Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/tqEkP06TxWpG4MiqzpDEapE2cyA.roa
File:                     tqEkP06TxWpG4MiqzpDEapE2cyA.roa (raw, json)
Hash identifier:          K21HSg2Lsak3A77TxggJbc0CdBSMR9z9tZNPEQKN7jY=
Subject key identifier:   B6:A1:24:3F:4E:93:C5:6A:46:E0:C8:AA:CE:90:C4:6A:91:36:73:20
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       01935F9C29593DA6D5E4058CBD95EE05AE01
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/tqEkP06TxWpG4MiqzpDEapE2cyA.roa
Signing time:             Sun 24 Nov 2024 19:18:09 +0000
ROA not before:           Sun 24 Nov 2024 19:18:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        85.235.72.0/24 maxlen: 24
                          85.235.73.0/24 maxlen: 24
                          85.235.74.0/24 maxlen: 24
                          93.190.8.0/24 maxlen: 24
                          93.190.10.0/24 maxlen: 24
                          93.190.11.0/24 maxlen: 24
                          185.254.52.0/24 maxlen: 24
                          193.17.4.0/24 maxlen: 24
                          193.17.5.0/24 maxlen: 24
                          193.17.6.0/24 maxlen: 24
                          193.17.7.0/24 maxlen: 24
                          193.111.76.0/24 maxlen: 24
                          193.111.77.0/24 maxlen: 24
                          193.111.78.0/24 maxlen: 24
                          193.111.79.0/24 maxlen: 24
                          217.18.208.0/24 maxlen: 24
                          217.18.209.0/24 maxlen: 24
                          217.18.210.0/24 maxlen: 24
                          217.18.211.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:5f:9c:29:59:3d:a6:d5:e4:05:8c:bd:95:ee:05:ae:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Nov 24 19:18:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6a1243f4e93c56a46e0c8aace90c46a91367320
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ed:12:31:f1:89:b1:e9:d6:1b:93:5d:72:19:
                    0f:fa:9c:1e:33:8d:9a:bc:14:7f:bf:b5:ff:a8:91:
                    10:65:31:33:91:c4:88:7f:d2:79:50:63:9a:dc:cc:
                    a1:fe:9d:86:19:ac:8a:97:a4:96:4b:d3:81:c6:1d:
                    b5:b2:0e:27:8a:43:91:cc:a7:f8:1e:52:6b:8d:a7:
                    04:09:52:d6:38:6f:86:4c:34:db:47:c1:33:37:ca:
                    5e:ca:03:dd:e0:63:25:8e:5e:59:90:bf:87:9a:f6:
                    2f:4c:3d:92:67:d9:9b:9b:d3:bf:cc:93:87:6d:0c:
                    60:c1:84:84:12:3e:d2:1a:f9:b6:8f:e5:f6:fc:01:
                    62:b1:27:38:f9:44:dd:22:a5:71:c2:54:9d:19:69:
                    70:81:49:41:e8:67:05:64:6c:2b:83:eb:89:f3:bb:
                    ad:81:63:8a:56:5c:a7:20:aa:4b:5d:fa:d4:45:3e:
                    77:6d:df:81:0f:b7:22:9d:30:f5:c6:29:e4:0e:b1:
                    9c:58:51:51:f4:8f:ef:fe:2f:59:14:99:67:c4:8b:
                    c0:de:1c:2e:f5:04:ae:7d:18:a0:77:72:03:24:47:
                    02:71:80:0a:02:21:14:f9:e6:3f:4d:9c:fc:20:1a:
                    92:90:0a:b5:93:af:72:16:d0:a2:17:f0:ab:3c:90:
                    3d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:A1:24:3F:4E:93:C5:6A:46:E0:C8:AA:CE:90:C4:6A:91:36:73:20
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/tqEkP06TxWpG4MiqzpDEapE2cyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.235.72.0-85.235.74.255
                  93.190.8.0/24
                  93.190.10.0/23
                  185.254.52.0/24
                  193.17.4.0/22
                  193.111.76.0/22
                  217.18.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:7c:00:25:5d:9e:34:4f:86:68:3a:5f:7a:c0:da:5b:3e:93:
         e3:89:c9:53:67:7d:6c:09:82:4f:7d:2b:cc:0d:d5:10:18:35:
         40:e7:da:fb:c5:25:38:06:71:30:7b:1f:7e:e5:76:2d:dd:ae:
         f8:34:68:0c:54:7f:11:83:54:e9:fa:79:79:cf:60:b6:4b:2e:
         11:46:43:b7:d7:f6:a0:2a:26:03:63:36:46:9d:a9:a3:85:61:
         55:30:6b:b9:f6:d0:21:2a:c1:0a:29:56:2c:e0:23:86:e8:d7:
         f4:60:a8:2b:3e:d0:1f:a2:5b:e7:36:6d:f7:95:b3:05:bb:45:
         dc:d7:3e:d9:42:83:56:c9:86:62:3c:15:92:98:1f:28:c6:aa:
         84:6e:cc:ff:33:d5:e3:97:29:52:59:32:ba:8d:ea:c3:e0:1c:
         d9:03:74:1c:a4:88:e6:98:43:4d:b7:05:4e:3d:70:9d:53:6e:
         0b:b4:fa:53:68:77:50:33:b3:d7:e2:16:62:88:7e:00:eb:12:
         00:66:d8:19:dc:9a:73:c9:80:73:8d:57:8c:79:e3:7b:e2:9b:
         fe:8d:45:80:2b:0c:56:d5:1b:5f:0d:57:ca:57:67:fb:5b:51:
         f8:9b:02:52:06:be:e1:8c:f6:b4:2b:b9:bc:f7:73:15:fe:2c:
         68:36:c9:b9
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZNfnClZPabV5AWMvZXuBa4BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjQxMTI0MTkxODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmExMjQzZjRlOTNjNTZhNDZlMGM4YWFjZTkwYzQ2YTkxMzY3MzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAme0SMfGJsenWG5NdchkP+pweM42a
vBR/v7X/qJEQZTEzkcSIf9J5UGOa3Myh/p2GGayKl6SWS9OBxh21sg4nikORzKf4
HlJrjacECVLWOG+GTDTbR8EzN8peygPd4GMljl5ZkL+HmvYvTD2SZ9mbm9O/zJOH
bQxgwYSEEj7SGvm2j+X2/AFisSc4+UTdIqVxwlSdGWlwgUlB6GcFZGwrg+uJ87ut
gWOKVlynIKpLXfrURT53bd+BD7cinTD1xinkDrGcWFFR9I/v/i9ZFJlnxIvA3hwu
9QSufRigd3IDJEcCcYAKAiEU+eY/TZz8IBqSkAq1k69yFtCiF/CrPJA9FQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFLahJD9Ok8VqRuDIqs6QxGqRNnMgMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvdHFFa1AwNlR4V3BHNE1pcXpwREVhcEUyY3lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyMAwDBANV60gD
BABV60oDBABdvggDBAFdvgoDBAC5/jQDBALBEQQDBALBb0wDBALZEtAwDQYJKoZI
hvcNAQELBQADggEBAC18ACVdnjRPhmg6X3rA2ls+k+OJyVNnfWwJgk99K8wN1RAY
NUDn2vvFJTgGcTB7H37ldi3drvg0aAxUfxGDVOn6eXnPYLZLLhFGQ7fX9qAqJgNj
NkadqaOFYVUwa7n20CEqwQopVizgI4bo1/RgqCs+0B+iW+c2bfeVswW7RdzXPtlC
g1bJhmI8FZKYHyjGqoRuzP8z1eOXKVJZMrqN6sPgHNkDdBykiOaYQ023BU49cJ1T
bgu0+lNod1Azs9fiFmKIfgDrEgBm2BncmnPJgHONV4x543vim/6NRYArDFbVG18N
V8pXZ/tbUfibAlIGvuGM9rQrubz3cxX+LGg2ybk=
-----END CERTIFICATE-----