Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/a7dceb-ff54-436a-9415-484221a1f285/1/vQVKTwJT4leI6HjT4PX8aITkP18.roa
File:                     vQVKTwJT4leI6HjT4PX8aITkP18.roa (raw, json)
Hash identifier:          SnTX0BqmORDuYska7e4pXGhwX58LZGJ25QrHzIMD1lc=
Subject key identifier:   BD:05:4A:4F:02:53:E2:57:88:E8:78:D3:E0:F5:FC:68:84:E4:3F:5F
Certificate issuer:       /CN=27bb32aa8c9f8d05c517be2ad6652f66550a8d57
Certificate serial:       01944D3B98F5A0DCB27912557D2E7F286E46
Authority key identifier: 27:BB:32:AA:8C:9F:8D:05:C5:17:BE:2A:D6:65:2F:66:55:0A:8D:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J7syqoyfjQXFF74q1mUvZlUKjVc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/a7dceb-ff54-436a-9415-484221a1f285/1/vQVKTwJT4leI6HjT4PX8aITkP18.roa
Signing time:             Thu 09 Jan 2025 22:42:18 +0000
ROA not before:           Thu 09 Jan 2025 22:42:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61049
IP address blocks:        185.20.52.0/24 maxlen: 24
                          185.20.53.0/24 maxlen: 24
                          185.20.54.0/24 maxlen: 24
                          185.20.55.0/24 maxlen: 24
                          185.195.116.0/24 maxlen: 24
                          185.195.117.0/24 maxlen: 24
                          185.195.118.0/24 maxlen: 24
                          185.195.119.0/24 maxlen: 24
                          185.231.216.0/24 maxlen: 24
                          185.231.217.0/24 maxlen: 24
                          185.231.218.0/24 maxlen: 24
                          2a04:13c0::/32 maxlen: 32
                          2a04:13c1::/32 maxlen: 32
                          2a04:13c3::/32 maxlen: 32
                          2a04:13c5::/32 maxlen: 32
                          2a0c:8301::/32 maxlen: 32
                          2a0c:8305::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4d:3b:98:f5:a0:dc:b2:79:12:55:7d:2e:7f:28:6e:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27bb32aa8c9f8d05c517be2ad6652f66550a8d57
        Validity
            Not Before: Jan  9 22:42:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd054a4f0253e25788e878d3e0f5fc6884e43f5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:4c:3b:29:86:29:a5:ba:0b:75:84:37:f0:2b:
                    69:6a:7b:9b:61:27:56:64:3c:97:3b:0a:56:99:fe:
                    d9:12:1b:0d:e2:11:5b:5d:23:b7:72:16:2c:8c:8a:
                    6d:e6:53:06:77:98:8a:e0:df:5f:97:89:ae:7a:0f:
                    3e:31:7a:59:d4:17:a5:28:34:20:a7:bb:2c:f2:32:
                    5e:03:b0:ed:3c:1b:89:39:99:f2:e6:e4:56:5f:3d:
                    f0:38:d6:3d:e7:b8:68:ca:f6:56:4a:32:b2:f2:7d:
                    11:e8:3b:22:1e:8a:8c:ac:a7:e1:16:22:9a:37:04:
                    b0:0d:49:19:75:e4:e4:0e:88:82:1b:ca:7e:f3:2e:
                    c7:94:f2:6b:a0:54:6f:14:c3:0a:5e:b0:0a:b2:41:
                    df:b3:b2:de:62:ac:d2:24:aa:38:36:b5:5c:68:4d:
                    80:bc:ae:79:f1:f3:87:e7:9d:5b:33:c3:3d:38:fd:
                    db:0a:ce:55:3b:45:bf:be:dc:cf:9f:8e:85:d5:39:
                    d7:92:71:da:19:02:9c:38:f2:aa:7c:1c:fa:a7:50:
                    42:09:8e:39:47:5b:56:3b:f8:10:ea:d1:a5:ef:af:
                    4a:d1:7e:3e:70:6d:a9:8f:ac:59:0e:33:97:2d:aa:
                    95:63:db:2d:a0:33:d7:bb:51:1c:52:af:64:f3:b0:
                    03:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:05:4A:4F:02:53:E2:57:88:E8:78:D3:E0:F5:FC:68:84:E4:3F:5F
            X509v3 Authority Key Identifier:
                keyid:27:BB:32:AA:8C:9F:8D:05:C5:17:BE:2A:D6:65:2F:66:55:0A:8D:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J7syqoyfjQXFF74q1mUvZlUKjVc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/a7dceb-ff54-436a-9415-484221a1f285/1/vQVKTwJT4leI6HjT4PX8aITkP18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/a7dceb-ff54-436a-9415-484221a1f285/1/J7syqoyfjQXFF74q1mUvZlUKjVc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.52.0/22
                  185.195.116.0/22
                  185.231.216.0-185.231.218.255
                IPv6:
                  2a04:13c0::/31
                  2a04:13c3::/32
                  2a04:13c5::/32
                  2a0c:8301::/32
                  2a0c:8305::/32

    Signature Algorithm: sha256WithRSAEncryption
         4b:45:b6:88:d6:3d:98:92:96:c5:0b:37:ee:5f:e8:78:84:2b:
         5d:f4:2c:70:9e:70:92:f5:d6:55:b4:cc:ed:70:7d:a9:06:35:
         0d:c9:40:ed:9c:6d:18:f8:6f:78:82:67:30:5f:80:70:43:5b:
         5f:7a:f0:9b:07:82:ac:39:3d:7a:ff:09:62:41:cb:e1:08:16:
         73:01:17:0e:9a:f3:5d:47:ad:2b:bc:a8:53:74:00:d7:00:6e:
         12:1d:d1:73:ca:c4:d7:39:2f:63:d3:d8:bf:52:b4:99:97:16:
         ad:c8:1b:73:f2:87:e4:8a:f2:7a:02:13:bc:4e:23:72:5a:5d:
         9e:9a:ae:09:dd:25:53:58:fa:22:45:f5:09:76:59:51:a4:c9:
         f9:f9:52:a2:62:ec:c5:63:bd:74:73:cd:4c:9c:b6:e4:dc:e5:
         ef:08:40:42:a8:9f:02:51:eb:49:43:07:2e:88:77:52:6d:6e:
         11:63:c4:f9:ca:dd:fa:16:1c:f4:a2:78:89:09:14:bf:77:77:
         7c:c8:e0:1b:4d:a9:20:a4:65:42:2c:b8:3b:8f:99:25:d4:b2:
         14:e8:78:23:72:21:3c:b8:33:6f:74:02:3e:24:31:cf:e3:72:
         ef:60:f4:94:ba:e0:66:0a:b4:68:88:d4:00:eb:35:1a:c2:36:
         23:b2:b5:a9
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZRNO5j1oNyyeRJVfS5/KG5GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YmIzMmFhOGM5ZjhkMDVjNTE3YmUyYWQ2NjUyZjY2NTUw
YThkNTcwHhcNMjUwMTA5MjI0MjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDA1NGE0ZjAyNTNlMjU3ODhlODc4ZDNlMGY1ZmM2ODg0ZTQzZjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4kw7KYYppboLdYQ38CtpanubYSdW
ZDyXOwpWmf7ZEhsN4hFbXSO3chYsjIpt5lMGd5iK4N9fl4mueg8+MXpZ1BelKDQg
p7ss8jJeA7DtPBuJOZny5uRWXz3wONY957hoyvZWSjKy8n0R6DsiHoqMrKfhFiKa
NwSwDUkZdeTkDoiCG8p+8y7HlPJroFRvFMMKXrAKskHfs7LeYqzSJKo4NrVcaE2A
vK558fOH551bM8M9OP3bCs5VO0W/vtzPn46F1TnXknHaGQKcOPKqfBz6p1BCCY45
R1tWO/gQ6tGl769K0X4+cG2pj6xZDjOXLaqVY9stoDPXu1EcUq9k87ADQQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFL0FSk8CU+JXiOh40+D1/GiE5D9fMB8GA1UdIwQY
MBaAFCe7MqqMn40FxRe+KtZlL2ZVCo1XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjdzeXFveWZqUVhGRjc0cTFtVXZabFVLalZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9hN2RjZWItZmY1NC00MzZhLTk0MTUt
NDg0MjIxYTFmMjg1LzEvdlFWS1R3SlQ0bGVJNkhqVDRQWDhhSVRrUDE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9hN2RjZWItZmY1NC00MzZhLTk0MTUtNDg0MjIxYTFmMjg1
LzEvSjdzeXFveWZqUVhGRjc0cTFtVXZabFVLalZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTAgBAIAATAaAwQCuRQ0AwQC
ucN0MAwDBAO559gDBAC559owKQQCAAIwIwMFASoEE8ADBQAqBBPDAwUAKgQTxQMF
ACoMgwEDBQAqDIMFMA0GCSqGSIb3DQEBCwUAA4IBAQBLRbaI1j2YkpbFCzfuX+h4
hCtd9CxwnnCS9dZVtMztcH2pBjUNyUDtnG0Y+G94gmcwX4BwQ1tfevCbB4KsOT16
/wliQcvhCBZzARcOmvNdR60rvKhTdADXAG4SHdFzysTXOS9j09i/UrSZlxatyBtz
8ofkivJ6AhO8TiNyWl2emq4J3SVTWPoiRfUJdllRpMn5+VKiYuzFY710c81MnLbk
3OXvCEBCqJ8CUetJQwcuiHdSbW4RY8T5yt36Fhz0oniJCRS/d3d8yOAbTakgpGVC
LLg7j5kl1LIU6HgjciE8uDNvdAI+JDHP43LvYPSUuuBmCrRoiNQA6zUawjYjsrWp
-----END CERTIFICATE-----