Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/PuK47EEWF-OsuWLeThjxw-XtrAI.roa
File:                     PuK47EEWF-OsuWLeThjxw-XtrAI.roa (raw, json)
Hash identifier:          KPCNyPDTWSXTmw8S1ryl7nM+RrDDOqIHSEYXPxQ5Mco=
Subject key identifier:   3E:E2:B8:EC:41:16:17:E3:AC:B9:62:DE:4E:18:F1:C3:E5:ED:AC:02
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       01951CE8063D594C6BA44711AE6A17265920
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/PuK47EEWF-OsuWLeThjxw-XtrAI.roa
Signing time:             Wed 19 Feb 2025 06:32:02 +0000
ROA not before:           Wed 19 Feb 2025 06:32:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210644
IP address blocks:        62.60.148.0/22 maxlen: 24
                          62.60.152.0/23 maxlen: 24
                          62.60.154.0/23 maxlen: 24
                          62.60.156.0/22 maxlen: 24
                          62.60.186.0/24 maxlen: 24
                          62.60.216.0/23 maxlen: 24
                          62.60.228.0/22 maxlen: 24
                          62.60.235.0/24 maxlen: 24
                          62.60.236.0/22 maxlen: 24
                          62.60.244.0/22 maxlen: 24
                          62.60.248.0/22 maxlen: 24
                          213.176.64.0/22 maxlen: 24
                          213.176.74.0/23 maxlen: 24
                          213.176.92.0/22 maxlen: 24
                          213.176.112.0/22 maxlen: 24
                          213.176.116.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1c:e8:06:3d:59:4c:6b:a4:47:11:ae:6a:17:26:59:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Feb 19 06:32:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ee2b8ec411617e3acb962de4e18f1c3e5edac02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:df:a6:43:a4:c1:ae:34:64:00:da:34:c4:a1:
                    91:6b:c4:cc:d3:6f:92:bb:fd:dd:f6:2b:63:bd:43:
                    86:10:3e:4d:cd:dd:96:b3:f3:01:71:e7:e0:dd:8e:
                    3e:6c:17:e6:60:e9:b7:19:e7:24:c9:14:d5:84:ba:
                    b8:29:85:69:23:37:55:02:b6:54:6e:63:ec:78:42:
                    cb:bb:8f:a7:e6:45:36:a7:6a:8e:1d:22:45:cd:4a:
                    33:2d:3a:2b:d2:61:cd:ea:b0:1b:95:70:29:76:f2:
                    86:52:00:64:7d:48:c8:a6:ea:4d:0b:d1:a8:0e:44:
                    31:7e:68:0e:48:df:29:58:85:36:bb:d6:fe:3f:f7:
                    e5:b3:d2:4c:a2:28:14:59:7e:4b:38:26:6a:ac:89:
                    79:10:f5:1a:bd:54:71:89:9a:f0:f7:97:1a:ed:dd:
                    a5:a4:81:6e:ae:4c:84:4e:bf:45:8f:54:84:2a:09:
                    a4:23:f6:1e:ff:64:f8:15:4a:fd:df:88:5d:0f:5b:
                    6f:08:fb:8c:12:21:27:01:80:15:36:ab:e6:36:99:
                    3f:8c:96:03:aa:d4:9f:54:f2:aa:bd:09:05:44:58:
                    3e:09:8a:a3:35:7e:42:c2:11:56:6c:99:0f:a8:33:
                    9e:41:b0:44:fa:f3:7d:4f:21:81:c0:87:21:82:a7:
                    4e:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:E2:B8:EC:41:16:17:E3:AC:B9:62:DE:4E:18:F1:C3:E5:ED:AC:02
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/PuK47EEWF-OsuWLeThjxw-XtrAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.148.0-62.60.159.255
                  62.60.186.0/24
                  62.60.216.0/23
                  62.60.228.0/22
                  62.60.235.0-62.60.239.255
                  62.60.244.0-62.60.251.255
                  213.176.64.0/22
                  213.176.74.0/23
                  213.176.92.0/22
                  213.176.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         25:59:f1:5c:f2:36:69:d4:bc:e8:f2:41:f7:47:f6:7c:ee:de:
         56:b4:77:6e:2a:ec:6a:eb:45:61:48:8e:4e:57:e4:81:79:f4:
         7c:78:b0:a8:dd:75:ac:85:7d:d0:02:a3:4f:6f:74:d5:7f:cc:
         2e:d0:02:dc:c9:14:3c:e8:e9:66:b5:e3:4d:0a:89:ba:99:1d:
         00:6f:28:97:6a:2a:05:0f:28:5f:85:2f:97:82:f2:70:3b:63:
         29:5a:3a:74:b1:05:15:95:e7:51:8d:90:a0:06:a8:05:a5:28:
         30:70:b7:fa:02:1b:51:98:78:7d:a1:ed:a5:59:dc:12:57:3e:
         8c:2e:1e:d9:1b:2d:40:de:92:b7:84:13:5f:d1:6f:d9:4e:29:
         11:a1:99:84:2b:d9:53:a3:a3:6e:98:60:28:62:c5:6c:5c:26:
         e9:23:6b:6b:bb:78:96:c3:94:b5:71:e1:0d:f5:fd:c7:4d:dc:
         cc:0b:00:26:88:89:a1:9b:d7:b8:58:d9:21:c6:1a:c1:3b:3c:
         98:39:93:a5:46:be:c1:24:e1:6c:37:04:7b:36:f0:73:e3:d3:
         05:f4:d0:cf:8a:1d:28:09:9b:c4:c0:d5:65:61:94:5f:8b:22:
         5c:22:3b:7f:0a:9c:26:5c:a2:f9:9a:c4:fd:e2:ed:36:31:e9:
         0a:ef:a2:70
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZUc6AY9WUxrpEcRrmoXJlkgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjUwMjE5MDYzMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWUyYjhlYzQxMTYxN2UzYWNiOTYyZGU0ZTE4ZjFjM2U1ZWRhYzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9+mQ6TBrjRkANo0xKGRa8TM02+S
u/3d9itjvUOGED5Nzd2Ws/MBcefg3Y4+bBfmYOm3GeckyRTVhLq4KYVpIzdVArZU
bmPseELLu4+n5kU2p2qOHSJFzUozLTor0mHN6rAblXApdvKGUgBkfUjIpupNC9Go
DkQxfmgOSN8pWIU2u9b+P/fls9JMoigUWX5LOCZqrIl5EPUavVRxiZrw95ca7d2l
pIFurkyETr9Fj1SEKgmkI/Ye/2T4FUr934hdD1tvCPuMEiEnAYAVNqvmNpk/jJYD
qtSfVPKqvQkFRFg+CYqjNX5CwhFWbJkPqDOeQbBE+vN9TyGBwIchgqdOKQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFD7iuOxBFhfjrLli3k4Y8cPl7awCMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvUHVLNDdFRVdGLU9zdVdMZVRoanh3LVh0ckFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUMAwDBAI+PJQD
BAU+PIADBAA+PLoDBAE+PNgDBAI+POQwDAMEAD486wMEBD484DAMAwQCPjz0AwQC
Pjz4AwQC1bBAAwQB1bBKAwQC1bBcAwQD1bBwMA0GCSqGSIb3DQEBCwUAA4IBAQAl
WfFc8jZp1Lzo8kH3R/Z87t5WtHduKuxq60VhSI5OV+SBefR8eLCo3XWshX3QAqNP
b3TVf8wu0ALcyRQ86OlmteNNCom6mR0AbyiXaioFDyhfhS+XgvJwO2MpWjp0sQUV
ledRjZCgBqgFpSgwcLf6AhtRmHh9oe2lWdwSVz6MLh7ZGy1A3pK3hBNf0W/ZTikR
oZmEK9lTo6NumGAoYsVsXCbpI2tru3iWw5S1ceEN9f3HTdzMCwAmiImhm9e4WNkh
xhrBOzyYOZOlRr7BJOFsNwR7NvBz49MF9NDPih0oCZvEwNVlYZRfiyJcIjt/Cpwm
XKL5msT94u02MekK76Jw
-----END CERTIFICATE-----