Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/cblkW3ZYAZ5VQl8X3gHLFnE7S8g.roa
File:                     cblkW3ZYAZ5VQl8X3gHLFnE7S8g.roa (raw, json)
Hash identifier:          +MK4cG6/hNPklJaXz5PxE5zp6rLCIwlFMKcCPx37Jxo=
Subject key identifier:   71:B9:64:5B:76:58:01:9E:55:42:5F:17:DE:01:CB:16:71:3B:4B:C8
Certificate issuer:       /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial:       0195CF87ABB3E757366B5D38A6289205F68D
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/cblkW3ZYAZ5VQl8X3gHLFnE7S8g.roa
Signing time:             Tue 25 Mar 2025 22:58:49 +0000
ROA not before:           Tue 25 Mar 2025 22:58:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14670
IP address blocks:        65.181.111.0/24 maxlen: 24
                          65.181.118.0/24 maxlen: 24
                          88.135.73.0/24 maxlen: 24
                          190.92.168.0/22 maxlen: 24
                          190.92.172.0/24 maxlen: 24
                          190.92.173.0/24 maxlen: 24
                          192.243.110.0/24 maxlen: 24
                          192.250.225.0/24 maxlen: 24
                          192.250.231.0/24 maxlen: 24
                          193.30.117.0/24 maxlen: 24
                          195.250.24.0/24 maxlen: 24
                          195.250.26.0/24 maxlen: 24
                          195.250.29.0/24 maxlen: 24
                          199.103.58.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:cf:87:ab:b3:e7:57:36:6b:5d:38:a6:28:92:05:f6:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
        Validity
            Not Before: Mar 25 22:58:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=71b9645b7658019e55425f17de01cb16713b4bc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ce:c7:77:e0:7e:bd:40:01:67:fe:8f:f3:34:
                    41:7c:6b:aa:3c:14:c8:8a:05:c7:49:27:c4:d1:ad:
                    06:1c:93:f2:1d:a2:da:bc:ce:4a:55:f9:f1:17:4e:
                    49:fe:92:07:56:ad:bc:3a:04:cc:ac:4d:70:75:eb:
                    5c:fe:40:e2:65:ee:3c:70:f3:5c:06:37:c9:07:ca:
                    00:d9:34:18:49:da:9f:93:8d:e5:f4:f8:b2:b8:b8:
                    70:77:0b:e7:bf:8b:96:0b:37:4a:9b:a9:d4:60:6a:
                    67:3c:5d:79:c2:0f:b4:15:f3:7a:a3:c2:a3:8f:73:
                    d4:f7:44:6c:2d:91:25:bb:98:1d:d0:3e:61:8a:72:
                    a9:70:fe:5d:2a:db:e4:54:c6:87:78:01:3e:9c:a8:
                    21:aa:31:9a:c1:9d:99:f7:51:ed:ce:6b:82:60:8b:
                    29:7a:3a:17:c1:94:2b:8a:a1:89:56:9c:ed:35:4a:
                    6d:b2:df:07:5e:06:2c:05:ee:4c:d2:58:50:26:9d:
                    f5:31:e5:42:45:74:27:16:98:a4:9f:d0:b1:af:8e:
                    fb:24:45:a9:15:38:16:10:ab:04:cb:94:91:59:1a:
                    e4:75:88:f9:ae:71:57:ce:75:e9:d0:04:0d:d1:b9:
                    95:21:5d:77:8b:c5:db:c4:ee:5d:0c:c8:63:1f:87:
                    17:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:B9:64:5B:76:58:01:9E:55:42:5F:17:DE:01:CB:16:71:3B:4B:C8
            X509v3 Authority Key Identifier:
                keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/cblkW3ZYAZ5VQl8X3gHLFnE7S8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.181.111.0/24
                  65.181.118.0/24
                  88.135.73.0/24
                  190.92.168.0-190.92.173.255
                  192.243.110.0/24
                  192.250.225.0/24
                  192.250.231.0/24
                  193.30.117.0/24
                  195.250.24.0/24
                  195.250.26.0/24
                  195.250.29.0/24
                  199.103.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:ad:ff:2c:d1:58:80:2e:17:f4:81:2b:65:5c:60:4c:ce:dc:
         20:8e:70:b1:e7:3b:89:a4:bf:52:37:4a:7f:ad:34:80:46:25:
         f2:67:63:ca:6b:d4:86:25:3d:86:13:a9:fd:f4:68:89:8d:92:
         09:73:a4:de:cb:24:1a:26:fe:36:b0:4e:a2:80:1e:01:c2:1f:
         bb:5b:38:0d:c0:b7:8c:64:29:b5:2d:5b:57:4a:92:aa:61:75:
         11:d4:ca:48:39:21:8b:47:66:1f:49:ef:9f:59:b0:63:3f:24:
         16:ac:d3:1e:b4:ed:f2:90:09:2a:7d:2d:ca:74:08:6d:19:5f:
         04:ac:74:29:85:6c:c1:fd:2b:7d:76:8a:8a:18:ff:07:38:36:
         bb:97:49:a3:8d:7a:49:8c:e2:0d:f3:1c:6c:68:82:cf:f9:cb:
         15:b2:99:64:bd:e2:16:a0:9e:74:b5:63:6a:79:fb:c3:af:d7:
         c9:96:cf:ab:68:b6:0f:56:c6:83:a2:b2:f9:1d:ae:b5:fa:76:
         1e:4c:dd:70:a9:03:f9:e5:04:4f:c9:54:59:48:c2:d2:2b:93:
         0f:97:15:d1:57:c9:ff:f5:78:60:30:c5:c2:51:2c:f2:5c:3e:
         0c:3c:8a:3e:ce:8b:36:8d:b3:86:58:b3:61:92:34:21:01:2a:
         71:f8:53:0a
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAZXPh6uz51c2a104piiSBfaNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjUwMzI1MjI1ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWI5NjQ1Yjc2NTgwMTllNTU0MjVmMTdkZTAxY2IxNjcxM2I0YmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApM7Hd+B+vUABZ/6P8zRBfGuqPBTI
igXHSSfE0a0GHJPyHaLavM5KVfnxF05J/pIHVq28OgTMrE1wdetc/kDiZe48cPNc
BjfJB8oA2TQYSdqfk43l9PiyuLhwdwvnv4uWCzdKm6nUYGpnPF15wg+0FfN6o8Kj
j3PU90RsLZElu5gd0D5hinKpcP5dKtvkVMaHeAE+nKghqjGawZ2Z91HtzmuCYIsp
ejoXwZQriqGJVpztNUptst8HXgYsBe5M0lhQJp31MeVCRXQnFpikn9Cxr477JEWp
FTgWEKsEy5SRWRrkdYj5rnFXznXp0AQN0bmVIV13i8XbxO5dDMhjH4cXpQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFHG5ZFt2WAGeVUJfF94ByxZxO0vIMB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvY2Jsa1czWllBWjVWUWw4WDNnSExGbkU3UzhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQAQbVvAwQA
QbV2AwQAWIdJMAwDBAO+XKgDBAG+XKwDBADA824DBADA+uEDBADA+ucDBADBHnUD
BADD+hgDBADD+hoDBADD+h0DBADHZzowDQYJKoZIhvcNAQELBQADggEBAJKt/yzR
WIAuF/SBK2VcYEzO3CCOcLHnO4mkv1I3Sn+tNIBGJfJnY8pr1IYlPYYTqf30aImN
kglzpN7LJBom/jawTqKAHgHCH7tbOA3At4xkKbUtW1dKkqphdRHUykg5IYtHZh9J
759ZsGM/JBas0x607fKQCSp9Lcp0CG0ZXwSsdCmFbMH9K312iooY/wc4NruXSaON
ekmM4g3zHGxogs/5yxWymWS94hagnnS1Y2p5+8Ov18mWz6totg9WxoOisvkdrrX6
dh5M3XCpA/nlBE/JVFlIwtIrkw+XFdFXyf/1eGAwxcJRLPJcPgw8ij7OizaNs4ZY
s2GSNCEBKnH4Uwo=
-----END CERTIFICATE-----