Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/011b5d-652e-452a-96c9-d8ec2cbcad26/1/VUyZ_zKhYSMF7CpPOWFsSapK1tk.roa
File:                     VUyZ_zKhYSMF7CpPOWFsSapK1tk.roa (raw, json)
Hash identifier:          fLzRsJYT3JBvdVXuFhvXEM3hZiRHVYIv+xDZIaxAjAU=
Subject key identifier:   55:4C:99:FF:32:A1:61:23:05:EC:2A:4F:39:61:6C:49:AA:4A:D6:D9
Certificate issuer:       /CN=577c0cd5a4cfd83d491d627d8b0fccb670e81534
Certificate serial:       019422FB4FC9A3F9CBDF1610677CF39D7758
Authority key identifier: 57:7C:0C:D5:A4:CF:D8:3D:49:1D:62:7D:8B:0F:CC:B6:70:E8:15:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V3wM1aTP2D1JHWJ9iw_MtnDoFTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/011b5d-652e-452a-96c9-d8ec2cbcad26/1/VUyZ_zKhYSMF7CpPOWFsSapK1tk.roa
Signing time:             Wed 01 Jan 2025 17:48:02 +0000
ROA not before:           Wed 01 Jan 2025 17:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43775
IP address blocks:        91.147.128.0/19 maxlen: 19
                          91.147.128.0/24 maxlen: 24
                          91.147.129.0/24 maxlen: 24
                          91.147.132.0/24 maxlen: 24
                          91.147.133.0/24 maxlen: 24
                          91.147.134.0/24 maxlen: 24
                          91.147.135.0/24 maxlen: 24
                          91.147.152.0/24 maxlen: 24
                          91.147.153.0/24 maxlen: 24
                          91.147.154.0/24 maxlen: 24
                          91.147.156.0/24 maxlen: 24
                          91.147.157.0/24 maxlen: 24
                          91.147.158.0/24 maxlen: 24
                          91.147.159.0/24 maxlen: 24
                          91.147.160.0/20 maxlen: 20
                          91.147.160.0/24 maxlen: 24
                          91.147.161.0/24 maxlen: 24
                          91.147.162.0/24 maxlen: 24
                          91.147.163.0/24 maxlen: 24
                          91.147.164.0/24 maxlen: 24
                          91.147.170.0/24 maxlen: 24
                          91.147.171.0/24 maxlen: 24
                          91.147.173.0/24 maxlen: 24
                          91.147.175.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:4f:c9:a3:f9:cb:df:16:10:67:7c:f3:9d:77:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=577c0cd5a4cfd83d491d627d8b0fccb670e81534
        Validity
            Not Before: Jan  1 17:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=554c99ff32a1612305ec2a4f39616c49aa4ad6d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:23:a9:9e:54:5c:d3:2c:8d:72:d9:d8:fd:67:
                    3e:71:6b:6b:8f:34:f1:df:19:0c:47:64:1e:a1:0b:
                    ff:05:cf:e6:d6:87:d5:72:a4:5e:91:f5:dd:82:27:
                    a4:ac:fb:7f:3a:d1:2b:0b:29:36:43:57:0b:cc:49:
                    6e:2b:3d:c3:ff:b9:4c:f0:4c:2a:77:9d:99:ab:9e:
                    60:07:1e:e0:57:96:22:7b:8b:a6:8f:96:90:80:3d:
                    8c:86:96:96:ca:df:83:62:07:e0:e6:62:f5:73:cc:
                    33:f7:c0:2b:1c:94:e0:79:ba:de:c9:de:54:0a:54:
                    98:6f:30:d8:98:be:bb:0e:14:2e:9e:a6:73:3a:67:
                    51:69:d7:fd:83:f5:8f:2f:ee:ef:9a:cf:81:3d:a7:
                    ac:b3:2c:1e:54:48:d7:84:43:2e:af:e8:61:c3:e0:
                    3c:75:9e:ad:e6:74:95:96:31:be:cd:71:d8:0e:3f:
                    d0:43:21:14:45:2a:07:bd:47:de:43:b4:50:47:3f:
                    d8:3a:b4:c2:b2:0e:97:06:fb:f0:5b:0d:6f:d6:9b:
                    23:b0:48:9f:59:e1:2d:d7:e6:9a:4b:75:71:55:9c:
                    2d:dc:3a:c5:0a:af:2b:f6:d6:48:9b:7d:e6:d0:8c:
                    38:9b:8c:1e:3f:2a:c3:df:bd:ea:eb:c8:4d:cf:0d:
                    d3:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:4C:99:FF:32:A1:61:23:05:EC:2A:4F:39:61:6C:49:AA:4A:D6:D9
            X509v3 Authority Key Identifier:
                keyid:57:7C:0C:D5:A4:CF:D8:3D:49:1D:62:7D:8B:0F:CC:B6:70:E8:15:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V3wM1aTP2D1JHWJ9iw_MtnDoFTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/011b5d-652e-452a-96c9-d8ec2cbcad26/1/VUyZ_zKhYSMF7CpPOWFsSapK1tk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/011b5d-652e-452a-96c9-d8ec2cbcad26/1/V3wM1aTP2D1JHWJ9iw_MtnDoFTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.147.128.0-91.147.175.255

    Signature Algorithm: sha256WithRSAEncryption
         0b:40:ef:1b:1a:6a:39:10:ab:5d:e0:bb:2e:ec:e3:fc:34:1a:
         6e:39:d8:79:1c:76:11:b8:19:63:d8:e2:c4:fa:ea:7f:e1:af:
         06:f1:15:ce:74:47:56:9e:8b:12:1e:a4:8e:86:72:5e:14:98:
         63:c2:8c:8d:1c:68:17:25:f3:38:f4:8f:cd:e5:3c:b6:21:5a:
         a3:59:db:e2:08:37:91:ff:f8:50:f3:0d:76:e9:64:f8:8b:5a:
         15:a1:08:68:09:99:d9:58:62:25:ea:f3:03:77:dc:ee:c5:8e:
         94:a6:a7:bc:10:15:69:01:90:a7:b4:a6:3d:34:c1:d0:fc:b9:
         6e:45:b5:f7:65:af:ff:72:84:c7:1b:a1:25:89:1e:cf:a8:23:
         aa:ab:af:45:7c:b4:c9:61:82:a7:c4:a4:9f:03:4c:a8:18:76:
         42:ed:25:0a:32:f6:fc:ed:20:c8:90:18:b3:39:1d:ab:5d:e4:
         fb:57:b1:18:e2:8f:02:40:fb:84:4b:dc:d3:ca:80:13:27:16:
         13:11:b1:b6:ba:a4:b8:dd:a4:5c:70:14:05:a3:eb:71:3b:64:
         b8:32:a9:77:4f:b4:67:a5:49:16:77:d0:aa:08:ed:4e:46:e0:
         1c:08:c4:82:90:ff:f6:e0:95:bd:0f:b1:93:94:3f:3c:b2:2a:
         28:6d:d1:2b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi+0/Jo/nL3xYQZ3zznXdYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3N2MwY2Q1YTRjZmQ4M2Q0OTFkNjI3ZDhiMGZjY2I2NzBl
ODE1MzQwHhcNMjUwMTAxMTc0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTRjOTlmZjMyYTE2MTIzMDVlYzJhNGYzOTYxNmM0OWFhNGFkNmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCOpnlRc0yyNctnY/Wc+cWtrjzTx
3xkMR2QeoQv/Bc/m1ofVcqRekfXdgiekrPt/OtErCyk2Q1cLzEluKz3D/7lM8Ewq
d52Zq55gBx7gV5Yie4umj5aQgD2MhpaWyt+DYgfg5mL1c8wz98ArHJTgebreyd5U
ClSYbzDYmL67DhQunqZzOmdRadf9g/WPL+7vms+BPaessyweVEjXhEMur+hhw+A8
dZ6t5nSVljG+zXHYDj/QQyEURSoHvUfeQ7RQRz/YOrTCsg6XBvvwWw1v1psjsEif
WeEt1+aaS3VxVZwt3DrFCq8r9tZIm33m0Iw4m4wePyrD373q68hNzw3TnQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFVMmf8yoWEjBewqTzlhbEmqStbZMB8GA1UdIwQY
MBaAFFd8DNWkz9g9SR1ifYsPzLZw6BU0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjN3TTFhVFAyRDFKSFdKOWl3X010bkRvRlRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8wMTFiNWQtNjUyZS00NTJhLTk2Yzkt
ZDhlYzJjYmNhZDI2LzEvVlV5Wl96S2hZU01GN0NwUE9XRnNTYXBLMXRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8wMTFiNWQtNjUyZS00NTJhLTk2YzktZDhlYzJjYmNhZDI2
LzEvVjN3TTFhVFAyRDFKSFdKOWl3X010bkRvRlRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAdbk4AD
BARbk6AwDQYJKoZIhvcNAQELBQADggEBAAtA7xsaajkQq13guy7s4/w0Gm452Hkc
dhG4GWPY4sT66n/hrwbxFc50R1aeixIepI6Gcl4UmGPCjI0caBcl8zj0j83lPLYh
WqNZ2+IIN5H/+FDzDXbpZPiLWhWhCGgJmdlYYiXq8wN33O7FjpSmp7wQFWkBkKe0
pj00wdD8uW5Ftfdlr/9yhMcboSWJHs+oI6qrr0V8tMlhgqfEpJ8DTKgYdkLtJQoy
9vztIMiQGLM5Hatd5PtXsRjijwJA+4RL3NPKgBMnFhMRsba6pLjdpFxwFAWj63E7
ZLgyqXdPtGelSRZ30KoI7U5G4BwIxIKQ//bglb0PsZOUPzyyKiht0Ss=
-----END CERTIFICATE-----