Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/zkHr1znDX1sBUUIiLldoHxESbWw.roa
File:                     zkHr1znDX1sBUUIiLldoHxESbWw.roa (raw, json)
Hash identifier:          XtLSccFUj+SK4qBqjqnqB7VV99G5bL35jAx+OVYzTrs=
Subject key identifier:   CE:41:EB:D7:39:C3:5F:5B:01:51:42:22:2E:57:68:1F:11:12:6D:6C
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019420D59F3E113D5E46ECE0F7E963F8AFF7
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/zkHr1znDX1sBUUIiLldoHxESbWw.roa
Signing time:             Wed 01 Jan 2025 07:47:38 +0000
ROA not before:           Wed 01 Jan 2025 07:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8376
IP address blocks:        80.10.8.0/21 maxlen: 24
                          80.10.16.0/20 maxlen: 24
                          80.10.32.0/21 maxlen: 24
                          80.10.48.0/20 maxlen: 24
                          80.10.64.0/20 maxlen: 24
                          80.10.144.0/21 maxlen: 24
                          80.10.168.0/21 maxlen: 24
                          81.52.144.0/21 maxlen: 24
                          81.52.152.0/21 maxlen: 24
                          81.52.224.0/21 maxlen: 24
                          81.253.96.0/21 maxlen: 24
                          81.253.104.0/21 maxlen: 24
                          81.253.112.0/21 maxlen: 24
                          81.253.240.0/20 maxlen: 24
                          90.84.64.0/21 maxlen: 24
                          90.84.72.0/21 maxlen: 24
                          90.84.80.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:9f:3e:11:3d:5e:46:ec:e0:f7:e9:63:f8:af:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 07:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce41ebd739c35f5b015142222e57681f11126d6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:11:7e:b1:09:a2:12:5d:3b:ed:b9:5b:1a:a0:
                    20:6c:dd:2f:70:ea:bd:00:ec:f2:55:31:6c:57:c6:
                    41:51:17:9e:3d:6c:53:fe:f3:1e:9f:01:66:7c:62:
                    5e:5d:88:17:ba:74:e1:2c:43:08:96:2d:33:db:0b:
                    c2:64:9b:db:c4:35:d7:ce:84:ec:14:ff:95:c0:1c:
                    1c:a8:7c:6f:39:39:94:65:d6:e4:41:34:07:fb:f9:
                    6a:e5:39:27:90:be:66:cb:e3:c3:a4:a0:4c:e6:86:
                    48:b7:87:a7:fe:c0:ae:ed:a3:eb:59:94:06:ab:17:
                    9c:d5:ef:54:4f:0f:b5:be:e7:e9:99:59:42:3e:c3:
                    38:84:88:8a:43:46:21:4f:66:87:6a:ce:55:82:a4:
                    16:b2:b6:f6:75:38:cb:f9:88:32:20:b0:2c:e3:24:
                    c3:62:76:a3:6b:99:53:41:d6:93:b8:7a:18:3c:39:
                    a2:ca:02:2b:2d:a9:96:8c:a1:4a:fe:8a:27:05:f0:
                    ee:75:25:5f:9d:67:3a:8c:86:2d:2a:0c:1a:80:a1:
                    f3:f8:ed:e9:6f:c0:34:22:52:c3:af:ec:8d:3c:cd:
                    9e:b4:3c:8a:b1:99:59:fc:e3:a5:1f:3a:2b:b1:76:
                    ab:4b:21:22:9a:19:a7:1a:66:9d:39:f8:2a:63:22:
                    4a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:41:EB:D7:39:C3:5F:5B:01:51:42:22:2E:57:68:1F:11:12:6D:6C
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/zkHr1znDX1sBUUIiLldoHxESbWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.10.8.0-80.10.39.255
                  80.10.48.0-80.10.79.255
                  80.10.144.0/21
                  80.10.168.0/21
                  81.52.144.0/20
                  81.52.224.0/21
                  81.253.96.0-81.253.119.255
                  81.253.240.0/20
                  90.84.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         9c:4f:c3:a6:3d:fa:a2:4d:16:12:49:93:0d:e4:83:08:d2:5a:
         d4:e1:de:54:ba:0d:ec:18:27:b9:ca:fa:f3:13:e0:75:0b:5d:
         ab:da:22:4d:a0:61:46:01:53:f6:ec:53:b6:5e:1f:e6:ea:92:
         12:86:35:fd:fd:25:38:1b:4d:4e:e3:fe:34:da:35:c3:80:77:
         3c:f0:ab:28:da:73:60:f3:2d:e6:d2:ec:9a:88:64:f0:1b:4a:
         58:0e:be:88:91:bf:62:60:ea:ac:8b:86:7c:e6:3c:07:11:38:
         79:61:e3:ef:d2:a9:04:0a:a2:09:8b:c5:17:64:e0:37:36:50:
         aa:ba:2c:4e:4d:45:ad:34:69:00:57:d0:29:46:21:c4:e1:36:
         61:19:a6:e2:43:22:4c:f2:2c:f8:88:ed:d8:c2:c5:13:76:77:
         ac:2a:23:c6:2f:bd:d7:98:27:0b:79:ce:bd:ec:7d:e4:42:c5:
         1a:ad:07:73:ab:82:1c:0f:d3:5f:52:be:4b:b5:d5:f2:fb:d2:
         91:56:a0:89:39:e6:09:16:09:e5:2b:b5:89:67:b9:95:31:e4:
         ba:0f:f1:a4:81:98:c3:e3:4b:7b:78:5f:a9:53:01:f2:dd:dd:
         90:c5:16:9b:93:2c:62:8d:0a:fc:9a:84:1e:df:83:6a:04:7d:
         19:38:01:ee
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZQg1Z8+ET1eRuzg9+lj+K/3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwMTAxMDc0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTQxZWJkNzM5YzM1ZjViMDE1MTQyMjIyZTU3NjgxZjExMTI2ZDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxF+sQmiEl077blbGqAgbN0vcOq9
AOzyVTFsV8ZBUReePWxT/vMenwFmfGJeXYgXunThLEMIli0z2wvCZJvbxDXXzoTs
FP+VwBwcqHxvOTmUZdbkQTQH+/lq5TknkL5my+PDpKBM5oZIt4en/sCu7aPrWZQG
qxec1e9UTw+1vufpmVlCPsM4hIiKQ0YhT2aHas5VgqQWsrb2dTjL+YgyILAs4yTD
Ynaja5lTQdaTuHoYPDmiygIrLamWjKFK/oonBfDudSVfnWc6jIYtKgwagKHz+O3p
b8A0IlLDr+yNPM2etDyKsZlZ/OOlHzorsXarSyEimhmnGmadOfgqYyJK/wIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFM5B69c5w19bAVFCIi5XaB8REm1sMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvemtIcjF6bkRYMXNCVVVJaUxsZG9IeEVTYld3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOMAwDBANQCggD
BANQCiAwDAMEBFAKMAMEBFAKQAMEA1AKkAMEA1AKqAMEBFE0kAMEA1E04DAMAwQF
Uf1gAwQDUf1wAwQEUf3wAwQFWlRAMA0GCSqGSIb3DQEBCwUAA4IBAQCcT8OmPfqi
TRYSSZMN5IMI0lrU4d5Uug3sGCe5yvrzE+B1C12r2iJNoGFGAVP27FO2Xh/m6pIS
hjX9/SU4G01O4/402jXDgHc88Kso2nNg8y3m0uyaiGTwG0pYDr6Ikb9iYOqsi4Z8
5jwHETh5YePv0qkECqIJi8UXZOA3NlCquixOTUWtNGkAV9ApRiHE4TZhGabiQyJM
8iz4iO3YwsUTdnesKiPGL73XmCcLec697H3kQsUarQdzq4IcD9NfUr5LtdXy+9KR
VqCJOeYJFgnlK7WJZ7mVMeS6D/GkgZjD40t7eF+pUwHy3d2QxRabkyxijQr8moQe
34NqBH0ZOAHu
-----END CERTIFICATE-----