Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/_H8hdVPXQPnXex1W20hPCI5ma1Y.roa
File:                     _H8hdVPXQPnXex1W20hPCI5ma1Y.roa (raw, json)
Hash identifier:          fGiKzx+vB/TPu8hOecbdt/i3esBalbqFDGRF/f60bPI=
Subject key identifier:   FC:7F:21:75:53:D7:40:F9:D7:7B:1D:56:DB:48:4F:08:8E:66:6B:56
Certificate issuer:       /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial:       019427B421C774235689D022DF9459E54AA1
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/_H8hdVPXQPnXex1W20hPCI5ma1Y.roa
Signing time:             Thu 02 Jan 2025 15:48:24 +0000
ROA not before:           Thu 02 Jan 2025 15:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        84.46.203.0/24 maxlen: 24
                          84.46.208.0/24 maxlen: 24
                          84.46.211.0/24 maxlen: 24
                          84.46.212.0/24 maxlen: 24
                          84.46.214.0/24 maxlen: 24
                          84.46.215.0/24 maxlen: 24
                          84.46.220.0/24 maxlen: 24
                          84.46.222.0/24 maxlen: 24
                          86.38.25.0/24 maxlen: 24
                          86.38.57.0/24 maxlen: 24
                          86.38.128.0/24 maxlen: 24
                          86.38.129.0/24 maxlen: 24
                          86.38.130.0/24 maxlen: 24
                          86.38.158.0/24 maxlen: 24
                          86.38.159.0/24 maxlen: 24
                          86.38.160.0/24 maxlen: 24
                          89.117.240.0/24 maxlen: 24
                          89.117.242.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:21:c7:74:23:56:89:d0:22:df:94:59:e5:4a:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
        Validity
            Not Before: Jan  2 15:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc7f217553d740f9d77b1d56db484f088e666b56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:82:b7:3f:d9:79:88:ee:5a:f9:a9:df:28:d8:
                    21:b4:27:8c:8c:1c:c4:90:41:61:09:c1:69:93:55:
                    d0:c7:da:39:d0:92:63:94:73:a1:5a:44:21:73:6b:
                    9a:4e:cf:82:85:cc:59:c9:a0:4f:96:98:f5:12:ee:
                    67:b4:27:63:47:d3:81:b2:cf:0b:de:3d:09:6c:8a:
                    d8:dc:41:15:27:08:36:0e:56:00:d9:4b:60:86:d7:
                    a1:c9:97:99:dc:82:f5:25:b2:9c:19:05:7f:55:66:
                    0d:1a:3f:37:ad:e9:d7:13:02:a0:ee:08:4c:3b:d0:
                    fb:20:76:d7:06:be:6e:8c:12:2d:da:02:82:bc:b0:
                    bf:6d:cd:b9:90:80:9c:96:6d:e0:7f:da:2c:08:3c:
                    ae:c3:68:57:d6:f8:f3:79:44:ef:dc:7d:b9:56:c1:
                    ba:e4:51:73:27:33:37:a3:99:ad:ee:52:39:35:f9:
                    74:5d:4c:78:ec:d8:94:07:22:c9:d3:76:6b:4e:93:
                    81:84:d5:cd:39:6e:96:eb:b3:56:b4:76:20:fd:ec:
                    41:a1:78:99:b6:33:29:8a:a1:7e:29:1b:39:eb:14:
                    4d:e5:c4:a7:3f:0f:67:ef:dc:5c:cf:82:ae:96:4d:
                    35:40:48:f4:5c:12:0e:e6:da:55:e0:a1:15:a4:c0:
                    66:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:7F:21:75:53:D7:40:F9:D7:7B:1D:56:DB:48:4F:08:8E:66:6B:56
            X509v3 Authority Key Identifier:
                keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/_H8hdVPXQPnXex1W20hPCI5ma1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.46.203.0/24
                  84.46.208.0/24
                  84.46.211.0-84.46.212.255
                  84.46.214.0/23
                  84.46.220.0/24
                  84.46.222.0/24
                  86.38.25.0/24
                  86.38.57.0/24
                  86.38.128.0-86.38.130.255
                  86.38.158.0-86.38.160.255
                  89.117.240.0/24
                  89.117.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:91:83:f6:0e:34:35:7a:13:40:cd:82:e8:19:9b:93:f5:36:
         1b:1a:15:97:ff:11:cd:f2:6c:a2:35:5b:62:0a:df:f3:a9:bd:
         84:f6:90:a5:c2:b8:35:1c:7d:97:c4:da:32:5e:48:28:59:a4:
         fc:fd:5b:56:ca:3b:79:95:09:0e:c8:a5:be:6d:e9:f2:c1:75:
         21:3e:ff:0b:c3:3d:8f:59:7e:b8:86:4d:26:82:c5:b4:35:f6:
         0b:27:f8:c0:db:ae:7d:7a:d6:96:87:f3:e8:95:65:15:35:e5:
         25:5f:72:f2:f9:6c:2e:e3:05:c7:2b:dc:67:0d:fc:2c:b4:1e:
         bb:28:50:36:8f:dd:91:ac:a0:90:73:88:a4:78:9d:a1:16:a7:
         43:a4:cf:43:fe:c6:aa:99:e2:c9:8e:33:06:44:7e:4f:81:53:
         17:39:8f:2a:62:a5:8f:95:d4:16:df:0f:15:bf:d1:2a:5a:ad:
         03:c9:37:04:5f:41:95:94:ed:3e:1d:0f:78:66:3f:ec:7c:d4:
         e4:58:0c:94:59:b5:43:f5:a7:d7:6f:32:37:9e:e7:62:59:a7:
         5f:ea:16:44:01:84:13:63:0f:d5:92:ad:04:99:39:4e:8d:bc:
         ac:e1:53:35:76:ad:f6:3e:ea:49:9e:27:9d:a7:12:d9:ba:20:
         8c:c1:c5:6d
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAZQntCHHdCNWidAi35RZ5UqhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjUwMTAyMTU0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzdmMjE3NTUzZDc0MGY5ZDc3YjFkNTZkYjQ4NGYwODhlNjY2YjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4K3P9l5iO5a+anfKNghtCeMjBzE
kEFhCcFpk1XQx9o50JJjlHOhWkQhc2uaTs+ChcxZyaBPlpj1Eu5ntCdjR9OBss8L
3j0JbIrY3EEVJwg2DlYA2UtghtehyZeZ3IL1JbKcGQV/VWYNGj83renXEwKg7ghM
O9D7IHbXBr5ujBIt2gKCvLC/bc25kICclm3gf9osCDyuw2hX1vjzeUTv3H25VsG6
5FFzJzM3o5mt7lI5Nfl0XUx47NiUByLJ03ZrTpOBhNXNOW6W67NWtHYg/exBoXiZ
tjMpiqF+KRs56xRN5cSnPw9n79xcz4Kulk01QEj0XBIO5tpV4KEVpMBm3wIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFPx/IXVT10D513sdVttITwiOZmtWMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvX0g4aGRWUFhRUG5YZXgxVzIwaFBDSTVtYTFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQAVC7LAwQA
VC7QMAwDBABULtMDBABULtQDBAFULtYDBABULtwDBABULt4DBABWJhkDBABWJjkw
DAMEB1YmgAMEAFYmgjAMAwQBViaeAwQAViagAwQAWXXwAwQAWXXyMA0GCSqGSIb3
DQEBCwUAA4IBAQCjkYP2DjQ1ehNAzYLoGZuT9TYbGhWX/xHN8myiNVtiCt/zqb2E
9pClwrg1HH2XxNoyXkgoWaT8/VtWyjt5lQkOyKW+benywXUhPv8Lwz2PWX64hk0m
gsW0NfYLJ/jA2659etaWh/PolWUVNeUlX3Ly+Wwu4wXHK9xnDfwstB67KFA2j92R
rKCQc4ikeJ2hFqdDpM9D/saqmeLJjjMGRH5PgVMXOY8qYqWPldQW3w8Vv9EqWq0D
yTcEX0GVlO0+HQ94Zj/sfNTkWAyUWbVD9afXbzI3nudiWadf6hZEAYQTYw/Vkq0E
mTlOjbys4VM1dq32PupJniedpxLZuiCMwcVt
-----END CERTIFICATE-----