Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/3KNWi4PLke2pc0vhx5QOX6ZuOCA.roa
File:                     3KNWi4PLke2pc0vhx5QOX6ZuOCA.roa (raw, json)
Hash identifier:          tpM6u4qaCB/SIK4Ynv1MNnqK+07Rhub80n1mFXvkjwo=
Subject key identifier:   DC:A3:56:8B:83:CB:91:ED:A9:73:4B:E1:C7:94:0E:5F:A6:6E:38:20
Certificate issuer:       /CN=d26a4409ea91f506d633871c6c35540d460337d1
Certificate serial:       019427480DB3228E9D28E0055B5BE291148D
Authority key identifier: D2:6A:44:09:EA:91:F5:06:D6:33:87:1C:6C:35:54:0D:46:03:37:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/3KNWi4PLke2pc0vhx5QOX6ZuOCA.roa
Signing time:             Thu 02 Jan 2025 13:50:20 +0000
ROA not before:           Thu 02 Jan 2025 13:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60203
IP address blocks:        5.45.160.0/21 maxlen: 21
                          5.45.160.0/24 maxlen: 24
                          5.45.165.0/24 maxlen: 24
                          5.45.166.0/24 maxlen: 24
                          5.45.168.0/21 maxlen: 21
                          5.45.168.0/22 maxlen: 22
                          5.45.169.0/24 maxlen: 24
                          5.45.172.0/24 maxlen: 24
                          5.45.174.0/23 maxlen: 23
                          5.61.200.0/23 maxlen: 23
                          171.22.8.0/24 maxlen: 24
                          171.22.9.0/24 maxlen: 24
                          171.22.10.0/24 maxlen: 24
                          171.22.11.0/24 maxlen: 24
                          185.43.72.0/24 maxlen: 24
                          185.43.73.0/24 maxlen: 24
                          185.43.74.0/23 maxlen: 23
                          185.62.20.0/24 maxlen: 24
                          185.62.21.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:0d:b3:22:8e:9d:28:e0:05:5b:5b:e2:91:14:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d26a4409ea91f506d633871c6c35540d460337d1
        Validity
            Not Before: Jan  2 13:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dca3568b83cb91eda9734be1c7940e5fa66e3820
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:87:97:c9:4a:35:9d:8f:c8:87:4b:9a:67:33:
                    38:09:b1:79:4c:cf:70:0e:05:fd:de:a7:e1:92:2d:
                    52:55:0d:40:00:a5:ba:d4:d2:70:08:56:47:7e:ac:
                    37:be:00:80:7b:77:c1:16:39:17:88:7a:25:9e:c8:
                    f2:e3:5e:b0:e4:30:a5:d0:ea:fa:49:19:76:5b:72:
                    57:2a:8d:53:aa:cd:ff:dc:b3:e7:ce:bf:d4:cf:84:
                    a5:7f:16:f8:c7:b7:02:7a:81:00:48:c3:af:43:39:
                    9c:f5:95:0d:aa:b0:91:85:4c:4d:94:83:a7:95:e4:
                    0e:20:d7:f8:4a:a6:f6:6a:d9:0d:f0:d3:08:29:3d:
                    0e:91:a4:48:42:24:15:65:c3:03:f8:5a:bf:9e:a1:
                    d8:b8:2b:e2:30:80:3e:ca:be:14:00:b1:31:be:72:
                    75:66:03:a3:da:e0:cc:15:91:f6:7a:b2:25:f5:bf:
                    3a:ab:cb:46:92:27:5b:5e:c1:34:52:41:21:8b:68:
                    88:72:43:b6:59:4f:eb:fb:66:d3:c6:4f:d6:c3:30:
                    94:fc:1d:ff:5c:fa:9b:0f:08:ec:8c:a2:06:8a:9d:
                    84:74:64:47:a5:ae:ac:5d:57:6b:14:c3:31:1a:9e:
                    a0:db:e8:92:27:7f:34:17:3f:a7:42:7a:eb:49:e9:
                    47:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:A3:56:8B:83:CB:91:ED:A9:73:4B:E1:C7:94:0E:5F:A6:6E:38:20
            X509v3 Authority Key Identifier:
                keyid:D2:6A:44:09:EA:91:F5:06:D6:33:87:1C:6C:35:54:0D:46:03:37:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/3KNWi4PLke2pc0vhx5QOX6ZuOCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/0mpECeqR9QbWM4ccbDVUDUYDN9E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.45.160.0/20
                  5.61.200.0/23
                  171.22.8.0/22
                  185.43.72.0/22
                  185.62.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:16:6c:1f:9d:29:6c:15:38:9f:fb:58:4b:b3:fa:6c:aa:c3:
         88:7b:53:01:2c:a5:ef:e6:bd:62:1e:7c:3f:2b:1d:1e:34:d2:
         a0:f2:9c:ed:8e:bd:73:4b:08:95:90:fb:85:d7:a5:bd:95:08:
         1d:83:a7:b7:36:5f:6c:e9:9d:f1:fe:f8:49:ce:cc:16:c9:fe:
         02:c9:58:6a:71:56:a5:5c:4c:84:f5:56:00:27:07:93:91:33:
         0c:5a:0d:6b:30:e0:aa:c7:f5:a0:3e:f0:1b:5d:13:19:cb:9d:
         ba:c1:34:f2:05:d4:5b:a2:3b:77:9f:36:e4:b2:b3:8f:d5:35:
         27:23:b8:43:00:a6:b9:24:fc:8f:ee:7b:ba:32:ae:e7:cb:fb:
         7b:bc:92:43:74:21:08:b4:7c:4d:3c:10:f0:68:1d:9e:fe:cd:
         63:6a:4c:2f:36:b5:3a:20:50:3b:77:fc:da:d8:f7:1d:ce:4a:
         5d:9d:62:87:03:63:ff:53:e6:64:99:d0:78:95:55:59:fa:2c:
         38:f0:77:8d:98:bd:35:2a:f7:61:42:f9:26:bc:46:e4:e5:2e:
         9b:eb:ae:de:fb:d4:8c:f6:2f:c3:3c:48:87:f9:d3:e2:bf:35:
         39:c4:9f:a6:c8:7f:82:20:4a:b1:55:2f:74:3a:7f:cb:81:b4:
         a0:de:66:9b
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQnSA2zIo6dKOAFW1vikRSNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNmE0NDA5ZWE5MWY1MDZkNjMzODcxYzZjMzU1NDBkNDYw
MzM3ZDEwHhcNMjUwMTAyMTM1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2EzNTY4YjgzY2I5MWVkYTk3MzRiZTFjNzk0MGU1ZmE2NmUzODIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIeXyUo1nY/Ih0uaZzM4CbF5TM9w
DgX93qfhki1SVQ1AAKW61NJwCFZHfqw3vgCAe3fBFjkXiHolnsjy416w5DCl0Or6
SRl2W3JXKo1Tqs3/3LPnzr/Uz4Slfxb4x7cCeoEASMOvQzmc9ZUNqrCRhUxNlIOn
leQOINf4Sqb2atkN8NMIKT0OkaRIQiQVZcMD+Fq/nqHYuCviMIA+yr4UALExvnJ1
ZgOj2uDMFZH2erIl9b86q8tGkidbXsE0UkEhi2iIckO2WU/r+2bTxk/WwzCU/B3/
XPqbDwjsjKIGip2EdGRHpa6sXVdrFMMxGp6g2+iSJ380Fz+nQnrrSelHwwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNyjVouDy5HtqXNL4ceUDl+mbjggMB8GA1UdIwQY
MBaAFNJqRAnqkfUG1jOHHGw1VA1GAzfRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG1wRUNlcVI5UWJXTTRjY2JEVlVEVVlETjlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9mNDEwNTEtMDgxMC00M2ZmLWIxOTYt
Y2ZlZmRmZGZiZTZiLzEvM0tOV2k0UExrZTJwYzB2aHg1UU9YNlp1T0NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9mNDEwNTEtMDgxMC00M2ZmLWIxOTYtY2ZlZmRmZGZiZTZi
LzEvMG1wRUNlcVI5UWJXTTRjY2JEVlVEVVlETjlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQEBS2gAwQB
BT3IAwQCqxYIAwQCuStIAwQBuT4UMA0GCSqGSIb3DQEBCwUAA4IBAQBVFmwfnSls
FTif+1hLs/psqsOIe1MBLKXv5r1iHnw/Kx0eNNKg8pztjr1zSwiVkPuF16W9lQgd
g6e3Nl9s6Z3x/vhJzswWyf4CyVhqcValXEyE9VYAJweTkTMMWg1rMOCqx/WgPvAb
XRMZy526wTTyBdRbojt3nzbksrOP1TUnI7hDAKa5JPyP7nu6Mq7ny/t7vJJDdCEI
tHxNPBDwaB2e/s1jakwvNrU6IFA7d/za2PcdzkpdnWKHA2P/U+ZkmdB4lVVZ+iw4
8HeNmL01KvdhQvkmvEbk5S6b667e+9SM9i/DPEiH+dPivzU5xJ+myH+CIEqxVS90
On/LgbSg3mab
-----END CERTIFICATE-----