Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/ef61d6-05d1-4fb2-a6ea-425232fd5643/1/bZcXlnVt9TXCSOXEW_tbK9JFnDA.roa
File:                     bZcXlnVt9TXCSOXEW_tbK9JFnDA.roa (raw, json)
Hash identifier:          QoLawtosEpM+IFmVYlosGNqhPmD6XmihZ27v/0SHdH8=
Subject key identifier:   6D:97:17:96:75:6D:F5:35:C2:48:E5:C4:5B:FB:5B:2B:D2:45:9C:30
Certificate issuer:       /CN=cb0ca348ac891c336d8c7945a5bd5b3325eb5f0b
Certificate serial:       01942746E813B3B21BFE23FD07AAFBAD2E5A
Authority key identifier: CB:0C:A3:48:AC:89:1C:33:6D:8C:79:45:A5:BD:5B:33:25:EB:5F:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ywyjSKyJHDNtjHlFpb1bMyXrXws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/ef61d6-05d1-4fb2-a6ea-425232fd5643/1/bZcXlnVt9TXCSOXEW_tbK9JFnDA.roa
Signing time:             Thu 02 Jan 2025 13:49:05 +0000
ROA not before:           Thu 02 Jan 2025 13:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43646
IP address blocks:        91.197.164.0/22 maxlen: 22
                          94.247.232.0/21 maxlen: 21
                          95.81.128.0/18 maxlen: 18
                          185.215.136.0/22 maxlen: 22
                          185.241.96.0/22 maxlen: 22
                          213.205.96.0/19 maxlen: 19
                          217.71.208.0/21 maxlen: 21
                          2a00:1080::/32 maxlen: 32
                          2a02:3e8::/32 maxlen: 32
                          2a02:e10::/32 maxlen: 32
                          2a0c:a080::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:e8:13:b3:b2:1b:fe:23:fd:07:aa:fb:ad:2e:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb0ca348ac891c336d8c7945a5bd5b3325eb5f0b
        Validity
            Not Before: Jan  2 13:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d971796756df535c248e5c45bfb5b2bd2459c30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:cd:0b:c6:43:67:a0:c8:43:33:5b:3d:16:c1:
                    a2:c6:a9:9b:a0:aa:87:de:a6:2b:da:f1:f1:ac:bc:
                    c8:15:dc:9e:66:ef:24:e4:9c:67:03:4c:0c:25:ac:
                    e1:77:cd:9e:3a:00:59:e8:c9:59:a5:da:06:56:f9:
                    40:3f:96:e6:c1:7a:6f:75:8e:cf:05:75:ab:6f:49:
                    96:3d:a6:30:d9:bc:5b:ac:be:72:d4:48:35:44:42:
                    e6:73:81:08:22:aa:47:b1:dd:51:81:0c:de:a7:cd:
                    9f:f3:7c:11:4d:cc:3a:d0:66:a0:97:90:d6:ab:3c:
                    ed:68:4c:9f:c9:98:8c:0a:06:12:88:0f:cc:54:cf:
                    73:a0:c6:66:df:c4:c5:17:3d:ca:f8:20:4e:c9:a7:
                    6f:a6:77:80:aa:ee:16:7f:54:28:25:89:54:4a:bb:
                    a5:f9:21:39:5e:a5:cc:cc:bc:b0:b5:fd:3d:e5:35:
                    f8:76:b5:40:d6:ba:38:a6:9b:3d:89:f9:31:9d:55:
                    2d:25:ac:cc:35:a2:02:4c:f5:cb:be:05:f6:a5:73:
                    ae:f9:cf:12:5f:3f:9a:12:04:32:93:73:ab:54:34:
                    5d:a4:9e:ef:b3:dc:fc:ee:1f:c1:a0:76:75:67:97:
                    45:9c:ee:da:5d:d6:60:83:dc:ed:37:ba:1a:b7:c1:
                    3d:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:97:17:96:75:6D:F5:35:C2:48:E5:C4:5B:FB:5B:2B:D2:45:9C:30
            X509v3 Authority Key Identifier:
                keyid:CB:0C:A3:48:AC:89:1C:33:6D:8C:79:45:A5:BD:5B:33:25:EB:5F:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ywyjSKyJHDNtjHlFpb1bMyXrXws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/ef61d6-05d1-4fb2-a6ea-425232fd5643/1/bZcXlnVt9TXCSOXEW_tbK9JFnDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/ef61d6-05d1-4fb2-a6ea-425232fd5643/1/ywyjSKyJHDNtjHlFpb1bMyXrXws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.164.0/22
                  94.247.232.0/21
                  95.81.128.0/18
                  185.215.136.0/22
                  185.241.96.0/22
                  213.205.96.0/19
                  217.71.208.0/21
                IPv6:
                  2a00:1080::/32
                  2a02:3e8::/32
                  2a02:e10::/32
                  2a0c:a080::/29

    Signature Algorithm: sha256WithRSAEncryption
         7a:bc:47:3c:c5:80:44:80:4d:8d:82:9f:e4:28:4b:71:43:6c:
         2e:8c:68:8a:b9:85:48:31:9c:a0:64:85:73:7a:45:6d:26:de:
         e2:be:3d:98:3d:ab:8b:0a:31:b4:46:84:b9:98:9e:04:d7:be:
         2e:a5:30:ec:51:c2:ba:b5:9b:bf:db:c0:f9:0a:4d:66:74:13:
         e1:c7:90:3c:2f:fd:3c:fb:7b:aa:bf:cc:1e:18:02:ac:6e:ac:
         50:83:cd:af:c9:12:07:c7:de:83:75:07:03:4d:49:cc:45:41:
         12:e4:41:5a:91:1b:e0:eb:c4:52:0e:c3:e6:6e:f1:60:f4:78:
         de:35:5f:c1:f9:36:af:e9:6e:e9:7b:5a:f8:5b:1d:5c:31:5a:
         52:fa:4b:30:53:8e:1e:54:85:2a:67:f9:e5:44:97:0e:7c:79:
         1a:ef:4e:86:c8:14:46:6e:53:cf:dd:9a:40:ac:1b:8d:c8:21:
         5e:de:fa:a6:a9:92:31:fa:16:7f:15:b0:9b:fc:6e:e6:eb:ba:
         87:06:19:a7:12:02:13:45:45:f7:ad:79:79:0e:f8:da:31:f7:
         bf:75:5b:0c:76:38:13:a2:cf:81:49:81:e3:97:90:44:06:c3:
         f2:9a:5b:5e:1b:c4:d8:7d:21:00:b3:8a:9e:41:c8:a5:b7:e3:
         8b:f5:57:cc
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZQnRugTs7Ib/iP9B6r7rS5aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMGNhMzQ4YWM4OTFjMzM2ZDhjNzk0NWE1YmQ1YjMzMjVl
YjVmMGIwHhcNMjUwMTAyMTM0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDk3MTc5Njc1NmRmNTM1YzI0OGU1YzQ1YmZiNWIyYmQyNDU5YzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAps0LxkNnoMhDM1s9FsGixqmboKqH
3qYr2vHxrLzIFdyeZu8k5JxnA0wMJazhd82eOgBZ6MlZpdoGVvlAP5bmwXpvdY7P
BXWrb0mWPaYw2bxbrL5y1Eg1RELmc4EIIqpHsd1RgQzep82f83wRTcw60Gagl5DW
qzztaEyfyZiMCgYSiA/MVM9zoMZm38TFFz3K+CBOyadvpneAqu4Wf1QoJYlUSrul
+SE5XqXMzLywtf095TX4drVA1ro4pps9ifkxnVUtJazMNaICTPXLvgX2pXOu+c8S
Xz+aEgQyk3OrVDRdpJ7vs9z87h/BoHZ1Z5dFnO7aXdZgg9ztN7oat8E9eQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFG2XF5Z1bfU1wkjlxFv7WyvSRZwwMB8GA1UdIwQY
MBaAFMsMo0isiRwzbYx5RaW9WzMl618LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXd5alNLeUpIRE50akhsRnBiMWJNeVhyWHdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9lZjYxZDYtMDVkMS00ZmIyLWE2ZWEt
NDI1MjMyZmQ1NjQzLzEvYlpjWGxuVnQ5VFhDU09YRVdfdGJLOUpGbkRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9lZjYxZDYtMDVkMS00ZmIyLWE2ZWEtNDI1MjMyZmQ1NjQz
LzEveXd5alNLeUpIRE50akhsRnBiMWJNeVhyWHdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjAwBAIAATAqAwQCW8WkAwQD
XvfoAwQGX1GAAwQCudeIAwQCufFgAwQF1c1gAwQD2UfQMCIEAgACMBwDBQAqABCA
AwUAKgID6AMFACoCDhADBQMqDKCAMA0GCSqGSIb3DQEBCwUAA4IBAQB6vEc8xYBE
gE2Ngp/kKEtxQ2wujGiKuYVIMZygZIVzekVtJt7ivj2YPauLCjG0RoS5mJ4E174u
pTDsUcK6tZu/28D5Ck1mdBPhx5A8L/08+3uqv8weGAKsbqxQg82vyRIHx96DdQcD
TUnMRUES5EFakRvg68RSDsPmbvFg9HjeNV/B+Tav6W7pe1r4Wx1cMVpS+kswU44e
VIUqZ/nlRJcOfHka706GyBRGblPP3ZpArBuNyCFe3vqmqZIx+hZ/FbCb/G7m67qH
BhmnEgITRUX3rXl5DvjaMfe/dVsMdjgTos+BSYHjl5BEBsPymlteG8TYfSEAs4qe
Qcilt+OL9VfM
-----END CERTIFICATE-----