Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/wf6BbjwDGdlQNGzCTh8EPE5sKTg.roa
File:                     wf6BbjwDGdlQNGzCTh8EPE5sKTg.roa (raw, json)
Hash identifier:          lSZbOH/7HSEf+zI+5vPb/6Il+MsHPgcr5v9Hkh3r0k4=
Subject key identifier:   C1:FE:81:6E:3C:03:19:D9:50:34:6C:C2:4E:1F:04:3C:4E:6C:29:38
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0194A3653558742EC49655D9F2B591266CB8
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/wf6BbjwDGdlQNGzCTh8EPE5sKTg.roa
Signing time:             Sun 26 Jan 2025 16:15:06 +0000
ROA not before:           Sun 26 Jan 2025 16:15:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        84.32.7.0/24 maxlen: 24
                          84.32.8.0/24 maxlen: 24
                          84.32.20.0/22 maxlen: 24
                          84.32.46.0/24 maxlen: 24
                          84.32.47.0/24 maxlen: 24
                          84.32.148.0/23 maxlen: 24
                          84.32.150.0/23 maxlen: 24
                          84.32.174.0/23 maxlen: 24
                          84.32.214.0/23 maxlen: 24
                          84.32.244.0/23 maxlen: 24
                          84.32.246.0/23 maxlen: 24
                          88.216.22.0/23 maxlen: 24
                          88.216.44.0/24 maxlen: 24
                          88.216.45.0/24 maxlen: 24
                          88.216.93.0/24 maxlen: 24
                          88.216.130.0/23 maxlen: 24
                          88.216.134.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a3:65:35:58:74:2e:c4:96:55:d9:f2:b5:91:26:6c:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan 26 16:15:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1fe816e3c0319d950346cc24e1f043c4e6c2938
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:2c:a1:13:64:82:56:bf:cf:6d:e3:13:53:f9:
                    30:4b:19:bc:99:dc:0f:69:7c:60:ec:62:dc:9e:9a:
                    8d:d2:c3:24:c4:ee:98:ce:8d:88:0a:31:8f:68:cd:
                    c0:0e:0a:76:55:ff:3b:81:5d:fe:d6:1a:a3:a6:46:
                    a1:8b:91:ee:97:85:eb:dc:f3:81:57:a2:87:70:ed:
                    25:44:a7:31:cc:c3:8e:ee:40:c5:6b:b5:00:a6:4e:
                    89:20:96:ea:24:1c:9e:46:7a:7c:64:2a:e7:55:05:
                    a5:5f:71:b2:4d:ad:9f:2d:e7:e0:93:64:d5:c8:bc:
                    61:d5:df:6c:c2:99:e5:71:29:9e:cf:1a:db:d6:b8:
                    07:43:66:51:c0:a7:7c:26:52:ac:e7:b8:d5:2b:85:
                    0a:25:b3:ad:53:7c:67:4e:fc:a0:83:16:8e:ce:e9:
                    eb:b6:8b:fa:a6:17:8a:20:60:17:de:87:ab:31:95:
                    5d:62:c6:02:f7:d4:a2:d3:30:2b:79:e0:da:c7:13:
                    30:5a:7f:4b:8f:8f:93:5c:ae:c9:6e:a5:f3:82:c5:
                    8d:e3:63:c2:1a:ff:fa:40:55:85:9f:db:67:14:0f:
                    6d:ae:9e:7a:74:13:af:59:15:13:6b:76:09:df:bb:
                    49:25:b1:f8:eb:59:e3:bd:f3:e6:33:69:12:1f:9f:
                    02:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:FE:81:6E:3C:03:19:D9:50:34:6C:C2:4E:1F:04:3C:4E:6C:29:38
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/wf6BbjwDGdlQNGzCTh8EPE5sKTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.7.0-84.32.8.255
                  84.32.20.0/22
                  84.32.46.0/23
                  84.32.148.0/22
                  84.32.174.0/23
                  84.32.214.0/23
                  84.32.244.0/22
                  88.216.22.0/23
                  88.216.44.0/23
                  88.216.93.0/24
                  88.216.130.0/23
                  88.216.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:b7:07:56:66:be:bb:ff:89:ea:c3:28:30:d3:97:80:42:07:
         d4:64:03:ef:0d:bd:27:cd:e7:03:8d:a4:ae:17:a6:4f:fd:02:
         38:89:78:22:73:df:78:89:73:cf:c5:98:91:c8:96:e7:63:cd:
         a6:b7:33:31:f1:8f:5a:65:cd:8b:93:55:20:25:ac:55:cd:76:
         d5:8f:cc:bd:a7:c9:f4:8c:41:fa:84:b4:d4:0d:37:65:2c:cd:
         1f:d9:36:96:e7:37:cc:df:b6:f0:20:dc:33:f1:cc:0a:92:1e:
         e9:80:cb:a8:01:7b:f4:d1:ce:7e:59:ae:bc:42:b7:08:ab:0e:
         7d:84:af:f2:58:07:8c:a8:ad:f8:08:1b:1f:7d:d6:01:fe:79:
         75:62:50:f7:12:07:d1:e0:d6:62:b3:7c:17:25:c7:d8:28:bf:
         0d:79:72:df:cb:7f:70:f4:e0:98:14:72:ac:66:e6:54:4a:67:
         8a:1b:26:2e:ee:3f:86:91:7b:4d:8c:b7:bc:71:11:51:93:3a:
         d3:72:66:4c:d5:74:04:f0:36:b5:47:f2:03:38:20:dc:23:46:
         25:a3:d7:dd:cf:bc:8a:35:a6:6f:0b:8b:d0:29:63:79:c1:09:
         f2:1d:c8:71:5d:d4:a5:95:f0:05:32:00:46:37:23:1d:9f:7e:
         ec:9d:7b:03
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAZSjZTVYdC7EllXZ8rWRJmy4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwMTI2MTYxNTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWZlODE2ZTNjMDMxOWQ5NTAzNDZjYzI0ZTFmMDQzYzRlNmMyOTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCyhE2SCVr/PbeMTU/kwSxm8mdwP
aXxg7GLcnpqN0sMkxO6Yzo2ICjGPaM3ADgp2Vf87gV3+1hqjpkahi5Hul4Xr3POB
V6KHcO0lRKcxzMOO7kDFa7UApk6JIJbqJByeRnp8ZCrnVQWlX3GyTa2fLefgk2TV
yLxh1d9swpnlcSmezxrb1rgHQ2ZRwKd8JlKs57jVK4UKJbOtU3xnTvyggxaOzunr
tov6pheKIGAX3oerMZVdYsYC99Si0zAreeDaxxMwWn9Lj4+TXK7JbqXzgsWN42PC
Gv/6QFWFn9tnFA9trp56dBOvWRUTa3YJ37tJJbH461njvfPmM2kSH58CwwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFMH+gW48AxnZUDRswk4fBDxObCk4MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvd2Y2QmJqd0RHZGxRTkd6Q1RoOEVQRTVzS1RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQMAwDBABUIAcD
BABUIAgDBAJUIBQDBAFUIC4DBAJUIJQDBAFUIK4DBAFUINYDBAJUIPQDBAFY2BYD
BAFY2CwDBABY2F0DBAFY2IIDBAFY2IYwDQYJKoZIhvcNAQELBQADggEBAIC3B1Zm
vrv/ierDKDDTl4BCB9RkA+8NvSfN5wONpK4Xpk/9AjiJeCJz33iJc8/FmJHIludj
zaa3MzHxj1plzYuTVSAlrFXNdtWPzL2nyfSMQfqEtNQNN2UszR/ZNpbnN8zftvAg
3DPxzAqSHumAy6gBe/TRzn5ZrrxCtwirDn2Er/JYB4yorfgIGx991gH+eXViUPcS
B9Hg1mKzfBclx9govw15ct/Lf3D04JgUcqxm5lRKZ4obJi7uP4aRe02Mt7xxEVGT
OtNyZkzVdATwNrVH8gM4INwjRiWj193PvIo1pm8Li9ApY3nBCfIdyHFd1KWV8AUy
AEY3Ix2ffuydewM=
-----END CERTIFICATE-----