Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/OkAiB2BmdD82CvYoO8tIpBeerEo.roa
File:                     OkAiB2BmdD82CvYoO8tIpBeerEo.roa (raw, json)
Hash identifier:          KF3A7EmJT8Aiwab56CYFGrWNJzl/jdC2sJ38YX1chPc=
Subject key identifier:   3A:40:22:07:60:66:74:3F:36:0A:F6:28:3B:CB:48:A4:17:9E:AC:4A
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0193891CDB4AC0C577096677526F7E89CE51
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/OkAiB2BmdD82CvYoO8tIpBeerEo.roa
Signing time:             Mon 02 Dec 2024 20:43:09 +0000
ROA not before:           Mon 02 Dec 2024 20:43:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3319
IP address blocks:        77.47.143.0/24 maxlen: 24
                          77.47.148.0/22 maxlen: 24
                          77.47.156.0/22 maxlen: 24
                          77.47.212.0/23 maxlen: 24
                          77.47.240.0/23 maxlen: 24
                          77.47.243.0/24 maxlen: 24
                          77.47.244.0/22 maxlen: 24
                          185.143.56.0/22 maxlen: 24
                          195.178.132.0/24 maxlen: 24
                          195.178.133.0/24 maxlen: 24
                          195.178.134.0/24 maxlen: 24
                          195.178.135.0/24 maxlen: 24
                          195.178.144.0/23 maxlen: 23
                          195.178.146.0/24 maxlen: 24
                          195.178.147.0/24 maxlen: 24
                          195.178.152.0/22 maxlen: 22
                          195.178.156.0/24 maxlen: 24
                          212.111.207.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:89:1c:db:4a:c0:c5:77:09:66:77:52:6f:7e:89:ce:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Dec  2 20:43:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a4022076066743f360af6283bcb48a4179eac4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0a:68:8b:45:f7:e3:95:26:3c:e9:0c:cc:68:
                    a0:27:f1:e6:90:be:dc:16:c7:10:37:d6:f1:6d:74:
                    59:2e:46:bc:e7:de:62:d4:a4:74:57:e3:a0:2f:e1:
                    24:83:4d:59:6f:f0:47:b2:08:f5:34:a6:ed:5f:6d:
                    6c:61:46:b9:cb:49:bf:4c:a2:27:42:31:0e:f3:71:
                    75:d1:21:87:17:ff:87:fb:13:4d:9d:e9:34:9a:af:
                    90:7c:a6:68:f8:b2:8b:c6:5d:4c:8c:75:d1:77:98:
                    16:38:0c:c4:a7:ea:fe:52:77:45:53:9c:4d:99:d2:
                    d2:2f:ad:69:a2:fd:3f:c7:f1:38:ea:ba:c7:92:d2:
                    66:7b:fd:3c:15:78:83:5f:25:81:f2:b2:d7:c3:3f:
                    d0:81:83:94:be:3b:a6:ff:ad:23:8e:e6:da:79:4f:
                    2d:d9:5a:08:70:a6:a3:ca:2c:f1:a1:2c:4b:ea:ef:
                    ce:8d:29:ab:d5:e8:73:af:7d:83:0d:61:9d:29:78:
                    66:49:d7:36:1b:75:63:6c:90:ad:b4:55:1b:c2:d2:
                    42:db:6d:8b:32:dc:ef:d9:a8:e4:ca:8b:14:1b:c9:
                    4c:28:9c:f8:8f:73:f7:44:91:54:3f:e0:8c:93:af:
                    7f:cc:43:05:3f:e2:d5:b6:06:c7:c2:e3:1d:a0:70:
                    0c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:40:22:07:60:66:74:3F:36:0A:F6:28:3B:CB:48:A4:17:9E:AC:4A
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/OkAiB2BmdD82CvYoO8tIpBeerEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.143.0/24
                  77.47.148.0/22
                  77.47.156.0/22
                  77.47.212.0/23
                  77.47.240.0/23
                  77.47.243.0-77.47.247.255
                  185.143.56.0/22
                  195.178.132.0/22
                  195.178.144.0/22
                  195.178.152.0-195.178.156.255
                  212.111.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:b6:8f:b0:a8:97:5e:00:ee:11:7b:3c:44:4a:46:73:cb:d3:
         05:9f:9a:04:1f:e9:5b:b4:5d:55:e0:3e:5a:07:a1:64:12:41:
         5e:fd:87:17:3b:da:82:93:fb:fa:c7:fd:cd:56:1d:da:a9:2a:
         bd:a0:af:b9:6f:a6:06:02:b4:86:9e:ed:02:07:fb:24:c9:fc:
         c1:95:c8:5c:28:89:dc:ce:dd:5b:9e:c5:29:23:64:e1:e7:3c:
         d5:89:ce:29:0d:d4:a2:48:8c:fc:a0:2c:3e:1b:4a:d8:4e:87:
         a6:6f:0a:d9:16:79:6d:e9:37:f1:9e:f0:bc:7e:9b:9b:65:cc:
         c1:47:20:a0:b3:18:c3:e0:a4:dd:80:0d:6e:f3:45:c9:d2:49:
         a1:54:b4:22:8e:d4:ea:82:bb:7a:8e:fb:5c:bb:61:7d:21:7c:
         04:20:11:b8:48:c8:62:71:54:c2:ab:da:b5:10:77:56:32:29:
         3d:64:c6:a5:88:5a:b8:9c:13:27:77:9b:e3:18:75:c0:d9:72:
         c5:8f:6c:bd:99:76:98:13:e2:b2:1d:86:33:08:11:dd:bf:db:
         7a:7d:d9:03:4f:e3:51:bd:76:d4:46:47:10:9f:c8:df:2a:37:
         ac:32:84:09:f2:f7:a6:04:69:c3:05:8e:de:41:f6:33:0c:4c:
         7c:70:c9:9e
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAZOJHNtKwMV3CWZ3Um9+ic5RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQxMjAyMjA0MzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTQwMjIwNzYwNjY3NDNmMzYwYWY2MjgzYmNiNDhhNDE3OWVhYzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxApoi0X345UmPOkMzGigJ/HmkL7c
FscQN9bxbXRZLka8595i1KR0V+OgL+Ekg01Zb/BHsgj1NKbtX21sYUa5y0m/TKIn
QjEO83F10SGHF/+H+xNNnek0mq+QfKZo+LKLxl1MjHXRd5gWOAzEp+r+UndFU5xN
mdLSL61pov0/x/E46rrHktJme/08FXiDXyWB8rLXwz/QgYOUvjum/60jjubaeU8t
2VoIcKajyizxoSxL6u/OjSmr1ehzr32DDWGdKXhmSdc2G3VjbJCttFUbwtJC222L
Mtzv2ajkyosUG8lMKJz4j3P3RJFUP+CMk69/zEMFP+LVtgbHwuMdoHAMkwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFDpAIgdgZnQ/Ngr2KDvLSKQXnqxKMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvT2tBaUIyQm1kRDgyQ3ZZb084dElwQmVlckVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQATS+PAwQC
TS+UAwQCTS+cAwQBTS/UAwQBTS/wMAwDBABNL/MDBANNL/ADBAK5jzgDBALDsoQD
BALDspAwDAMEA8OymAMEAMOynAMEANRvzzANBgkqhkiG9w0BAQsFAAOCAQEAg7aP
sKiXXgDuEXs8REpGc8vTBZ+aBB/pW7RdVeA+WgehZBJBXv2HFzvagpP7+sf9zVYd
2qkqvaCvuW+mBgK0hp7tAgf7JMn8wZXIXCiJ3M7dW57FKSNk4ec81YnOKQ3UokiM
/KAsPhtK2E6Hpm8K2RZ5bek38Z7wvH6bm2XMwUcgoLMYw+Ck3YANbvNFydJJoVS0
Io7U6oK7eo77XLthfSF8BCARuEjIYnFUwqvatRB3VjIpPWTGpYhauJwTJ3eb4xh1
wNlyxY9svZl2mBPish2GMwgR3b/ben3ZA0/jUb121EZHEJ/I3yo3rDKECfL3pgRp
wwWO3kH2MwxMfHDJng==
-----END CERTIFICATE-----