Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/448800-829e-4b7a-92c4-cb7cbca7c1e0/1/L3eXX40R-J2MZIIUJdb8enfoeE8.roa
File:                     L3eXX40R-J2MZIIUJdb8enfoeE8.roa (raw, json)
Hash identifier:          lwjbJYBJSc/rhMWtZdkfBAupkIFWhtQl6cOuFgh+q0M=
Subject key identifier:   2F:77:97:5F:8D:11:F8:9D:8C:64:82:14:25:D6:FC:7A:77:E8:78:4F
Certificate issuer:       /CN=34077b41e98873e7f06fb1df3f5d39c721b1343f
Certificate serial:       01941FFA82B00853343D63A2A1919B084701
Authority key identifier: 34:07:7B:41:E9:88:73:E7:F0:6F:B1:DF:3F:5D:39:C7:21:B1:34:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NAd7QemIc-fwb7HfP105xyGxND8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/448800-829e-4b7a-92c4-cb7cbca7c1e0/1/L3eXX40R-J2MZIIUJdb8enfoeE8.roa
Signing time:             Wed 01 Jan 2025 03:48:18 +0000
ROA not before:           Wed 01 Jan 2025 03:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42837
IP address blocks:        31.192.252.0/24 maxlen: 24
                          31.192.253.0/24 maxlen: 24
                          31.192.254.0/24 maxlen: 24
                          31.192.255.0/24 maxlen: 24
                          77.95.56.0/24 maxlen: 24
                          77.95.57.0/24 maxlen: 24
                          77.95.58.0/24 maxlen: 24
                          77.95.61.0/24 maxlen: 24
                          94.143.196.0/24 maxlen: 24
                          94.143.197.0/24 maxlen: 24
                          94.143.198.0/24 maxlen: 24
                          94.143.199.0/24 maxlen: 24
                          212.42.103.0/24 maxlen: 24
                          212.42.105.0/24 maxlen: 24
                          212.42.124.0/24 maxlen: 24
                          212.42.125.0/24 maxlen: 24
                          212.42.126.0/24 maxlen: 24
                          212.42.127.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:82:b0:08:53:34:3d:63:a2:a1:91:9b:08:47:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34077b41e98873e7f06fb1df3f5d39c721b1343f
        Validity
            Not Before: Jan  1 03:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f77975f8d11f89d8c64821425d6fc7a77e8784f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:e0:c4:ec:2c:bd:02:e4:e5:0c:da:72:5a:b2:
                    15:21:e4:25:d2:6b:d3:fa:0a:c4:4b:4a:64:72:83:
                    92:d6:b5:72:c7:8a:25:64:6a:8d:7e:9e:b1:d6:32:
                    43:5a:8a:51:db:db:1e:8f:32:c5:ff:58:28:b1:da:
                    9d:b8:fb:0c:3c:0d:25:c8:81:5d:aa:86:07:05:81:
                    cf:1e:0f:86:ff:a7:93:26:99:c7:75:44:61:ab:43:
                    90:5d:2f:10:88:e5:d3:4e:e9:1d:1b:10:c5:61:56:
                    4a:bd:13:29:f4:a0:f7:63:ce:6d:23:cb:94:13:32:
                    d1:b2:8b:94:1d:e7:0e:3d:69:d4:d0:c3:1c:37:a8:
                    c0:2c:e6:db:07:05:34:2e:c5:29:3c:d5:4e:41:13:
                    94:12:21:01:53:3a:ef:0e:07:58:1f:43:6a:d1:d3:
                    34:55:c2:0e:bd:e4:b6:37:95:5f:de:a6:83:69:d6:
                    52:7c:62:d6:02:1f:dc:eb:93:d7:f4:17:af:f2:3b:
                    e5:7f:0a:f8:77:9b:4b:15:2a:bc:f7:81:38:94:70:
                    cd:e4:97:99:6c:76:f9:a8:28:97:c6:e1:48:3c:39:
                    2e:c5:06:d2:72:18:ab:39:2d:0e:eb:5a:f8:53:84:
                    ae:cb:d0:21:df:62:90:b5:df:2b:3c:c0:80:6d:da:
                    ad:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:77:97:5F:8D:11:F8:9D:8C:64:82:14:25:D6:FC:7A:77:E8:78:4F
            X509v3 Authority Key Identifier:
                keyid:34:07:7B:41:E9:88:73:E7:F0:6F:B1:DF:3F:5D:39:C7:21:B1:34:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NAd7QemIc-fwb7HfP105xyGxND8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/448800-829e-4b7a-92c4-cb7cbca7c1e0/1/L3eXX40R-J2MZIIUJdb8enfoeE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/448800-829e-4b7a-92c4-cb7cbca7c1e0/1/NAd7QemIc-fwb7HfP105xyGxND8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.192.252.0/22
                  77.95.56.0-77.95.58.255
                  77.95.61.0/24
                  94.143.196.0/22
                  212.42.103.0/24
                  212.42.105.0/24
                  212.42.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:27:9b:d1:af:fd:13:55:1a:43:95:6d:d0:55:e6:7a:6b:06:
         fb:14:7c:7f:fb:31:68:75:0e:d6:c1:3c:9d:76:18:fe:ae:99:
         75:15:b4:b6:e7:2a:7f:83:94:a5:32:c3:e6:1b:2f:6a:88:a4:
         75:9e:40:7b:08:55:5e:4d:28:31:97:83:f6:1c:50:20:e3:3c:
         8f:79:93:29:61:ba:3d:69:5b:b0:52:ba:08:0f:cd:ba:b0:06:
         83:3b:75:e1:11:71:9d:99:e7:ca:53:7e:60:a2:56:93:64:c4:
         81:47:c5:64:46:5a:32:1d:c6:4e:45:de:08:db:23:94:f2:ee:
         3e:ba:b6:36:7e:be:e0:09:65:67:63:c5:8e:35:e4:09:99:00:
         37:3f:77:a6:08:2d:84:85:0b:69:bf:fe:3c:74:7c:45:d9:32:
         28:73:13:cd:8e:8b:6e:06:59:48:16:6a:d1:3d:b5:95:af:e1:
         32:5e:9e:5e:56:a3:70:45:e2:ff:3f:a8:e7:76:0a:67:86:79:
         c6:28:3a:b6:80:b3:bd:6e:7c:d2:61:01:06:51:fd:e8:a8:03:
         41:c2:55:3c:b7:cd:2b:35:01:5b:cd:b9:21:c7:fc:c0:be:26:
         a9:7e:18:ff:81:8e:81:aa:d3:0d:c9:4c:ee:24:3d:c8:f3:fc:
         64:e3:87:81
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZQf+oKwCFM0PWOioZGbCEcBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MDc3YjQxZTk4ODczZTdmMDZmYjFkZjNmNWQzOWM3MjFi
MTM0M2YwHhcNMjUwMTAxMDM0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjc3OTc1ZjhkMTFmODlkOGM2NDgyMTQyNWQ2ZmM3YTc3ZTg3ODRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0uDE7Cy9AuTlDNpyWrIVIeQl0mvT
+grES0pkcoOS1rVyx4olZGqNfp6x1jJDWopR29sejzLF/1gosdqduPsMPA0lyIFd
qoYHBYHPHg+G/6eTJpnHdURhq0OQXS8QiOXTTukdGxDFYVZKvRMp9KD3Y85tI8uU
EzLRsouUHecOPWnU0MMcN6jALObbBwU0LsUpPNVOQROUEiEBUzrvDgdYH0Nq0dM0
VcIOveS2N5Vf3qaDadZSfGLWAh/c65PX9Bev8jvlfwr4d5tLFSq894E4lHDN5JeZ
bHb5qCiXxuFIPDkuxQbSchirOS0O61r4U4Suy9Ah32KQtd8rPMCAbdqtgwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFC93l1+NEfidjGSCFCXW/Hp36HhPMB8GA1UdIwQY
MBaAFDQHe0HpiHPn8G+x3z9dOcchsTQ/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkFkN1FlbUljLWZ3YjdIZlAxMDV4eUd4TkQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC80NDg4MDAtODI5ZS00YjdhLTkyYzQt
Y2I3Y2JjYTdjMWUwLzEvTDNlWFg0MFItSjJNWklJVUpkYjhlbmZvZUU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC80NDg4MDAtODI5ZS00YjdhLTkyYzQtY2I3Y2JjYTdjMWUw
LzEvTkFkN1FlbUljLWZ3YjdIZlAxMDV4eUd4TkQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQCH8D8MAwD
BANNXzgDBABNXzoDBABNXz0DBAJej8QDBADUKmcDBADUKmkDBALUKnwwDQYJKoZI
hvcNAQELBQADggEBAJcnm9Gv/RNVGkOVbdBV5nprBvsUfH/7MWh1DtbBPJ12GP6u
mXUVtLbnKn+DlKUyw+YbL2qIpHWeQHsIVV5NKDGXg/YcUCDjPI95kylhuj1pW7BS
uggPzbqwBoM7deERcZ2Z58pTfmCiVpNkxIFHxWRGWjIdxk5F3gjbI5Ty7j66tjZ+
vuAJZWdjxY415AmZADc/d6YILYSFC2m//jx0fEXZMihzE82Oi24GWUgWatE9tZWv
4TJenl5Wo3BF4v8/qOd2CmeGecYoOraAs71ufNJhAQZR/eioA0HCVTy3zSs1AVvN
uSHH/MC+Jql+GP+BjoGq0w3JTO4kPcjz/GTjh4E=
-----END CERTIFICATE-----