Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/364b94-6ca4-4f9a-88a5-8b3d527c49e4/1/SMnJn7EcR6ywNh3SEWZkgSM6vWo.roa
File:                     SMnJn7EcR6ywNh3SEWZkgSM6vWo.roa (raw, json)
Hash identifier:          MlJaUwlk/RTgbTY81AGkmwb11xuByqntGt51DPso91I=
Subject key identifier:   48:C9:C9:9F:B1:1C:47:AC:B0:36:1D:D2:11:66:64:81:23:3A:BD:6A
Certificate issuer:       /CN=58bf7f3ad53f29a3c43f0ad82017a05368c0104a
Certificate serial:       018AB8248AF9B592AC4FB9A88EE74EB73CD7
Authority key identifier: 58:BF:7F:3A:D5:3F:29:A3:C4:3F:0A:D8:20:17:A0:53:68:C0:10:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WL9_OtU_KaPEPwrYIBegU2jAEEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/364b94-6ca4-4f9a-88a5-8b3d527c49e4/1/SMnJn7EcR6ywNh3SEWZkgSM6vWo.roa
Signing time:             Thu 21 Sep 2023 14:28:37 +0000
ROA not before:           Thu 21 Sep 2023 14:28:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        193.109.197.0/24 maxlen: 24
                          193.109.198.0/24 maxlen: 24
                          85.237.206.0/24 maxlen: 24
                          85.237.202.0/24 maxlen: 24
                          85.237.208.0/24 maxlen: 24
                          85.237.208.0/23 maxlen: 23
                          85.237.209.0/24 maxlen: 24
                          85.237.220.0/23 maxlen: 23
                          85.237.223.0/24 maxlen: 24
                          185.139.26.0/24 maxlen: 24
                          85.158.57.0/24 maxlen: 24
                          85.158.58.0/23 maxlen: 23
                          85.158.58.0/24 maxlen: 24
                          85.158.59.0/24 maxlen: 24
                          194.169.217.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b8:24:8a:f9:b5:92:ac:4f:b9:a8:8e:e7:4e:b7:3c:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58bf7f3ad53f29a3c43f0ad82017a05368c0104a
        Validity
            Not Before: Sep 21 14:28:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=48c9c99fb11c47acb0361dd211666481233abd6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:54:1c:73:a3:a2:c4:14:43:7e:80:0f:f3:92:
                    b1:1b:38:66:d6:41:fe:64:73:ee:71:9f:ae:28:ba:
                    56:20:6c:8b:b7:9d:9b:f6:28:87:28:2a:19:a7:63:
                    5d:e5:7a:e7:9d:c4:0e:da:3d:81:97:8e:ab:fd:b4:
                    07:b9:8d:83:29:70:83:aa:e2:c7:0c:fb:ea:e1:e4:
                    ce:ed:1a:1c:08:7f:48:ea:e9:ce:28:7f:99:a2:5b:
                    5c:a0:bb:c2:4f:c8:0a:5d:07:f0:51:44:14:ce:56:
                    a3:a7:ee:77:2b:31:5b:1c:ab:05:52:e6:a5:6c:8b:
                    4b:21:fd:af:ef:c8:ef:17:06:16:7b:c0:cd:62:37:
                    a4:5b:1c:50:f6:a3:b1:74:13:85:d9:86:b3:9a:99:
                    fe:f5:f3:9a:ec:b8:1b:b9:be:ad:4b:ea:3b:fc:3c:
                    16:b8:e8:ca:9d:6c:24:ea:0f:15:d7:e2:8b:de:27:
                    94:a5:0f:b1:fd:fc:e9:13:f2:10:a3:4d:c3:b6:67:
                    ce:9f:5f:84:ba:48:63:c2:7a:26:c5:62:d5:d9:2a:
                    09:3c:cb:fc:df:b9:2c:b9:64:ab:90:59:71:d3:12:
                    df:79:e6:46:6a:11:ef:2b:21:45:6d:e1:ac:3b:ad:
                    bf:27:4c:6a:8a:25:06:f5:ea:75:f6:42:5d:60:09:
                    44:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:C9:C9:9F:B1:1C:47:AC:B0:36:1D:D2:11:66:64:81:23:3A:BD:6A
            X509v3 Authority Key Identifier:
                keyid:58:BF:7F:3A:D5:3F:29:A3:C4:3F:0A:D8:20:17:A0:53:68:C0:10:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WL9_OtU_KaPEPwrYIBegU2jAEEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/364b94-6ca4-4f9a-88a5-8b3d527c49e4/1/SMnJn7EcR6ywNh3SEWZkgSM6vWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/364b94-6ca4-4f9a-88a5-8b3d527c49e4/1/WL9_OtU_KaPEPwrYIBegU2jAEEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.57.0-85.158.59.255
                  85.237.202.0/24
                  85.237.206.0/24
                  85.237.208.0/23
                  85.237.220.0/23
                  85.237.223.0/24
                  185.139.26.0/24
                  193.109.197.0-193.109.198.255
                  194.169.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:73:e1:b7:df:53:cb:56:10:70:72:3a:11:48:c8:77:dd:aa:
         d6:12:11:14:0b:55:32:ec:2d:d1:fc:97:42:36:5e:21:ae:25:
         6f:bf:82:34:4f:a3:29:cf:f4:35:1b:23:84:55:51:c6:aa:f4:
         82:4c:01:d6:b3:95:6f:59:3f:d7:a6:ac:ea:af:31:ef:85:14:
         62:09:6a:c2:21:e9:5a:8e:9c:25:ca:99:86:76:92:a4:ff:8f:
         4f:d5:10:de:8f:55:a1:47:0e:ef:72:6c:de:66:89:df:ca:e3:
         a8:1c:f1:cd:55:07:f1:7b:a0:42:ab:4e:f8:ad:0d:e0:44:22:
         20:3c:97:43:07:90:a3:f0:c2:2e:2b:78:c3:12:63:4e:9d:25:
         ba:82:9b:39:58:9e:85:cd:3a:bf:7c:7e:23:73:fd:7f:7e:08:
         2e:92:f7:bf:69:42:94:49:fa:71:71:31:ad:59:ab:0f:dd:62:
         d6:5f:2d:af:7e:2f:fd:db:58:57:15:3d:e7:89:cd:1b:cd:55:
         94:ed:04:c5:fc:0a:cf:36:af:df:f4:36:df:7c:6c:5c:1c:96:
         2e:ed:34:5d:3e:ca:3d:c7:49:38:10:4c:e1:06:57:34:80:15:
         92:90:ec:81:8f:09:4a:d1:e2:53:dd:2d:62:f5:2b:a8:21:3b:
         b2:bc:39:b8
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYq4JIr5tZKsT7mojudOtzzXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YmY3ZjNhZDUzZjI5YTNjNDNmMGFkODIwMTdhMDUzNjhj
MDEwNGEwHhcNMjMwOTIxMTQyODM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGM5Yzk5ZmIxMWM0N2FjYjAzNjFkZDIxMTY2NjQ4MTIzM2FiZDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVQcc6OixBRDfoAP85KxGzhm1kH+
ZHPucZ+uKLpWIGyLt52b9iiHKCoZp2Nd5XrnncQO2j2Bl46r/bQHuY2DKXCDquLH
DPvq4eTO7RocCH9I6unOKH+ZoltcoLvCT8gKXQfwUUQUzlajp+53KzFbHKsFUual
bItLIf2v78jvFwYWe8DNYjekWxxQ9qOxdBOF2Yazmpn+9fOa7Lgbub6tS+o7/DwW
uOjKnWwk6g8V1+KL3ieUpQ+x/fzpE/IQo03DtmfOn1+EukhjwnomxWLV2SoJPMv8
37ksuWSrkFlx0xLfeeZGahHvKyFFbeGsO62/J0xqiiUG9ep19kJdYAlEqQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFEjJyZ+xHEessDYd0hFmZIEjOr1qMB8GA1UdIwQY
MBaAFFi/fzrVPymjxD8K2CAXoFNowBBKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0w5X090VV9LYVBFUHdyWUlCZWdVMmpBRUVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zNjRiOTQtNmNhNC00ZjlhLTg4YTUt
OGIzZDUyN2M0OWU0LzEvU01uSm43RWNSNnl3TmgzU0VXWmtnU002dldvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zNjRiOTQtNmNhNC00ZjlhLTg4YTUtOGIzZDUyN2M0OWU0
LzEvV0w5X090VV9LYVBFUHdyWUlCZWdVMmpBRUVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGMAwDBABVnjkD
BAJVnjgDBABV7coDBABV7c4DBAFV7dADBAFV7dwDBABV7d8DBAC5ixowDAMEAMFt
xQMEAMFtxgMEAMKp2TANBgkqhkiG9w0BAQsFAAOCAQEAK3Pht99Ty1YQcHI6EUjI
d92q1hIRFAtVMuwt0fyXQjZeIa4lb7+CNE+jKc/0NRsjhFVRxqr0gkwB1rOVb1k/
16as6q8x74UUYglqwiHpWo6cJcqZhnaSpP+PT9UQ3o9VoUcO73Js3maJ38rjqBzx
zVUH8XugQqtO+K0N4EQiIDyXQweQo/DCLit4wxJjTp0luoKbOViehc06v3x+I3P9
f34ILpL3v2lClEn6cXExrVmrD91i1l8tr34v/dtYVxU954nNG81VlO0ExfwKzzav
3/Q233xsXByWLu00XT7KPcdJOBBM4QZXNIAVkpDsgY8JStHiU90tYvUrqCE7srw5
uA==
-----END CERTIFICATE-----