Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/61ec7d-8df6-4ffe-b637-5b09a6743375/1/l-W1P1FXUZq5Rom6HiLNeHjPeZk.roa
File:                     l-W1P1FXUZq5Rom6HiLNeHjPeZk.roa (raw, json)
Hash identifier:          JZU81XbPivNOV4ANlQqRFiS9x8fNQ6LSZbTjlzXEnFo=
Subject key identifier:   97:E5:B5:3F:51:57:51:9A:B9:46:89:BA:1E:22:CD:78:78:CF:79:99
Certificate issuer:       /CN=ff3ed3d4d47b8e825fbfd079482f7a0c21dc91ef
Certificate serial:       01942521F6344BB59EEF05B180C4E203D09C
Authority key identifier: FF:3E:D3:D4:D4:7B:8E:82:5F:BF:D0:79:48:2F:7A:0C:21:DC:91:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_z7T1NR7joJfv9B5SC96DCHcke8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/61ec7d-8df6-4ffe-b637-5b09a6743375/1/l-W1P1FXUZq5Rom6HiLNeHjPeZk.roa
Signing time:             Thu 02 Jan 2025 03:49:30 +0000
ROA not before:           Thu 02 Jan 2025 03:49:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39724
IP address blocks:        77.247.100.0/22 maxlen: 22
                          77.247.100.0/23 maxlen: 23
                          77.247.100.0/24 maxlen: 24
                          77.247.101.0/24 maxlen: 24
                          77.247.102.0/23 maxlen: 23
                          77.247.102.0/24 maxlen: 24
                          77.247.103.0/24 maxlen: 24
                          185.55.156.0/22 maxlen: 22
                          185.55.156.0/23 maxlen: 23
                          185.55.156.0/24 maxlen: 24
                          185.55.157.0/24 maxlen: 24
                          185.55.158.0/23 maxlen: 23
                          185.55.158.0/24 maxlen: 24
                          185.55.159.0/24 maxlen: 24
                          2a0d:a6c0::/29 maxlen: 29
                          2a0d:a6c0::/32 maxlen: 32
                          2a0d:a6c1::/32 maxlen: 32
                          2a0d:a6c2::/32 maxlen: 32
                          2a0d:a6c3::/32 maxlen: 32
                          2a0d:a6c4::/32 maxlen: 32
                          2a0d:a6c5::/32 maxlen: 32
                          2a0d:a6c6::/32 maxlen: 32
                          2a0d:a6c7::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:f6:34:4b:b5:9e:ef:05:b1:80:c4:e2:03:d0:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff3ed3d4d47b8e825fbfd079482f7a0c21dc91ef
        Validity
            Not Before: Jan  2 03:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97e5b53f5157519ab94689ba1e22cd7878cf7999
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:18:38:56:bb:0d:ab:c2:30:60:be:14:42:7f:
                    92:dc:c9:13:c4:d1:d8:1b:85:d6:db:e9:6c:e6:88:
                    10:d0:b5:1d:4f:5f:ce:44:bd:fc:15:14:d5:bf:cc:
                    3a:44:ed:10:cb:4c:a8:fd:21:be:2e:df:68:97:0c:
                    0e:4e:ec:be:5d:40:10:03:49:92:0d:2b:76:ee:ef:
                    65:76:f1:2e:a6:b6:8d:a1:0c:48:4b:9e:00:ef:4a:
                    66:13:98:c1:49:0f:a5:e2:f2:5e:70:47:da:a8:ba:
                    e5:3b:98:ff:6b:16:44:70:12:48:b8:47:f1:bd:25:
                    de:77:07:31:78:93:0a:28:cf:f6:e6:b5:12:76:f6:
                    7a:1f:13:a4:af:b9:e5:89:15:4d:05:26:17:93:c6:
                    6f:f6:9c:26:36:ca:00:c6:9a:53:e9:23:0b:9e:b3:
                    7e:89:09:5c:77:fa:64:8e:33:bc:6f:fd:47:96:f4:
                    7c:92:c6:d7:eb:10:ce:1f:e3:b8:d0:53:b8:a5:25:
                    e8:9c:ef:5c:7c:71:97:bb:75:36:cd:33:57:7b:f0:
                    ea:db:e3:c4:3a:10:6e:43:39:1b:4c:b2:e7:48:90:
                    41:6b:5e:bf:1a:8b:57:a9:a4:78:14:4b:e1:37:7b:
                    63:f4:8f:1a:88:92:32:3e:07:67:6b:9d:f6:d8:bf:
                    30:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:E5:B5:3F:51:57:51:9A:B9:46:89:BA:1E:22:CD:78:78:CF:79:99
            X509v3 Authority Key Identifier:
                keyid:FF:3E:D3:D4:D4:7B:8E:82:5F:BF:D0:79:48:2F:7A:0C:21:DC:91:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_z7T1NR7joJfv9B5SC96DCHcke8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/61ec7d-8df6-4ffe-b637-5b09a6743375/1/l-W1P1FXUZq5Rom6HiLNeHjPeZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/61ec7d-8df6-4ffe-b637-5b09a6743375/1/_z7T1NR7joJfv9B5SC96DCHcke8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.247.100.0/22
                  185.55.156.0/22
                IPv6:
                  2a0d:a6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:98:c6:57:5b:23:2b:6f:72:0a:3c:6e:f2:ce:9a:4b:7d:bf:
         a0:fc:b5:a8:67:6c:22:c9:4f:83:28:88:d1:99:a4:2e:99:10:
         58:d9:08:a0:3b:36:5f:f9:0a:28:5a:73:ac:d8:c2:3c:de:d0:
         77:c4:b4:5d:3b:a3:28:73:95:a0:bb:d4:03:99:b3:57:42:1e:
         e3:6d:c3:6f:22:3f:ec:71:12:4e:9c:2f:83:26:d4:90:85:75:
         55:d9:b2:15:39:1c:46:72:94:2a:15:77:a1:77:41:8f:2a:81:
         aa:ab:e7:82:ae:7c:71:4b:13:34:a1:ff:f1:af:fa:1f:73:6d:
         02:1e:89:a5:16:7b:6b:bc:8d:e2:0d:75:6a:95:98:2f:2a:ae:
         53:b3:21:a3:e5:13:81:62:b0:5e:8e:69:2f:9c:cd:d6:90:b5:
         20:49:c5:f5:24:4a:d3:60:ef:4a:9f:f9:f1:77:ca:5c:9e:f0:
         c2:7f:1c:ed:f2:da:34:b8:b5:3b:a2:9a:08:a2:bf:5a:c8:76:
         e9:62:fd:c7:96:5b:86:f2:66:64:00:8b:54:c1:c6:69:12:e1:
         5f:78:82:58:df:eb:a3:de:b8:02:fa:c9:a0:73:34:17:33:f8:
         48:8d:29:64:fb:b0:ad:6c:fe:1a:8a:f6:77:d4:b4:8a:97:a9:
         95:ed:0b:9b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQlIfY0S7We7wWxgMTiA9CcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmM2VkM2Q0ZDQ3YjhlODI1ZmJmZDA3OTQ4MmY3YTBjMjFk
YzkxZWYwHhcNMjUwMTAyMDM0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2U1YjUzZjUxNTc1MTlhYjk0Njg5YmExZTIyY2Q3ODc4Y2Y3OTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihg4VrsNq8IwYL4UQn+S3MkTxNHY
G4XW2+ls5ogQ0LUdT1/ORL38FRTVv8w6RO0Qy0yo/SG+Lt9olwwOTuy+XUAQA0mS
DSt27u9ldvEupraNoQxIS54A70pmE5jBSQ+l4vJecEfaqLrlO5j/axZEcBJIuEfx
vSXedwcxeJMKKM/25rUSdvZ6HxOkr7nliRVNBSYXk8Zv9pwmNsoAxppT6SMLnrN+
iQlcd/pkjjO8b/1HlvR8ksbX6xDOH+O40FO4pSXonO9cfHGXu3U2zTNXe/Dq2+PE
OhBuQzkbTLLnSJBBa16/GotXqaR4FEvhN3tj9I8aiJIyPgdna5322L8w8wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJfltT9RV1GauUaJuh4izXh4z3mZMB8GA1UdIwQY
MBaAFP8+09TUe46CX7/QeUgvegwh3JHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3o3VDFOUjdqb0pmdjlCNVNDOTZEQ0hja2U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS82MWVjN2QtOGRmNi00ZmZlLWI2Mzct
NWIwOWE2NzQzMzc1LzEvbC1XMVAxRlhVWnE1Um9tNkhpTE5lSGpQZVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS82MWVjN2QtOGRmNi00ZmZlLWI2MzctNWIwOWE2NzQzMzc1
LzEvX3o3VDFOUjdqb0pmdjlCNVNDOTZEQ0hja2U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCTfdkAwQC
uTecMA0EAgACMAcDBQMqDabAMA0GCSqGSIb3DQEBCwUAA4IBAQBtmMZXWyMrb3IK
PG7yzppLfb+g/LWoZ2wiyU+DKIjRmaQumRBY2QigOzZf+QooWnOs2MI83tB3xLRd
O6Moc5Wgu9QDmbNXQh7jbcNvIj/scRJOnC+DJtSQhXVV2bIVORxGcpQqFXehd0GP
KoGqq+eCrnxxSxM0of/xr/ofc20CHomlFntrvI3iDXVqlZgvKq5TsyGj5ROBYrBe
jmkvnM3WkLUgScX1JErTYO9Kn/nxd8pcnvDCfxzt8to0uLU7opoIor9ayHbpYv3H
lluG8mZkAItUwcZpEuFfeIJY3+uj3rgC+smgczQXM/hIjSlk+7CtbP4aivZ31LSK
l6mV7Qub
-----END CERTIFICATE-----