Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/gOzzGhLRlKZI9IjB8D8sebA52Oo.roa
File:                     gOzzGhLRlKZI9IjB8D8sebA52Oo.roa (raw, json)
Hash identifier:          Co4cEdj+lsHwzlNQv8iFIPk//+bWsipNdCUUDz1l5w4=
Subject key identifier:   80:EC:F3:1A:12:D1:94:A6:48:F4:88:C1:F0:3F:2C:79:B0:39:D8:EA
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       01953E615D4F9BEE8380D604B8A772735B42
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/gOzzGhLRlKZI9IjB8D8sebA52Oo.roa
Signing time:             Tue 25 Feb 2025 18:32:02 +0000
ROA not before:           Tue 25 Feb 2025 18:32:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48678
IP address blocks:        2.56.108.0/24 maxlen: 24
                          2.56.109.0/24 maxlen: 24
                          45.13.190.0/24 maxlen: 24
                          45.81.113.0/24 maxlen: 24
                          45.81.115.0/24 maxlen: 24
                          45.88.139.0/24 maxlen: 24
                          45.94.170.0/24 maxlen: 24
                          45.132.181.0/24 maxlen: 24
                          45.144.213.0/24 maxlen: 24
                          85.209.120.0/24 maxlen: 24
                          193.57.41.0/24 maxlen: 24
                          194.15.52.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3e:61:5d:4f:9b:ee:83:80:d6:04:b8:a7:72:73:5b:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Feb 25 18:32:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80ecf31a12d194a648f488c1f03f2c79b039d8ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f8:9f:55:53:5e:66:69:3e:1a:fe:0a:06:11:
                    35:69:48:76:0f:17:86:a3:75:05:51:36:00:2b:49:
                    73:5a:23:c5:a0:6d:6a:12:91:24:96:00:7e:5e:07:
                    30:b9:57:5c:4d:4d:0c:43:2a:bf:86:c7:25:04:b8:
                    94:8d:cd:5c:22:08:69:b8:91:64:75:be:4b:df:cc:
                    35:a5:2a:86:90:8b:cb:fc:1d:66:20:f7:f6:1f:b9:
                    07:23:a3:6d:5d:69:a9:84:09:6f:11:8e:22:e6:4a:
                    d5:81:cd:e2:ca:79:41:1b:bb:fa:1d:67:99:2c:5f:
                    c9:72:9a:56:4c:e8:14:ea:97:3b:f9:4c:3b:df:b3:
                    bd:db:36:9e:ab:93:99:2b:2a:fe:e4:84:78:f0:29:
                    33:e9:c1:ae:a3:c7:ad:3a:4c:cc:a0:df:a9:60:7b:
                    b0:f5:8e:22:c4:08:bc:69:b4:eb:6c:38:50:0c:e4:
                    67:51:04:b4:f8:28:60:e7:d2:35:9c:4c:a2:c6:53:
                    85:2f:1a:3e:8f:80:62:0e:85:68:9a:25:55:9a:ef:
                    80:85:e6:07:22:f3:30:8d:c7:7a:b8:37:bd:5e:7b:
                    34:73:92:5f:07:cc:5a:c9:5e:08:d2:60:6f:e0:bf:
                    08:8c:b0:bf:9a:86:37:cc:f0:e0:98:49:37:c6:2c:
                    45:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:EC:F3:1A:12:D1:94:A6:48:F4:88:C1:F0:3F:2C:79:B0:39:D8:EA
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/gOzzGhLRlKZI9IjB8D8sebA52Oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.108.0/23
                  45.13.190.0/24
                  45.81.113.0/24
                  45.81.115.0/24
                  45.88.139.0/24
                  45.94.170.0/24
                  45.132.181.0/24
                  45.144.213.0/24
                  85.209.120.0/24
                  193.57.41.0/24
                  194.15.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:00:ea:84:f3:a1:0c:13:a8:f7:43:4e:b5:4f:9c:0c:e8:7f:
         29:94:2c:11:0d:71:ac:bc:21:33:97:84:5a:c4:3c:57:cd:ba:
         2d:45:0e:b5:43:d2:22:d9:76:b7:38:06:93:22:1e:70:05:1c:
         25:72:b0:ab:db:66:91:08:fd:89:53:c5:35:1f:39:1a:68:32:
         59:7f:12:7b:16:96:2e:5c:c2:17:0a:53:ae:a7:0f:14:16:fc:
         41:d9:5a:7f:7f:e1:67:d9:74:e6:d4:80:f5:79:eb:3b:67:34:
         cd:2c:08:c3:7a:09:3b:44:77:00:7b:37:c5:52:58:f8:06:d4:
         51:07:71:30:ce:1f:5f:67:2b:78:8f:ac:bc:87:ca:6f:58:03:
         de:9b:3e:5c:f5:79:73:2a:9f:3c:2b:37:a4:08:b6:7f:ed:9e:
         a4:0d:b9:2c:29:4b:e2:b9:84:b1:6d:f2:f9:2f:6c:af:cb:2b:
         8d:d3:fe:28:81:0a:fb:84:99:0e:86:f2:d0:04:82:52:09:fb:
         fb:29:aa:20:5b:04:4a:a5:56:05:d8:be:90:c8:4c:b1:81:61:
         c6:67:8b:90:c1:c5:dc:18:ac:f5:19:d6:4c:f5:28:82:65:11:
         83:36:76:71:0b:c6:84:72:c5:f6:42:31:1e:29:cb:0e:22:05:
         09:93:ae:29
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZU+YV1Pm+6DgNYEuKdyc1tCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMjI1MTgzMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGVjZjMxYTEyZDE5NGE2NDhmNDg4YzFmMDNmMmM3OWIwMzlkOGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPifVVNeZmk+Gv4KBhE1aUh2DxeG
o3UFUTYAK0lzWiPFoG1qEpEklgB+XgcwuVdcTU0MQyq/hsclBLiUjc1cIghpuJFk
db5L38w1pSqGkIvL/B1mIPf2H7kHI6NtXWmphAlvEY4i5krVgc3iynlBG7v6HWeZ
LF/JcppWTOgU6pc7+Uw737O92zaeq5OZKyr+5IR48Ckz6cGuo8etOkzMoN+pYHuw
9Y4ixAi8abTrbDhQDORnUQS0+Chg59I1nEyixlOFLxo+j4BiDoVomiVVmu+AheYH
IvMwjcd6uDe9Xns0c5JfB8xayV4I0mBv4L8IjLC/moY3zPDgmEk3xixFqQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFIDs8xoS0ZSmSPSIwfA/LHmwOdjqMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvZ096ekdoTFJsS1pJOUlqQjhEOHNlYkE1Mk9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQBAjhsAwQA
LQ2+AwQALVFxAwQALVFzAwQALViLAwQALV6qAwQALYS1AwQALZDVAwQAVdF4AwQA
wTkpAwQAwg80MA0GCSqGSIb3DQEBCwUAA4IBAQBpAOqE86EME6j3Q061T5wM6H8p
lCwRDXGsvCEzl4RaxDxXzbotRQ61Q9Ii2Xa3OAaTIh5wBRwlcrCr22aRCP2JU8U1
HzkaaDJZfxJ7FpYuXMIXClOupw8UFvxB2Vp/f+Fn2XTm1ID1ees7ZzTNLAjDegk7
RHcAezfFUlj4BtRRB3Ewzh9fZyt4j6y8h8pvWAPemz5c9XlzKp88KzekCLZ/7Z6k
DbksKUviuYSxbfL5L2yvyyuN0/4ogQr7hJkOhvLQBIJSCfv7KaogWwRKpVYF2L6Q
yEyxgWHGZ4uQwcXcGKz1GdZM9SiCZRGDNnZxC8aEcsX2QjEeKcsOIgUJk64p
-----END CERTIFICATE-----