Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/jvb7ZuUv6IBZZjyHU73fsADGXGU.roa
File:                     jvb7ZuUv6IBZZjyHU73fsADGXGU.roa (raw, json)
Hash identifier:          KCxi02LYVGWgNmHeFNgBMstWeGChgWpGmOBMCfEcMc0=
Subject key identifier:   8E:F6:FB:66:E5:2F:E8:80:59:66:3C:87:53:BD:DF:B0:00:C6:5C:65
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019555C18332B01EB1D3066609A4C5EB5D06
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/jvb7ZuUv6IBZZjyHU73fsADGXGU.roa
Signing time:             Sun 02 Mar 2025 07:28:20 +0000
ROA not before:           Sun 02 Mar 2025 07:28:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.172.0/24 maxlen: 24
                          62.72.184.0/24 maxlen: 24
                          62.72.185.0/24 maxlen: 24
                          62.72.191.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.5.0/24 maxlen: 24
                          81.21.6.0/24 maxlen: 24
                          81.21.7.0/24 maxlen: 24
                          176.57.51.0/24 maxlen: 24
                          176.57.56.0/24 maxlen: 24
                          176.57.57.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:55:c1:83:32:b0:1e:b1:d3:06:66:09:a4:c5:eb:5d:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Mar  2 07:28:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ef6fb66e52fe88059663c8753bddfb000c65c65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b2:61:e1:72:d2:a6:8b:00:ab:a2:29:e0:00:
                    e0:b6:e1:4b:f9:cb:8e:d8:25:ac:f7:71:40:7f:ae:
                    0e:2a:52:bb:1e:35:92:9c:6a:cb:3e:96:65:33:ca:
                    44:01:23:93:23:56:ef:4b:a1:d8:c3:96:37:00:f9:
                    11:97:69:ea:8e:c1:c1:c5:e6:bc:a7:aa:de:a3:16:
                    a7:bb:cf:20:95:88:47:f8:2e:91:6d:1c:30:b8:59:
                    32:6e:70:1f:ba:17:ea:43:21:84:cb:95:6f:db:c4:
                    3f:7e:3f:02:9a:af:97:77:83:cb:6c:a7:f2:d2:29:
                    8b:01:88:7b:ae:84:98:dc:5b:81:08:ab:f5:1c:a4:
                    e6:f4:f4:ce:a3:6a:b7:66:c5:e7:24:59:6a:47:db:
                    46:97:4b:68:bb:c4:4e:e0:ad:27:6a:89:6f:e2:87:
                    ba:4d:da:e4:0f:e3:42:1f:f7:fc:40:4c:35:2b:b8:
                    30:81:4d:62:2b:64:2c:21:2e:c9:e2:81:2d:15:55:
                    40:b9:49:38:4a:75:ef:b4:a4:43:0b:36:a7:23:e3:
                    5f:8d:55:a4:cf:7d:86:50:d4:c8:ae:ac:50:4c:d2:
                    48:f0:a5:13:bd:c5:79:99:25:1c:be:57:0f:f8:d9:
                    82:d4:13:a3:fc:de:fa:5e:e2:83:96:61:34:f5:b5:
                    30:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:F6:FB:66:E5:2F:E8:80:59:66:3C:87:53:BD:DF:B0:00:C6:5C:65
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/jvb7ZuUv6IBZZjyHU73fsADGXGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.172.0/24
                  62.72.184.0/23
                  62.72.191.0/24
                  81.21.2.0-81.21.7.255
                  176.57.51.0/24
                  176.57.56.0/23
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:76:90:56:6d:df:6c:2e:21:ee:0c:4e:1f:3d:44:ad:b4:92:
         61:81:1f:e1:9d:83:a3:96:0c:95:6c:3c:45:33:35:15:f6:0c:
         2d:5f:c3:ef:21:8f:74:da:74:de:0f:33:b4:08:0a:e0:b0:e4:
         bb:be:4f:a2:c5:6e:3f:3f:65:e4:03:71:72:e9:e9:4a:39:7a:
         61:d5:35:3a:41:f0:8c:25:39:67:b3:34:88:57:d3:9b:1b:09:
         03:c2:06:d1:17:02:98:d4:4c:e6:10:ed:8e:b0:d8:3d:fc:94:
         95:b6:2f:f7:c4:56:88:77:00:e9:3f:ae:bb:e5:f5:59:d8:5b:
         a3:e3:b2:10:19:1c:b3:3a:75:09:b4:42:b4:ad:9a:16:da:ae:
         27:d6:40:bb:d3:26:e7:93:db:16:e1:4f:08:0e:76:d9:e9:20:
         2c:b2:c5:ca:3f:35:f1:f8:a7:88:a5:d8:de:8d:16:be:97:89:
         fb:c0:31:cf:fe:48:36:b8:47:56:0d:3b:be:84:54:23:82:e0:
         c9:6b:87:13:38:e7:14:ea:0a:36:4e:a3:67:ca:b7:c2:fc:c3:
         a2:27:93:1c:f6:8b:a8:a9:f0:bf:c5:94:ce:d3:0a:8e:fb:77:
         78:16:29:8c:64:0e:64:e1:90:67:64:45:bd:c0:00:98:81:ed:
         9e:ea:ee:35
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZVVwYMysB6x0wZmCaTF610GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMzAyMDcyODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWY2ZmI2NmU1MmZlODgwNTk2NjNjODc1M2JkZGZiMDAwYzY1YzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bJh4XLSposAq6Ip4ADgtuFL+cuO
2CWs93FAf64OKlK7HjWSnGrLPpZlM8pEASOTI1bvS6HYw5Y3APkRl2nqjsHBxea8
p6reoxanu88glYhH+C6RbRwwuFkybnAfuhfqQyGEy5Vv28Q/fj8Cmq+Xd4PLbKfy
0imLAYh7roSY3FuBCKv1HKTm9PTOo2q3ZsXnJFlqR9tGl0tou8RO4K0naolv4oe6
TdrkD+NCH/f8QEw1K7gwgU1iK2QsIS7J4oEtFVVAuUk4SnXvtKRDCzanI+NfjVWk
z32GUNTIrqxQTNJI8KUTvcV5mSUcvlcP+NmC1BOj/N76XuKDlmE09bUw6wIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFI72+2blL+iAWWY8h1O937AAxlxlMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvanZiN1p1VXY2SUJaWmp5SFU3M2ZzQURHWEdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAMAwDBAE+SKID
BAM+SKADBAA+SKwDBAE+SLgDBAA+SL8wDAMEAVEVAgMEA1EVAAMEALA5MwMEAbA5
OAMEALA5PzANBgkqhkiG9w0BAQsFAAOCAQEAcXaQVm3fbC4h7gxOHz1ErbSSYYEf
4Z2Do5YMlWw8RTM1FfYMLV/D7yGPdNp03g8ztAgK4LDku75PosVuPz9l5ANxcunp
Sjl6YdU1OkHwjCU5Z7M0iFfTmxsJA8IG0RcCmNRM5hDtjrDYPfyUlbYv98RWiHcA
6T+uu+X1Wdhbo+OyEBkcszp1CbRCtK2aFtquJ9ZAu9Mm55PbFuFPCA522ekgLLLF
yj818finiKXY3o0WvpeJ+8Axz/5INrhHVg07voRUI4LgyWuHEzjnFOoKNk6jZ8q3
wvzDoieTHPaLqKnwv8WUztMKjvt3eBYpjGQOZOGQZ2RFvcAAmIHtnuruNQ==
-----END CERTIFICATE-----