Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/sEXfZ_frVlYD_mxkBMmTSShT4Aw.roa
File:                     sEXfZ_frVlYD_mxkBMmTSShT4Aw.roa (raw, json)
Hash identifier:          q9q1zeZ/+pc1h+hiJuULLx4217R4jnkBQRFKylMHrZk=
Subject key identifier:   B0:45:DF:67:F7:EB:56:56:03:FE:6C:64:04:C9:93:49:28:53:E0:0C
Certificate issuer:       /CN=fba0ed92ec94321dcb219d37f38d907e183244bd
Certificate serial:       019423D7F0C64D68098D9A21ADA23799FBA1
Authority key identifier: FB:A0:ED:92:EC:94:32:1D:CB:21:9D:37:F3:8D:90:7E:18:32:44:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-6DtkuyUMh3LIZ03842QfhgyRL0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/sEXfZ_frVlYD_mxkBMmTSShT4Aw.roa
Signing time:             Wed 01 Jan 2025 21:49:01 +0000
ROA not before:           Wed 01 Jan 2025 21:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1299
IP address blocks:        2.255.192.0/18 maxlen: 18
                          2.255.248.0/21 maxlen: 21
                          62.115.0.0/16 maxlen: 16
                          62.115.128.0/22 maxlen: 22
                          80.91.240.0/20 maxlen: 20
                          80.91.248.0/21 maxlen: 21
                          80.239.128.0/19 maxlen: 19
                          80.239.160.0/19 maxlen: 19
                          80.239.192.0/19 maxlen: 19
                          80.239.224.0/19 maxlen: 19
                          195.12.224.0/19 maxlen: 19
                          195.12.248.0/23 maxlen: 23
                          195.12.248.0/24 maxlen: 24
                          195.12.249.0/24 maxlen: 24
                          213.155.128.0/19 maxlen: 19
                          213.248.64.0/18 maxlen: 18
                          2001:2030::/28 maxlen: 28
                          2001:2030:c004::/47 maxlen: 47
                          2001:2030:c004::/48 maxlen: 48
                          2001:2030:c005::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:f0:c6:4d:68:09:8d:9a:21:ad:a2:37:99:fb:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fba0ed92ec94321dcb219d37f38d907e183244bd
        Validity
            Not Before: Jan  1 21:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b045df67f7eb565603fe6c6404c993492853e00c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:fc:e0:f4:17:9e:f9:84:fb:b1:56:2b:8d:26:
                    a1:d3:79:2e:cb:4c:06:06:36:5d:85:79:36:19:96:
                    df:9e:56:59:0d:36:41:fc:19:81:e7:0d:2a:0e:59:
                    14:41:8e:61:f8:29:6c:3d:d6:9d:dc:48:e9:f1:95:
                    4f:a9:5c:32:38:73:b4:4a:3f:80:7f:aa:91:9b:4b:
                    0f:24:73:cb:3e:c3:37:d9:6a:6f:98:fd:aa:87:97:
                    5e:a9:2e:94:2e:26:8b:b8:f2:e7:7e:98:bb:dd:81:
                    ed:4d:d5:32:96:07:04:94:3a:dd:9d:51:47:ba:bf:
                    74:fb:aa:5f:ea:64:49:76:eb:f4:e1:6d:9a:d2:cc:
                    9e:e6:cb:89:0d:65:ba:ab:23:f8:b8:d9:60:3b:f9:
                    d6:c2:0c:b0:7e:ec:bb:78:b2:bc:88:56:a0:8e:5f:
                    ca:28:82:65:bc:5c:cf:a8:ed:90:62:dd:4b:ca:68:
                    d4:e5:04:bd:16:8c:84:8c:86:e2:64:33:3f:e4:af:
                    12:6d:9c:aa:f1:3f:22:e6:32:37:2a:e1:85:4d:82:
                    12:94:73:ee:97:46:90:fb:b6:37:15:d3:24:30:da:
                    74:bd:ea:a0:29:ba:0a:2b:df:3e:1a:fc:1b:ca:92:
                    98:72:e3:76:38:1d:a1:9a:af:93:ef:f6:d3:57:95:
                    5d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:45:DF:67:F7:EB:56:56:03:FE:6C:64:04:C9:93:49:28:53:E0:0C
            X509v3 Authority Key Identifier:
                keyid:FB:A0:ED:92:EC:94:32:1D:CB:21:9D:37:F3:8D:90:7E:18:32:44:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-6DtkuyUMh3LIZ03842QfhgyRL0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/sEXfZ_frVlYD_mxkBMmTSShT4Aw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/1-6DtkuyUMh3LIZ03842QfhgyRL0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.255.192.0/18
                  62.115.0.0/16
                  80.91.240.0/20
                  80.239.128.0/17
                  195.12.224.0/19
                  213.155.128.0/19
                  213.248.64.0/18
                IPv6:
                  2001:2030::/28

    Signature Algorithm: sha256WithRSAEncryption
         95:6f:09:4d:25:92:98:9e:da:ac:32:05:ee:88:67:aa:97:be:
         76:03:36:43:9e:12:37:d8:08:02:a7:0a:80:d0:d7:dc:4d:e5:
         6a:bb:7c:14:40:a4:36:ab:fb:e8:56:e0:10:d2:e9:dc:6e:27:
         52:c9:8a:ee:5c:91:ec:5c:bd:b5:a6:27:61:1d:97:20:e9:6d:
         86:29:5e:5c:49:04:ed:7d:dd:c0:4c:79:83:ea:be:e4:89:10:
         83:f7:19:8b:f9:2c:bc:11:c4:78:26:a1:e6:3b:55:c1:35:e8:
         ec:36:d6:96:7d:a4:31:49:6c:f5:8b:7e:23:5e:98:b5:dc:7a:
         8e:75:55:47:d7:46:34:09:44:e6:4a:89:0c:b1:95:e6:2a:73:
         ee:65:71:5a:c9:2e:12:5e:b7:4c:56:ad:12:ed:63:60:8c:a8:
         17:dc:40:a4:6e:a5:05:4a:d3:45:cd:ae:1a:89:e5:df:8d:2a:
         d1:67:71:03:14:60:b0:a0:9a:74:54:25:38:fd:d0:68:34:e3:
         e1:31:9f:a3:2e:53:56:46:07:e9:b3:de:2d:d2:1b:99:40:5d:
         32:8a:89:dc:eb:94:cb:a4:32:94:71:56:07:ed:96:bf:62:2f:
         fb:b8:29:77:e1:8c:81:7f:c2:09:86:76:9e:f5:0e:8a:f0:3b:
         5c:e6:89:76
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZQj1/DGTWgJjZohraI3mfuhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYTBlZDkyZWM5NDMyMWRjYjIxOWQzN2YzOGQ5MDdlMTgz
MjQ0YmQwHhcNMjUwMTAxMjE0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDQ1ZGY2N2Y3ZWI1NjU2MDNmZTZjNjQwNGM5OTM0OTI4NTNlMDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvzg9Bee+YT7sVYrjSah03kuy0wG
BjZdhXk2GZbfnlZZDTZB/BmB5w0qDlkUQY5h+ClsPdad3Ejp8ZVPqVwyOHO0Sj+A
f6qRm0sPJHPLPsM32WpvmP2qh5deqS6ULiaLuPLnfpi73YHtTdUylgcElDrdnVFH
ur90+6pf6mRJduv04W2a0sye5suJDWW6qyP4uNlgO/nWwgywfuy7eLK8iFagjl/K
KIJlvFzPqO2QYt1LymjU5QS9FoyEjIbiZDM/5K8SbZyq8T8i5jI3KuGFTYISlHPu
l0aQ+7Y3FdMkMNp0veqgKboKK98+GvwbypKYcuN2OB2hmq+T7/bTV5VdIwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFLBF32f361ZWA/5sZATJk0koU+AMMB8GA1UdIwQY
MBaAFPug7ZLslDIdyyGdN/ONkH4YMkS9MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS02RHRrdXlVTWgzTElaMDM4NDJRZmhneVJMMC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTQvNTkzNDgyLWQ3NjItNDQwOS1iODUw
LTIwYzQ0YTgxZjk3Ny8xL3NFWGZaX2ZyVmxZRF9teGtCTW1UU1NoVDRBdy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTQvNTkzNDgyLWQ3NjItNDQwOS1iODUwLTIwYzQ0YTgxZjk3
Ny8xLzEtNkR0a3V5VU1oM0xJWjAzODQyUWZoZ3lSTDAuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwUQYIKwYBBQUHAQcBAf8EQjBAMC8EAgABMCkDBAYC/8AD
AwA+cwMEBFBb8AMEB1DvgAMEBcMM4AMEBdWbgAMEBtX4QDANBAIAAjAHAwUEIAEg
MDANBgkqhkiG9w0BAQsFAAOCAQEAlW8JTSWSmJ7arDIF7ohnqpe+dgM2Q54SN9gI
AqcKgNDX3E3lart8FECkNqv76FbgENLp3G4nUsmK7lyR7Fy9taYnYR2XIOlthile
XEkE7X3dwEx5g+q+5IkQg/cZi/ksvBHEeCah5jtVwTXo7DbWln2kMUls9Yt+I16Y
tdx6jnVVR9dGNAlE5kqJDLGV5ipz7mVxWskuEl63TFatEu1jYIyoF9xApG6lBUrT
Rc2uGonl340q0WdxAxRgsKCadFQlOP3QaDTj4TGfoy5TVkYH6bPeLdIbmUBdMoqJ
3OuUy6QylHFWB+2Wv2Iv+7gpd+GMgX/CCYZ2nvUOivA7XOaJdg==
-----END CERTIFICATE-----