Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/mIT5DmqGQht-JnhwhNnlAzgqNPU.roa
File:                     mIT5DmqGQht-JnhwhNnlAzgqNPU.roa (raw, json)
Hash identifier:          y3sflfACtOqQRH5AEBI+ga3V3b9rw17vFg0n6hBC3W8=
Subject key identifier:   98:84:F9:0E:6A:86:42:1B:7E:26:78:70:84:D9:E5:03:38:2A:34:F5
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       018D22E33385C30E3F65CAAD062DABBECAE0
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/mIT5DmqGQht-JnhwhNnlAzgqNPU.roa
Signing time:             Fri 19 Jan 2024 18:02:11 +0000
ROA not before:           Fri 19 Jan 2024 18:02:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        37.49.145.0/24 maxlen: 24
                          37.49.146.0/24 maxlen: 24
                          37.49.147.0/24 maxlen: 24
                          37.49.151.0/24 maxlen: 24
                          94.74.147.0/24 maxlen: 24
                          94.74.168.0/24 maxlen: 24
                          94.74.173.0/24 maxlen: 24
                          109.203.161.0/24 maxlen: 24
                          109.203.164.0/24 maxlen: 24
                          109.203.166.0/24 maxlen: 24
                          176.46.129.0/24 maxlen: 24
                          176.46.130.0/24 maxlen: 24
                          176.46.133.0/24 maxlen: 24
                          176.46.134.0/24 maxlen: 24
                          176.46.135.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:22:e3:33:85:c3:0e:3f:65:ca:ad:06:2d:ab:be:ca:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: Jan 19 18:02:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9884f90e6a86421b7e26787084d9e503382a34f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:0e:8a:19:71:26:0a:a3:2d:2a:15:fd:32:a8:
                    61:dc:78:a4:4e:8b:0f:d0:71:55:d8:4a:07:13:f3:
                    d9:9d:56:bb:35:47:f6:36:cc:db:a7:6f:a0:50:8a:
                    0e:f1:c2:c3:24:dd:46:1d:bb:41:69:8a:53:92:3f:
                    01:9d:d3:b2:02:da:f9:11:f1:60:51:89:3e:fc:d9:
                    fb:6f:bc:90:78:4d:d8:a3:aa:6e:fa:8b:1b:76:55:
                    d6:17:9b:a4:bf:0f:e3:88:5c:3d:3b:d1:80:77:91:
                    5d:ee:f4:c1:b7:52:4f:64:57:28:6f:99:54:8a:1e:
                    ab:0f:71:f2:d5:50:c8:63:63:b0:8a:18:6d:ee:92:
                    b6:f9:38:55:15:68:84:b1:d1:a2:c5:58:a7:08:ba:
                    cc:a3:6e:5c:48:ac:2f:06:21:f8:df:4b:20:2d:5b:
                    71:72:11:71:e8:6a:37:27:38:62:e7:57:30:e5:90:
                    61:14:56:76:84:3d:64:40:07:42:2e:3a:bc:60:26:
                    9c:5f:b3:52:b3:39:cf:83:e7:94:4d:4d:f2:0f:5d:
                    c9:cc:18:37:2a:4d:35:88:d5:ae:56:e2:74:0c:be:
                    ad:32:b0:fb:25:32:13:4f:17:20:52:c0:49:32:bc:
                    2b:8a:42:4f:87:b7:c4:f0:7f:2e:49:ae:68:02:86:
                    0d:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:84:F9:0E:6A:86:42:1B:7E:26:78:70:84:D9:E5:03:38:2A:34:F5
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/mIT5DmqGQht-JnhwhNnlAzgqNPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.49.145.0-37.49.147.255
                  37.49.151.0/24
                  94.74.147.0/24
                  94.74.168.0/24
                  94.74.173.0/24
                  109.203.161.0/24
                  109.203.164.0/24
                  109.203.166.0/24
                  176.46.129.0-176.46.130.255
                  176.46.133.0-176.46.135.255

    Signature Algorithm: sha256WithRSAEncryption
         8f:41:33:39:38:2d:2e:4c:ae:80:6c:11:5a:73:1a:04:71:a8:
         12:0c:62:ea:94:55:a4:34:fa:c8:af:63:92:a4:59:de:94:52:
         06:6e:0d:cb:f8:2d:92:7f:05:c2:7f:d3:87:76:c9:e8:2f:e1:
         d6:b2:ff:5c:cd:e2:86:22:3b:48:8f:b4:d6:a3:ce:06:c3:4e:
         13:45:ce:91:c8:fc:04:b4:55:8f:d1:d4:4e:48:41:c3:ac:1c:
         8c:31:c6:fc:53:06:0c:19:8e:21:5e:87:c7:c9:12:a2:31:05:
         a8:47:ff:b3:d9:19:19:4c:f7:50:93:72:2c:1d:93:0e:84:f3:
         9b:93:bf:ad:e3:2d:67:97:d3:86:aa:86:03:42:3b:67:e4:4b:
         1f:2d:19:6e:7d:6c:d8:9b:63:85:07:79:af:73:c2:0e:6a:78:
         53:bb:03:7f:8e:9a:21:90:b5:49:9e:2f:11:84:4d:75:a9:96:
         a2:85:5b:65:9c:99:75:5e:03:65:f3:6e:46:ef:31:d7:58:ea:
         b8:31:c2:ec:b1:b1:23:71:74:24:8a:74:a1:21:81:30:73:32:
         01:6f:4e:35:cd:9b:76:64:2a:37:09:62:c8:c8:c1:b2:ae:d3:
         47:8e:7b:04:50:48:cf:14:ca:d9:87:c3:c9:3d:e3:0c:5c:42:
         0f:70:8d:72
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAY0i4zOFww4/ZcqtBi2rvsrgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjQwMTE5MTgwMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODg0ZjkwZTZhODY0MjFiN2UyNjc4NzA4NGQ5ZTUwMzM4MmEzNGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8g6KGXEmCqMtKhX9Mqhh3HikTosP
0HFV2EoHE/PZnVa7NUf2Nszbp2+gUIoO8cLDJN1GHbtBaYpTkj8BndOyAtr5EfFg
UYk+/Nn7b7yQeE3Yo6pu+osbdlXWF5ukvw/jiFw9O9GAd5Fd7vTBt1JPZFcob5lU
ih6rD3Hy1VDIY2Owihht7pK2+ThVFWiEsdGixVinCLrMo25cSKwvBiH430sgLVtx
chFx6Go3Jzhi51cw5ZBhFFZ2hD1kQAdCLjq8YCacX7NSsznPg+eUTU3yD13JzBg3
Kk01iNWuVuJ0DL6tMrD7JTITTxcgUsBJMrwrikJPh7fE8H8uSa5oAoYN5QIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFJiE+Q5qhkIbfiZ4cITZ5QM4KjT1MB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvbUlUNURtcUdRaHQtSm5od2hObmxBemdxTlBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUMAwDBAAlMZED
BAIlMZADBAAlMZcDBABeSpMDBABeSqgDBABeSq0DBABty6EDBABty6QDBABty6Yw
DAMEALAugQMEALAugjAMAwQAsC6FAwQDsC6AMA0GCSqGSIb3DQEBCwUAA4IBAQCP
QTM5OC0uTK6AbBFacxoEcagSDGLqlFWkNPrIr2OSpFnelFIGbg3L+C2SfwXCf9OH
dsnoL+HWsv9czeKGIjtIj7TWo84Gw04TRc6RyPwEtFWP0dROSEHDrByMMcb8UwYM
GY4hXofHyRKiMQWoR/+z2RkZTPdQk3IsHZMOhPObk7+t4y1nl9OGqoYDQjtn5Esf
LRlufWzYm2OFB3mvc8IOanhTuwN/jpohkLVJni8RhE11qZaihVtlnJl1XgNl825G
7zHXWOq4McLssbEjcXQkinShIYEwczIBb041zZt2ZCo3CWLIyMGyrtNHjnsEUEjP
FMrZh8PJPeMMXEIPcI1y
-----END CERTIFICATE-----