Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/rSA2u359rZBVIKifvaWfGQqOHyE.roa
File:                     rSA2u359rZBVIKifvaWfGQqOHyE.roa (raw, json)
Hash identifier:          hzDV/6FYhAIHn4jDGfN/Ns0++4JJruSJthn7ofS/Qx0=
Subject key identifier:   AD:20:36:BB:7E:7D:AD:90:55:20:A8:9F:BD:A5:9F:19:0A:8E:1F:21
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       01942067BEDEE09BD38FD5824CD008D71D40
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/rSA2u359rZBVIKifvaWfGQqOHyE.roa
Signing time:             Wed 01 Jan 2025 05:47:37 +0000
ROA not before:           Wed 01 Jan 2025 05:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12429
IP address blocks:        188.92.48.0/21 maxlen: 22
                          188.92.48.0/22 maxlen: 22
                          193.222.64.0/19 maxlen: 20
                          193.223.20.0/22 maxlen: 22
                          193.223.24.0/22 maxlen: 22
                          193.223.44.0/22 maxlen: 22
                          193.223.48.0/20 maxlen: 20
                          193.246.32.0/21 maxlen: 21
                          193.246.40.0/21 maxlen: 21
                          193.246.208.0/20 maxlen: 20
                          193.247.246.0/24 maxlen: 24
                          194.11.144.0/21 maxlen: 24
                          2a02:a90::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:be:de:e0:9b:d3:8f:d5:82:4c:d0:08:d7:1d:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 05:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad2036bb7e7dad905520a89fbda59f190a8e1f21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d9:8c:4f:a1:7f:b9:e2:38:dc:43:84:f3:5a:
                    2d:3d:78:a4:19:22:ac:2a:26:81:1d:95:bd:82:7d:
                    05:eb:4c:0f:c3:da:96:b7:85:fa:af:49:e3:f4:82:
                    28:d3:c0:f9:bd:41:59:83:75:09:dd:5c:5d:7f:7f:
                    1e:9d:8e:21:20:3c:71:82:86:19:e0:4a:84:1b:d2:
                    49:18:00:c2:da:d6:4a:56:e0:63:33:ae:1e:0a:e9:
                    95:e8:ea:38:22:66:ec:f7:ef:62:fe:19:19:59:07:
                    3e:0f:89:8c:87:fb:76:35:37:c9:7a:be:e3:d7:c7:
                    2e:ee:67:4d:53:06:8c:75:c6:4d:4f:8e:5c:e5:f6:
                    26:ae:c7:37:66:dd:45:d5:b0:7e:c8:cf:fd:0b:ce:
                    34:b9:65:60:62:54:bb:70:93:8e:f4:f1:89:fe:99:
                    be:fc:63:19:39:36:c8:23:ff:6a:42:46:f5:b3:ac:
                    7b:6b:b7:d4:19:ce:d3:ea:44:02:1b:af:94:2d:46:
                    e0:8b:32:d5:c5:a2:24:64:6a:29:d4:78:ae:66:5b:
                    2a:a5:1b:78:d4:3a:cb:66:97:3b:62:5b:34:b1:0b:
                    2d:e0:1d:83:8e:1c:78:13:0f:6f:83:a3:af:a8:e7:
                    d1:46:b1:c3:44:89:14:9e:55:5b:e3:18:d5:c8:c6:
                    3e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:20:36:BB:7E:7D:AD:90:55:20:A8:9F:BD:A5:9F:19:0A:8E:1F:21
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/rSA2u359rZBVIKifvaWfGQqOHyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.92.48.0/21
                  193.222.64.0/19
                  193.223.20.0-193.223.27.255
                  193.223.44.0-193.223.63.255
                  193.246.32.0/20
                  193.246.208.0/20
                  193.247.246.0/24
                  194.11.144.0/21
                IPv6:
                  2a02:a90::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:d4:ed:f0:16:26:66:fd:35:88:ca:93:0e:80:f0:db:b4:ec:
         30:f8:9c:fb:ef:0c:a2:48:c6:3f:45:83:db:9c:b2:94:e5:b8:
         c6:e0:b3:86:05:bb:b8:2c:46:ee:56:c8:d1:02:1d:b7:b3:a4:
         c3:3c:45:ed:e5:93:f8:d4:d4:18:f0:7d:20:b6:07:44:41:16:
         b3:0e:d4:47:db:2b:f0:9a:c8:15:34:c8:d1:c9:83:b4:b4:49:
         58:40:37:26:61:d4:59:b8:74:ba:ac:93:6b:07:69:55:e1:88:
         6b:1e:d2:2d:cf:eb:34:24:e9:22:d1:06:1a:09:d4:79:2d:9c:
         aa:cb:f9:14:1f:b5:fb:a3:39:c9:02:2f:44:51:f6:de:88:70:
         d0:c0:49:48:d8:9b:21:62:6d:5d:d9:0b:ca:55:5e:59:75:a5:
         00:17:bb:9e:27:7e:b3:94:0c:42:e8:9a:c0:02:03:b0:05:c7:
         41:2a:f1:ee:9a:53:2e:3e:df:37:4f:dd:58:b4:83:56:ef:4e:
         56:0d:f6:6c:b2:75:66:68:64:c3:3c:00:67:c6:d7:3d:46:bc:
         d5:8b:6a:b2:e6:e1:06:07:ab:69:8c:a8:21:dd:8b:7a:9d:f7:
         de:97:ed:45:cd:28:6b:c9:fc:98:46:59:e0:31:01:8a:9c:44:
         1d:95:22:40
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAZQgZ77e4JvTj9WCTNAI1x1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjUwMTAxMDU0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDIwMzZiYjdlN2RhZDkwNTUyMGE4OWZiZGE1OWYxOTBhOGUxZjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdmMT6F/ueI43EOE81otPXikGSKs
KiaBHZW9gn0F60wPw9qWt4X6r0nj9IIo08D5vUFZg3UJ3Vxdf38enY4hIDxxgoYZ
4EqEG9JJGADC2tZKVuBjM64eCumV6Oo4Imbs9+9i/hkZWQc+D4mMh/t2NTfJer7j
18cu7mdNUwaMdcZNT45c5fYmrsc3Zt1F1bB+yM/9C840uWVgYlS7cJOO9PGJ/pm+
/GMZOTbII/9qQkb1s6x7a7fUGc7T6kQCG6+ULUbgizLVxaIkZGop1HiuZlsqpRt4
1DrLZpc7Yls0sQst4B2Djhx4Ew9vg6OvqOfRRrHDRIkUnlVb4xjVyMY+EwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFK0gNrt+fa2QVSCon72lnxkKjh8hMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvclNBMnUzNTlyWkJWSUtpZnZhV2ZHUXFPSHlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAAwQDvFwwAwQF
wd5AMAwDBALB3xQDBALB3xgwDAMEAsHfLAMEBsHfAAMEBMH2IAMEBMH20AMEAMH3
9gMEA8ILkDANBAIAAjAHAwUAKgIKkDANBgkqhkiG9w0BAQsFAAOCAQEAb9Tt8BYm
Zv01iMqTDoDw27TsMPic++8MokjGP0WD25yylOW4xuCzhgW7uCxG7lbI0QIdt7Ok
wzxF7eWT+NTUGPB9ILYHREEWsw7UR9sr8JrIFTTI0cmDtLRJWEA3JmHUWbh0uqyT
awdpVeGIax7SLc/rNCTpItEGGgnUeS2cqsv5FB+1+6M5yQIvRFH23ohw0MBJSNib
IWJtXdkLylVeWXWlABe7nid+s5QMQuiawAIDsAXHQSrx7ppTLj7fN0/dWLSDVu9O
Vg32bLJ1ZmhkwzwAZ8bXPUa81YtqsubhBgeraYyoId2Lep333pftRc0oa8n8mEZZ
4DEBipxEHZUiQA==
-----END CERTIFICATE-----