Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/ZA2jyfPuy6j6A-NhVK6Bhm7mxDI.roa
File:                     ZA2jyfPuy6j6A-NhVK6Bhm7mxDI.roa (raw, json)
Hash identifier:          XMBKezoMpNGmkUM/VB4AXfshcbnXpRVYmNttAzxnQJw=
Subject key identifier:   64:0D:A3:C9:F3:EE:CB:A8:FA:03:E3:61:54:AE:81:86:6E:E6:C4:32
Certificate issuer:       /CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
Certificate serial:       019427B5C12A01B75F2E586A72FBEACEC79F
Authority key identifier: E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/ZA2jyfPuy6j6A-NhVK6Bhm7mxDI.roa
Signing time:             Thu 02 Jan 2025 15:50:10 +0000
ROA not before:           Thu 02 Jan 2025 15:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3339
IP address blocks:        89.29.186.0/23 maxlen: 23
                          89.29.188.0/23 maxlen: 23
                          89.29.208.0/22 maxlen: 22
                          89.29.212.0/22 maxlen: 22
                          89.29.216.0/22 maxlen: 22
                          89.29.220.0/22 maxlen: 22
                          89.29.230.0/24 maxlen: 24
                          89.29.240.0/22 maxlen: 22
                          176.57.100.0/23 maxlen: 23
                          176.57.102.0/23 maxlen: 23
                          185.64.241.0/24 maxlen: 24
                          213.181.64.0/24 maxlen: 24
                          213.181.66.0/23 maxlen: 23
                          213.181.68.0/23 maxlen: 23
                          213.181.82.0/23 maxlen: 23
                          213.181.95.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:c1:2a:01:b7:5f:2e:58:6a:72:fb:ea:ce:c7:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
        Validity
            Not Before: Jan  2 15:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=640da3c9f3eecba8fa03e36154ae81866ee6c432
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:20:c8:9d:8b:6a:cd:ae:30:c0:04:72:e6:4f:
                    0d:e7:bb:62:75:1c:67:25:4d:9a:2f:4d:28:09:05:
                    7e:27:41:6a:66:0a:20:e8:70:a5:92:30:4a:ab:3d:
                    be:94:a2:88:6c:78:d4:7b:56:0e:cf:4e:b3:05:29:
                    aa:a7:b5:ec:75:94:92:07:cf:f7:9b:e2:f2:9e:84:
                    f9:8e:b8:46:c8:0a:19:91:56:71:70:ee:25:a1:21:
                    9e:d6:bf:68:c0:df:eb:fc:dd:31:ad:cf:67:b9:a0:
                    3c:be:b1:e2:1f:32:c5:fa:98:fc:ca:1a:d3:21:cf:
                    46:87:c4:3a:ff:50:2f:cc:c1:d5:60:01:86:63:0e:
                    0a:0b:f4:59:8a:d4:4c:4d:4b:55:bc:b4:cc:27:51:
                    68:14:b0:45:ad:1b:2c:23:30:cc:05:29:37:87:64:
                    ce:f7:56:3c:ec:5c:df:1e:12:5f:39:03:ac:08:1c:
                    7a:bd:26:f2:c5:db:80:63:cc:56:5a:75:a3:55:75:
                    a6:86:6a:c3:6c:c1:af:23:dc:0f:46:5f:87:be:78:
                    b0:80:b8:65:f6:5e:17:ff:85:db:eb:bb:ae:c7:20:
                    92:0e:0e:42:8b:b4:a4:31:c7:86:68:30:a8:c4:87:
                    e2:ab:5b:97:a0:ec:02:0a:e5:73:92:68:03:9d:4a:
                    01:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:0D:A3:C9:F3:EE:CB:A8:FA:03:E3:61:54:AE:81:86:6E:E6:C4:32
            X509v3 Authority Key Identifier:
                keyid:E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/ZA2jyfPuy6j6A-NhVK6Bhm7mxDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.29.186.0-89.29.189.255
                  89.29.208.0/20
                  89.29.230.0/24
                  89.29.240.0/22
                  176.57.100.0/22
                  185.64.241.0/24
                  213.181.64.0/24
                  213.181.66.0-213.181.69.255
                  213.181.82.0/23
                  213.181.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:ec:8d:8b:a8:68:c3:fa:ca:73:ea:b8:ae:50:83:2a:83:0c:
         ca:cb:34:47:45:60:f6:95:91:86:bd:f8:d3:59:5d:30:f0:2d:
         31:54:0e:88:be:28:16:6c:a9:cb:0b:9d:5d:38:ee:fd:9c:c2:
         3d:13:2c:6e:c9:33:90:61:d7:f7:c7:c0:ed:94:62:32:3b:8b:
         dd:93:e5:53:e8:29:ef:4d:0f:43:27:c5:89:46:a5:a8:a2:0b:
         20:6b:60:91:bf:38:40:01:6a:d4:fc:bf:5d:bc:51:7d:e9:fd:
         a4:a7:ac:bd:84:17:5b:4a:74:fd:46:f4:7d:e9:6b:31:cc:f5:
         d0:b4:39:af:4b:64:ec:28:f7:90:c9:12:d2:16:a1:35:be:5d:
         47:e3:91:ee:7a:5d:22:fe:a5:27:3d:04:da:34:91:97:7c:ee:
         b1:40:6a:3f:b4:3f:77:f8:4f:1b:85:0f:45:b7:8c:19:dc:08:
         ea:56:16:ae:46:d2:40:21:df:07:dd:df:b2:ca:8e:aa:97:e0:
         d0:b7:67:21:bd:37:d6:eb:eb:84:2e:36:e7:dd:c6:9a:c3:09:
         9d:ae:29:a6:43:11:de:40:c0:44:ff:8e:38:eb:8a:79:04:a9:
         8c:cc:a0:ea:4f:dd:a8:a4:8a:41:d4:e8:0d:b3:ca:65:4e:b8:
         4e:59:42:9d
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZQntcEqAbdfLlhqcvvqzsefMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MmM0MTVkMTc3NWFlOTk5M2U5MDBhNzUzNmI0NmFiMTQ0
YTlhYTIwHhcNMjUwMTAyMTU1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDBkYTNjOWYzZWVjYmE4ZmEwM2UzNjE1NGFlODE4NjZlZTZjNDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyDInYtqza4wwARy5k8N57tidRxn
JU2aL00oCQV+J0FqZgog6HClkjBKqz2+lKKIbHjUe1YOz06zBSmqp7XsdZSSB8/3
m+LynoT5jrhGyAoZkVZxcO4loSGe1r9owN/r/N0xrc9nuaA8vrHiHzLF+pj8yhrT
Ic9Gh8Q6/1AvzMHVYAGGYw4KC/RZitRMTUtVvLTMJ1FoFLBFrRssIzDMBSk3h2TO
91Y87FzfHhJfOQOsCBx6vSbyxduAY8xWWnWjVXWmhmrDbMGvI9wPRl+HvniwgLhl
9l4X/4Xb67uuxyCSDg5Ci7SkMceGaDCoxIfiq1uXoOwCCuVzkmgDnUoBJwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFGQNo8nz7suo+gPjYVSugYZu5sQyMB8GA1UdIwQY
MBaAFOksQV0Xda6Zk+kAp1NrRqsUSpqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQt
MWQ5MzRhMDQ4NDc0LzEvWkEyanlmUHV5Nmo2QS1OaFZLNkJobTdteERJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQtMWQ5MzRhMDQ4NDc0
LzEvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMMAwDBAFZHboD
BAFZHbwDBARZHdADBABZHeYDBAJZHfADBAKwOWQDBAC5QPEDBADVtUAwDAMEAdW1
QgMEAdW1RAMEAdW1UgMEANW1XzANBgkqhkiG9w0BAQsFAAOCAQEAW+yNi6how/rK
c+q4rlCDKoMMyss0R0Vg9pWRhr3401ldMPAtMVQOiL4oFmypywudXTju/ZzCPRMs
bskzkGHX98fA7ZRiMjuL3ZPlU+gp700PQyfFiUalqKILIGtgkb84QAFq1Py/XbxR
fen9pKesvYQXW0p0/Ub0felrMcz10LQ5r0tk7Cj3kMkS0hahNb5dR+OR7npdIv6l
Jz0E2jSRl3zusUBqP7Q/d/hPG4UPRbeMGdwI6lYWrkbSQCHfB93fssqOqpfg0Ldn
Ib031uvrhC42593GmsMJna4ppkMR3kDARP+OOOuKeQSpjMyg6k/dqKSKQdToDbPK
ZU64TllCnQ==
-----END CERTIFICATE-----