Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/UKY-oSMIFmmicltNFFzSJHvvmLM.roa
File:                     UKY-oSMIFmmicltNFFzSJHvvmLM.roa (raw, json)
Hash identifier:          cA262Na30QfQdhfhBPxJOrAeDIB1dyAnD2XIGiuSUOI=
Subject key identifier:   50:A6:3E:A1:23:08:16:69:A2:72:5B:4D:14:5C:D2:24:7B:EF:98:B3
Certificate issuer:       /CN=b498c97b14c374a52833db6a4007b54b4662c5a9
Certificate serial:       01941FFA0D8CF697DCAF9BB1ED91AA072EFD
Authority key identifier: B4:98:C9:7B:14:C3:74:A5:28:33:DB:6A:40:07:B5:4B:46:62:C5:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tJjJexTDdKUoM9tqQAe1S0Zixak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/UKY-oSMIFmmicltNFFzSJHvvmLM.roa
Signing time:             Wed 01 Jan 2025 03:47:48 +0000
ROA not before:           Wed 01 Jan 2025 03:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39238
IP address blocks:        91.196.161.0/24 maxlen: 24
                          91.196.162.0/24 maxlen: 24
                          91.196.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/tJjJexTDdKUoM9tqQAe1S0Zixak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/tJjJexTDdKUoM9tqQAe1S0Zixak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tJjJexTDdKUoM9tqQAe1S0Zixak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:0d:8c:f6:97:dc:af:9b:b1:ed:91:aa:07:2e:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b498c97b14c374a52833db6a4007b54b4662c5a9
        Validity
            Not Before: Jan  1 03:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50a63ea123081669a2725b4d145cd2247bef98b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:9f:6e:df:30:a0:d7:ef:7f:55:a3:1f:e1:cf:
                    ce:47:18:3a:f6:59:24:e2:90:57:1d:db:c9:c5:1b:
                    30:a6:7f:1e:8f:91:25:60:72:fe:88:a5:d8:6b:4e:
                    65:9b:cd:62:3e:36:0a:96:fc:d3:92:fd:41:34:87:
                    58:1a:58:02:da:8c:2b:7f:7b:f1:e8:0c:bd:2c:3b:
                    34:d0:4e:a4:b7:a3:41:a0:c3:79:13:b0:e5:83:a2:
                    d7:34:6f:8c:d5:1d:99:a6:1e:e2:11:a0:10:fe:f6:
                    d5:d7:dd:e1:24:f6:ad:cb:25:bb:4a:5d:3f:80:2b:
                    2e:82:f5:11:0a:3f:6e:0a:d1:80:ab:16:5b:18:ea:
                    fa:c8:1f:de:14:d0:cb:86:dd:e9:ea:a8:d7:8d:3e:
                    5d:40:7a:9b:fd:ed:33:72:a4:ae:39:67:ba:6e:6f:
                    44:1b:0e:00:2f:de:44:a2:67:39:ec:f4:5d:71:5f:
                    30:4f:a1:0d:50:8f:5c:59:1d:98:ec:b5:39:8e:20:
                    7f:30:a2:ed:02:d2:b6:87:28:0c:70:f9:46:45:4d:
                    45:ac:6f:a0:e1:93:4e:b4:f2:16:01:dd:8c:16:fd:
                    db:5f:24:22:ef:1a:82:27:a7:d6:17:00:27:41:d9:
                    00:80:61:4f:f0:11:b1:48:43:37:3c:48:2e:72:b6:
                    0b:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:A6:3E:A1:23:08:16:69:A2:72:5B:4D:14:5C:D2:24:7B:EF:98:B3
            X509v3 Authority Key Identifier:
                keyid:B4:98:C9:7B:14:C3:74:A5:28:33:DB:6A:40:07:B5:4B:46:62:C5:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tJjJexTDdKUoM9tqQAe1S0Zixak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/UKY-oSMIFmmicltNFFzSJHvvmLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/tJjJexTDdKUoM9tqQAe1S0Zixak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.161.0-91.196.163.255

    Signature Algorithm: sha256WithRSAEncryption
         4b:10:41:e6:72:f8:19:7f:6b:3d:bb:57:8d:2e:1e:e6:f1:6a:
         34:fc:77:44:a2:2c:3e:ac:1f:e3:7c:ae:17:3c:2b:54:17:7a:
         5c:b9:c4:ba:e8:35:16:ef:ba:9b:ba:61:f3:d8:e4:81:59:79:
         86:db:03:d9:07:3c:0e:9e:e6:53:f5:45:e2:53:30:fe:8f:3a:
         0f:81:ce:e5:2b:7d:2c:a8:16:53:93:c4:d9:49:64:1c:5c:4c:
         79:0b:3e:c4:10:6e:a8:83:6f:2c:81:1f:af:66:4e:e2:fd:0e:
         14:06:ef:85:05:83:f3:5b:f3:62:86:3f:d7:b2:5a:da:35:52:
         25:4e:c6:d5:fe:89:88:18:54:17:22:47:cf:d9:07:36:e9:7c:
         0d:65:82:b5:59:00:0f:06:58:26:44:dd:bd:e3:b1:ae:c2:51:
         d6:60:5d:f7:99:1c:c1:2f:3a:5e:f6:2c:0f:4b:25:68:32:15:
         5c:aa:26:06:5a:76:d0:cd:1c:02:18:b1:2f:d6:1d:7e:b1:0a:
         24:cf:dd:9a:70:96:41:f0:09:04:84:63:15:26:b6:39:83:9c:
         ab:85:95:26:0f:55:b5:fc:6a:76:b8:47:72:7d:5b:36:f9:ce:
         ba:1d:c0:6d:a0:83:56:fe:fc:de:d3:28:44:84:11:b5:fa:16:
         c0:3c:8e:91
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQf+g2M9pfcr5ux7ZGqBy79MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0OThjOTdiMTRjMzc0YTUyODMzZGI2YTQwMDdiNTRiNDY2
MmM1YTkwHhcNMjUwMTAxMDM0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGE2M2VhMTIzMDgxNjY5YTI3MjViNGQxNDVjZDIyNDdiZWY5OGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0p9u3zCg1+9/VaMf4c/ORxg69lkk
4pBXHdvJxRswpn8ej5ElYHL+iKXYa05lm81iPjYKlvzTkv1BNIdYGlgC2owrf3vx
6Ay9LDs00E6kt6NBoMN5E7Dlg6LXNG+M1R2Zph7iEaAQ/vbV193hJPatyyW7Sl0/
gCsugvURCj9uCtGAqxZbGOr6yB/eFNDLht3p6qjXjT5dQHqb/e0zcqSuOWe6bm9E
Gw4AL95Eomc57PRdcV8wT6ENUI9cWR2Y7LU5jiB/MKLtAtK2hygMcPlGRU1FrG+g
4ZNOtPIWAd2MFv3bXyQi7xqCJ6fWFwAnQdkAgGFP8BGxSEM3PEgucrYLRQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFCmPqEjCBZponJbTRRc0iR775izMB8GA1UdIwQY
MBaAFLSYyXsUw3SlKDPbakAHtUtGYsWpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEpqSmV4VERkS1VvTTl0cVFBZTFTMFppeGFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8xNDcwZjUtYzMxNi00ZmZmLTljMzct
ODY1NDI2NjQ1N2M2LzEvVUtZLW9TTUlGbW1pY2x0TkZGelNKSHZ2bUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8xNDcwZjUtYzMxNi00ZmZmLTljMzctODY1NDI2NjQ1N2M2
LzEvdEpqSmV4VERkS1VvTTl0cVFBZTFTMFppeGFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABbxKED
BAJbxKAwDQYJKoZIhvcNAQELBQADggEBAEsQQeZy+Bl/az27V40uHubxajT8d0Si
LD6sH+N8rhc8K1QXely5xLroNRbvupu6YfPY5IFZeYbbA9kHPA6e5lP1ReJTMP6P
Og+BzuUrfSyoFlOTxNlJZBxcTHkLPsQQbqiDbyyBH69mTuL9DhQG74UFg/Nb82KG
P9eyWto1UiVOxtX+iYgYVBciR8/ZBzbpfA1lgrVZAA8GWCZE3b3jsa7CUdZgXfeZ
HMEvOl72LA9LJWgyFVyqJgZadtDNHAIYsS/WHX6xCiTP3ZpwlkHwCQSEYxUmtjmD
nKuFlSYPVbX8ana4R3J9Wzb5zrodwG2gg1b+/N7TKESEEbX6FsA8jpE=
-----END CERTIFICATE-----