Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/EnGNfEjT6Y9BTRjk_Uw9VpyifnY.roa
File:                     EnGNfEjT6Y9BTRjk_Uw9VpyifnY.roa (raw, json)
Hash identifier:          JxOECGAXwA/YDGNPLzePN4Qy1g6T+3v/oIxdC2Jn3Is=
Subject key identifier:   12:71:8D:7C:48:D3:E9:8F:41:4D:18:E4:FD:4C:3D:56:9C:A2:7E:76
Certificate issuer:       /CN=2b8966d0f14fd59993ca4878e774fa4779036694
Certificate serial:       018D0DBC4CFF09979F45C8D11F0D31BA8D01
Authority key identifier: 2B:89:66:D0:F1:4F:D5:99:93:CA:48:78:E7:74:FA:47:79:03:66:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K4lm0PFP1ZmTykh453T6R3kDZpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/EnGNfEjT6Y9BTRjk_Uw9VpyifnY.roa
Signing time:             Mon 15 Jan 2024 15:27:40 +0000
ROA not before:           Mon 15 Jan 2024 15:27:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35625
IP address blocks:        195.74.80.0/24 maxlen: 24
                          37.16.78.0/24 maxlen: 24
                          185.161.44.0/22 maxlen: 22
                          194.126.178.0/24 maxlen: 24
                          37.235.88.0/21 maxlen: 21
                          46.29.120.0/21 maxlen: 21
                          185.117.18.0/24 maxlen: 24
                          45.138.192.0/22 maxlen: 22
                          185.252.156.0/22 maxlen: 22
                          185.167.76.0/24 maxlen: 24
                          185.75.140.0/22 maxlen: 22
                          2a01:6600:2e00::/40 maxlen: 40
                          2a02:21c8::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0d:bc:4c:ff:09:97:9f:45:c8:d1:1f:0d:31:ba:8d:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b8966d0f14fd59993ca4878e774fa4779036694
        Validity
            Not Before: Jan 15 15:27:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12718d7c48d3e98f414d18e4fd4c3d569ca27e76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:88:e0:30:3c:f0:a6:86:c5:9d:35:a6:c5:9c:
                    1d:07:0e:be:60:e0:70:77:8e:4d:5a:6b:79:d5:6d:
                    a4:b0:c0:e0:37:42:8c:59:ce:7b:24:8b:bf:f0:f9:
                    f4:a7:9e:9d:89:8e:f8:6d:90:0a:06:aa:ce:d5:81:
                    99:66:81:9d:7f:d9:e0:a1:6e:94:f5:48:57:10:04:
                    8c:23:0c:80:86:ce:9f:e9:5f:95:09:66:09:40:d7:
                    a1:f3:cc:ea:72:8f:d5:df:5b:b1:a8:ca:e7:88:97:
                    c4:60:e4:6d:e3:00:c1:66:ea:b4:2b:e7:ec:7e:82:
                    b3:f9:5f:38:d0:15:1b:b5:d0:58:12:ac:7d:0a:04:
                    fb:39:ff:ac:0d:73:64:fa:5e:23:75:18:c8:46:39:
                    09:10:0b:31:e7:43:40:3e:a4:ca:5c:c9:84:30:13:
                    be:18:d9:da:90:98:f6:6b:a4:db:eb:d4:5c:7c:01:
                    2a:ed:a4:69:57:af:27:2f:f5:d3:2e:73:2e:af:9f:
                    fc:b7:03:3e:6f:98:45:ac:a4:15:2e:8b:33:c7:b6:
                    c3:f3:e4:52:26:04:f7:14:a0:83:25:76:2d:31:ce:
                    ac:67:7e:bc:3e:0c:52:00:81:67:dd:dd:b2:7e:bf:
                    45:51:d2:b5:b9:01:e0:b6:34:14:be:1b:0b:e5:d2:
                    63:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:71:8D:7C:48:D3:E9:8F:41:4D:18:E4:FD:4C:3D:56:9C:A2:7E:76
            X509v3 Authority Key Identifier:
                keyid:2B:89:66:D0:F1:4F:D5:99:93:CA:48:78:E7:74:FA:47:79:03:66:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K4lm0PFP1ZmTykh453T6R3kDZpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/EnGNfEjT6Y9BTRjk_Uw9VpyifnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/K4lm0PFP1ZmTykh453T6R3kDZpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.16.78.0/24
                  37.235.88.0/21
                  45.138.192.0/22
                  46.29.120.0/21
                  185.75.140.0/22
                  185.117.18.0/24
                  185.161.44.0/22
                  185.167.76.0/24
                  185.252.156.0/22
                  194.126.178.0/24
                  195.74.80.0/24
                IPv6:
                  2a01:6600:2e00::/40
                  2a02:21c8::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:60:63:bd:b2:26:5e:e0:e8:8d:20:be:6f:d9:f6:d9:c2:99:
         e9:7d:d0:aa:38:c4:12:c6:43:9f:6c:55:c9:42:3d:f1:06:44:
         de:ea:ff:7d:a0:bf:a2:6a:f3:c1:c8:1a:70:4b:13:ae:e7:e2:
         c7:06:b1:f5:56:fd:3e:42:b3:2e:72:31:1a:8a:3e:6c:1d:30:
         9f:cd:ee:8d:ea:ed:59:15:1e:25:b4:75:71:81:3e:ee:bb:a5:
         65:34:c6:cc:37:6e:df:21:27:ca:5f:29:70:6c:dd:fe:31:a7:
         a4:73:05:12:c3:9a:6b:38:c8:8c:49:5a:e3:f8:49:22:e8:32:
         8f:2f:96:b2:70:c0:53:b8:f9:e2:4f:8d:0a:e8:87:91:c4:91:
         77:20:d2:fc:61:d4:a0:a0:b3:90:d6:f2:b8:ea:96:74:8d:49:
         78:a1:43:ad:97:84:18:65:79:1b:f6:51:63:99:82:90:11:3a:
         ef:18:28:74:d2:d8:aa:93:f1:33:e9:ee:80:a3:92:8f:74:32:
         64:49:d1:cc:c2:7e:b3:c6:82:c3:c3:96:8e:18:7f:b8:ef:ac:
         23:c9:db:2f:2c:02:ad:79:90:5a:dc:ab:4f:73:98:e8:f1:3e:
         7a:24:9d:38:45:89:d6:b6:09:44:72:5a:b4:96:d6:47:9d:aa:
         f9:c2:e6:9e
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAY0NvEz/CZefRcjRHw0xuo0BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiODk2NmQwZjE0ZmQ1OTk5M2NhNDg3OGU3NzRmYTQ3Nzkw
MzY2OTQwHhcNMjQwMTE1MTUyNzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjcxOGQ3YzQ4ZDNlOThmNDE0ZDE4ZTRmZDRjM2Q1NjljYTI3ZTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4jgMDzwpobFnTWmxZwdBw6+YOBw
d45NWmt51W2ksMDgN0KMWc57JIu/8Pn0p56diY74bZAKBqrO1YGZZoGdf9ngoW6U
9UhXEASMIwyAhs6f6V+VCWYJQNeh88zqco/V31uxqMrniJfEYORt4wDBZuq0K+fs
foKz+V840BUbtdBYEqx9CgT7Of+sDXNk+l4jdRjIRjkJEAsx50NAPqTKXMmEMBO+
GNnakJj2a6Tb69RcfAEq7aRpV68nL/XTLnMur5/8twM+b5hFrKQVLoszx7bD8+RS
JgT3FKCDJXYtMc6sZ368PgxSAIFn3d2yfr9FUdK1uQHgtjQUvhsL5dJjsQIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFBJxjXxI0+mPQU0Y5P1MPVacon52MB8GA1UdIwQY
MBaAFCuJZtDxT9WZk8pIeOd0+kd5A2aUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzRsbTBQRlAxWm1UeWtoNDUzVDZSM2tEWnBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9jZjdmNmQtYjIyNS00YmRmLTk1MDQt
ODM4ZWJmNDEyYTYxLzEvRW5HTmZFalQ2WTlCVFJqa19VdzlWcHlpZm5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9jZjdmNmQtYjIyNS00YmRmLTk1MDQtODM4ZWJmNDEyYTYx
LzEvSzRsbTBQRlAxWm1UeWtoNDUzVDZSM2tEWnBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBIBAIAATBCAwQAJRBOAwQD
JetYAwQCLYrAAwQDLh14AwQCuUuMAwQAuXUSAwQCuaEsAwQAuadMAwQCufycAwQA
wn6yAwQAw0pQMBUEAgACMA8DBgAqAWYALgMFACoCIcgwDQYJKoZIhvcNAQELBQAD
ggEBABFgY72yJl7g6I0gvm/Z9tnCmel90Ko4xBLGQ59sVclCPfEGRN7q/32gv6Jq
88HIGnBLE67n4scGsfVW/T5Csy5yMRqKPmwdMJ/N7o3q7VkVHiW0dXGBPu67pWU0
xsw3bt8hJ8pfKXBs3f4xp6RzBRLDmms4yIxJWuP4SSLoMo8vlrJwwFO4+eJPjQro
h5HEkXcg0vxh1KCgs5DW8rjqlnSNSXihQ62XhBhleRv2UWOZgpAROu8YKHTS2KqT
8TPp7oCjko90MmRJ0czCfrPGgsPDlo4Yf7jvrCPJ2y8sAq15kFrcq09zmOjxPnok
nThFida2CURyWrSW1kedqvnC5p4=
-----END CERTIFICATE-----