Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/J1Vk6SaWWSm7FwZZLYqWwbNhTbs.roa
File:                     J1Vk6SaWWSm7FwZZLYqWwbNhTbs.roa (raw, json)
Hash identifier:          jF1Nz95/99NN9eliY/bw29Hr3mnWQTrS4btt1m/x3QU=
Subject key identifier:   27:55:64:E9:26:96:59:29:BB:17:06:59:2D:8A:96:C1:B3:61:4D:BB
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       0194270706032A55435BE2B4C81DDCE7A749
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/J1Vk6SaWWSm7FwZZLYqWwbNhTbs.roa
Signing time:             Thu 02 Jan 2025 12:39:19 +0000
ROA not before:           Thu 02 Jan 2025 12:39:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        62.182.32.0/23 maxlen: 23
                          62.182.34.0/23 maxlen: 23
                          84.54.2.0/23 maxlen: 23
                          139.28.48.0/23 maxlen: 23
                          139.28.50.0/23 maxlen: 23
                          139.28.240.0/23 maxlen: 23
                          139.28.242.0/23 maxlen: 23
                          176.53.156.0/23 maxlen: 23
                          176.53.158.0/23 maxlen: 23
                          193.32.204.0/23 maxlen: 23
                          193.32.206.0/23 maxlen: 23
                          193.38.44.0/23 maxlen: 23
                          193.38.46.0/23 maxlen: 23
                          193.187.132.0/23 maxlen: 23
                          193.187.134.0/24 maxlen: 24
                          193.187.135.0/24 maxlen: 24
                          194.93.48.0/23 maxlen: 23
                          194.93.50.0/23 maxlen: 23
                          194.93.60.0/23 maxlen: 23
                          194.93.62.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:07:06:03:2a:55:43:5b:e2:b4:c8:1d:dc:e7:a7:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Jan  2 12:39:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=275564e926965929bb1706592d8a96c1b3614dbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6f:01:7c:ef:9b:47:72:09:46:10:56:0d:3d:
                    4e:e2:7b:3f:7a:69:44:10:95:1e:8d:0f:40:0c:5d:
                    78:f2:90:e1:b6:78:45:64:6f:6e:0c:f8:ca:a2:9d:
                    64:32:07:3d:fd:f6:c8:47:75:65:36:d6:85:bb:0e:
                    03:16:9c:88:97:01:68:e9:0c:ca:5c:31:9a:65:75:
                    bb:69:51:f2:83:72:0b:ce:44:25:30:da:c7:d7:0b:
                    7a:40:22:18:f9:68:84:b5:a5:f6:a5:dd:44:83:a6:
                    30:7c:60:91:cb:94:72:48:be:26:0e:49:ef:67:c3:
                    0a:d3:fd:68:fa:d6:f3:7a:7e:37:1f:b2:9f:44:53:
                    db:37:01:6b:65:80:cd:bb:fb:41:11:68:2f:79:45:
                    3b:40:4f:a1:26:65:d6:64:b0:e3:32:a5:08:0d:a4:
                    b3:1a:b0:12:78:8a:1a:a6:81:66:d6:8f:ec:47:c7:
                    e1:e5:e6:02:5a:cc:c9:2f:ad:78:8e:10:c9:43:85:
                    e1:ea:f9:06:eb:9b:45:6f:a2:98:48:96:b4:7f:d2:
                    79:ca:70:06:81:9c:00:45:39:d6:2c:66:36:17:62:
                    f4:7e:29:68:74:4a:29:6e:de:f9:cd:f8:77:10:25:
                    33:a9:8f:b4:bf:78:9d:85:d5:85:a9:cf:ac:a8:e7:
                    8a:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:55:64:E9:26:96:59:29:BB:17:06:59:2D:8A:96:C1:B3:61:4D:BB
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/J1Vk6SaWWSm7FwZZLYqWwbNhTbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.182.32.0/22
                  84.54.2.0/23
                  139.28.48.0/22
                  139.28.240.0/22
                  176.53.156.0/22
                  193.32.204.0/22
                  193.38.44.0/22
                  193.187.132.0/22
                  194.93.48.0/22
                  194.93.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:e3:08:8b:b4:f6:2e:90:af:8f:08:e1:f0:05:13:a0:47:3d:
         19:28:a9:98:a9:1a:45:46:00:89:58:1a:35:7d:a3:45:18:45:
         c7:41:e4:ad:06:c9:20:e6:6a:34:72:87:c8:2d:58:9b:97:dd:
         8c:39:55:a4:09:98:1f:85:41:9b:ed:99:b3:ff:5b:cc:5e:f6:
         5e:1e:68:30:e2:b2:3f:a6:a3:90:38:c6:54:14:9b:22:5d:da:
         ed:5a:64:b4:29:c3:23:a5:34:51:2a:fe:dc:70:7a:60:b1:90:
         4c:a8:18:47:99:4e:d1:c7:40:fb:9b:36:bf:40:13:b1:ce:b6:
         e2:19:93:dd:92:13:ea:0e:c3:6f:aa:59:72:5c:11:95:9f:b1:
         e5:0b:67:da:da:50:8f:1e:7d:c5:51:e3:93:71:82:56:e1:11:
         5b:d4:c3:da:23:88:ef:40:bd:31:61:36:fe:ee:3b:83:48:29:
         52:ee:db:1e:1d:54:05:74:99:a0:88:a7:17:92:6c:33:17:ee:
         3a:98:09:ac:40:6d:07:07:55:c4:75:80:eb:53:2f:5f:2b:14:
         92:66:7a:bf:2e:00:e3:42:9b:6e:a3:08:d5:a9:0d:99:3f:6e:
         71:34:b4:0f:8f:6f:2e:fa:3f:72:ff:10:9d:71:43:b9:a2:27:
         18:06:9c:63
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZQnBwYDKlVDW+K0yB3c56dJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjUwMTAyMTIzOTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzU1NjRlOTI2OTY1OTI5YmIxNzA2NTkyZDhhOTZjMWIzNjE0ZGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlW8BfO+bR3IJRhBWDT1O4ns/emlE
EJUejQ9ADF148pDhtnhFZG9uDPjKop1kMgc9/fbIR3VlNtaFuw4DFpyIlwFo6QzK
XDGaZXW7aVHyg3ILzkQlMNrH1wt6QCIY+WiEtaX2pd1Eg6YwfGCRy5RySL4mDknv
Z8MK0/1o+tbzen43H7KfRFPbNwFrZYDNu/tBEWgveUU7QE+hJmXWZLDjMqUIDaSz
GrASeIoapoFm1o/sR8fh5eYCWszJL614jhDJQ4Xh6vkG65tFb6KYSJa0f9J5ynAG
gZwARTnWLGY2F2L0filodEopbt75zfh3ECUzqY+0v3idhdWFqc+sqOeKqwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFCdVZOkmllkpuxcGWS2KlsGzYU27MB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvSjFWazZTYVdXU203RndaWkxZcVd3Yk5oVGJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCPrYgAwQB
VDYCAwQCixwwAwQCixzwAwQCsDWcAwQCwSDMAwQCwSYsAwQCwbuEAwQCwl0wAwQC
wl08MA0GCSqGSIb3DQEBCwUAA4IBAQBr4wiLtPYukK+PCOHwBROgRz0ZKKmYqRpF
RgCJWBo1faNFGEXHQeStBskg5mo0cofILVibl92MOVWkCZgfhUGb7Zmz/1vMXvZe
Hmgw4rI/pqOQOMZUFJsiXdrtWmS0KcMjpTRRKv7ccHpgsZBMqBhHmU7Rx0D7mza/
QBOxzrbiGZPdkhPqDsNvqllyXBGVn7HlC2fa2lCPHn3FUeOTcYJW4RFb1MPaI4jv
QL0xYTb+7juDSClS7tseHVQFdJmgiKcXkmwzF+46mAmsQG0HB1XEdYDrUy9fKxSS
Znq/LgDjQptuowjVqQ2ZP25xNLQPj28u+j9y/xCdcUO5oicYBpxj
-----END CERTIFICATE-----