Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/f8e803-41f5-4668-afa5-db13abbe4e9a/1/hOjqFzmwDn3h8aF0jh7_FXo9ReI.roa
File:                     hOjqFzmwDn3h8aF0jh7_FXo9ReI.roa (raw, json)
Hash identifier:          CNoH2a1MzUmjFlMi/+aHXlooSM/YD9l7gB33O/u52sU=
Subject key identifier:   84:E8:EA:17:39:B0:0E:7D:E1:F1:A1:74:8E:1E:FF:15:7A:3D:45:E2
Certificate issuer:       /CN=1fd7bbb1de6809df7f6e573f9abb64e603613ca1
Certificate serial:       019421B25AA0D5965D4355DDF469F0C37502
Authority key identifier: 1F:D7:BB:B1:DE:68:09:DF:7F:6E:57:3F:9A:BB:64:E6:03:61:3C:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H9e7sd5oCd9_blc_mrtk5gNhPKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/f8e803-41f5-4668-afa5-db13abbe4e9a/1/hOjqFzmwDn3h8aF0jh7_FXo9ReI.roa
Signing time:             Wed 01 Jan 2025 11:48:44 +0000
ROA not before:           Wed 01 Jan 2025 11:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15692
IP address blocks:        86.105.0.0/24 maxlen: 24
                          86.105.225.0/24 maxlen: 24
                          89.37.68.0/23 maxlen: 23
                          89.37.68.0/24 maxlen: 24
                          89.37.69.0/24 maxlen: 24
                          89.40.44.0/23 maxlen: 23
                          93.115.8.0/24 maxlen: 24
                          94.177.130.0/24 maxlen: 24
                          185.13.244.0/22 maxlen: 22
                          188.215.28.0/23 maxlen: 23
                          188.215.28.0/24 maxlen: 24
                          188.215.29.0/24 maxlen: 24
                          193.169.192.0/23 maxlen: 23
                          2a02:f540::/30 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:5a:a0:d5:96:5d:43:55:dd:f4:69:f0:c3:75:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fd7bbb1de6809df7f6e573f9abb64e603613ca1
        Validity
            Not Before: Jan  1 11:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84e8ea1739b00e7de1f1a1748e1eff157a3d45e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:10:e4:41:87:79:28:c1:22:73:0d:32:d0:d3:
                    8e:1e:f6:16:39:2f:1d:6c:d9:7b:63:72:e5:c1:ff:
                    51:c2:7e:6c:10:3d:94:5b:69:dc:20:53:83:96:d5:
                    da:fa:d4:98:d3:e5:b2:bc:d4:cf:de:ac:23:93:72:
                    72:bd:da:09:38:df:f9:2a:3f:f2:83:fb:47:b6:e7:
                    f1:97:9f:29:05:c9:64:d2:5a:00:34:fe:24:9f:f9:
                    98:c0:ac:0e:eb:e8:6d:d3:ef:16:ea:c0:89:93:8f:
                    fd:15:c4:60:c5:4c:6e:b6:57:48:18:db:f5:e2:7c:
                    ec:26:3d:52:71:8e:1b:7f:d3:cd:05:56:63:c4:47:
                    33:82:d9:59:1c:41:7d:b7:55:b4:ee:fb:8e:6d:f8:
                    0a:17:39:ee:d0:6b:d0:fd:09:d6:14:b9:59:34:05:
                    05:a4:65:91:36:ff:5a:16:99:cc:43:40:58:ab:79:
                    f2:2f:4f:b8:97:b7:71:eb:91:0f:61:f3:61:6a:bd:
                    41:00:45:bd:93:6c:b7:19:73:32:93:82:3a:8f:38:
                    df:d3:ab:e0:35:7a:f3:d0:ae:cf:29:41:47:ec:d9:
                    78:68:62:78:79:7f:15:ff:db:78:3d:45:68:90:a6:
                    a8:53:48:54:ce:09:44:2e:43:da:05:4c:33:bc:8e:
                    19:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:E8:EA:17:39:B0:0E:7D:E1:F1:A1:74:8E:1E:FF:15:7A:3D:45:E2
            X509v3 Authority Key Identifier:
                keyid:1F:D7:BB:B1:DE:68:09:DF:7F:6E:57:3F:9A:BB:64:E6:03:61:3C:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H9e7sd5oCd9_blc_mrtk5gNhPKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/f8e803-41f5-4668-afa5-db13abbe4e9a/1/hOjqFzmwDn3h8aF0jh7_FXo9ReI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/f8e803-41f5-4668-afa5-db13abbe4e9a/1/H9e7sd5oCd9_blc_mrtk5gNhPKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.105.0.0/24
                  86.105.225.0/24
                  89.37.68.0/23
                  89.40.44.0/23
                  93.115.8.0/24
                  94.177.130.0/24
                  185.13.244.0/22
                  188.215.28.0/23
                  193.169.192.0/23
                IPv6:
                  2a02:f540::/30

    Signature Algorithm: sha256WithRSAEncryption
         2b:18:9a:1d:2e:50:50:84:3e:74:dc:4d:1b:74:e2:82:be:57:
         b7:a4:a1:85:b8:67:a1:aa:a3:49:77:4f:28:07:be:dc:02:fc:
         29:1f:63:35:75:26:2a:80:d0:47:cc:25:13:69:28:3d:d9:1b:
         14:5d:3e:fd:94:1f:5b:56:2a:69:19:1e:cb:50:f1:bc:9e:07:
         94:34:c9:47:16:7b:67:da:41:9a:88:04:17:8e:d0:b8:9f:72:
         6f:b4:6c:3f:98:0c:82:19:6f:92:ef:fc:5c:37:f2:59:66:17:
         15:02:d4:1d:76:af:f2:fc:6a:c1:3c:98:b9:e2:36:df:82:ee:
         1e:2b:17:74:7e:62:c0:23:4f:48:80:9a:40:ee:b4:5b:ef:50:
         71:c9:c8:1f:d1:81:c1:2b:c5:c8:50:2b:19:eb:0d:da:cc:14:
         81:e8:af:a0:01:28:ba:05:f5:67:6d:8b:02:27:48:14:e6:9d:
         a1:7c:26:b1:55:dd:c4:ea:c6:51:d4:f8:96:cc:29:24:ed:0c:
         00:4c:66:8a:b2:44:e5:ff:59:42:a0:96:fb:de:07:7b:bb:42:
         5c:29:56:b1:90:60:7e:d4:1e:e5:86:06:d6:84:9e:2a:21:ce:
         9e:a6:89:36:2b:ca:3d:0d:59:22:15:7b:20:98:79:d7:74:54:
         60:b3:1c:88
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZQhslqg1ZZdQ1Xd9Gnww3UCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZDdiYmIxZGU2ODA5ZGY3ZjZlNTczZjlhYmI2NGU2MDM2
MTNjYTEwHhcNMjUwMTAxMTE0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGU4ZWExNzM5YjAwZTdkZTFmMWExNzQ4ZTFlZmYxNTdhM2Q0NWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRDkQYd5KMEicw0y0NOOHvYWOS8d
bNl7Y3Llwf9Rwn5sED2UW2ncIFODltXa+tSY0+WyvNTP3qwjk3JyvdoJON/5Kj/y
g/tHtufxl58pBclk0loANP4kn/mYwKwO6+ht0+8W6sCJk4/9FcRgxUxutldIGNv1
4nzsJj1ScY4bf9PNBVZjxEczgtlZHEF9t1W07vuObfgKFznu0GvQ/QnWFLlZNAUF
pGWRNv9aFpnMQ0BYq3nyL0+4l7dx65EPYfNhar1BAEW9k2y3GXMyk4I6jzjf06vg
NXrz0K7PKUFH7Nl4aGJ4eX8V/9t4PUVokKaoU0hUzglELkPaBUwzvI4Z/wIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFITo6hc5sA594fGhdI4e/xV6PUXiMB8GA1UdIwQY
MBaAFB/Xu7HeaAnff25XP5q7ZOYDYTyhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDllN3NkNW9DZDlfYmxjX21ydGs1Z05oUEtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9mOGU4MDMtNDFmNS00NjY4LWFmYTUt
ZGIxM2FiYmU0ZTlhLzEvaE9qcUZ6bXdEbjNoOGFGMGpoN19GWG85UmVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9mOGU4MDMtNDFmNS00NjY4LWFmYTUtZGIxM2FiYmU0ZTlh
LzEvSDllN3NkNW9DZDlfYmxjX21ydGs1Z05oUEtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQAVmkAAwQA
VmnhAwQBWSVEAwQBWSgsAwQAXXMIAwQAXrGCAwQCuQ30AwQBvNccAwQBwanAMA0E
AgACMAcDBQIqAvVAMA0GCSqGSIb3DQEBCwUAA4IBAQArGJodLlBQhD503E0bdOKC
vle3pKGFuGehqqNJd08oB77cAvwpH2M1dSYqgNBHzCUTaSg92RsUXT79lB9bVipp
GR7LUPG8ngeUNMlHFntn2kGaiAQXjtC4n3JvtGw/mAyCGW+S7/xcN/JZZhcVAtQd
dq/y/GrBPJi54jbfgu4eKxd0fmLAI09IgJpA7rRb71Bxycgf0YHBK8XIUCsZ6w3a
zBSB6K+gASi6BfVnbYsCJ0gU5p2hfCaxVd3E6sZR1PiWzCkk7QwATGaKskTl/1lC
oJb73gd7u0JcKVaxkGB+1B7lhgbWhJ4qIc6epok2K8o9DVkiFXsgmHnXdFRgsxyI
-----END CERTIFICATE-----