Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/yaYTEUTC8fxiDrNR-udtXv181RQ.roa
File:                     yaYTEUTC8fxiDrNR-udtXv181RQ.roa (raw, json)
Hash identifier:          ZET15TDhdPDRcEp/cG7xvScoRBh69l7x/+Kumfm+MP8=
Subject key identifier:   C9:A6:13:11:44:C2:F1:FC:62:0E:B3:51:FA:E7:6D:5E:FD:7C:D5:14
Certificate issuer:       /CN=6ba3186597742a926cd26504e1ed76f8543fdb26
Certificate serial:       01940794467DE611CD3564FCB81B1CFFBBF4
Authority key identifier: 6B:A3:18:65:97:74:2A:92:6C:D2:65:04:E1:ED:76:F8:54:3F:DB:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a6MYZZd0KpJs0mUE4e12-FQ_2yY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/yaYTEUTC8fxiDrNR-udtXv181RQ.roa
Signing time:             Fri 27 Dec 2024 10:05:45 +0000
ROA not before:           Fri 27 Dec 2024 10:05:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201453
IP address blocks:        185.74.192.0/24 maxlen: 24
                          185.112.78.0/24 maxlen: 24
                          185.163.166.0/24 maxlen: 24
                          185.163.167.0/24 maxlen: 24
                          185.178.80.0/22 maxlen: 22
                          185.178.80.0/24 maxlen: 24
                          185.178.81.0/24 maxlen: 24
                          185.178.82.0/24 maxlen: 24
                          185.178.83.0/24 maxlen: 24
                          185.183.16.0/24 maxlen: 24
                          185.183.17.0/24 maxlen: 24
                          185.183.18.0/24 maxlen: 24
                          185.194.24.0/24 maxlen: 24
                          185.194.26.0/24 maxlen: 24
                          185.194.27.0/24 maxlen: 24
                          185.219.216.0/22 maxlen: 22
                          185.225.148.0/24 maxlen: 24
                          2a05:4ac0::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:07:94:46:7d:e6:11:cd:35:64:fc:b8:1b:1c:ff:bb:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ba3186597742a926cd26504e1ed76f8543fdb26
        Validity
            Not Before: Dec 27 10:05:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9a6131144c2f1fc620eb351fae76d5efd7cd514
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:11:48:35:c4:7d:51:98:ef:c5:1b:41:62:a4:
                    a9:f1:bd:07:9c:24:3d:5f:bf:4d:8d:eb:51:92:7a:
                    30:22:37:f3:ff:41:54:27:9d:b6:66:b4:9a:4b:bd:
                    e7:de:94:3b:07:e4:8f:1e:d3:8b:67:e4:5e:b4:ee:
                    b9:08:3c:1e:9b:23:a5:da:df:61:60:48:40:e2:73:
                    e3:08:c0:08:46:3f:80:dc:38:66:72:bf:fe:e9:1a:
                    43:2e:4b:70:78:5c:97:59:d7:de:f0:91:95:39:f7:
                    ac:8e:52:80:97:f0:e6:38:85:16:f7:5d:a7:ad:ec:
                    77:51:e1:4a:cd:4e:b8:05:82:4d:ae:1b:dc:41:21:
                    98:1e:e8:82:66:9b:54:f3:a9:c2:e5:e8:6a:05:b0:
                    18:e2:c5:98:f8:ed:db:5f:37:69:3f:df:1b:b0:0b:
                    0f:f0:74:fd:48:e7:5f:4b:b3:19:ec:d9:50:07:00:
                    a1:a0:4d:d1:d8:ac:4f:af:ab:66:fd:76:aa:92:2c:
                    0b:5b:95:fd:69:98:98:d1:0f:72:21:09:ba:98:75:
                    b7:30:88:48:dc:14:da:44:3c:9f:03:92:6c:4d:3b:
                    f1:73:04:e6:4b:84:a3:8e:11:90:61:d3:f9:f1:54:
                    67:5e:81:43:b2:cd:6a:0a:af:db:70:8e:e0:77:6d:
                    8e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:A6:13:11:44:C2:F1:FC:62:0E:B3:51:FA:E7:6D:5E:FD:7C:D5:14
            X509v3 Authority Key Identifier:
                keyid:6B:A3:18:65:97:74:2A:92:6C:D2:65:04:E1:ED:76:F8:54:3F:DB:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6MYZZd0KpJs0mUE4e12-FQ_2yY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/yaYTEUTC8fxiDrNR-udtXv181RQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/a6MYZZd0KpJs0mUE4e12-FQ_2yY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.74.192.0/24
                  185.112.78.0/24
                  185.163.166.0/23
                  185.178.80.0/22
                  185.183.16.0-185.183.18.255
                  185.194.24.0/24
                  185.194.26.0/23
                  185.219.216.0/22
                  185.225.148.0/24
                IPv6:
                  2a05:4ac0::/32

    Signature Algorithm: sha256WithRSAEncryption
         12:b2:77:3a:d0:ae:80:bb:bf:79:44:eb:6b:54:0b:ab:19:ed:
         26:ab:07:1a:4e:24:16:6a:97:93:6d:eb:4d:98:c2:1b:93:89:
         89:bd:5b:48:74:88:e0:6e:93:63:71:32:15:22:25:d3:e1:62:
         39:2f:cd:a9:ed:2c:63:f5:b7:e2:64:19:b8:8e:ec:63:ee:21:
         53:49:43:05:68:2f:15:3e:7b:9b:05:e6:2b:50:68:fa:84:e0:
         79:f1:f1:82:68:b9:2a:53:06:70:b8:75:ad:d3:2e:1e:42:18:
         ad:cb:13:6f:76:3d:ef:c0:ed:81:ed:4e:3a:47:71:7a:00:aa:
         79:40:c6:e8:88:e2:80:1f:85:a2:59:d1:f1:b2:aa:1a:dd:d5:
         f9:e8:0c:6d:e0:7c:d9:36:7b:f9:bd:a4:e1:bb:bf:07:26:ec:
         4c:7f:e3:e3:07:2b:d2:03:46:54:91:53:0b:b3:9d:be:01:42:
         5e:d7:a9:fc:59:34:67:f4:c6:fb:eb:92:01:c6:ad:42:fd:bf:
         8f:88:77:5b:c6:0a:d4:1c:e9:08:3f:1c:51:4e:bc:96:2e:74:
         1d:88:45:ee:12:21:d4:6a:5f:1e:19:70:c4:4e:98:d3:28:02:
         ee:8b:0f:f0:a1:99:38:ce:50:e6:32:3b:84:c2:bd:17:f5:f7:
         1b:5d:9e:a9
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZQHlEZ95hHNNWT8uBsc/7v0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYTMxODY1OTc3NDJhOTI2Y2QyNjUwNGUxZWQ3NmY4NTQz
ZmRiMjYwHhcNMjQxMjI3MTAwNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWE2MTMxMTQ0YzJmMWZjNjIwZWIzNTFmYWU3NmQ1ZWZkN2NkNTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthFINcR9UZjvxRtBYqSp8b0HnCQ9
X79NjetRknowIjfz/0FUJ522ZrSaS73n3pQ7B+SPHtOLZ+RetO65CDwemyOl2t9h
YEhA4nPjCMAIRj+A3Dhmcr/+6RpDLktweFyXWdfe8JGVOfesjlKAl/DmOIUW912n
rex3UeFKzU64BYJNrhvcQSGYHuiCZptU86nC5ehqBbAY4sWY+O3bXzdpP98bsAsP
8HT9SOdfS7MZ7NlQBwChoE3R2KxPr6tm/XaqkiwLW5X9aZiY0Q9yIQm6mHW3MIhI
3BTaRDyfA5JsTTvxcwTmS4SjjhGQYdP58VRnXoFDss1qCq/bcI7gd22ObQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFMmmExFEwvH8Yg6zUfrnbV79fNUUMB8GA1UdIwQY
MBaAFGujGGWXdCqSbNJlBOHtdvhUP9smMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTZNWVpaZDBLcEpzMG1VRTRlMTItRlFfMnlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi85ZDU5MTAtOWY1ZS00NDZjLThkM2Mt
YmMwMDdmMmRhYzI0LzEveWFZVEVVVEM4ZnhpRHJOUi11ZHRYdjE4MVJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi85ZDU5MTAtOWY1ZS00NDZjLThkM2MtYmMwMDdmMmRhYzI0
LzEvYTZNWVpaZDBLcEpzMG1VRTRlMTItRlFfMnlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBEBAIAATA+AwQAuUrAAwQA
uXBOAwQBuaOmAwQCubJQMAwDBAS5txADBAC5txIDBAC5whgDBAG5whoDBAK529gD
BAC54ZQwDQQCAAIwBwMFACoFSsAwDQYJKoZIhvcNAQELBQADggEBABKydzrQroC7
v3lE62tUC6sZ7SarBxpOJBZql5Nt602YwhuTiYm9W0h0iOBuk2NxMhUiJdPhYjkv
zantLGP1t+JkGbiO7GPuIVNJQwVoLxU+e5sF5itQaPqE4Hnx8YJouSpTBnC4da3T
Lh5CGK3LE292Pe/A7YHtTjpHcXoAqnlAxuiI4oAfhaJZ0fGyqhrd1fnoDG3gfNk2
e/m9pOG7vwcm7Ex/4+MHK9IDRlSRUwuznb4BQl7XqfxZNGf0xvvrkgHGrUL9v4+I
d1vGCtQc6Qg/HFFOvJYudB2IRe4SIdRqXx4ZcMROmNMoAu6LD/ChmTjOUOYyO4TC
vRf19xtdnqk=
-----END CERTIFICATE-----