Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1enJwr-6ka1eThUUmLV_6Mstda0.roa
File:                     1enJwr-6ka1eThUUmLV_6Mstda0.roa (raw, json)
Hash identifier:          ZICt+SFtKMtrBbM8IT7cZwYCtWbrimfuXseU7+Z8Reo=
Subject key identifier:   D5:E9:C9:C2:BF:BA:91:AD:5E:4E:15:14:98:B5:7F:E8:CB:2D:75:AD
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       018F5E63E79C47CEE8DA13BD3633DB48AA35
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1enJwr-6ka1eThUUmLV_6Mstda0.roa
Signing time:             Thu 09 May 2024 17:25:56 +0000
ROA not before:           Thu 09 May 2024 17:25:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        62.164.224.0/20 maxlen: 20
                          66.9.96.0/20 maxlen: 24
                          77.223.192.0/21 maxlen: 24
                          77.223.200.0/23 maxlen: 24
                          79.139.64.0/23 maxlen: 24
                          93.119.184.0/21 maxlen: 24
                          95.178.8.0/21 maxlen: 24
                          116.50.16.0/21 maxlen: 24
                          121.127.56.0/21 maxlen: 24
                          176.222.48.0/22 maxlen: 24
                          192.200.192.0/19 maxlen: 24
                          198.145.112.0/22 maxlen: 24
                          212.32.96.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5e:63:e7:9c:47:ce:e8:da:13:bd:36:33:db:48:aa:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: May  9 17:25:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5e9c9c2bfba91ad5e4e151498b57fe8cb2d75ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:66:f1:a5:c5:37:93:08:76:03:e9:39:0f:f8:
                    70:07:bc:2b:ca:45:4c:88:fc:c6:d7:7a:27:b3:d3:
                    ee:91:be:43:db:ec:f0:b1:56:4a:88:b7:2f:bc:b2:
                    71:cf:cc:89:93:3f:69:d5:91:03:0a:a4:5b:ba:65:
                    c7:2c:a1:c9:bf:f5:3b:7f:92:c4:b6:65:34:66:9b:
                    52:9f:50:58:ad:ae:d2:1c:72:62:b3:96:97:63:83:
                    b4:99:99:1d:15:33:41:40:7d:37:e7:da:61:6e:46:
                    80:ba:f4:dc:63:28:88:fe:f8:f0:a3:50:fe:c0:b3:
                    8f:86:56:2c:96:90:94:72:3b:22:f9:2d:db:d2:e3:
                    76:28:f3:bf:3c:64:32:02:f6:5a:22:51:69:54:7e:
                    6d:b7:fe:5f:c5:cb:a2:33:51:f8:7b:3d:e6:92:b5:
                    4d:38:be:20:9c:2d:82:d8:54:b5:6e:16:02:13:0f:
                    10:7b:4e:42:cf:3b:cb:4a:e0:f6:2e:94:ad:90:8a:
                    9f:6e:aa:c3:c7:eb:9f:84:16:20:aa:8b:e4:c4:f2:
                    ec:54:12:d6:6b:d2:0f:43:d6:2e:c8:ca:71:68:0e:
                    63:9a:aa:41:f1:5d:c3:d5:54:9b:43:84:7d:19:6c:
                    59:e6:22:d6:f0:c4:7f:50:25:66:82:2a:55:46:19:
                    45:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:E9:C9:C2:BF:BA:91:AD:5E:4E:15:14:98:B5:7F:E8:CB:2D:75:AD
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1enJwr-6ka1eThUUmLV_6Mstda0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.224.0/20
                  66.9.96.0/20
                  77.223.192.0-77.223.201.255
                  79.139.64.0/23
                  93.119.184.0/21
                  95.178.8.0/21
                  116.50.16.0/21
                  121.127.56.0/21
                  176.222.48.0/22
                  192.200.192.0/19
                  198.145.112.0/22
                  212.32.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         85:27:3a:c8:2a:64:72:48:b2:a3:fa:3f:4c:4a:e4:84:a1:1b:
         fb:c7:74:14:47:b9:9b:f7:b8:b1:69:34:b7:5b:e9:48:91:bc:
         a2:5b:a7:95:eb:3d:7f:ba:6a:13:8e:00:20:ae:64:f2:2d:60:
         27:78:15:38:3a:ff:63:18:79:b4:8d:a0:34:aa:de:0b:63:e6:
         06:37:c0:14:6e:76:45:c4:99:ca:49:34:59:f6:b0:d6:0a:eb:
         98:13:29:a8:a3:d1:3c:4c:fe:4b:ed:5b:66:f1:61:56:5c:0a:
         36:d4:f4:c8:02:8a:aa:ee:78:f3:ba:a7:44:be:e8:b7:a7:48:
         33:89:bd:e2:3e:9a:73:73:4f:e5:7f:d4:20:08:84:85:1e:40:
         ea:1f:b7:5a:ab:96:a7:39:64:58:12:16:7a:01:c3:dd:cd:ac:
         f7:1c:2e:2e:9b:6f:ef:96:52:06:5d:5f:13:d4:16:37:e1:25:
         e4:93:5f:7d:66:b7:aa:ee:6c:60:3c:81:9a:d1:75:81:65:8e:
         c1:c2:c0:db:81:de:9a:a2:3a:bf:73:12:11:5d:ee:14:f1:1a:
         d2:fe:19:63:89:b6:95:fb:b2:7d:b3:f7:9a:36:9d:bf:27:32:
         1d:16:8a:6c:5f:41:52:1a:f3:fb:fc:23:df:2d:e1:58:db:b7:
         d0:6f:33:65
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAY9eY+ecR87o2hO9NjPbSKo1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwNTA5MTcyNTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWU5YzljMmJmYmE5MWFkNWU0ZTE1MTQ5OGI1N2ZlOGNiMmQ3NWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGbxpcU3kwh2A+k5D/hwB7wrykVM
iPzG13ons9Pukb5D2+zwsVZKiLcvvLJxz8yJkz9p1ZEDCqRbumXHLKHJv/U7f5LE
tmU0ZptSn1BYra7SHHJis5aXY4O0mZkdFTNBQH0359phbkaAuvTcYyiI/vjwo1D+
wLOPhlYslpCUcjsi+S3b0uN2KPO/PGQyAvZaIlFpVH5tt/5fxcuiM1H4ez3mkrVN
OL4gnC2C2FS1bhYCEw8Qe05CzzvLSuD2LpStkIqfbqrDx+ufhBYgqovkxPLsVBLW
a9IPQ9YuyMpxaA5jmqpB8V3D1VSbQ4R9GWxZ5iLW8MR/UCVmgipVRhlF8QIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFNXpycK/upGtXk4VFJi1f+jLLXWtMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvMWVuSndyLTZrYTFlVGhVVW1MVl82TXN0ZGEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQEPqTgAwQE
QglgMAwDBAZN38ADBAFN38gDBAFPi0ADBANdd7gDBANfsggDBAN0MhADBAN5fzgD
BAKw3jADBAXAyMADBALGkXADBATUIGAwDQYJKoZIhvcNAQELBQADggEBAIUnOsgq
ZHJIsqP6P0xK5IShG/vHdBRHuZv3uLFpNLdb6UiRvKJbp5XrPX+6ahOOACCuZPIt
YCd4FTg6/2MYebSNoDSq3gtj5gY3wBRudkXEmcpJNFn2sNYK65gTKaij0TxM/kvt
W2bxYVZcCjbU9MgCiqruePO6p0S+6LenSDOJveI+mnNzT+V/1CAIhIUeQOoft1qr
lqc5ZFgSFnoBw93NrPccLi6bb++WUgZdXxPUFjfhJeSTX31mt6rubGA8gZrRdYFl
jsHCwNuB3pqiOr9zEhFd7hTxGtL+GWOJtpX7sn2z95o2nb8nMh0WimxfQVIa8/v8
I98t4Vjbt9BvM2U=
-----END CERTIFICATE-----