Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/jNbfNGW-m0ak1uezml2xoTXDemE.roa
File:                     jNbfNGW-m0ak1uezml2xoTXDemE.roa (raw, json)
Hash identifier:          DEzxm8FrGiWOasnasXdHe26CpVRd5Yo6riz5E7Xk2B4=
Subject key identifier:   8C:D6:DF:34:65:BE:9B:46:A4:D6:E7:B3:9A:5D:B1:A1:35:C3:7A:61
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       0193559A85A3E3A878F6211D4B37EC362424
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/jNbfNGW-m0ak1uezml2xoTXDemE.roa
Signing time:             Fri 22 Nov 2024 20:40:10 +0000
ROA not before:           Fri 22 Nov 2024 20:40:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209737
IP address blocks:        93.190.12.0/24 maxlen: 24
                          109.236.51.0/24 maxlen: 24
                          160.20.109.0/24 maxlen: 24
                          185.86.6.0/24 maxlen: 24
                          185.243.181.0/24 maxlen: 24
                          185.254.28.0/24 maxlen: 24
                          185.254.29.0/24 maxlen: 24
                          185.254.30.0/24 maxlen: 24
                          185.254.31.0/24 maxlen: 24
                          185.254.239.0/24 maxlen: 24
                          193.35.152.0/24 maxlen: 24
                          193.35.153.0/24 maxlen: 24
                          193.35.155.0/24 maxlen: 24
                          193.160.143.0/24 maxlen: 24
                          194.62.54.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:55:9a:85:a3:e3:a8:78:f6:21:1d:4b:37:ec:36:24:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Nov 22 20:40:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cd6df3465be9b46a4d6e7b39a5db1a135c37a61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:24:1f:b7:09:8d:ad:4f:76:e0:e2:48:d7:66:
                    ef:5d:e3:a0:73:5a:13:f4:36:8f:87:0a:8f:55:dc:
                    e2:b6:49:2a:f7:b4:5c:a3:ae:40:e4:c4:0e:5c:26:
                    38:61:2e:cd:ae:b4:74:a0:3a:3b:95:3f:ec:50:2f:
                    40:8a:21:bd:3d:98:95:cf:d4:7d:32:83:11:48:f1:
                    0f:ba:29:27:6a:3d:7f:8e:1e:18:20:50:7c:41:76:
                    2f:19:5c:94:c3:6f:a9:ea:0e:a9:68:93:ab:f6:df:
                    7a:32:84:a8:4a:98:a5:34:55:1c:f7:52:78:37:87:
                    0c:63:74:ad:4a:b5:94:c9:0b:93:d8:0d:7d:8e:4e:
                    be:1a:05:ba:d8:2d:1b:3a:1f:47:2f:e4:fb:99:8f:
                    11:1f:84:8c:6b:dc:75:b7:a4:8d:79:ba:1e:54:75:
                    7e:e7:67:13:fe:40:dd:0c:77:b1:4f:ff:d3:76:0e:
                    f2:c7:12:15:d0:8b:04:30:aa:a2:4f:ce:da:61:c1:
                    58:76:3f:31:99:e6:d6:54:92:a1:ff:1a:cf:d6:65:
                    12:cd:b5:6c:cc:d9:a9:f3:4c:17:d6:95:22:2d:63:
                    c9:98:1f:a5:e7:9a:a4:50:1b:5c:79:14:cf:1f:72:
                    ae:8b:10:a0:e1:71:22:f3:95:a1:79:90:c3:1e:c6:
                    78:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:D6:DF:34:65:BE:9B:46:A4:D6:E7:B3:9A:5D:B1:A1:35:C3:7A:61
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/jNbfNGW-m0ak1uezml2xoTXDemE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.190.12.0/24
                  109.236.51.0/24
                  160.20.109.0/24
                  185.86.6.0/24
                  185.243.181.0/24
                  185.254.28.0/22
                  185.254.239.0/24
                  193.35.152.0/23
                  193.35.155.0/24
                  193.160.143.0/24
                  194.62.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:c8:17:9a:4e:a9:38:dc:5b:84:ad:f1:20:f0:14:98:16:59:
         99:73:12:80:3e:c4:a1:b2:e6:46:ee:76:62:0e:8c:86:45:e3:
         54:13:a7:3c:37:2b:42:d7:b6:ab:c7:f8:32:54:cf:e9:a7:4b:
         ac:b8:45:96:32:9b:64:d1:ba:f7:69:2d:30:53:7c:32:44:f3:
         fb:79:65:53:80:67:ad:9d:08:13:03:ef:f9:78:56:f7:a6:00:
         ed:87:79:dc:48:48:27:4e:26:49:11:9d:3c:45:53:26:1c:e8:
         39:5f:56:de:aa:51:89:cf:a2:c1:72:7e:28:27:b9:3d:40:b7:
         d6:e0:f6:5c:7e:c3:bc:ee:f8:35:2d:00:9c:c8:40:a1:81:0c:
         ba:b7:65:45:b7:e3:95:3d:ef:a0:94:ac:79:89:33:ae:5c:18:
         29:68:f4:f8:0d:c3:ab:aa:42:b3:0e:6f:8d:b5:60:32:9c:80:
         c2:88:48:27:c6:bc:04:9d:e2:95:87:1e:d8:a4:2e:b8:b6:a1:
         52:80:3d:28:0b:d4:70:b7:91:6a:c9:cf:a7:b0:13:64:13:d9:
         bc:db:4a:f7:08:99:71:e3:e1:07:5e:a9:68:75:6a:a7:b9:4a:
         53:09:c6:1f:57:f7:ca:87:6e:7f:91:7e:e8:13:d6:36:fc:1b:
         8a:1e:25:46
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZNVmoWj46h49iEdSzfsNiQkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQxMTIyMjA0MDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2Q2ZGYzNDY1YmU5YjQ2YTRkNmU3YjM5YTVkYjFhMTM1YzM3YTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyQftwmNrU924OJI12bvXeOgc1oT
9DaPhwqPVdzitkkq97Rco65A5MQOXCY4YS7NrrR0oDo7lT/sUC9AiiG9PZiVz9R9
MoMRSPEPuiknaj1/jh4YIFB8QXYvGVyUw2+p6g6paJOr9t96MoSoSpilNFUc91J4
N4cMY3StSrWUyQuT2A19jk6+GgW62C0bOh9HL+T7mY8RH4SMa9x1t6SNeboeVHV+
52cT/kDdDHexT//Tdg7yxxIV0IsEMKqiT87aYcFYdj8xmebWVJKh/xrP1mUSzbVs
zNmp80wX1pUiLWPJmB+l55qkUBtceRTPH3KuixCg4XEi85WheZDDHsZ41QIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFIzW3zRlvptGpNbns5pdsaE1w3phMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvak5iZk5HVy1tMGFrMXVlem1sMnhvVFhEZW1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAXb4MAwQA
bewzAwQAoBRtAwQAuVYGAwQAufO1AwQCuf4cAwQAuf7vAwQBwSOYAwQAwSObAwQA
waCPAwQAwj42MA0GCSqGSIb3DQEBCwUAA4IBAQA4yBeaTqk43FuErfEg8BSYFlmZ
cxKAPsShsuZG7nZiDoyGReNUE6c8NytC17arx/gyVM/pp0usuEWWMptk0br3aS0w
U3wyRPP7eWVTgGetnQgTA+/5eFb3pgDth3ncSEgnTiZJEZ08RVMmHOg5X1beqlGJ
z6LBcn4oJ7k9QLfW4PZcfsO87vg1LQCcyEChgQy6t2VFt+OVPe+glKx5iTOuXBgp
aPT4DcOrqkKzDm+NtWAynIDCiEgnxrwEneKVhx7YpC64tqFSgD0oC9Rwt5Fqyc+n
sBNkE9m820r3CJlx4+EHXqlodWqnuUpTCcYfV/fKh25/kX7oE9Y2/BuKHiVG
-----END CERTIFICATE-----