Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/0f3c61-02df-4af7-b93f-07f74c019732/1/o1l5BPG8TRspXIfZdrd0blYAUfY.roa
File:                     o1l5BPG8TRspXIfZdrd0blYAUfY.roa (raw, json)
Hash identifier:          5xBU1dsBZ1CJDSiFKF5L8bb4B1rGVOEs++4FXuZA5ys=
Subject key identifier:   A3:59:79:04:F1:BC:4D:1B:29:5C:87:D9:76:B7:74:6E:56:00:51:F6
Certificate issuer:       /CN=19a43d81657a3c38c150de55797f1c7b5f0c2ebb
Certificate serial:       0195CC43CAD5D0AE5DFA9BF765E2EC92B475
Authority key identifier: 19:A4:3D:81:65:7A:3C:38:C1:50:DE:55:79:7F:1C:7B:5F:0C:2E:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GaQ9gWV6PDjBUN5VeX8ce18MLrs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/0f3c61-02df-4af7-b93f-07f74c019732/1/o1l5BPG8TRspXIfZdrd0blYAUfY.roa
Signing time:             Tue 25 Mar 2025 07:45:49 +0000
ROA not before:           Tue 25 Mar 2025 07:45:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207375
IP address blocks:        45.145.108.0/22 maxlen: 25
                          80.64.232.0/21 maxlen: 25
                          91.236.231.0/24 maxlen: 24
                          93.88.24.0/22 maxlen: 25
                          146.19.16.0/24 maxlen: 24
                          178.211.143.0/24 maxlen: 24
                          185.11.60.0/24 maxlen: 24
                          185.145.53.0/24 maxlen: 24
                          185.205.201.0/24 maxlen: 24
                          185.234.217.0/24 maxlen: 24
                          193.178.114.0/24 maxlen: 24
                          193.243.146.0/24 maxlen: 24
                          194.31.110.0/24 maxlen: 24
                          2a0e:fdc0::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:cc:43:ca:d5:d0:ae:5d:fa:9b:f7:65:e2:ec:92:b4:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19a43d81657a3c38c150de55797f1c7b5f0c2ebb
        Validity
            Not Before: Mar 25 07:45:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3597904f1bc4d1b295c87d976b7746e560051f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:b5:ea:87:2a:be:16:5b:80:0b:f5:94:07:8c:
                    51:e7:de:e5:ae:39:85:91:95:80:eb:65:7b:bc:09:
                    09:40:72:52:50:b0:4f:8b:de:ba:c3:52:32:2c:57:
                    62:8b:8b:f0:b4:d5:70:c8:b6:47:ff:84:3d:b1:be:
                    bd:b4:c1:67:da:22:f9:8a:c7:a5:6a:97:9c:76:f3:
                    c1:63:56:11:79:f1:ee:8c:ec:db:f8:a7:cd:7a:d6:
                    39:a6:c2:3c:b8:07:66:02:7f:c2:7e:c2:b9:08:0e:
                    86:4a:f1:fc:90:8d:8d:ec:80:59:cc:f8:b1:8f:10:
                    d0:18:2d:89:b1:e7:dc:8d:06:54:b6:5b:1d:3f:2b:
                    75:c5:56:1f:7d:98:10:6d:fe:b9:f7:74:43:39:aa:
                    fa:6f:e1:ca:9a:39:b5:73:de:8b:a4:28:b3:62:64:
                    07:1c:6b:d5:ab:b1:ee:6c:6e:9f:29:c5:c0:bb:91:
                    b2:35:e8:58:1a:a3:62:f3:62:6d:30:29:fb:cc:04:
                    93:5b:4c:e1:62:7e:7c:b5:19:35:8a:0c:9d:67:97:
                    a8:18:12:dc:bb:cb:9b:e3:03:3b:9f:b3:07:6e:fd:
                    af:75:69:6c:dc:01:69:47:4e:75:7c:70:b8:31:8c:
                    9a:f2:0c:33:46:c7:a6:74:bf:69:f1:90:06:cc:6c:
                    40:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:59:79:04:F1:BC:4D:1B:29:5C:87:D9:76:B7:74:6E:56:00:51:F6
            X509v3 Authority Key Identifier:
                keyid:19:A4:3D:81:65:7A:3C:38:C1:50:DE:55:79:7F:1C:7B:5F:0C:2E:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GaQ9gWV6PDjBUN5VeX8ce18MLrs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/0f3c61-02df-4af7-b93f-07f74c019732/1/o1l5BPG8TRspXIfZdrd0blYAUfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/0f3c61-02df-4af7-b93f-07f74c019732/1/GaQ9gWV6PDjBUN5VeX8ce18MLrs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.108.0/22
                  80.64.232.0/21
                  91.236.231.0/24
                  93.88.24.0/22
                  146.19.16.0/24
                  178.211.143.0/24
                  185.11.60.0/24
                  185.145.53.0/24
                  185.205.201.0/24
                  185.234.217.0/24
                  193.178.114.0/24
                  193.243.146.0/24
                  194.31.110.0/24
                IPv6:
                  2a0e:fdc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:56:7c:89:b7:64:31:de:8c:53:6e:4e:87:fd:1e:7f:6b:6f:
         bc:a8:bc:72:90:bc:35:3c:14:b1:d1:14:c0:e9:be:5b:09:76:
         fd:ca:24:a2:0a:49:05:fd:37:18:da:bf:59:fe:cc:a4:c5:29:
         8f:8a:b7:c0:35:c8:ca:74:a8:dc:76:50:4f:6b:68:41:0a:9e:
         c6:59:01:67:08:df:73:a3:32:fa:ff:dd:b8:35:f7:b3:5c:5e:
         c6:36:1d:4e:66:ce:87:5c:c6:61:41:82:8d:37:78:93:1e:01:
         7f:9b:04:d5:39:87:84:58:91:1d:45:4f:ef:5e:4d:5b:36:ff:
         3a:bc:7a:3f:8c:0c:88:f3:8f:89:f4:28:0c:8a:83:92:94:36:
         d1:c7:6d:30:7a:e6:b3:2f:89:4e:75:ef:a1:71:93:98:a6:68:
         a8:6b:bf:bb:15:15:5d:7c:65:96:a2:4e:d3:a1:aa:8a:4f:5f:
         71:54:f1:f1:da:12:17:a3:1f:86:03:7d:67:c1:20:3a:e8:cd:
         c7:fb:ab:1d:9a:1c:2d:87:20:96:ab:99:96:b1:71:27:15:f5:
         cb:6e:93:d3:59:68:60:25:c4:b2:45:0f:61:e2:aa:9f:6d:78:
         60:f3:e7:18:fc:63:2c:e9:a9:10:99:21:ce:2c:c8:63:33:6e:
         c2:22:89:3d
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAZXMQ8rV0K5d+pv3ZeLskrR1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5YTQzZDgxNjU3YTNjMzhjMTUwZGU1NTc5N2YxYzdiNWYw
YzJlYmIwHhcNMjUwMzI1MDc0NTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzU5NzkwNGYxYmM0ZDFiMjk1Yzg3ZDk3NmI3NzQ2ZTU2MDA1MWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1bXqhyq+FluAC/WUB4xR597lrjmF
kZWA62V7vAkJQHJSULBPi966w1IyLFdii4vwtNVwyLZH/4Q9sb69tMFn2iL5isel
apecdvPBY1YRefHujOzb+KfNetY5psI8uAdmAn/CfsK5CA6GSvH8kI2N7IBZzPix
jxDQGC2JsefcjQZUtlsdPyt1xVYffZgQbf6593RDOar6b+HKmjm1c96LpCizYmQH
HGvVq7HubG6fKcXAu5GyNehYGqNi82JtMCn7zASTW0zhYn58tRk1igydZ5eoGBLc
u8ub4wM7n7MHbv2vdWls3AFpR051fHC4MYya8gwzRsemdL9p8ZAGzGxARwIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFKNZeQTxvE0bKVyH2Xa3dG5WAFH2MB8GA1UdIwQY
MBaAFBmkPYFlejw4wVDeVXl/HHtfDC67MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2FROWdXVjZQRGpCVU41VmVYOGNlMThNTHJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8wZjNjNjEtMDJkZi00YWY3LWI5M2Yt
MDdmNzRjMDE5NzMyLzEvbzFsNUJQRzhUUnNwWElmWmRyZDBibFlBVWZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8wZjNjNjEtMDJkZi00YWY3LWI5M2YtMDdmNzRjMDE5NzMy
LzEvR2FROWdXVjZQRGpCVU41VmVYOGNlMThNTHJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOAwQCLZFsAwQD
UEDoAwQAW+znAwQCXVgYAwQAkhMQAwQAstOPAwQAuQs8AwQAuZE1AwQAuc3JAwQA
uerZAwQAwbJyAwQAwfOSAwQAwh9uMA0EAgACMAcDBQMqDv3AMA0GCSqGSIb3DQEB
CwUAA4IBAQAqVnyJt2Qx3oxTbk6H/R5/a2+8qLxykLw1PBSx0RTA6b5bCXb9yiSi
CkkF/TcY2r9Z/sykxSmPirfANcjKdKjcdlBPa2hBCp7GWQFnCN9zozL6/924Nfez
XF7GNh1OZs6HXMZhQYKNN3iTHgF/mwTVOYeEWJEdRU/vXk1bNv86vHo/jAyI84+J
9CgMioOSlDbRx20weuazL4lOde+hcZOYpmioa7+7FRVdfGWWok7ToaqKT19xVPHx
2hIXox+GA31nwSA66M3H+6sdmhwthyCWq5mWsXEnFfXLbpPTWWhgJcSyRQ9h4qqf
bXhg8+cY/GMs6akQmSHOLMhjM27CIok9
-----END CERTIFICATE-----