Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/InvIy5S9tlR4aDUpgLN3Xylz49U.roa
File:                     InvIy5S9tlR4aDUpgLN3Xylz49U.roa (raw, json)
Hash identifier:          7GjdWDVJ1CX3HDP5vvhNeyxqOM+ASi2a2B3QT2M/wLg=
Subject key identifier:   22:7B:C8:CB:94:BD:B6:54:78:68:35:29:80:B3:77:5F:29:73:E3:D5
Certificate issuer:       /CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
Certificate serial:       019427B5C1B7BB3190B00413F9EBE736FB7F
Authority key identifier: E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/InvIy5S9tlR4aDUpgLN3Xylz49U.roa
Signing time:             Thu 02 Jan 2025 15:50:10 +0000
ROA not before:           Thu 02 Jan 2025 15:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41343
IP address blocks:        89.29.192.0/21 maxlen: 21
                          89.29.192.0/24 maxlen: 24
                          89.29.193.0/24 maxlen: 24
                          89.29.194.0/24 maxlen: 24
                          89.29.195.0/24 maxlen: 24
                          89.29.196.0/24 maxlen: 24
                          89.29.197.0/24 maxlen: 24
                          89.29.198.0/24 maxlen: 24
                          89.29.199.0/24 maxlen: 24
                          89.29.200.0/23 maxlen: 23
                          89.29.202.0/24 maxlen: 24
                          89.29.204.0/24 maxlen: 24
                          89.29.205.0/24 maxlen: 24
                          89.29.226.0/24 maxlen: 24
                          89.29.227.0/24 maxlen: 24
                          89.29.228.0/24 maxlen: 24
                          185.40.36.0/24 maxlen: 24
                          213.181.70.0/23 maxlen: 23
                          213.181.70.0/24 maxlen: 24
                          213.181.71.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:c1:b7:bb:31:90:b0:04:13:f9:eb:e7:36:fb:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
        Validity
            Not Before: Jan  2 15:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=227bc8cb94bdb6547868352980b3775f2973e3d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:27:0a:d5:a5:6e:f8:94:af:92:35:d2:79:f9:
                    e4:a1:fd:29:27:ba:8f:ea:3a:31:a7:12:35:49:cb:
                    fe:ed:8b:5e:b3:14:1d:c9:3b:16:86:7f:42:a7:8f:
                    bf:47:b5:56:e2:5e:38:97:bb:25:dc:21:4a:63:56:
                    7d:75:b4:38:0e:17:37:36:d3:d2:1f:74:08:fc:79:
                    d3:c1:74:77:1b:6c:da:09:b3:d9:d8:7a:af:bc:b5:
                    a4:21:c2:10:15:50:43:8c:42:22:b1:67:90:cc:ed:
                    e0:44:3d:5c:00:48:aa:00:71:5d:2b:a1:92:df:45:
                    5a:ef:03:3b:65:fc:ab:0b:ca:ad:ee:c9:ab:d6:8a:
                    31:ef:b7:93:5c:a6:52:43:07:4c:5c:2e:89:e0:aa:
                    c5:56:b1:75:c2:ff:27:b3:a2:d0:ac:6d:e2:62:1d:
                    75:b4:fc:9c:be:64:79:5b:94:23:6a:62:a6:df:aa:
                    af:0c:93:71:c8:3e:3d:59:b8:e6:07:17:7b:91:50:
                    cb:9e:e3:5c:26:f7:e3:0a:ee:5a:da:02:a2:e6:9b:
                    e8:f5:5c:f2:f3:4e:8b:9e:57:75:a2:a3:b8:f2:da:
                    b9:dd:be:73:d2:e8:1b:76:01:cc:53:65:b0:d6:7e:
                    d9:72:87:1d:37:15:4f:78:5f:42:94:10:11:00:40:
                    95:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:7B:C8:CB:94:BD:B6:54:78:68:35:29:80:B3:77:5F:29:73:E3:D5
            X509v3 Authority Key Identifier:
                keyid:E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/InvIy5S9tlR4aDUpgLN3Xylz49U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.29.192.0-89.29.202.255
                  89.29.204.0/23
                  89.29.226.0-89.29.228.255
                  185.40.36.0/24
                  213.181.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c6:3b:9c:82:e8:8f:9a:e5:f5:9d:fe:a4:39:09:59:9b:49:af:
         02:2a:53:f0:8c:69:cc:06:c3:04:d7:d1:27:88:b9:4a:b6:81:
         82:15:3b:56:b7:83:9f:d5:cd:17:76:b0:45:69:00:5b:ec:27:
         01:71:34:ca:ef:c5:61:c5:15:77:51:47:1a:f8:1e:a8:dd:32:
         f4:a6:3b:be:86:11:30:16:3a:91:d3:47:47:7c:69:1d:94:04:
         f6:0a:fc:ca:cf:d1:78:2e:09:9a:13:59:ae:0c:e4:40:a5:7f:
         6c:a9:3e:dc:c5:fa:67:d8:b6:40:6b:83:30:25:ae:f1:6a:fb:
         37:36:3a:fb:a3:c8:51:96:ae:fb:4b:27:3e:8c:d7:4c:5e:16:
         a9:ad:8c:77:02:0f:77:a9:88:1f:84:ea:62:8e:75:89:2b:b4:
         ed:1f:e7:34:44:3a:fb:85:07:3f:2c:e3:62:5c:1e:38:9f:80:
         41:46:17:03:77:63:80:c5:94:8e:48:af:c9:f7:5f:c0:8f:2a:
         d7:c3:74:85:5d:1f:5c:29:8d:2c:b7:38:fb:48:31:98:30:0d:
         4c:1b:c0:cc:b2:12:8d:a2:57:a5:48:1f:0a:8c:a0:cd:76:cc:
         32:c3:e6:a8:b1:0c:c9:ab:c5:f3:3f:fd:89:3d:70:53:6f:19:
         e5:f4:b2:76
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZQntcG3uzGQsAQT+evnNvt/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MmM0MTVkMTc3NWFlOTk5M2U5MDBhNzUzNmI0NmFiMTQ0
YTlhYTIwHhcNMjUwMTAyMTU1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjdiYzhjYjk0YmRiNjU0Nzg2ODM1Mjk4MGIzNzc1ZjI5NzNlM2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAticK1aVu+JSvkjXSefnkof0pJ7qP
6joxpxI1Scv+7YtesxQdyTsWhn9Cp4+/R7VW4l44l7sl3CFKY1Z9dbQ4Dhc3NtPS
H3QI/HnTwXR3G2zaCbPZ2HqvvLWkIcIQFVBDjEIisWeQzO3gRD1cAEiqAHFdK6GS
30Va7wM7ZfyrC8qt7smr1oox77eTXKZSQwdMXC6J4KrFVrF1wv8ns6LQrG3iYh11
tPycvmR5W5QjamKm36qvDJNxyD49WbjmBxd7kVDLnuNcJvfjCu5a2gKi5pvo9Vzy
806Lnld1oqO48tq53b5z0ugbdgHMU2Ww1n7ZcocdNxVPeF9ClBARAECVXwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFCJ7yMuUvbZUeGg1KYCzd18pc+PVMB8GA1UdIwQY
MBaAFOksQV0Xda6Zk+kAp1NrRqsUSpqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQt
MWQ5MzRhMDQ4NDc0LzEvSW52SXk1Uzl0bFI0YURVcGdMTjNYeWx6NDlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQtMWQ5MzRhMDQ4NDc0
LzEvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAZZHcAD
BABZHcoDBAFZHcwwDAMEAVkd4gMEAFkd5AMEALkoJAMEAdW1RjANBgkqhkiG9w0B
AQsFAAOCAQEAxjucguiPmuX1nf6kOQlZm0mvAipT8IxpzAbDBNfRJ4i5SraBghU7
VreDn9XNF3awRWkAW+wnAXE0yu/FYcUVd1FHGvgeqN0y9KY7voYRMBY6kdNHR3xp
HZQE9gr8ys/ReC4JmhNZrgzkQKV/bKk+3MX6Z9i2QGuDMCWu8Wr7NzY6+6PIUZau
+0snPozXTF4Wqa2MdwIPd6mIH4TqYo51iSu07R/nNEQ6+4UHPyzjYlweOJ+AQUYX
A3djgMWUjkivyfdfwI8q18N0hV0fXCmNLLc4+0gxmDANTBvAzLISjaJXpUgfCoyg
zXbMMsPmqLEMyavF8z/9iT1wU28Z5fSydg==
-----END CERTIFICATE-----