Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/iVkkhxjJXM4zfKrvEPyt6PRtJZQ.roa
File:                     iVkkhxjJXM4zfKrvEPyt6PRtJZQ.roa (raw, json)
Hash identifier:          BbQczt8JwGbuBxAJ2+mtU18bK+d/6xfVTKVV/EKRi8w=
Subject key identifier:   89:59:24:87:18:C9:5C:CE:33:7C:AA:EF:10:FC:AD:E8:F4:6D:25:94
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018EC9DA8C0D9466517D303D334CD9AFBDC1
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/iVkkhxjJXM4zfKrvEPyt6PRtJZQ.roa
Signing time:             Wed 10 Apr 2024 21:12:06 +0000
ROA not before:           Wed 10 Apr 2024 21:12:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215561
IP address blocks:        2a0a:79c0:200::/40 maxlen: 128
                          2a0a:79c7:f000::/38 maxlen: 128
                          2a0a:79c7:f200::/44 maxlen: 128
                          2a0a:79c7:f210::/44 maxlen: 128
                          2a0a:79c7:f220::/44 maxlen: 128
                          2a0a:79c7:f230::/44 maxlen: 128
                          2a0a:79c7:f240::/44 maxlen: 128
                          2a0a:79c7:f250::/44 maxlen: 128
                          2a0a:79c7:f260::/44 maxlen: 128
                          2a0a:79c7:f270::/44 maxlen: 128
                          2a0a:79c7:f280::/44 maxlen: 128
                          2a0a:79c7:f290::/44 maxlen: 128
                          2a0a:79c7:f2a0::/44 maxlen: 128
                          2a0a:79c7:f2b0::/44 maxlen: 128
                          2a0a:79c7:f2c0::/44 maxlen: 128
                          2a0a:79c7:f2d0::/44 maxlen: 128
                          2a0a:79c7:f2e0::/44 maxlen: 128
                          2a0a:79c7:f2f0::/44 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c9:da:8c:0d:94:66:51:7d:30:3d:33:4c:d9:af:bd:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Apr 10 21:12:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8959248718c95cce337caaef10fcade8f46d2594
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:eb:e0:8a:2e:50:81:aa:10:2a:3e:ca:13:f5:
                    d4:15:7c:36:1b:49:65:c9:0d:7b:bd:70:36:09:d2:
                    bf:d3:44:db:68:cb:1d:d4:85:ed:32:c1:3e:51:df:
                    ee:06:3a:a2:07:9e:a2:fe:fa:e9:e5:33:58:b3:6b:
                    92:80:de:5d:c0:06:25:cb:f2:61:fc:32:70:d0:76:
                    be:bf:e1:d5:71:78:1d:bb:ce:89:ef:94:65:d4:ec:
                    13:eb:c4:e7:0b:bd:61:97:4d:ad:cf:d1:d9:2f:4f:
                    be:2f:8a:cf:0c:64:07:e1:99:a3:dd:f4:e9:a0:fc:
                    6f:ab:1e:c7:69:e1:4c:09:85:a2:3e:9f:c6:74:43:
                    db:20:3f:db:06:08:48:82:17:81:5f:8b:bb:b6:8f:
                    99:61:e7:63:d6:c2:51:01:f4:d8:78:fb:48:03:12:
                    51:69:fe:f5:e4:ff:0d:dd:c7:99:76:66:c8:90:7c:
                    de:55:e6:3c:21:3c:d7:2b:c2:f4:20:4e:fe:f2:64:
                    29:82:3d:ca:57:19:0d:c1:2f:6b:0c:e5:cb:a7:4a:
                    8b:c7:d1:92:a5:b0:d1:1a:83:1c:3f:1c:3c:2a:f7:
                    9b:97:8d:d9:c8:35:4d:b6:b2:57:d8:f8:e6:46:8a:
                    96:25:a0:69:de:ac:8a:e4:58:18:52:28:84:5d:d7:
                    d7:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:59:24:87:18:C9:5C:CE:33:7C:AA:EF:10:FC:AD:E8:F4:6D:25:94
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/iVkkhxjJXM4zfKrvEPyt6PRtJZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:79c0:200::/40
                  2a0a:79c7:f000::/38

    Signature Algorithm: sha256WithRSAEncryption
         ad:08:4f:01:98:26:76:16:23:2f:a5:5c:a7:5a:79:9f:59:2f:
         0b:cb:90:5a:52:f1:35:c0:88:fa:d1:2a:c5:86:9c:48:b7:0e:
         9b:3e:ff:84:5e:9a:31:60:03:79:ef:c9:82:91:83:af:43:69:
         74:eb:55:ff:4f:ca:9d:33:21:96:54:51:84:27:46:59:46:18:
         f8:a1:e9:73:9f:cd:02:e6:5c:3a:a4:af:16:17:04:ce:56:9a:
         c0:91:31:7d:76:ca:16:9c:bb:74:9a:e8:3d:8a:17:6e:00:82:
         e4:85:27:44:80:4c:da:36:f1:a0:87:23:64:a0:8b:c7:2e:a1:
         fc:2a:77:6d:5e:01:65:57:55:1e:23:b6:19:e1:8d:ba:3d:2d:
         d4:57:fb:43:92:25:5c:6f:bd:ba:ee:19:91:e9:8d:26:52:19:
         dc:41:f5:0a:22:72:82:5a:31:76:93:04:9c:dd:97:c3:82:8b:
         bb:3b:dd:cf:e1:47:c2:9e:ac:f2:5f:8e:45:10:80:0a:98:fc:
         c3:3f:1b:78:d5:1c:f4:9c:29:92:c2:d1:b1:37:9f:15:7d:46:
         35:80:e5:53:10:0f:1d:ab:f2:0e:e6:58:32:3d:58:fe:67:2f:
         e9:ef:65:57:96:bf:1c:5a:ac:98:93:e1:f5:e6:b5:cd:87:3b:
         75:7d:50:6b
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAY7J2owNlGZRfTA9M0zZr73BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwNDEwMjExMjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTU5MjQ4NzE4Yzk1Y2NlMzM3Y2FhZWYxMGZjYWRlOGY0NmQyNTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+vgii5QgaoQKj7KE/XUFXw2G0ll
yQ17vXA2CdK/00TbaMsd1IXtMsE+Ud/uBjqiB56i/vrp5TNYs2uSgN5dwAYly/Jh
/DJw0Ha+v+HVcXgdu86J75Rl1OwT68TnC71hl02tz9HZL0++L4rPDGQH4Zmj3fTp
oPxvqx7HaeFMCYWiPp/GdEPbID/bBghIgheBX4u7to+ZYedj1sJRAfTYePtIAxJR
af715P8N3ceZdmbIkHzeVeY8ITzXK8L0IE7+8mQpgj3KVxkNwS9rDOXLp0qLx9GS
pbDRGoMcPxw8Kvebl43ZyDVNtrJX2PjmRoqWJaBp3qyK5FgYUiiEXdfXuQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFIlZJIcYyVzOM3yq7xD8rej0bSWUMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvaVZra2h4akpYTTR6ZktydkVQeXQ2UFJ0SlpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKgp5wAID
BgIqCnnH8DANBgkqhkiG9w0BAQsFAAOCAQEArQhPAZgmdhYjL6Vcp1p5n1kvC8uQ
WlLxNcCI+tEqxYacSLcOmz7/hF6aMWADee/JgpGDr0NpdOtV/0/KnTMhllRRhCdG
WUYY+KHpc5/NAuZcOqSvFhcEzlaawJExfXbKFpy7dJroPYoXbgCC5IUnRIBM2jbx
oIcjZKCLxy6h/Cp3bV4BZVdVHiO2GeGNuj0t1Ff7Q5IlXG+9uu4ZkemNJlIZ3EH1
CiJygloxdpMEnN2Xw4KLuzvdz+FHwp6s8l+ORRCACpj8wz8beNUc9JwpksLRsTef
FX1GNYDlUxAPHavyDuZYMj1Y/mcv6e9lV5a/HFqsmJPh9ea1zYc7dX1Qaw==
-----END CERTIFICATE-----