Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/BxQo5X2Y2TZj8fRxpzNb0rOltnY.roa
File:                     BxQo5X2Y2TZj8fRxpzNb0rOltnY.roa (raw, json)
Hash identifier:          hy9KlBDDlaqHeJfskJfz5sPZPxdlMGpQRLdrCpucBTo=
Subject key identifier:   07:14:28:E5:7D:98:D9:36:63:F1:F4:71:A7:33:5B:D2:B3:A5:B6:76
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       0194274635DFB95A65C6E1110C8FCC01852A
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/BxQo5X2Y2TZj8fRxpzNb0rOltnY.roa
Signing time:             Thu 02 Jan 2025 13:48:20 +0000
ROA not before:           Thu 02 Jan 2025 13:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211035
IP address blocks:        2a0d:2580:db01::/48 maxlen: 48
                          2a0d:2580:db02::/48 maxlen: 48
                          2a0d:2580:db03::/48 maxlen: 48
                          2a0d:2580:db10::/48 maxlen: 48
                          2a0d:2580:db11::/48 maxlen: 48
                          2a0d:2580:db12::/48 maxlen: 48
                          2a0d:2580:db13::/48 maxlen: 48
                          2a0d:2580:db18::/48 maxlen: 48
                          2a0d:2580:db19::/48 maxlen: 48
                          2a0d:2580:db1a::/48 maxlen: 48
                          2a0d:2580:db1b::/48 maxlen: 48
                          2a0d:2580:db1c::/48 maxlen: 48
                          2a0d:2580:db1d::/48 maxlen: 48
                          2a0d:2580:db1e::/48 maxlen: 48
                          2a0d:2580:db1f::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:35:df:b9:5a:65:c6:e1:11:0c:8f:cc:01:85:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  2 13:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=071428e57d98d93663f1f471a7335bd2b3a5b676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e6:74:81:8e:cc:4d:6b:89:3c:51:a8:cb:4b:
                    bb:90:94:74:a1:18:de:65:9f:a5:7a:2e:b1:28:46:
                    77:56:6a:62:77:15:31:b3:d5:6d:6d:8b:ab:12:ca:
                    b6:43:75:54:12:2b:8a:27:5e:95:f0:23:21:f1:4a:
                    58:d4:48:70:2d:be:72:9c:0e:fa:69:44:4f:59:64:
                    db:b6:72:bb:8d:8c:a1:2a:da:37:02:fd:b8:6e:bd:
                    2d:9b:00:08:87:3a:7a:45:d4:7f:83:70:29:c3:e7:
                    96:c0:27:ba:76:ac:10:7e:7c:51:81:b0:cb:60:65:
                    be:f8:76:1d:86:b0:14:04:9e:ad:b3:3b:5d:9b:28:
                    1c:ac:32:ee:29:d7:26:c5:d7:a3:d6:49:b2:ac:e5:
                    ac:db:85:29:88:df:dc:22:bd:e9:ee:92:73:f4:54:
                    e7:b1:18:d0:fa:40:26:bb:4c:f0:00:c7:63:6d:1a:
                    0c:3d:87:da:6c:1e:f5:0e:2f:10:91:b4:e5:9b:4c:
                    8a:a5:fe:31:6c:2d:0a:cc:e6:0c:37:71:3e:8d:23:
                    cc:5d:44:f6:d7:5e:cc:1b:72:fe:16:5f:a3:f9:7d:
                    74:eb:95:57:c0:4a:fd:f4:45:21:7f:f7:05:45:3f:
                    fd:eb:4b:d7:96:08:1e:6b:e9:a4:b5:22:9b:2c:a0:
                    d5:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:14:28:E5:7D:98:D9:36:63:F1:F4:71:A7:33:5B:D2:B3:A5:B6:76
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/BxQo5X2Y2TZj8fRxpzNb0rOltnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2580:db01::-2a0d:2580:db03:ffff:ffff:ffff:ffff:ffff
                  2a0d:2580:db10::/46
                  2a0d:2580:db18::/45

    Signature Algorithm: sha256WithRSAEncryption
         1b:9e:b9:be:63:ba:e0:91:09:7b:68:e1:c2:53:26:30:8d:34:
         1e:6f:f2:4c:e9:9b:41:82:aa:9d:2f:a2:fb:dc:75:e2:21:0f:
         14:87:50:d7:79:2a:45:37:ce:4a:51:cc:6c:2f:66:64:cb:45:
         f3:2d:cd:4b:61:c7:8c:e9:0a:c8:fa:6a:f6:4f:7c:57:fc:d4:
         10:6e:b4:f0:ba:10:fa:ed:e3:16:a4:c0:84:08:96:7e:c2:c4:
         cc:64:da:b6:3b:42:b6:65:17:93:33:99:0b:fe:a6:b0:8c:f2:
         8d:19:77:61:4e:d9:f2:c5:f5:14:28:9c:91:6a:e4:80:9d:80:
         0b:09:39:ca:92:c9:0c:de:72:d6:d5:df:f3:e0:98:ad:58:75:
         54:a3:d2:6a:66:d6:08:60:a4:62:5a:b0:d0:9d:a2:6b:24:f5:
         6d:33:ae:ad:88:55:ad:ec:2a:2e:87:6f:c7:d0:ad:37:22:63:
         ee:c7:ee:bb:e2:fd:56:26:cb:59:ab:4c:01:73:6e:29:23:23:
         00:7b:6f:9c:fa:7e:2c:30:d7:f1:1a:5f:01:02:ae:c5:97:9c:
         ba:5d:6d:8b:ab:36:a1:10:de:d4:8e:9e:28:46:03:f8:83:53:
         87:d1:5a:69:ea:c2:c6:54:2f:53:e0:b5:7d:fd:2b:50:75:b7:
         54:ea:a1:1d
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZQnRjXfuVplxuERDI/MAYUqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjUwMTAyMTM0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzE0MjhlNTdkOThkOTM2NjNmMWY0NzFhNzMzNWJkMmIzYTViNjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreZ0gY7MTWuJPFGoy0u7kJR0oRje
ZZ+lei6xKEZ3VmpidxUxs9VtbYurEsq2Q3VUEiuKJ16V8CMh8UpY1EhwLb5ynA76
aURPWWTbtnK7jYyhKto3Av24br0tmwAIhzp6RdR/g3Apw+eWwCe6dqwQfnxRgbDL
YGW++HYdhrAUBJ6tsztdmygcrDLuKdcmxdej1kmyrOWs24UpiN/cIr3p7pJz9FTn
sRjQ+kAmu0zwAMdjbRoMPYfabB71Di8QkbTlm0yKpf4xbC0KzOYMN3E+jSPMXUT2
117MG3L+Fl+j+X1065VXwEr99EUhf/cFRT/960vXlggea+mktSKbLKDVgwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFAcUKOV9mNk2Y/H0caczW9KzpbZ2MB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvQnhRbzVYMlkyVFpqOGZSeHB6TmIwck9sdG5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAAjAmMBIDBwAqDSWA
2wEDBwIqDSWA2wADBwIqDSWA2xADBwMqDSWA2xgwDQYJKoZIhvcNAQELBQADggEB
ABueub5juuCRCXto4cJTJjCNNB5v8kzpm0GCqp0vovvcdeIhDxSHUNd5KkU3zkpR
zGwvZmTLRfMtzUthx4zpCsj6avZPfFf81BButPC6EPrt4xakwIQIln7CxMxk2rY7
QrZlF5MzmQv+prCM8o0Zd2FO2fLF9RQonJFq5ICdgAsJOcqSyQzectbV3/PgmK1Y
dVSj0mpm1ghgpGJasNCdomsk9W0zrq2IVa3sKi6Hb8fQrTciY+7H7rvi/VYmy1mr
TAFzbikjIwB7b5z6fiww1/EaXwECrsWXnLpdbYurNqEQ3tSOnihGA/iDU4fRWmnq
wsZUL1PgtX39K1B1t1TqoR0=
-----END CERTIFICATE-----