Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/vr_SbZ-644shZ4cyEDTHSHJJoYU.roa
File:                     vr_SbZ-644shZ4cyEDTHSHJJoYU.roa (raw, json)
Hash identifier:          1DrZeBty/HE5J5s14YXIaJNdNIipljnGXFNk7Y/5euk=
Subject key identifier:   BE:BF:D2:6D:9F:BA:E3:8B:21:67:87:32:10:34:C7:48:72:49:A1:85
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       01920E05B9DB4080DDE5F5D313DAC87ED144
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/vr_SbZ-644shZ4cyEDTHSHJJoYU.roa
Signing time:             Fri 20 Sep 2024 06:01:49 +0000
ROA not before:           Fri 20 Sep 2024 06:01:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47814
IP address blocks:        46.19.204.251/32 maxlen: 32
                          46.19.205.0/24 maxlen: 24
                          46.19.206.0/24 maxlen: 24
                          80.81.44.0/24 maxlen: 24
                          80.81.46.0/23 maxlen: 23
                          83.223.139.0/24 maxlen: 24
                          83.223.149.0/24 maxlen: 24
                          94.101.224.0/24 maxlen: 24
                          94.101.233.206/32 maxlen: 32
                          94.101.234.0/24 maxlen: 24
                          94.101.238.0/24 maxlen: 24
                          217.69.115.0/24 maxlen: 24
                          217.69.117.0/24 maxlen: 24
                          217.69.118.0/24 maxlen: 24
                          2001:1bf8::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:0e:05:b9:db:40:80:dd:e5:f5:d3:13:da:c8:7e:d1:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Sep 20 06:01:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bebfd26d9fbae38b216787321034c7487249a185
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:25:72:a3:90:c5:20:ed:e5:64:fa:2a:bd:62:
                    f8:a6:bb:8a:02:9e:74:4a:85:f9:4f:8f:69:bf:d8:
                    91:6c:61:c4:81:a0:df:7c:46:5a:d5:6a:c5:7f:e4:
                    2e:e4:5b:a8:b4:51:51:24:8e:64:a7:4b:40:f0:30:
                    70:12:90:09:8e:16:25:d5:e0:88:6e:ad:1d:54:ae:
                    30:61:68:34:84:38:15:71:48:21:25:c6:0d:5c:9e:
                    bf:e7:d5:6f:2d:da:a3:33:ad:37:1c:92:56:7c:5c:
                    95:ef:60:0a:6f:1b:1d:c2:8a:1c:c0:c3:1c:5a:64:
                    00:81:fd:bc:00:95:a8:cd:65:69:8a:82:0e:0b:39:
                    8b:f0:62:02:b2:e5:21:cb:11:ab:b1:c3:71:a0:28:
                    26:f3:8b:f2:a8:6e:79:6e:2a:f3:32:8a:ca:b7:fd:
                    bb:41:93:40:e3:2d:9d:b2:8c:18:f6:cb:f6:2e:03:
                    06:59:0d:2f:5c:a6:bb:53:1f:65:18:aa:b5:5c:96:
                    39:76:bb:69:39:7a:39:86:18:17:f2:30:dd:06:56:
                    63:83:35:47:94:60:f8:44:c4:ac:3f:50:74:b4:bc:
                    b3:9f:12:92:40:f2:46:2a:1c:ef:60:a3:87:b5:2a:
                    a3:54:80:9e:b2:e0:ac:68:31:d4:2d:9d:56:31:4c:
                    b5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:BF:D2:6D:9F:BA:E3:8B:21:67:87:32:10:34:C7:48:72:49:A1:85
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/vr_SbZ-644shZ4cyEDTHSHJJoYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.19.204.251/32
                  46.19.205.0-46.19.206.255
                  80.81.44.0/24
                  80.81.46.0/23
                  83.223.139.0/24
                  83.223.149.0/24
                  94.101.224.0/24
                  94.101.233.206/32
                  94.101.234.0/24
                  94.101.238.0/24
                  217.69.115.0/24
                  217.69.117.0-217.69.118.255
                IPv6:
                  2001:1bf8::/29

    Signature Algorithm: sha256WithRSAEncryption
         9e:b9:0d:b7:49:4e:41:30:ca:d5:13:90:f5:e3:3e:96:a1:4e:
         21:10:01:6d:93:87:d9:15:d7:8e:7a:8a:b9:f6:04:64:a8:30:
         be:c6:13:a6:9c:90:04:77:3e:25:ad:b1:83:9d:fc:1e:ae:b0:
         92:e7:4c:69:48:e8:c7:7b:1d:d5:54:5a:64:c6:82:88:61:34:
         a5:72:a1:72:b9:7a:d6:7e:c9:77:7d:54:c1:d4:93:46:26:61:
         d9:a8:66:35:52:7e:48:04:20:bb:8f:91:96:00:73:fc:1c:fe:
         48:a4:1a:25:d0:50:53:02:6c:31:8c:a6:d0:51:33:88:2a:5c:
         ae:75:7b:cd:0b:42:62:f9:d9:76:64:da:e2:2b:18:36:9a:9f:
         0b:c3:6d:bf:6f:de:7b:ec:53:c0:4e:08:46:14:56:24:2c:fa:
         46:4d:dc:f6:22:f1:b9:ab:5e:ae:29:58:cb:3c:42:7f:c5:63:
         3c:96:7c:64:da:16:87:33:a5:18:15:3c:e8:68:45:5d:26:21:
         9d:d3:f8:41:ab:10:21:12:c3:3c:5f:b8:5c:b3:32:54:3b:e9:
         ef:34:22:8e:1a:09:72:bc:30:6f:54:0f:96:59:a9:b3:44:48:
         f7:e9:77:86:7f:b5:1b:98:2c:bd:97:36:61:bd:19:0a:ad:45:
         50:62:fb:32
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAZIOBbnbQIDd5fXTE9rIftFEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwOTIwMDYwMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWJmZDI2ZDlmYmFlMzhiMjE2Nzg3MzIxMDM0Yzc0ODcyNDlhMTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAliVyo5DFIO3lZPoqvWL4pruKAp50
SoX5T49pv9iRbGHEgaDffEZa1WrFf+Qu5FuotFFRJI5kp0tA8DBwEpAJjhYl1eCI
bq0dVK4wYWg0hDgVcUghJcYNXJ6/59VvLdqjM603HJJWfFyV72AKbxsdwoocwMMc
WmQAgf28AJWozWVpioIOCzmL8GICsuUhyxGrscNxoCgm84vyqG55birzMorKt/27
QZNA4y2dsowY9sv2LgMGWQ0vXKa7Ux9lGKq1XJY5drtpOXo5hhgX8jDdBlZjgzVH
lGD4RMSsP1B0tLyznxKSQPJGKhzvYKOHtSqjVICesuCsaDHULZ1WMUy1VwIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFL6/0m2fuuOLIWeHMhA0x0hySaGFMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvdnJfU2JaLTY0NHNoWjRjeUVEVEhTSEpKb1lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwYAQCAAEwWgMFAC4TzPsw
DAMEAC4TzQMEAC4TzgMEAFBRLAMEAVBRLgMEAFPfiwMEAFPflQMEAF5l4AMFAF5l
6c4DBABeZeoDBABeZe4DBADZRXMwDAMEANlFdQMEANlFdjANBAIAAjAHAwUDIAEb
+DANBgkqhkiG9w0BAQsFAAOCAQEAnrkNt0lOQTDK1ROQ9eM+lqFOIRABbZOH2RXX
jnqKufYEZKgwvsYTppyQBHc+Ja2xg538Hq6wkudMaUjox3sd1VRaZMaCiGE0pXKh
crl61n7Jd31UwdSTRiZh2ahmNVJ+SAQgu4+RlgBz/Bz+SKQaJdBQUwJsMYym0FEz
iCpcrnV7zQtCYvnZdmTa4isYNpqfC8Ntv2/ee+xTwE4IRhRWJCz6Rk3c9iLxuate
rilYyzxCf8VjPJZ8ZNoWhzOlGBU86GhFXSYhndP4QasQIRLDPF+4XLMyVDvp7zQi
jhoJcrwwb1QPllmps0RI9+l3hn+1G5gsvZc2Yb0ZCq1FUGL7Mg==
-----END CERTIFICATE-----