Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/rqlbZmhX6az-9-fg97NcIUHnUrM.roa
File:                     rqlbZmhX6az-9-fg97NcIUHnUrM.roa (raw, json)
Hash identifier:          VaAY7HNRDIpkX6LMYIaC1zA2JriB1tOOLhUTcCXd3bE=
Subject key identifier:   AE:A9:5B:66:68:57:E9:AC:FE:F7:E7:E0:F7:B3:5C:21:41:E7:52:B3
Certificate issuer:       /CN=53f47a725c768d4de78fb31bb40fe16eba19f20d
Certificate serial:       01942745CB8EC9F3D9F0D71C4EB06664306E
Authority key identifier: 53:F4:7A:72:5C:76:8D:4D:E7:8F:B3:1B:B4:0F:E1:6E:BA:19:F2:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U_R6clx2jU3nj7MbtA_hbroZ8g0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/rqlbZmhX6az-9-fg97NcIUHnUrM.roa
Signing time:             Thu 02 Jan 2025 13:47:53 +0000
ROA not before:           Thu 02 Jan 2025 13:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211810
IP address blocks:        2a06:8184:ff00::/40 maxlen: 40
                          2a06:8184:ff00::/45 maxlen: 48
                          2a06:8184:ff00::/48 maxlen: 48
                          2a06:8184:ff01::/48 maxlen: 48
                          2a06:8184:ff02::/48 maxlen: 48
                          2a06:8184:ff03::/48 maxlen: 48
                          2a06:8184:ff04::/48 maxlen: 48
                          2a06:8184:ff05::/48 maxlen: 48
                          2a06:8184:ff06::/48 maxlen: 48
                          2a06:8184:ff07::/48 maxlen: 48
                          2a06:8184:ff08::/48 maxlen: 48
                          2a06:8184:ff14::/48 maxlen: 48
                          2a06:8185:aa00::/40 maxlen: 40
                          2a06:8185:aa00::/48 maxlen: 48
                          2a06:8185:aa01::/48 maxlen: 48
                          2a06:8185:aa02::/48 maxlen: 48
                          2a06:8185:aa03::/48 maxlen: 48
                          2a06:8185:aa04::/48 maxlen: 48
                          2a06:8185:aa05::/48 maxlen: 48
                          2a06:8185:aa06::/48 maxlen: 48
                          2a06:8185:aa07::/48 maxlen: 48
                          2a06:8185:aa08::/48 maxlen: 48
                          2a06:8185:aa09::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:45:cb:8e:c9:f3:d9:f0:d7:1c:4e:b0:66:64:30:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53f47a725c768d4de78fb31bb40fe16eba19f20d
        Validity
            Not Before: Jan  2 13:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aea95b666857e9acfef7e7e0f7b35c2141e752b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:49:db:e5:0c:5c:6c:df:5e:6c:b7:f0:5a:4e:
                    36:03:d8:ae:2d:d6:a0:b4:39:38:e7:2a:cd:b6:fa:
                    a3:b0:fc:2f:eb:cd:98:fb:a5:65:20:18:a7:a5:3c:
                    3b:dc:44:31:e9:57:7a:1e:7a:cf:9b:b5:7d:a7:40:
                    52:43:62:58:62:b2:4c:d7:6c:2f:be:f7:4c:39:37:
                    10:7a:a7:26:c9:51:7e:6f:92:6b:6e:1c:fa:7b:c2:
                    d1:2f:f8:6d:d1:85:52:b9:53:15:ee:4b:9a:13:7c:
                    d2:f6:f1:c5:74:80:16:8a:c1:ba:f3:81:26:17:08:
                    a4:50:0c:e4:9f:80:01:df:f5:31:5d:a3:fa:9b:e4:
                    64:24:d9:91:2d:b3:a8:2a:e5:d9:26:d7:06:1c:ee:
                    3c:4b:07:85:72:e8:6e:5a:75:0b:29:c8:30:13:86:
                    94:bc:2d:73:b6:92:71:69:d5:b5:7c:ec:56:84:89:
                    01:17:6f:46:a6:fd:96:81:e5:5e:d2:44:d9:4b:af:
                    51:7a:2f:1e:e9:18:0c:76:4a:7c:4c:ec:eb:ac:c6:
                    f8:e4:c6:fd:9b:5a:85:a1:72:94:4f:5b:6a:6e:c3:
                    a3:80:44:e3:97:2f:22:da:5e:12:15:87:06:2b:d9:
                    9b:36:76:ef:69:c5:94:dd:11:5c:08:f7:84:af:21:
                    a7:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:A9:5B:66:68:57:E9:AC:FE:F7:E7:E0:F7:B3:5C:21:41:E7:52:B3
            X509v3 Authority Key Identifier:
                keyid:53:F4:7A:72:5C:76:8D:4D:E7:8F:B3:1B:B4:0F:E1:6E:BA:19:F2:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U_R6clx2jU3nj7MbtA_hbroZ8g0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/rqlbZmhX6az-9-fg97NcIUHnUrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/U_R6clx2jU3nj7MbtA_hbroZ8g0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:8184:ff00::/40
                  2a06:8185:aa00::/40

    Signature Algorithm: sha256WithRSAEncryption
         a2:fc:e8:7d:f4:0e:59:f8:53:44:91:33:d4:14:5e:26:ca:e7:
         67:97:ec:2b:7c:85:d5:54:c2:c9:21:b1:9e:ee:be:65:d7:38:
         23:6b:00:77:79:49:00:d9:17:43:83:13:df:a0:72:6f:45:af:
         72:a5:c9:da:9e:48:90:10:1b:e8:ec:8d:b6:2e:11:65:12:7e:
         c9:85:12:cc:c9:04:59:64:0f:20:21:77:69:5c:0c:20:c8:5c:
         1c:3c:e9:5d:c1:7e:8e:21:5b:4f:0d:29:ca:47:52:48:6d:51:
         dd:c3:95:c1:73:c7:5b:15:1d:26:da:7a:39:3d:10:a8:b9:dc:
         2c:7d:cb:9d:42:e4:d3:7f:26:3e:17:63:82:26:a9:29:06:16:
         1a:a4:92:c2:cf:e2:b4:65:8d:28:94:41:61:77:9a:2e:ef:79:
         1e:95:49:e8:8c:51:9e:f5:f9:56:c4:a2:64:92:ab:bb:36:2b:
         5f:fc:7f:82:46:c2:5b:e2:69:72:88:e0:91:fa:3c:15:89:11:
         dd:ec:19:ab:76:db:36:36:1a:3d:3d:50:b4:2f:a7:ff:80:51:
         ad:bb:ac:75:17:63:3d:35:d4:1d:85:37:3d:1c:0d:8a:6b:dd:
         37:28:c1:46:a7:04:ee:1b:50:c9:5c:59:e6:62:ba:d5:9a:65:
         6b:ba:16:11
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZQnRcuOyfPZ8NccTrBmZDBuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZjQ3YTcyNWM3NjhkNGRlNzhmYjMxYmI0MGZlMTZlYmEx
OWYyMGQwHhcNMjUwMTAyMTM0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWE5NWI2NjY4NTdlOWFjZmVmN2U3ZTBmN2IzNWMyMTQxZTc1MmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0nb5QxcbN9ebLfwWk42A9iuLdag
tDk45yrNtvqjsPwv682Y+6VlIBinpTw73EQx6Vd6HnrPm7V9p0BSQ2JYYrJM12wv
vvdMOTcQeqcmyVF+b5Jrbhz6e8LRL/ht0YVSuVMV7kuaE3zS9vHFdIAWisG684Em
FwikUAzkn4AB3/UxXaP6m+RkJNmRLbOoKuXZJtcGHO48SweFcuhuWnULKcgwE4aU
vC1ztpJxadW1fOxWhIkBF29Gpv2WgeVe0kTZS69Rei8e6RgMdkp8TOzrrMb45Mb9
m1qFoXKUT1tqbsOjgETjly8i2l4SFYcGK9mbNnbvacWU3RFcCPeEryGnVwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFK6pW2ZoV+ms/vfn4PezXCFB51KzMB8GA1UdIwQY
MBaAFFP0enJcdo1N54+zG7QP4W66GfINMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVV9SNmNseDJqVTNuajdNYnRBX2hicm9aOGcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82NDAxZjMtNmRmMC00MDM4LWIwYmMt
NTc0NzEzODQ1ZGJjLzEvcnFsYlptaFg2YXotOS1mZzk3TmNJVUhuVXJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82NDAxZjMtNmRmMC00MDM4LWIwYmMtNTc0NzEzODQ1ZGJj
LzEvVV9SNmNseDJqVTNuajdNYnRBX2hicm9aOGcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKgaBhP8D
BgAqBoGFqjANBgkqhkiG9w0BAQsFAAOCAQEAovzoffQOWfhTRJEz1BReJsrnZ5fs
K3yF1VTCySGxnu6+Zdc4I2sAd3lJANkXQ4MT36Byb0WvcqXJ2p5IkBAb6OyNti4R
ZRJ+yYUSzMkEWWQPICF3aVwMIMhcHDzpXcF+jiFbTw0pykdSSG1R3cOVwXPHWxUd
Jtp6OT0QqLncLH3LnULk038mPhdjgiapKQYWGqSSws/itGWNKJRBYXeaLu95HpVJ
6IxRnvX5VsSiZJKruzYrX/x/gkbCW+Jpcojgkfo8FYkR3ewZq3bbNjYaPT1QtC+n
/4BRrbusdRdjPTXUHYU3PRwNimvdNyjBRqcE7htQyVxZ5mK61Zpla7oWEQ==
-----END CERTIFICATE-----