Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/hhPDvVX3l2vcz_-QtUwEHr5Vw-U.roa
File:                     hhPDvVX3l2vcz_-QtUwEHr5Vw-U.roa (raw, json)
Hash identifier:          dkBNr/3U9vDe+8VC294aU2nsp/emifEpxxZi9U/9pDY=
Subject key identifier:   86:13:C3:BD:55:F7:97:6B:DC:CF:FF:90:B5:4C:04:1E:BE:55:C3:E5
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       0193AF3D7D35F0274310A61E7D792EF50FB2
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/hhPDvVX3l2vcz_-QtUwEHr5Vw-U.roa
Signing time:             Tue 10 Dec 2024 06:24:22 +0000
ROA not before:           Tue 10 Dec 2024 06:24:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210644
IP address blocks:        62.60.148.0/22 maxlen: 24
                          62.60.152.0/23 maxlen: 24
                          62.60.154.0/23 maxlen: 24
                          62.60.156.0/22 maxlen: 24
                          62.60.186.0/24 maxlen: 24
                          62.60.216.0/23 maxlen: 24
                          62.60.228.0/22 maxlen: 24
                          62.60.235.0/24 maxlen: 24
                          62.60.236.0/22 maxlen: 24
                          62.60.244.0/22 maxlen: 24
                          62.60.248.0/22 maxlen: 24
                          213.176.64.0/22 maxlen: 24
                          213.176.74.0/23 maxlen: 24
                          213.176.92.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:af:3d:7d:35:f0:27:43:10:a6:1e:7d:79:2e:f5:0f:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Dec 10 06:24:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8613c3bd55f7976bdccfff90b54c041ebe55c3e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:63:8e:10:20:bd:3f:0e:6a:a0:0a:ed:53:d0:
                    0f:46:ce:32:b2:94:b9:a7:59:99:e8:68:a3:4d:9e:
                    cf:5f:eb:a0:71:b2:a4:25:da:bc:04:06:8a:d4:f0:
                    9f:b0:71:70:00:27:3a:1c:cb:88:9c:71:af:a8:dc:
                    19:5e:92:5a:8d:b3:a5:aa:7d:99:e5:3c:ff:20:73:
                    32:a9:fa:2f:2c:cd:44:23:8c:9d:f2:c4:fe:56:f6:
                    03:94:10:80:96:3c:99:b9:c6:ab:3a:e8:4f:0a:10:
                    b3:fb:03:b8:c1:0f:17:ad:09:cb:9c:5a:e2:21:9e:
                    ab:5c:1a:c3:0e:95:f3:f7:18:fe:57:c2:c4:78:6a:
                    0f:63:03:43:e4:f4:27:4d:25:5e:f6:c0:c0:4a:3e:
                    96:2e:23:6d:53:a9:54:81:23:d9:10:29:24:14:df:
                    30:45:0c:ad:e1:6e:e4:e7:ef:c0:ae:85:03:74:e9:
                    c6:87:50:85:81:34:a1:a6:dd:ed:d5:9c:fc:3c:1a:
                    a2:54:a9:3f:a9:9d:8d:2a:86:ac:fc:bd:0f:d3:83:
                    ea:d3:e8:51:b2:29:f2:c4:fc:fd:97:f1:00:aa:c1:
                    22:ab:e4:78:0a:5a:aa:68:86:61:f0:3c:40:6c:02:
                    b4:f8:e4:f6:0e:e9:c2:c1:2f:7d:da:76:1c:86:78:
                    06:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:13:C3:BD:55:F7:97:6B:DC:CF:FF:90:B5:4C:04:1E:BE:55:C3:E5
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/hhPDvVX3l2vcz_-QtUwEHr5Vw-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.148.0-62.60.159.255
                  62.60.186.0/24
                  62.60.216.0/23
                  62.60.228.0/22
                  62.60.235.0-62.60.239.255
                  62.60.244.0-62.60.251.255
                  213.176.64.0/22
                  213.176.74.0/23
                  213.176.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:32:11:38:19:86:69:7c:4d:e8:a7:3c:ac:9d:e6:97:26:4f:
         78:eb:81:fb:50:1b:ac:80:18:df:19:aa:17:63:9d:7a:46:45:
         9e:fd:37:ed:39:07:9d:47:42:94:5a:24:86:d8:34:8d:c5:c5:
         35:86:ca:dd:50:4f:eb:08:be:b2:57:69:e3:1f:c1:c9:00:c0:
         0f:74:e5:c9:8a:23:2a:f1:37:9a:4d:8d:4c:3f:e6:11:8c:03:
         92:57:bf:c6:ab:24:dd:cd:9a:50:f6:50:2a:9d:0c:92:3b:e7:
         60:45:0e:ee:41:c7:bc:9d:ca:f8:a6:b5:81:14:6f:45:f4:61:
         67:11:05:c3:77:39:bc:63:b1:18:7d:05:84:c7:b1:b3:6a:b5:
         1c:f9:46:ac:5a:ee:fe:67:5b:49:0b:4f:88:f8:8f:fc:31:a6:
         a0:0d:d1:29:ff:70:c6:fc:48:50:96:3c:fd:a0:09:6d:e3:fa:
         0a:ec:ee:35:c2:2f:b9:6b:dd:ce:7a:94:0a:57:3c:8a:de:e5:
         4d:18:a0:31:b0:cc:5a:ad:06:51:2b:45:17:6f:ea:65:86:aa:
         26:91:5f:fb:e1:3c:39:d3:88:43:6f:89:3a:61:79:d7:a2:37:
         1d:53:a2:66:be:32:68:3d:97:42:50:cb:42:c2:10:b9:87:52:
         14:71:55:27
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZOvPX018CdDEKYefXku9Q+yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQxMjEwMDYyNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjEzYzNiZDU1Zjc5NzZiZGNjZmZmOTBiNTRjMDQxZWJlNTVjM2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimOOECC9Pw5qoArtU9APRs4yspS5
p1mZ6GijTZ7PX+ugcbKkJdq8BAaK1PCfsHFwACc6HMuInHGvqNwZXpJajbOlqn2Z
5Tz/IHMyqfovLM1EI4yd8sT+VvYDlBCAljyZucarOuhPChCz+wO4wQ8XrQnLnFri
IZ6rXBrDDpXz9xj+V8LEeGoPYwND5PQnTSVe9sDASj6WLiNtU6lUgSPZECkkFN8w
RQyt4W7k5+/AroUDdOnGh1CFgTShpt3t1Zz8PBqiVKk/qZ2NKoas/L0P04Pq0+hR
sinyxPz9l/EAqsEiq+R4ClqqaIZh8DxAbAK0+OT2DunCwS992nYchngGNwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFIYTw71V95dr3M//kLVMBB6+VcPlMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvaGhQRHZWWDNsMnZjel8tUXRVd0VIcjVWdy1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOMAwDBAI+PJQD
BAU+PIADBAA+PLoDBAE+PNgDBAI+POQwDAMEAD486wMEBD484DAMAwQCPjz0AwQC
Pjz4AwQC1bBAAwQB1bBKAwQC1bBcMA0GCSqGSIb3DQEBCwUAA4IBAQBzMhE4GYZp
fE3opzysneaXJk9464H7UBusgBjfGaoXY516RkWe/TftOQedR0KUWiSG2DSNxcU1
hsrdUE/rCL6yV2njH8HJAMAPdOXJiiMq8TeaTY1MP+YRjAOSV7/GqyTdzZpQ9lAq
nQySO+dgRQ7uQce8ncr4prWBFG9F9GFnEQXDdzm8Y7EYfQWEx7GzarUc+UasWu7+
Z1tJC0+I+I/8MaagDdEp/3DG/EhQljz9oAlt4/oK7O41wi+5a93OepQKVzyK3uVN
GKAxsMxarQZRK0UXb+plhqomkV/74Tw504hDb4k6YXnXojcdU6JmvjJoPZdCUMtC
whC5h1IUcVUn
-----END CERTIFICATE-----