Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/Y4NR2sDxLMhcuAGbjEml88CaV50.roa
File:                     Y4NR2sDxLMhcuAGbjEml88CaV50.roa (raw, json)
Hash identifier:          Pt4yJqX5ms9qYVF356mD8RH6U+vKzApJMYr2ykwWcT0=
Subject key identifier:   63:83:51:DA:C0:F1:2C:C8:5C:B8:01:9B:8C:49:A5:F3:C0:9A:57:9D
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       01917A5FC5F73811A374C56C789753789760
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/Y4NR2sDxLMhcuAGbjEml88CaV50.roa
Signing time:             Thu 22 Aug 2024 13:56:22 +0000
ROA not before:           Thu 22 Aug 2024 13:56:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39679
IP address blocks:        79.172.218.0/24 maxlen: 24
                          79.172.220.0/24 maxlen: 24
                          87.229.14.0/24 maxlen: 24
                          87.229.22.0/24 maxlen: 24
                          87.229.70.0/24 maxlen: 24
                          87.229.71.0/24 maxlen: 24
                          87.229.79.0/24 maxlen: 24
                          87.229.81.0/24 maxlen: 24
                          87.229.97.0/24 maxlen: 24
                          213.181.201.0/24 maxlen: 24
                          217.144.62.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7a:5f:c5:f7:38:11:a3:74:c5:6c:78:97:53:78:97:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Aug 22 13:56:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=638351dac0f12cc85cb8019b8c49a5f3c09a579d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:5c:72:e7:59:45:6e:6b:15:a2:c5:f5:ae:e9:
                    4d:44:a0:1b:e8:67:71:c3:cb:55:57:3b:89:9a:fb:
                    8e:f0:17:01:ee:14:91:bb:38:57:6b:5c:74:55:73:
                    cd:4f:3f:00:36:ef:d6:a6:12:7f:fe:42:d0:7d:59:
                    72:47:34:ee:c9:24:93:dd:ad:82:62:d6:df:3b:a7:
                    68:e2:66:4e:ae:2e:1e:7b:a1:61:a9:03:8e:08:fb:
                    fa:80:d3:6c:97:59:e6:4a:d7:fc:a8:cc:f9:a8:04:
                    18:db:7e:f6:07:51:81:d4:39:f3:ae:29:c0:28:d4:
                    1b:dc:98:20:92:a6:c3:b8:a5:a4:2f:4b:bd:9b:8f:
                    66:2e:81:f5:ab:30:77:ec:ea:1c:65:71:9d:99:86:
                    b3:33:17:29:5c:ed:5d:76:c0:eb:5e:88:c6:be:68:
                    b6:02:31:b3:de:22:22:67:ac:73:63:fc:eb:a3:3a:
                    a4:7e:3b:4c:bb:f1:7c:e8:a9:fd:97:56:50:56:61:
                    ab:e8:0a:85:53:d5:a1:a1:5a:55:46:44:26:a2:af:
                    02:0c:88:4d:51:90:21:3f:ff:c4:65:12:22:ba:e1:
                    17:21:64:3a:0f:e9:c6:9f:54:4f:1a:aa:cb:1e:17:
                    f2:6c:c6:de:47:07:05:bc:ee:0b:f5:06:16:33:c8:
                    7f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:83:51:DA:C0:F1:2C:C8:5C:B8:01:9B:8C:49:A5:F3:C0:9A:57:9D
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/Y4NR2sDxLMhcuAGbjEml88CaV50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.218.0/24
                  79.172.220.0/24
                  87.229.14.0/24
                  87.229.22.0/24
                  87.229.70.0/23
                  87.229.79.0/24
                  87.229.81.0/24
                  87.229.97.0/24
                  213.181.201.0/24
                  217.144.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:6e:d5:cb:f0:12:df:72:74:a0:17:8d:9d:70:9b:cb:63:1c:
         fe:8f:d4:8b:81:1b:99:a4:98:5a:82:1a:3f:88:bb:f3:48:2e:
         ac:f1:69:c6:06:4c:0a:cc:7d:32:cf:55:f3:ab:aa:49:ce:4c:
         95:dd:51:f5:c7:69:98:1e:a7:50:38:6f:9f:8d:31:b9:63:4a:
         96:4b:60:6b:2a:c4:2b:98:84:59:25:ee:cb:f0:34:c3:03:e3:
         a3:e5:bc:77:f5:53:c5:37:5c:30:ec:92:a1:c8:c3:94:1a:aa:
         c3:eb:30:73:3e:03:34:cf:fe:f4:c2:92:be:e8:27:df:fb:af:
         ed:19:12:92:bb:af:99:f8:3c:56:98:a7:75:d3:d0:7f:01:4d:
         a3:12:c6:96:ac:fb:fb:76:cc:c1:6c:0e:f6:da:60:c5:10:b9:
         f4:c1:01:8a:9a:be:85:59:d0:42:03:33:cf:9e:4b:aa:aa:49:
         d9:1b:49:58:5f:5f:58:a3:dd:8b:f6:88:6c:4e:64:29:b0:ad:
         c6:e2:10:31:41:d0:42:6e:ec:21:d4:d7:d5:94:3f:63:f7:2b:
         2b:69:72:d4:fd:27:db:13:f8:0d:8a:c0:87:84:5d:ca:8b:b8:
         4b:c5:7c:a4:d0:05:26:1d:b1:c7:c4:b7:f3:5b:d2:de:b6:8c:
         32:5c:80:0a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZF6X8X3OBGjdMVseJdTeJdgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjQwODIyMTM1NjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzgzNTFkYWMwZjEyY2M4NWNiODAxOWI4YzQ5YTVmM2MwOWE1NzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVxy51lFbmsVosX1rulNRKAb6Gdx
w8tVVzuJmvuO8BcB7hSRuzhXa1x0VXPNTz8ANu/WphJ//kLQfVlyRzTuySST3a2C
YtbfO6do4mZOri4ee6FhqQOOCPv6gNNsl1nmStf8qMz5qAQY2372B1GB1DnzrinA
KNQb3JggkqbDuKWkL0u9m49mLoH1qzB37OocZXGdmYazMxcpXO1ddsDrXojGvmi2
AjGz3iIiZ6xzY/zrozqkfjtMu/F86Kn9l1ZQVmGr6AqFU9WhoVpVRkQmoq8CDIhN
UZAhP//EZRIiuuEXIWQ6D+nGn1RPGqrLHhfybMbeRwcFvO4L9QYWM8h/CQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFGODUdrA8SzIXLgBm4xJpfPAmledMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvWTROUjJzRHhMTWhjdUFHYmpFbWw4OENhVjUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAT6zaAwQA
T6zcAwQAV+UOAwQAV+UWAwQBV+VGAwQAV+VPAwQAV+VRAwQAV+VhAwQA1bXJAwQA
2ZA+MA0GCSqGSIb3DQEBCwUAA4IBAQBbbtXL8BLfcnSgF42dcJvLYxz+j9SLgRuZ
pJhagho/iLvzSC6s8WnGBkwKzH0yz1Xzq6pJzkyV3VH1x2mYHqdQOG+fjTG5Y0qW
S2BrKsQrmIRZJe7L8DTDA+Oj5bx39VPFN1ww7JKhyMOUGqrD6zBzPgM0z/70wpK+
6Cff+6/tGRKSu6+Z+DxWmKd109B/AU2jEsaWrPv7dszBbA722mDFELn0wQGKmr6F
WdBCAzPPnkuqqknZG0lYX19Yo92L9ohsTmQpsK3G4hAxQdBCbuwh1NfVlD9j9ysr
aXLU/SfbE/gNisCHhF3Ki7hLxXyk0AUmHbHHxLfzW9LetowyXIAK
-----END CERTIFICATE-----