Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/7gWXpHGsZxLJ8lMCSMsf9KrfzOI.roa
File:                     7gWXpHGsZxLJ8lMCSMsf9KrfzOI.roa (raw, json)
Hash identifier:          yKMxP/vWOCcvsyyLi0kg2QQjq8Q+h6sjxdvhGE91lJQ=
Subject key identifier:   EE:05:97:A4:71:AC:67:12:C9:F2:53:02:48:CB:1F:F4:AA:DF:CC:E2
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       01944050B8E315D458DA2E3D17BAB15EC85E
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/7gWXpHGsZxLJ8lMCSMsf9KrfzOI.roa
Signing time:             Tue 07 Jan 2025 10:30:19 +0000
ROA not before:           Tue 07 Jan 2025 10:30:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209737
IP address blocks:        5.133.103.0/24 maxlen: 24
                          37.221.76.0/24 maxlen: 24
                          37.221.78.0/24 maxlen: 24
                          37.221.79.0/24 maxlen: 24
                          85.235.72.0/24 maxlen: 24
                          85.235.73.0/24 maxlen: 24
                          85.235.74.0/24 maxlen: 24
                          93.190.8.0/24 maxlen: 24
                          176.96.130.0/24 maxlen: 24
                          193.17.5.0/24 maxlen: 24
                          193.111.76.0/24 maxlen: 24
                          193.111.78.0/24 maxlen: 24
                          217.18.208.0/24 maxlen: 24
                          217.18.211.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:40:50:b8:e3:15:d4:58:da:2e:3d:17:ba:b1:5e:c8:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Jan  7 10:30:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee0597a471ac6712c9f2530248cb1ff4aadfcce2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:2a:d7:cb:b9:f4:f0:ca:91:b1:97:01:82:13:
                    18:0d:86:86:61:70:4f:f3:66:ad:48:46:aa:3b:31:
                    09:cc:f3:59:68:69:c5:77:4e:da:ad:42:cd:dd:e0:
                    ac:de:f1:be:19:49:d0:78:e7:17:15:be:72:89:dd:
                    a9:10:f6:b2:52:ee:73:f4:d2:2d:f7:ab:b7:51:8e:
                    2b:75:32:28:9f:6e:2e:d5:6e:a7:5b:3d:09:a3:3f:
                    a3:c7:d9:4c:52:07:00:7c:13:dd:91:87:75:3d:3d:
                    3f:fb:4a:41:72:ca:27:0e:d8:b9:9a:15:7a:05:ed:
                    f2:b6:b6:5d:2a:d6:f2:53:bf:9e:ba:10:d1:f2:eb:
                    f5:91:4e:4c:38:a8:b4:5d:d8:30:ba:30:d1:6d:bc:
                    3f:da:57:e2:23:c2:14:2f:c9:4e:04:84:0a:e8:eb:
                    18:94:e2:a5:4e:c4:c9:70:d1:89:10:03:e5:17:27:
                    69:98:59:14:f5:35:e2:90:92:3c:0c:1c:98:04:1d:
                    82:38:5a:16:34:53:52:06:57:e4:8e:2b:b7:bd:a4:
                    f5:c0:8f:bd:4d:27:c2:48:bc:84:fd:ed:f2:d9:b1:
                    a3:53:8c:65:81:b8:c2:05:23:4e:0c:72:40:c9:73:
                    79:25:17:16:87:48:4f:04:da:c5:dc:e5:5c:df:29:
                    de:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:05:97:A4:71:AC:67:12:C9:F2:53:02:48:CB:1F:F4:AA:DF:CC:E2
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/7gWXpHGsZxLJ8lMCSMsf9KrfzOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.103.0/24
                  37.221.76.0/24
                  37.221.78.0/23
                  85.235.72.0-85.235.74.255
                  93.190.8.0/24
                  176.96.130.0/24
                  193.17.5.0/24
                  193.111.76.0/24
                  193.111.78.0/24
                  217.18.208.0/24
                  217.18.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:4d:a9:fc:c6:a9:38:b9:c8:36:27:6d:0d:5f:39:39:f4:b5:
         63:7d:db:82:6d:4b:d2:be:be:1b:bb:fe:57:ce:02:0b:ec:12:
         94:ba:b6:6c:e4:fc:51:02:20:e7:ee:72:59:56:77:ed:3d:b5:
         f6:bb:7e:ba:e3:de:c8:f6:6f:23:50:cb:6a:fb:22:79:d6:e9:
         ad:5f:ad:7c:33:1a:0b:8d:d3:14:02:4a:8d:9f:85:57:9b:ff:
         3d:64:3e:fb:48:40:a4:75:fb:82:d4:5b:c5:0b:22:de:d2:79:
         b8:35:a9:4e:de:55:fe:be:88:58:52:57:48:13:16:49:4b:07:
         5d:6c:fd:f1:a1:66:57:ad:21:87:ec:ba:e7:dd:42:67:10:0a:
         c3:71:81:f7:88:b3:e9:82:25:21:bb:a6:82:1b:e9:6e:37:3b:
         3b:e3:52:ef:68:0d:a4:4e:97:0e:b1:0e:1e:3f:26:d8:bd:6b:
         ff:97:ee:59:e9:12:99:9f:1a:c9:6a:fc:53:01:17:92:4a:2b:
         2a:89:dd:72:4a:a2:e5:bb:d3:e8:bb:9a:03:10:fe:ca:0e:4a:
         93:f6:85:44:64:f7:01:6f:b8:9b:49:a9:e4:35:a8:e9:78:f8:
         57:ed:70:4d:64:2b:bf:25:37:37:0c:b4:c4:4b:1c:24:59:a8:
         ee:c0:bc:a3
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZRAULjjFdRY2i49F7qxXsheMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjUwMTA3MTAzMDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTA1OTdhNDcxYWM2NzEyYzlmMjUzMDI0OGNiMWZmNGFhZGZjY2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCrXy7n08MqRsZcBghMYDYaGYXBP
82atSEaqOzEJzPNZaGnFd07arULN3eCs3vG+GUnQeOcXFb5yid2pEPayUu5z9NIt
96u3UY4rdTIon24u1W6nWz0Joz+jx9lMUgcAfBPdkYd1PT0/+0pBcsonDti5mhV6
Be3ytrZdKtbyU7+euhDR8uv1kU5MOKi0XdgwujDRbbw/2lfiI8IUL8lOBIQK6OsY
lOKlTsTJcNGJEAPlFydpmFkU9TXikJI8DByYBB2COFoWNFNSBlfkjiu3vaT1wI+9
TSfCSLyE/e3y2bGjU4xlgbjCBSNODHJAyXN5JRcWh0hPBNrF3OVc3ynehQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFO4Fl6RxrGcSyfJTAkjLH/Sq38ziMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvN2dXWHBIR3NaeExKOGxNQ1NNc2Y5S3Jmek9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQABYVnAwQA
Jd1MAwQBJd1OMAwDBANV60gDBABV60oDBABdvggDBACwYIIDBADBEQUDBADBb0wD
BADBb04DBADZEtADBADZEtMwDQYJKoZIhvcNAQELBQADggEBAIdNqfzGqTi5yDYn
bQ1fOTn0tWN924JtS9K+vhu7/lfOAgvsEpS6tmzk/FECIOfucllWd+09tfa7frrj
3sj2byNQy2r7InnW6a1frXwzGguN0xQCSo2fhVeb/z1kPvtIQKR1+4LUW8ULIt7S
ebg1qU7eVf6+iFhSV0gTFklLB11s/fGhZletIYfsuufdQmcQCsNxgfeIs+mCJSG7
poIb6W43OzvjUu9oDaROlw6xDh4/Jti9a/+X7lnpEpmfGslq/FMBF5JKKyqJ3XJK
ouW70+i7mgMQ/soOSpP2hURk9wFvuJtJqeQ1qOl4+FftcE1kK78lNzcMtMRLHCRZ
qO7AvKM=
-----END CERTIFICATE-----