Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/ysibzsONFpyNAtuXpUifxvA1QaM.roa
File:                     ysibzsONFpyNAtuXpUifxvA1QaM.roa (raw, json)
Hash identifier:          zC93yIFX6WjKFEjG+j03DkiiYurXSe8yZy0kiGE5C2E=
Subject key identifier:   CA:C8:9B:CE:C3:8D:16:9C:8D:02:DB:97:A5:48:9F:C6:F0:35:41:A3
Certificate issuer:       /CN=fd3a1e8465bfc4df700894372d0b9808e8b629ea
Certificate serial:       019424455A4786FE007EFAD6BD2BE262FDDA
Authority key identifier: FD:3A:1E:84:65:BF:C4:DF:70:08:94:37:2D:0B:98:08:E8:B6:29:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_ToehGW_xN9wCJQ3LQuYCOi2Keo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/ysibzsONFpyNAtuXpUifxvA1QaM.roa
Signing time:             Wed 01 Jan 2025 23:48:32 +0000
ROA not before:           Wed 01 Jan 2025 23:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47692
IP address blocks:        5.183.173.0/24 maxlen: 24
                          5.183.174.0/23 maxlen: 23
                          45.155.244.0/22 maxlen: 24
                          77.244.240.0/20 maxlen: 24
                          83.137.112.0/21 maxlen: 24
                          84.242.8.0/21 maxlen: 24
                          92.42.136.0/21 maxlen: 24
                          146.255.56.0/21 maxlen: 24
                          192.166.241.0/24 maxlen: 24
                          192.166.242.0/23 maxlen: 23
                          212.232.24.0/21 maxlen: 24
                          217.74.8.0/21 maxlen: 24
                          2a02:1b8::/29 maxlen: 48
                          2a02:1b9::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:5a:47:86:fe:00:7e:fa:d6:bd:2b:e2:62:fd:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd3a1e8465bfc4df700894372d0b9808e8b629ea
        Validity
            Not Before: Jan  1 23:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cac89bcec38d169c8d02db97a5489fc6f03541a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:39:b1:ce:e9:3e:2e:f2:02:00:49:11:f0:87:
                    7a:cc:73:65:94:db:ac:52:c8:57:ce:92:33:84:8a:
                    3d:eb:9b:2e:ed:4f:3d:31:63:f0:bb:4b:b8:e2:a9:
                    dd:3b:79:80:88:3c:be:15:7e:1a:0f:ff:11:26:2d:
                    80:4e:ef:dd:90:db:06:c9:30:71:d2:1a:50:94:6b:
                    55:e0:b9:2f:9f:5f:91:52:a0:1e:9d:00:04:7c:38:
                    17:dc:a9:db:ad:27:38:6d:08:e1:2b:46:4d:ee:a6:
                    0b:b0:4d:c7:c7:91:d6:06:f2:72:59:2f:8d:39:26:
                    8d:68:d5:91:18:1a:c2:07:ab:62:79:a4:68:2d:6f:
                    cb:a4:50:8d:ad:db:d7:90:f6:f5:52:e8:65:ee:aa:
                    7e:2c:51:b9:98:a6:d8:0e:9a:c6:56:bf:a0:80:87:
                    58:e2:7a:d6:1a:c2:a6:68:4d:64:6f:bb:9c:c4:fb:
                    1b:5c:97:ac:6a:cf:ee:83:d8:7a:36:24:86:e7:d4:
                    c6:39:fc:b8:11:fa:9a:11:cf:ef:86:a5:35:98:3f:
                    a9:e4:50:f8:62:f6:5c:30:75:78:4d:64:98:7a:da:
                    09:4a:2a:c3:75:40:63:16:b3:94:d8:11:92:ce:a6:
                    9a:1b:6f:ac:11:89:61:ee:f9:4b:f1:be:7e:fd:50:
                    a4:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:C8:9B:CE:C3:8D:16:9C:8D:02:DB:97:A5:48:9F:C6:F0:35:41:A3
            X509v3 Authority Key Identifier:
                keyid:FD:3A:1E:84:65:BF:C4:DF:70:08:94:37:2D:0B:98:08:E8:B6:29:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_ToehGW_xN9wCJQ3LQuYCOi2Keo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/ysibzsONFpyNAtuXpUifxvA1QaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/_ToehGW_xN9wCJQ3LQuYCOi2Keo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.173.0-5.183.175.255
                  45.155.244.0/22
                  77.244.240.0/20
                  83.137.112.0/21
                  84.242.8.0/21
                  92.42.136.0/21
                  146.255.56.0/21
                  192.166.241.0-192.166.243.255
                  212.232.24.0/21
                  217.74.8.0/21
                IPv6:
                  2a02:1b8::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:41:6b:9c:c3:e2:46:7b:ad:df:ae:f0:80:38:8d:ba:8b:60:
         37:fe:56:ac:0c:02:53:24:bb:fe:71:7b:84:44:9b:8d:86:d5:
         31:ce:ef:18:a8:4b:c1:f3:b1:45:c5:a3:44:8e:3b:8f:94:cd:
         6c:79:5c:c5:9d:f6:1b:17:41:80:4a:b1:3c:f2:bb:8f:13:b3:
         5b:f9:93:2e:45:9b:2a:9d:66:79:e6:4d:cf:5a:a7:c2:aa:83:
         cf:75:89:de:01:1e:f7:09:8b:e8:0e:4b:9b:ca:2e:73:3a:72:
         bb:d7:bb:31:05:b2:59:8d:a7:21:81:49:a2:93:ba:b4:16:45:
         74:ff:b9:5f:c1:39:34:b7:e4:21:17:36:07:27:de:eb:c2:98:
         4b:63:a6:02:ef:39:d0:85:84:c4:22:46:1e:de:61:5f:cd:30:
         2a:e6:73:96:56:58:fe:f1:ed:fa:29:42:f2:0f:a2:93:50:82:
         8f:85:39:fd:48:0d:6e:1e:98:98:ac:ae:c0:fa:fb:1a:0b:9f:
         cc:2f:37:34:c8:03:6b:29:5b:6f:2d:1c:1a:10:da:de:f3:d1:
         a5:b7:c3:42:31:00:6a:47:e7:07:0d:a5:67:a6:20:34:3f:27:
         62:e1:7d:25:06:29:80:96:8c:9d:c2:18:e1:4c:4e:cd:5e:4f:
         2b:bf:fc:1e
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAZQkRVpHhv4AfvrWvSviYv3aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkM2ExZTg0NjViZmM0ZGY3MDA4OTQzNzJkMGI5ODA4ZThi
NjI5ZWEwHhcNMjUwMTAxMjM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWM4OWJjZWMzOGQxNjljOGQwMmRiOTdhNTQ4OWZjNmYwMzU0MWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6jmxzuk+LvICAEkR8Id6zHNllNus
UshXzpIzhIo965su7U89MWPwu0u44qndO3mAiDy+FX4aD/8RJi2ATu/dkNsGyTBx
0hpQlGtV4Lkvn1+RUqAenQAEfDgX3KnbrSc4bQjhK0ZN7qYLsE3Hx5HWBvJyWS+N
OSaNaNWRGBrCB6tieaRoLW/LpFCNrdvXkPb1Uuhl7qp+LFG5mKbYDprGVr+ggIdY
4nrWGsKmaE1kb7ucxPsbXJesas/ug9h6NiSG59TGOfy4EfqaEc/vhqU1mD+p5FD4
YvZcMHV4TWSYetoJSirDdUBjFrOU2BGSzqaaG2+sEYlh7vlL8b5+/VCkKwIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFMrIm87DjRacjQLbl6VIn8bwNUGjMB8GA1UdIwQY
MBaAFP06HoRlv8TfcAiUNy0LmAjotinqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RvZWhHV194Tjl3Q0pRM0xRdVlDT2kyS2VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS81MTM3MzQtYTQ4NS00YzI4LThhYTYt
OTU1NWQzMGY2ZjhmLzEveXNpYnpzT05GcHlOQXR1WHBVaWZ4dkExUWFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS81MTM3MzQtYTQ4NS00YzI4LThhYTYtOTU1NWQzMGY2Zjhm
LzEvX1RvZWhHV194Tjl3Q0pRM0xRdVlDT2kyS2VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBSBAIAATBMMAwDBAAFt60D
BAQFt6ADBAItm/QDBARN9PADBANTiXADBANU8ggDBANcKogDBAOS/zgwDAMEAMCm
8QMEAsCm8AMEA9ToGAMEA9lKCDANBAIAAjAHAwUDKgIBuDANBgkqhkiG9w0BAQsF
AAOCAQEAaUFrnMPiRnut367wgDiNuotgN/5WrAwCUyS7/nF7hESbjYbVMc7vGKhL
wfOxRcWjRI47j5TNbHlcxZ32GxdBgEqxPPK7jxOzW/mTLkWbKp1meeZNz1qnwqqD
z3WJ3gEe9wmL6A5Lm8ouczpyu9e7MQWyWY2nIYFJopO6tBZFdP+5X8E5NLfkIRc2
Byfe68KYS2OmAu850IWExCJGHt5hX80wKuZzllZY/vHt+ilC8g+ik1CCj4U5/UgN
bh6YmKyuwPr7GgufzC83NMgDaylbby0cGhDa3vPRpbfDQjEAakfnBw2lZ6YgND8n
YuF9JQYpgJaMncIY4UxOzV5PK7/8Hg==
-----END CERTIFICATE-----