Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/ECREWCSjB2P9M1NdQJkNhFBrz0I.roa
File:                     ECREWCSjB2P9M1NdQJkNhFBrz0I.roa (raw, json)
Hash identifier:          +tEm/N3DaMPpPkId6V2tgAfvUGEuMx60jSfnQrCgr48=
Subject key identifier:   10:24:44:58:24:A3:07:63:FD:33:53:5D:40:99:0D:84:50:6B:CF:42
Certificate issuer:       /CN=77eda8f726a69b504de994943b0a5f2308c2a96b
Certificate serial:       01951802AB5DB7C3BBC8CF3B52F95347FBD1
Authority key identifier: 77:ED:A8:F7:26:A6:9B:50:4D:E9:94:94:3B:0A:5F:23:08:C2:A9:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/ECREWCSjB2P9M1NdQJkNhFBrz0I.roa
Signing time:             Tue 18 Feb 2025 07:43:02 +0000
ROA not before:           Tue 18 Feb 2025 07:43:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20765
IP address blocks:        139.3.0.0/16 maxlen: 16
                          185.84.216.0/22 maxlen: 24
                          185.84.216.0/24 maxlen: 24
                          185.84.219.0/24 maxlen: 24
                          193.96.96.0/21 maxlen: 24
                          194.45.0.0/22 maxlen: 22
                          194.45.6.0/23 maxlen: 23
                          194.115.4.0/24 maxlen: 24
                          2a05:a880:8000::/40 maxlen: 40
                          2a05:a880:de10::/48 maxlen: 48
                          2a05:a880:de52::/48 maxlen: 48
                          2a05:a880:de56::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:18:02:ab:5d:b7:c3:bb:c8:cf:3b:52:f9:53:47:fb:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77eda8f726a69b504de994943b0a5f2308c2a96b
        Validity
            Not Before: Feb 18 07:43:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1024445824a30763fd33535d40990d84506bcf42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:0a:74:96:b5:79:0c:36:8c:79:25:f2:bc:8c:
                    74:80:8f:e8:57:98:0d:0e:63:53:1d:c5:d6:e2:f7:
                    a3:ce:e6:88:7c:b8:ca:41:01:a1:e0:00:5a:f6:5e:
                    b6:aa:52:b6:68:3f:99:e2:63:ac:08:27:3c:c2:f7:
                    60:92:e7:7a:32:38:99:87:77:18:f2:e5:1a:05:7a:
                    ec:42:77:d9:02:be:38:23:2d:b9:58:ed:54:9d:27:
                    bd:63:b2:91:fe:82:2c:6a:3a:40:3e:37:06:d5:24:
                    41:8a:ec:8d:b4:68:d3:82:f3:a0:6e:d8:9b:5e:ee:
                    7c:a5:fd:1e:1d:ee:41:f4:92:74:22:f7:d8:bf:0f:
                    ab:65:69:b1:e5:be:ab:07:52:94:8f:08:b7:a1:c4:
                    ec:38:39:23:71:7d:a9:b0:26:e7:fa:68:e4:89:c7:
                    05:fd:da:c1:8f:16:4c:b9:70:9d:c6:1f:b1:c9:cf:
                    dd:30:c1:b6:bc:39:73:37:0d:28:30:b4:0e:96:35:
                    91:dc:fb:86:88:0d:13:30:28:d3:e9:7f:11:cb:ad:
                    47:01:81:6e:cd:99:d8:cc:21:de:3a:17:cc:a1:35:
                    fc:28:33:8c:f4:59:3c:75:ba:11:ee:50:64:99:b9:
                    4a:60:99:57:68:c3:ed:14:66:e6:bf:bf:ec:97:d9:
                    56:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:24:44:58:24:A3:07:63:FD:33:53:5D:40:99:0D:84:50:6B:CF:42
            X509v3 Authority Key Identifier:
                keyid:77:ED:A8:F7:26:A6:9B:50:4D:E9:94:94:3B:0A:5F:23:08:C2:A9:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/ECREWCSjB2P9M1NdQJkNhFBrz0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/d-2o9yamm1BN6ZSUOwpfIwjCqWs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.3.0.0/16
                  185.84.216.0/22
                  193.96.96.0/21
                  194.45.0.0/22
                  194.45.6.0/23
                  194.115.4.0/24
                IPv6:
                  2a05:a880:8000::/40
                  2a05:a880:de10::/48
                  2a05:a880:de52::/48
                  2a05:a880:de56::/48

    Signature Algorithm: sha256WithRSAEncryption
         b0:a0:f5:50:e4:2a:dc:ed:fc:7b:9b:6e:0c:b2:0c:f7:c5:dc:
         62:bc:ae:c2:f2:b9:c7:7a:a2:00:b3:cd:13:de:b9:6a:f8:85:
         9b:95:4c:f6:c4:eb:0c:f1:de:8c:da:24:c2:71:5d:d0:37:4b:
         13:b4:d8:f3:7e:13:34:91:d8:30:ee:0d:58:83:af:bd:8f:74:
         d8:2e:67:55:e1:39:37:6e:8a:ba:86:a7:ba:f8:52:55:56:21:
         94:07:1c:fe:e5:a0:3a:af:a6:0d:16:a4:d6:e3:e7:54:36:97:
         43:22:fa:9a:27:3a:3e:c4:84:3e:d4:e9:4f:97:2b:e8:58:11:
         24:9d:5f:2d:c8:3b:e7:6b:42:93:c1:37:4d:ff:d7:cf:e0:c2:
         c9:56:4b:c3:da:fe:5e:7f:f1:a0:a6:cc:1b:21:aa:d3:37:a4:
         79:14:22:fc:80:1c:7a:78:e7:b3:fa:08:59:04:ed:a7:a9:73:
         6b:42:65:1c:15:55:b6:fc:03:60:cc:c8:f5:21:96:14:d9:1e:
         c1:15:c3:16:48:a8:11:32:13:5e:7f:51:4f:86:c5:8f:2c:d8:
         3d:23:79:10:ed:79:78:11:f1:43:4f:d7:19:1d:30:06:e4:26:
         a8:fb:9a:c2:09:70:80:a6:af:94:a7:df:0f:99:70:e1:c1:37:
         83:bc:bf:2b
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZUYAqtdt8O7yM87UvlTR/vRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZWRhOGY3MjZhNjliNTA0ZGU5OTQ5NDNiMGE1ZjIzMDhj
MmE5NmIwHhcNMjUwMjE4MDc0MzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDI0NDQ1ODI0YTMwNzYzZmQzMzUzNWQ0MDk5MGQ4NDUwNmJjZjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAygp0lrV5DDaMeSXyvIx0gI/oV5gN
DmNTHcXW4vejzuaIfLjKQQGh4ABa9l62qlK2aD+Z4mOsCCc8wvdgkud6MjiZh3cY
8uUaBXrsQnfZAr44Iy25WO1UnSe9Y7KR/oIsajpAPjcG1SRBiuyNtGjTgvOgbtib
Xu58pf0eHe5B9JJ0IvfYvw+rZWmx5b6rB1KUjwi3ocTsODkjcX2psCbn+mjkiccF
/drBjxZMuXCdxh+xyc/dMMG2vDlzNw0oMLQOljWR3PuGiA0TMCjT6X8Ry61HAYFu
zZnYzCHeOhfMoTX8KDOM9Fk8dboR7lBkmblKYJlXaMPtFGbmv7/sl9lWCwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFBAkRFgkowdj/TNTXUCZDYRQa89CMB8GA1UdIwQY
MBaAFHftqPcmpptQTemUlDsKXyMIwqlrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZC0ybzl5YW1tMUJONlpTVU93cGZJd2pDcVdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi83Mjc2ZjMtYzg4ZS00ODE5LTllNTkt
NjA4NGNmYzZlNGM0LzEvRUNSRVdDU2pCMlA5TTFOZFFKa05oRkJyejBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi83Mjc2ZjMtYzg4ZS00ODE5LTllNTktNjA4NGNmYzZlNGM0
LzEvZC0ybzl5YW1tMUJONlpTVU93cGZJd2pDcVdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjApBAIAATAjAwMAiwMDBAK5
VNgDBAPBYGADBALCLQADBAHCLQYDBADCcwQwKQQCAAIwIwMGACoFqICAAwcAKgWo
gN4QAwcAKgWogN5SAwcAKgWogN5WMA0GCSqGSIb3DQEBCwUAA4IBAQCwoPVQ5Crc
7fx7m24Msgz3xdxivK7C8rnHeqIAs80T3rlq+IWblUz2xOsM8d6M2iTCcV3QN0sT
tNjzfhM0kdgw7g1Yg6+9j3TYLmdV4Tk3boq6hqe6+FJVViGUBxz+5aA6r6YNFqTW
4+dUNpdDIvqaJzo+xIQ+1OlPlyvoWBEknV8tyDvna0KTwTdN/9fP4MLJVkvD2v5e
f/GgpswbIarTN6R5FCL8gBx6eOez+ghZBO2nqXNrQmUcFVW2/ANgzMj1IZYU2R7B
FcMWSKgRMhNef1FPhsWPLNg9I3kQ7Xl4EfFDT9cZHTAG5Cao+5rCCXCApq+Up98P
mXDhwTeDvL8r
-----END CERTIFICATE-----