Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/237947-70c2-4661-a36f-6b497b2c0b38/1/e6QKnd26NFxLpuuhAxML73T_BHw.roa
File:                     e6QKnd26NFxLpuuhAxML73T_BHw.roa (raw, json)
Hash identifier:          WvnUhZyvWR50U69T375x8NsElxKc8FKV3YkOrKaAbIs=
Subject key identifier:   7B:A4:0A:9D:DD:BA:34:5C:4B:A6:EB:A1:03:13:0B:EF:74:FF:04:7C
Certificate issuer:       /CN=10a8c6e9308bb00083100171e00dbb6140f4f580
Certificate serial:       019421443C074AEAF38C49352F8023E4C4DD
Authority key identifier: 10:A8:C6:E9:30:8B:B0:00:83:10:01:71:E0:0D:BB:61:40:F4:F5:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EKjG6TCLsACDEAFx4A27YUD09YA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/237947-70c2-4661-a36f-6b497b2c0b38/1/e6QKnd26NFxLpuuhAxML73T_BHw.roa
Signing time:             Wed 01 Jan 2025 09:48:27 +0000
ROA not before:           Wed 01 Jan 2025 09:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57948
IP address blocks:        2.57.40.0/22 maxlen: 22
                          2.57.40.0/24 maxlen: 24
                          2.57.41.0/24 maxlen: 24
                          2.57.42.0/24 maxlen: 24
                          2.57.43.0/24 maxlen: 24
                          91.236.244.0/23 maxlen: 23
                          91.236.244.0/24 maxlen: 24
                          91.236.245.0/24 maxlen: 24
                          171.25.229.0/24 maxlen: 24
                          185.70.44.0/22 maxlen: 22
                          185.70.44.0/24 maxlen: 24
                          185.70.45.0/24 maxlen: 24
                          185.70.46.0/24 maxlen: 24
                          185.70.47.0/24 maxlen: 24
                          2a05:2600::/29 maxlen: 29
                          2a05:2600::/32 maxlen: 32
                          2a05:2601::/32 maxlen: 32
                          2a05:2602::/32 maxlen: 32
                          2a05:2603::/32 maxlen: 32
                          2a05:2604::/32 maxlen: 32
                          2a05:2605::/32 maxlen: 32
                          2a05:2606::/32 maxlen: 32
                          2a05:2607::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:3c:07:4a:ea:f3:8c:49:35:2f:80:23:e4:c4:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10a8c6e9308bb00083100171e00dbb6140f4f580
        Validity
            Not Before: Jan  1 09:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ba40a9dddba345c4ba6eba103130bef74ff047c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e0:13:e2:8e:96:b4:b7:eb:9a:fb:23:eb:a1:
                    dd:f9:55:f2:88:38:82:7a:22:1f:b5:47:30:1a:45:
                    19:35:a7:c5:7c:d9:50:50:82:62:c7:5f:80:5c:08:
                    ca:73:3d:23:c2:86:80:f4:5d:d6:25:60:1d:61:04:
                    d0:5e:45:ed:60:62:f9:ec:b7:9e:7c:24:2e:a8:6f:
                    ea:01:b7:5d:a3:c1:85:b0:3e:e1:74:b5:89:21:01:
                    27:64:0a:9a:26:c3:85:d5:0a:cf:2e:6a:c5:ce:03:
                    ac:f2:d1:fd:bf:2b:c2:88:64:df:34:ef:0a:52:00:
                    72:78:bd:e2:54:2c:ef:af:36:90:c6:58:fd:97:dd:
                    01:49:e5:33:89:86:6a:ef:44:c0:e2:f2:66:a7:ec:
                    f7:25:a6:d2:60:80:30:37:10:26:92:fd:e0:67:ac:
                    dc:28:cf:ba:f9:a5:46:0a:b1:08:13:c5:9a:e9:dc:
                    97:c8:98:cd:3c:ad:3c:1a:42:da:f3:67:c3:28:4e:
                    a6:71:ca:cd:b6:ca:a4:74:7b:5e:61:a2:4e:20:53:
                    95:5e:c1:26:d1:35:3c:7f:59:1f:e0:43:0f:8e:e9:
                    4e:06:63:ee:e5:84:3b:13:7e:db:1c:5f:17:17:90:
                    7d:18:8a:ef:74:2d:74:6c:d9:c6:c1:c7:06:07:ea:
                    22:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:A4:0A:9D:DD:BA:34:5C:4B:A6:EB:A1:03:13:0B:EF:74:FF:04:7C
            X509v3 Authority Key Identifier:
                keyid:10:A8:C6:E9:30:8B:B0:00:83:10:01:71:E0:0D:BB:61:40:F4:F5:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EKjG6TCLsACDEAFx4A27YUD09YA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/237947-70c2-4661-a36f-6b497b2c0b38/1/e6QKnd26NFxLpuuhAxML73T_BHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/237947-70c2-4661-a36f-6b497b2c0b38/1/EKjG6TCLsACDEAFx4A27YUD09YA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.40.0/22
                  91.236.244.0/23
                  171.25.229.0/24
                  185.70.44.0/22
                IPv6:
                  2a05:2600::/29

    Signature Algorithm: sha256WithRSAEncryption
         51:3b:90:90:a7:89:6a:80:18:0c:9c:51:f8:31:0f:09:28:a1:
         03:14:6c:22:17:62:79:e9:7b:91:6c:48:1c:da:8c:ec:2b:87:
         42:f8:13:47:6f:a2:0f:44:07:7b:fe:c3:1d:b8:39:11:77:5b:
         fa:2e:3a:be:cf:d0:41:ac:89:6d:84:ca:2c:75:9f:bd:b1:3c:
         2d:ed:d5:48:72:ab:66:68:34:ec:63:b3:34:88:fa:21:4b:5b:
         5d:a5:cb:ab:d0:ec:91:09:d3:04:6e:2e:a7:02:5a:5e:b5:4f:
         3f:62:74:24:b4:aa:65:f9:f4:b0:66:38:c1:03:19:2b:76:fe:
         42:bf:29:1c:7e:76:68:1c:14:81:5e:25:13:f2:d5:eb:a8:a6:
         94:d2:58:d0:27:94:4c:46:11:76:13:52:41:b0:cf:cf:a4:9a:
         28:a6:7f:92:58:09:e2:a2:50:e2:a4:e2:33:25:b1:50:ac:32:
         24:5a:39:af:c0:49:fe:4d:f2:e2:26:58:e8:ed:7c:bc:2a:4d:
         06:59:d5:5b:7b:3f:97:28:24:0a:ed:d3:b4:49:9c:de:94:bb:
         5c:d8:17:f5:6a:40:9b:ad:af:19:6d:69:cc:39:fe:e8:d3:da:
         3b:b4:9d:d7:90:0b:26:b8:5d:07:12:47:57:ab:94:48:2a:93:
         3c:0f:df:b9
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZQhRDwHSurzjEk1L4Aj5MTdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwYThjNmU5MzA4YmIwMDA4MzEwMDE3MWUwMGRiYjYxNDBm
NGY1ODAwHhcNMjUwMTAxMDk0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmE0MGE5ZGRkYmEzNDVjNGJhNmViYTEwMzEzMGJlZjc0ZmYwNDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeAT4o6WtLfrmvsj66Hd+VXyiDiC
eiIftUcwGkUZNafFfNlQUIJix1+AXAjKcz0jwoaA9F3WJWAdYQTQXkXtYGL57Lee
fCQuqG/qAbddo8GFsD7hdLWJIQEnZAqaJsOF1QrPLmrFzgOs8tH9vyvCiGTfNO8K
UgByeL3iVCzvrzaQxlj9l90BSeUziYZq70TA4vJmp+z3JabSYIAwNxAmkv3gZ6zc
KM+6+aVGCrEIE8Wa6dyXyJjNPK08GkLa82fDKE6mccrNtsqkdHteYaJOIFOVXsEm
0TU8f1kf4EMPjulOBmPu5YQ7E37bHF8XF5B9GIrvdC10bNnGwccGB+oibQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFHukCp3dujRcS6broQMTC+90/wR8MB8GA1UdIwQY
MBaAFBCoxukwi7AAgxABceANu2FA9PWAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUtqRzZUQ0xzQUNERUFGeDRBMjdZVUQwOVlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMzc5NDctNzBjMi00NjYxLWEzNmYt
NmI0OTdiMmMwYjM4LzEvZTZRS25kMjZORnhMcHV1aEF4TUw3M1RfQkh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMzc5NDctNzBjMi00NjYxLWEzNmYtNmI0OTdiMmMwYjM4
LzEvRUtqRzZUQ0xzQUNERUFGeDRBMjdZVUQwOVlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCAjkoAwQB
W+z0AwQAqxnlAwQCuUYsMA0EAgACMAcDBQMqBSYAMA0GCSqGSIb3DQEBCwUAA4IB
AQBRO5CQp4lqgBgMnFH4MQ8JKKEDFGwiF2J56XuRbEgc2ozsK4dC+BNHb6IPRAd7
/sMduDkRd1v6Ljq+z9BBrIlthMosdZ+9sTwt7dVIcqtmaDTsY7M0iPohS1tdpcur
0OyRCdMEbi6nAlpetU8/YnQktKpl+fSwZjjBAxkrdv5CvykcfnZoHBSBXiUT8tXr
qKaU0ljQJ5RMRhF2E1JBsM/PpJoopn+SWAniolDipOIzJbFQrDIkWjmvwEn+TfLi
Jljo7Xy8Kk0GWdVbez+XKCQK7dO0SZzelLtc2Bf1akCbra8ZbWnMOf7o09o7tJ3X
kAsmuF0HEkdXq5RIKpM8D9+5
-----END CERTIFICATE-----