Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/42fb3c-61a6-45ca-a47e-d2d1209c4825/1/u-olTnLwJF6ytkR-o6rX3D_kci8.roa
File:                     u-olTnLwJF6ytkR-o6rX3D_kci8.roa (raw, json)
Hash identifier:          MR3jrf7iR8t6kjldj/3xqnHlhsr0yJP0AElvCOGrpJI=
Subject key identifier:   BB:EA:25:4E:72:F0:24:5E:B2:B6:44:7E:A3:AA:D7:DC:3F:E4:72:2F
Certificate issuer:       /CN=c9a7ff012cb72ea84d1b83c002c3203cc024e6a6
Certificate serial:       01942067E8048DA8832476D16D991035C6CA
Authority key identifier: C9:A7:FF:01:2C:B7:2E:A8:4D:1B:83:C0:02:C3:20:3C:C0:24:E6:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yaf_ASy3LqhNG4PAAsMgPMAk5qY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/42fb3c-61a6-45ca-a47e-d2d1209c4825/1/u-olTnLwJF6ytkR-o6rX3D_kci8.roa
Signing time:             Wed 01 Jan 2025 05:47:48 +0000
ROA not before:           Wed 01 Jan 2025 05:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207645
IP address blocks:        193.28.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/42fb3c-61a6-45ca-a47e-d2d1209c4825/1/yaf_ASy3LqhNG4PAAsMgPMAk5qY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/42fb3c-61a6-45ca-a47e-d2d1209c4825/1/yaf_ASy3LqhNG4PAAsMgPMAk5qY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yaf_ASy3LqhNG4PAAsMgPMAk5qY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 02:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e8:04:8d:a8:83:24:76:d1:6d:99:10:35:c6:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9a7ff012cb72ea84d1b83c002c3203cc024e6a6
        Validity
            Not Before: Jan  1 05:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bbea254e72f0245eb2b6447ea3aad7dc3fe4722f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:6a:49:e1:f9:39:c3:de:a0:80:a3:9d:68:06:
                    29:5e:4b:a5:19:db:01:97:59:9a:91:d2:5b:25:d9:
                    44:97:88:04:1b:9d:f4:ab:27:40:47:38:d5:6f:87:
                    0a:65:2c:56:1e:e9:b2:71:ec:87:f7:aa:9d:56:18:
                    1f:1c:16:4d:58:fe:32:84:66:06:bb:a2:fd:5d:3b:
                    7b:19:a5:9d:99:10:a9:77:7b:89:21:51:81:8f:31:
                    ba:95:fd:dc:f6:25:9d:20:e5:ad:63:8f:03:9a:e0:
                    96:58:29:25:b2:44:c0:b1:57:15:d8:63:27:c1:21:
                    b9:da:26:ad:c6:15:06:35:04:37:2f:a7:c4:bb:42:
                    d0:b6:20:3e:a4:51:54:b7:7f:39:65:d0:cd:8e:c5:
                    fb:04:bc:c9:97:8a:14:29:1f:25:c4:55:b8:07:56:
                    1d:06:e3:0d:d7:e6:4f:90:f3:b9:de:7f:38:3c:12:
                    d4:1b:40:35:5a:20:db:7b:93:ae:fb:23:5a:6f:f4:
                    c3:1a:65:7a:c5:bd:7b:12:9e:41:f0:31:d3:f0:2d:
                    20:4c:fa:6f:6b:25:86:41:9e:fd:25:5d:69:4e:ba:
                    a3:07:fd:b2:5c:65:b0:09:b7:70:0b:a5:1e:b9:42:
                    37:3a:b7:82:ce:5c:a5:bd:69:33:41:e5:d1:a8:15:
                    ac:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:EA:25:4E:72:F0:24:5E:B2:B6:44:7E:A3:AA:D7:DC:3F:E4:72:2F
            X509v3 Authority Key Identifier:
                keyid:C9:A7:FF:01:2C:B7:2E:A8:4D:1B:83:C0:02:C3:20:3C:C0:24:E6:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yaf_ASy3LqhNG4PAAsMgPMAk5qY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/42fb3c-61a6-45ca-a47e-d2d1209c4825/1/u-olTnLwJF6ytkR-o6rX3D_kci8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/42fb3c-61a6-45ca-a47e-d2d1209c4825/1/yaf_ASy3LqhNG4PAAsMgPMAk5qY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:90:e0:6e:47:b8:8c:cf:16:62:b7:3b:41:c1:04:bc:8a:b6:
         bd:5b:01:2a:3c:55:3f:fb:9f:0d:20:12:87:b8:52:2d:8f:a1:
         1e:23:f8:d2:90:7e:d5:29:fc:bc:9c:d5:c7:6a:62:b2:06:83:
         fe:ab:1f:1f:96:39:38:e8:6a:35:2d:f6:4c:fd:62:f9:50:8c:
         95:27:18:6c:cd:4a:7d:4e:59:67:a2:51:43:a6:ff:3f:9e:95:
         3b:fb:43:a8:95:dd:9c:af:63:1a:f1:67:21:ec:68:4c:b7:27:
         33:44:19:3d:a4:32:d9:2f:90:01:3b:b2:39:95:6c:ef:66:2e:
         4b:21:9d:0c:9d:b1:cf:d0:70:df:12:14:1d:0a:64:7d:32:71:
         14:26:f5:d8:b5:b3:a4:24:a4:96:63:3c:8e:76:d9:60:81:5d:
         ad:95:12:2f:91:1a:82:0b:84:df:6f:3c:5a:eb:57:7f:8b:18:
         31:7a:38:34:f7:cb:89:92:19:bf:50:f6:29:b1:8f:d9:04:fa:
         b7:33:82:a3:6a:5f:10:8f:42:95:c9:17:6b:02:5a:7e:0f:b4:
         fd:8d:9d:b1:80:5e:87:93:e0:c0:ac:d4:65:70:34:2e:fb:6e:
         f0:1b:5a:a8:26:32:af:d1:c7:25:41:12:6f:90:5c:29:0b:67:
         91:f0:1c:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ+gEjaiDJHbRbZkQNcbKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5YTdmZjAxMmNiNzJlYTg0ZDFiODNjMDAyYzMyMDNjYzAy
NGU2YTYwHhcNMjUwMTAxMDU0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmVhMjU0ZTcyZjAyNDVlYjJiNjQ0N2VhM2FhZDdkYzNmZTQ3MjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6mpJ4fk5w96ggKOdaAYpXkulGdsB
l1makdJbJdlEl4gEG530qydARzjVb4cKZSxWHumyceyH96qdVhgfHBZNWP4yhGYG
u6L9XTt7GaWdmRCpd3uJIVGBjzG6lf3c9iWdIOWtY48DmuCWWCklskTAsVcV2GMn
wSG52iatxhUGNQQ3L6fEu0LQtiA+pFFUt385ZdDNjsX7BLzJl4oUKR8lxFW4B1Yd
BuMN1+ZPkPO53n84PBLUG0A1WiDbe5Ou+yNab/TDGmV6xb17Ep5B8DHT8C0gTPpv
ayWGQZ79JV1pTrqjB/2yXGWwCbdwC6UeuUI3OreCzlylvWkzQeXRqBWs3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLvqJU5y8CResrZEfqOq19w/5HIvMB8GA1UdIwQY
MBaAFMmn/wEsty6oTRuDwALDIDzAJOamMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWFmX0FTeTNMcWhORzRQQUFzTWdQTUFrNXFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MmZiM2MtNjFhNi00NWNhLWE0N2Ut
ZDJkMTIwOWM0ODI1LzEvdS1vbFRuTHdKRjZ5dGtSLW82clgzRF9rY2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MmZiM2MtNjFhNi00NWNhLWE0N2UtZDJkMTIwOWM0ODI1
LzEveWFmX0FTeTNMcWhORzRQQUFzTWdQTUFrNXFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRwLMA0G
CSqGSIb3DQEBCwUAA4IBAQAJkOBuR7iMzxZitztBwQS8ira9WwEqPFU/+58NIBKH
uFItj6EeI/jSkH7VKfy8nNXHamKyBoP+qx8fljk46Go1LfZM/WL5UIyVJxhszUp9
TllnolFDpv8/npU7+0Oold2cr2Ma8Wch7GhMtyczRBk9pDLZL5ABO7I5lWzvZi5L
IZ0MnbHP0HDfEhQdCmR9MnEUJvXYtbOkJKSWYzyOdtlggV2tlRIvkRqCC4Tfbzxa
61d/ixgxejg098uJkhm/UPYpsY/ZBPq3M4Kjal8Qj0KVyRdrAlp+D7T9jZ2xgF6H
k+DArNRlcDQu+27wG1qoJjKv0cclQRJvkFwpC2eR8Bz7
-----END CERTIFICATE-----