Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/RHFw2h0BXugH2OtXbZmQczqjy30.roa
File:                     RHFw2h0BXugH2OtXbZmQczqjy30.roa (raw, json)
Hash identifier:          0D47Iy018Uga7/frUl76PdHD6S2MYzPVbII1E/ET8+Q=
Subject key identifier:   44:71:70:DA:1D:01:5E:E8:07:D8:EB:57:6D:99:90:73:3A:A3:CB:7D
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       019436F87212962A629EB845360BF648FF47
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/RHFw2h0BXugH2OtXbZmQczqjy30.roa
Signing time:             Sun 05 Jan 2025 14:57:19 +0000
ROA not before:           Sun 05 Jan 2025 14:57:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209737
IP address blocks:        5.133.102.0/24 maxlen: 24
                          5.133.103.0/24 maxlen: 24
                          37.221.76.0/24 maxlen: 24
                          37.221.78.0/24 maxlen: 24
                          37.221.79.0/24 maxlen: 24
                          85.235.72.0/24 maxlen: 24
                          85.235.73.0/24 maxlen: 24
                          85.235.74.0/24 maxlen: 24
                          93.190.8.0/24 maxlen: 24
                          176.96.130.0/24 maxlen: 24
                          193.17.5.0/24 maxlen: 24
                          193.111.76.0/24 maxlen: 24
                          193.111.78.0/24 maxlen: 24
                          217.18.208.0/24 maxlen: 24
                          217.18.211.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:36:f8:72:12:96:2a:62:9e:b8:45:36:0b:f6:48:ff:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Jan  5 14:57:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=447170da1d015ee807d8eb576d9990733aa3cb7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:1a:1e:93:24:38:cb:1d:02:ce:ac:7d:f9:e3:
                    10:51:04:5a:4c:2c:d9:40:0a:78:52:4a:25:62:da:
                    0b:39:fc:fd:9a:19:8f:96:67:cc:fb:66:ce:dd:ca:
                    81:e9:50:c8:84:44:3f:d3:ce:38:12:54:95:22:b5:
                    4a:8c:fb:74:88:87:c8:7a:17:ba:8a:42:87:4d:9f:
                    e9:6b:e7:1d:d7:65:a6:4c:1d:8c:e4:bb:50:28:e6:
                    6e:98:d7:17:82:ed:37:e9:d5:f4:8b:11:7b:79:b8:
                    42:c7:6e:66:ff:c8:10:4c:19:00:dc:09:2b:3d:74:
                    ab:a6:b9:3a:34:e4:4f:cc:6e:8e:78:9e:e5:19:23:
                    21:53:40:92:20:d5:41:8d:89:13:18:5e:ef:b3:1f:
                    0c:20:45:81:bc:b9:b9:df:df:6c:c8:cf:42:46:aa:
                    1b:7c:b5:c6:61:81:ca:7d:4e:95:f3:13:61:d6:63:
                    26:7c:fb:cb:ac:49:81:a0:0f:dd:31:18:c7:37:d2:
                    da:b7:10:08:84:22:dd:06:38:99:77:c8:8e:38:ff:
                    ad:bb:ef:14:66:a8:8f:4f:9b:78:07:b1:c4:e4:17:
                    4e:fd:9f:80:88:98:52:77:ea:0e:bd:48:90:ca:40:
                    66:3a:4e:bb:b5:1b:d4:3a:70:b9:03:eb:47:f3:98:
                    52:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:71:70:DA:1D:01:5E:E8:07:D8:EB:57:6D:99:90:73:3A:A3:CB:7D
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/RHFw2h0BXugH2OtXbZmQczqjy30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.102.0/23
                  37.221.76.0/24
                  37.221.78.0/23
                  85.235.72.0-85.235.74.255
                  93.190.8.0/24
                  176.96.130.0/24
                  193.17.5.0/24
                  193.111.76.0/24
                  193.111.78.0/24
                  217.18.208.0/24
                  217.18.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:83:43:b8:95:06:a6:d8:e9:cb:24:4c:1c:70:56:1a:da:e1:
         28:e7:30:8d:40:c0:0f:29:54:a3:db:3f:ee:27:60:4c:e7:6f:
         c4:c6:44:9f:2f:3e:9e:00:32:b0:04:5f:02:ab:40:e3:ae:7c:
         b2:b1:d7:a9:14:04:7f:56:55:c6:27:f4:e4:c9:6f:97:8b:2b:
         d6:eb:26:7c:ad:f0:28:09:c9:2a:05:1c:ef:65:3e:ce:e1:9a:
         03:35:47:56:60:a0:26:c1:0c:6f:b7:cc:39:99:4f:bb:bf:b6:
         af:56:b5:6a:8b:75:14:77:06:52:3c:02:26:b4:b9:b8:d4:01:
         95:3f:51:91:99:d4:03:c0:80:94:5d:c1:16:ca:b1:7e:a2:54:
         24:f6:47:30:02:03:8e:24:9e:7f:e0:91:b3:90:a7:5e:c4:9f:
         70:51:47:71:c9:8d:b4:cd:37:b0:1c:36:72:92:bc:91:ea:f6:
         41:4b:4e:dc:5a:6a:98:f4:fc:52:bb:6a:bf:c3:0b:f1:76:e3:
         eb:ac:d0:bb:14:9d:a4:28:d9:8e:38:3e:e1:cb:f5:7e:75:1c:
         11:40:d4:30:24:c3:06:bd:f8:f8:d7:7e:35:7a:d7:17:8b:00:
         2e:b1:cb:13:8f:e8:a9:48:1a:c2:b2:34:c4:3c:c9:19:39:f4:
         de:0c:31:bc
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZQ2+HISlipinrhFNgv2SP9HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjUwMTA1MTQ1NzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDcxNzBkYTFkMDE1ZWU4MDdkOGViNTc2ZDk5OTA3MzNhYTNjYjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRoekyQ4yx0Czqx9+eMQUQRaTCzZ
QAp4UkolYtoLOfz9mhmPlmfM+2bO3cqB6VDIhEQ/0844ElSVIrVKjPt0iIfIehe6
ikKHTZ/pa+cd12WmTB2M5LtQKOZumNcXgu036dX0ixF7ebhCx25m/8gQTBkA3Akr
PXSrprk6NORPzG6OeJ7lGSMhU0CSINVBjYkTGF7vsx8MIEWBvLm5399syM9CRqob
fLXGYYHKfU6V8xNh1mMmfPvLrEmBoA/dMRjHN9LatxAIhCLdBjiZd8iOOP+tu+8U
ZqiPT5t4B7HE5BdO/Z+AiJhSd+oOvUiQykBmOk67tRvUOnC5A+tH85hSjQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFERxcNodAV7oB9jrV22ZkHM6o8t9MB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvUkhGdzJoMEJYdWdIMk90WGJabVFjenFqeTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQBBYVmAwQA
Jd1MAwQBJd1OMAwDBANV60gDBABV60oDBABdvggDBACwYIIDBADBEQUDBADBb0wD
BADBb04DBADZEtADBADZEtMwDQYJKoZIhvcNAQELBQADggEBAJyDQ7iVBqbY6csk
TBxwVhra4SjnMI1AwA8pVKPbP+4nYEznb8TGRJ8vPp4AMrAEXwKrQOOufLKx16kU
BH9WVcYn9OTJb5eLK9brJnyt8CgJySoFHO9lPs7hmgM1R1ZgoCbBDG+3zDmZT7u/
tq9WtWqLdRR3BlI8Aia0ubjUAZU/UZGZ1APAgJRdwRbKsX6iVCT2RzACA44knn/g
kbOQp17En3BRR3HJjbTNN7AcNnKSvJHq9kFLTtxaapj0/FK7ar/DC/F24+us0LsU
naQo2Y44PuHL9X51HBFA1DAkwwa9+PjXfjV61xeLAC6xyxOP6KlIGsKyNMQ8yRk5
9N4MMbw=
-----END CERTIFICATE-----