB8GA1UdIwQY
MBaAFOGFbDCCqy/I3Rs1mns5kTaFOLTQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFlWc01JS3JMOGpkR3pXYWV6bVJOb1U0dE5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC81NjRiZDAtN2I1Mi00NGRkLWI1NmIt
OGVhYTZiZjQwMzU3LzEvSWl0RmxleFlaZlgtVVU3MWYzWHBackd2V3NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC81NjRiZDAtN2I1Mi00NGRkLWI1NmItOGVhYTZiZjQwMzU3
LzEvNFlWc01JS3JMOGpkR3pXYWV6bVJOb1U0dE5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJSzXAwQA
sHQSMA0GCSqGSIb3DQEBCwUAA4IBAQCrw7EMqni+QcZbbj7P/p1oRnknp5K9An7m
RSJgBwI+S1eU5qKNnal1O8x5u+ceDW023ekkDz0tTNRb2nbHMs+IrCu8V5+tePT8
EDALuxh+SuNC2DtoOnoRyZ4GQx6t0/gRYktrC3+1VmfNgRzOloyPTNBP3F5bKf6C
ztphspmtpjj8u1uGg+bHtZHpuyG3JvNswKOHOL+y/M6oN87KRgxW4sMYXkz5exOh
nzX+FjGHIf5OOeqpDiC0/048PUu28BjS+TAV0xreda56pRmiHo5uKi49qfcHRN/g
LW8FfpFHm5VOyUQSuW+f6INtxyDBkXH8MHOSy+MeDEIJechDDtAG
-----END CERTIFICATE-----