Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/lQXvGU6-gYBWy6qQBcsdbU4m9Uw.roa
File:                     lQXvGU6-gYBWy6qQBcsdbU4m9Uw.roa (raw, json)
Hash identifier:          MPAKQE+nuYsMnFCHTk58vszQQQzK6vQmlgzt5sg7I5I=
Subject key identifier:   95:05:EF:19:4E:BE:81:80:56:CB:AA:90:05:CB:1D:6D:4E:26:F5:4C
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       0194282815913E6685766B3AE9DE74E947D4
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/lQXvGU6-gYBWy6qQBcsdbU4m9Uw.roa
Signing time:             Thu 02 Jan 2025 17:55:03 +0000
ROA not before:           Thu 02 Jan 2025 17:55:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42794
IP address blocks:        82.103.112.0/24 maxlen: 24
                          88.203.208.0/23 maxlen: 23
                          88.203.210.0/23 maxlen: 23
                          88.203.212.0/24 maxlen: 24
                          88.203.213.0/24 maxlen: 24
                          88.203.214.0/24 maxlen: 24
                          88.203.215.0/24 maxlen: 24
                          88.203.232.0/24 maxlen: 24
                          88.203.233.0/24 maxlen: 24
                          92.247.120.0/22 maxlen: 22
                          92.247.124.0/22 maxlen: 22
                          92.247.124.0/24 maxlen: 24
                          92.247.125.0/24 maxlen: 24
                          92.247.126.0/24 maxlen: 24
                          92.247.127.0/24 maxlen: 24
                          92.247.128.0/23 maxlen: 23
                          212.36.17.0/24 maxlen: 24
                          2a01:288:4004::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:28:15:91:3e:66:85:76:6b:3a:e9:de:74:e9:47:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  2 17:55:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9505ef194ebe818056cbaa9005cb1d6d4e26f54c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:8d:6e:72:0f:ba:6f:b9:5b:ee:c0:d9:b7:e3:
                    d9:32:8d:7f:6a:20:3f:b5:0c:f7:66:ba:41:25:68:
                    25:31:6b:73:0f:9f:fd:6e:c7:a9:b1:a9:e6:c6:01:
                    56:02:d8:c3:b0:ab:b6:8c:be:4c:2c:6b:58:29:cd:
                    31:56:66:98:89:a8:a3:a1:95:eb:bf:08:bc:18:08:
                    e5:8b:bc:96:11:54:00:a6:56:3c:73:17:ab:d4:28:
                    b1:f1:10:48:70:f9:69:dd:d3:5b:7b:8e:20:f0:ac:
                    ca:db:cb:09:47:5e:44:f6:8e:6e:e3:9b:1f:c5:2c:
                    95:02:67:bf:4a:00:5b:91:42:63:d0:fa:78:b6:fc:
                    ce:85:f7:87:91:bd:d0:d7:7c:9e:3d:e7:32:8e:a8:
                    e3:85:b0:c0:9b:2b:a4:40:74:89:5d:08:59:f7:61:
                    d8:c0:6c:9e:86:46:3d:8f:0b:9a:c2:d0:a9:56:95:
                    77:89:9e:4a:6c:b3:bc:fc:e0:13:9b:d6:1b:6b:91:
                    bb:df:94:46:f4:de:10:a0:a6:6f:fd:0a:e4:9c:e4:
                    1b:cc:c6:3c:5c:91:9d:b6:07:3d:22:c8:b8:9b:78:
                    04:79:19:24:5b:d8:f0:3e:9d:0d:db:13:a9:07:16:
                    15:4a:ed:2c:28:4f:cc:7f:d3:3c:bc:51:6f:75:cd:
                    31:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:05:EF:19:4E:BE:81:80:56:CB:AA:90:05:CB:1D:6D:4E:26:F5:4C
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/lQXvGU6-gYBWy6qQBcsdbU4m9Uw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.103.112.0/24
                  88.203.208.0/21
                  88.203.232.0/23
                  92.247.120.0-92.247.129.255
                  212.36.17.0/24
                IPv6:
                  2a01:288:4004::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:54:3f:a1:d1:2a:68:d8:a7:62:3b:5c:17:81:99:3e:98:55:
         5f:81:75:9a:0d:a3:f6:cb:ba:a0:94:98:11:b9:c9:b1:80:e2:
         e9:7b:cf:4e:62:23:f3:d3:b7:05:65:4d:5d:60:d4:a6:dd:ec:
         99:25:7a:5b:8d:6f:f7:30:8c:24:d7:05:3d:fa:e7:6c:9a:d4:
         09:34:db:9e:72:53:cd:b1:e8:c7:49:79:18:a3:40:16:8b:de:
         da:16:5f:92:0f:1c:8e:75:18:6e:63:77:2d:3c:c1:58:18:f7:
         67:4c:b8:3f:7f:47:e7:97:11:01:20:d7:cf:f2:2b:83:1a:28:
         f9:38:ae:1b:d7:f6:98:1f:47:e4:13:2c:a2:7b:2b:45:dc:04:
         8a:1d:ec:62:e3:3b:16:c2:af:04:5a:a4:36:1d:e5:09:2c:8a:
         0f:c3:eb:2b:ab:0f:cd:3b:e1:08:03:9c:a3:e1:90:1e:e1:7c:
         03:f0:a3:f6:46:fd:32:3c:d5:9d:18:8d:23:55:1f:e0:1f:d6:
         31:ed:08:b4:aa:b1:c6:32:7d:58:e0:cb:76:53:80:6e:3f:38:
         f2:73:5b:ae:ad:b2:4f:cc:f8:1f:fa:b6:34:28:7d:77:96:90:
         93:af:a7:5c:cd:10:a9:70:89:1b:c4:92:c7:8d:49:e8:4c:94:
         d2:b4:29:25
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAZQoKBWRPmaFdms66d506UfUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjUwMTAyMTc1NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTA1ZWYxOTRlYmU4MTgwNTZjYmFhOTAwNWNiMWQ2ZDRlMjZmNTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY1ucg+6b7lb7sDZt+PZMo1/aiA/
tQz3ZrpBJWglMWtzD5/9bsepsanmxgFWAtjDsKu2jL5MLGtYKc0xVmaYiaijoZXr
vwi8GAjli7yWEVQAplY8cxer1Cix8RBIcPlp3dNbe44g8KzK28sJR15E9o5u45sf
xSyVAme/SgBbkUJj0Pp4tvzOhfeHkb3Q13yePecyjqjjhbDAmyukQHSJXQhZ92HY
wGyehkY9jwuawtCpVpV3iZ5KbLO8/OATm9Yba5G735RG9N4QoKZv/QrknOQbzMY8
XJGdtgc9Isi4m3gEeRkkW9jwPp0N2xOpBxYVSu0sKE/Mf9M8vFFvdc0xBwIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFJUF7xlOvoGAVsuqkAXLHW1OJvVMMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvbFFYdkdVNi1nWUJXeTZxUUJjc2RiVTRtOVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAsBAIAATAmAwQAUmdwAwQD
WMvQAwQBWMvoMAwDBANc93gDBAFc94ADBADUJBEwDwQCAAIwCQMHACoBAohABDAN
BgkqhkiG9w0BAQsFAAOCAQEAjlQ/odEqaNinYjtcF4GZPphVX4F1mg2j9su6oJSY
EbnJsYDi6XvPTmIj89O3BWVNXWDUpt3smSV6W41v9zCMJNcFPfrnbJrUCTTbnnJT
zbHox0l5GKNAFove2hZfkg8cjnUYbmN3LTzBWBj3Z0y4P39H55cRASDXz/Irgxoo
+TiuG9f2mB9H5BMsonsrRdwEih3sYuM7FsKvBFqkNh3lCSyKD8PrK6sPzTvhCAOc
o+GQHuF8A/Cj9kb9MjzVnRiNI1Uf4B/WMe0ItKqxxjJ9WODLdlOAbj848nNbrq2y
T8z4H/q2NCh9d5aQk6+nXM0QqXCJG8SSx41J6EyU0rQpJQ==
-----END CERTIFICATE-----