Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/gAj6eFb6UG_3b4sM6U8sWeXEotY.roa
File:                     gAj6eFb6UG_3b4sM6U8sWeXEotY.roa (raw, json)
Hash identifier:          XZJXJXhKHZVhAko0XiD534T1bkLmZZswCe4Tim9ZWWA=
Subject key identifier:   80:08:FA:78:56:FA:50:6F:F7:6F:8B:0C:E9:4F:2C:59:E5:C4:A2:D6
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01942369C22A1E951EF8BF5B43534BC912A9
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/gAj6eFb6UG_3b4sM6U8sWeXEotY.roa
Signing time:             Wed 01 Jan 2025 19:48:41 +0000
ROA not before:           Wed 01 Jan 2025 19:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9123
IP address blocks:        2.59.40.0/24 maxlen: 24
                          2.59.41.0/24 maxlen: 24
                          2.59.42.0/24 maxlen: 24
                          2.59.43.0/24 maxlen: 24
                          45.93.201.0/24 maxlen: 24
                          45.153.70.0/24 maxlen: 24
                          45.153.71.0/24 maxlen: 24
                          80.76.60.0/24 maxlen: 24
                          91.198.220.0/24 maxlen: 24
                          93.93.207.0/24 maxlen: 24
                          176.53.160.0/24 maxlen: 24
                          176.53.161.0/24 maxlen: 24
                          176.53.162.0/24 maxlen: 24
                          176.53.163.0/24 maxlen: 24
                          185.192.246.0/24 maxlen: 24
                          185.192.247.0/24 maxlen: 24
                          185.251.20.0/24 maxlen: 24
                          193.160.208.0/24 maxlen: 24
                          193.160.209.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:c2:2a:1e:95:1e:f8:bf:5b:43:53:4b:c9:12:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 19:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8008fa7856fa506ff76f8b0ce94f2c59e5c4a2d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:fe:ee:22:c5:03:61:5a:29:db:a4:d4:26:a3:
                    0d:dd:f9:ad:35:e0:15:40:79:13:33:e3:9d:b5:56:
                    f9:8a:4d:90:8e:9c:34:f7:6e:be:4e:99:cf:d4:a1:
                    70:44:50:c5:e2:db:50:c6:18:4b:d9:80:64:36:48:
                    ab:47:8c:3b:90:bc:ed:f9:4b:5e:bd:2c:f1:90:9b:
                    c6:d5:05:3c:35:aa:36:5c:b0:63:b7:56:3f:41:f7:
                    f9:8b:4c:a1:00:e7:66:58:b5:ab:bf:8b:39:20:c2:
                    e4:68:62:80:63:d0:bb:c8:9c:a4:32:6a:c1:ec:c6:
                    e1:c0:a5:54:a8:6f:e3:6f:6a:01:79:b9:d6:a0:49:
                    77:57:8e:3c:5f:10:25:39:93:04:69:db:cb:0d:08:
                    40:bc:be:0c:8b:aa:c2:e1:a4:7e:38:b8:0a:c4:19:
                    8c:e6:7f:72:86:a7:95:94:28:72:fa:86:39:57:42:
                    3f:42:31:89:86:68:4b:2c:60:1d:81:3f:1d:79:71:
                    63:83:77:b0:0d:5b:f8:7e:4c:9e:3a:a3:24:8f:37:
                    f5:2b:99:cb:70:b2:94:a3:04:09:b5:81:96:da:31:
                    8e:43:6e:2f:aa:41:0e:a9:e7:56:4f:fe:6f:c1:2a:
                    81:89:14:f1:f1:ad:42:3e:1b:6f:75:41:7b:c1:1d:
                    5d:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:08:FA:78:56:FA:50:6F:F7:6F:8B:0C:E9:4F:2C:59:E5:C4:A2:D6
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/gAj6eFb6UG_3b4sM6U8sWeXEotY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.40.0/22
                  45.93.201.0/24
                  45.153.70.0/23
                  80.76.60.0/24
                  91.198.220.0/24
                  93.93.207.0/24
                  176.53.160.0/22
                  185.192.246.0/23
                  185.251.20.0/24
                  193.160.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:30:f8:d0:f1:db:f3:12:34:5a:8a:02:da:89:12:7e:df:e3:
         08:71:4a:bb:c5:b3:a8:0e:52:1e:6f:b7:87:ed:9b:6c:33:5f:
         1c:92:47:6b:92:80:2b:10:75:69:d1:cc:58:6b:81:36:4b:e3:
         3e:36:f7:6e:da:d2:7a:07:00:10:6d:15:07:91:d7:28:38:aa:
         06:7c:ea:38:a2:d6:e6:4b:0e:8f:27:92:28:19:57:96:59:4a:
         84:ff:ac:cd:cf:31:18:bb:fe:18:65:0c:e8:29:54:f6:6d:42:
         eb:ff:0a:86:43:a1:5a:78:1d:14:1a:03:5c:90:63:99:de:4e:
         b1:3d:5b:73:56:9f:06:88:bb:1a:75:fa:82:38:be:b0:c7:c0:
         38:1f:3e:5b:3c:13:22:dd:3a:05:17:3f:65:24:79:f2:f1:75:
         1c:2c:8e:1f:f3:b2:cb:8c:6a:87:2d:7d:11:93:47:da:49:5e:
         6d:c5:e9:94:e8:98:d1:e1:53:8e:26:84:63:99:05:67:88:1b:
         1f:2e:45:8e:ea:8d:2a:60:e9:01:c9:4b:3f:e0:d0:d2:6a:93:
         ee:29:ff:37:d4:ad:dd:71:be:80:b3:22:c9:50:bc:55:4e:ad:
         ad:81:1a:f8:5e:36:73:e0:a6:2b:43:75:26:ff:ba:e9:87:94:
         3a:96:07:a3
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZQjacIqHpUe+L9bQ1NLyRKpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMTAxMTk0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDA4ZmE3ODU2ZmE1MDZmZjc2ZjhiMGNlOTRmMmM1OWU1YzRhMmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApf7uIsUDYVop26TUJqMN3fmtNeAV
QHkTM+OdtVb5ik2Qjpw0926+TpnP1KFwRFDF4ttQxhhL2YBkNkirR4w7kLzt+Ute
vSzxkJvG1QU8Nao2XLBjt1Y/Qff5i0yhAOdmWLWrv4s5IMLkaGKAY9C7yJykMmrB
7MbhwKVUqG/jb2oBebnWoEl3V448XxAlOZMEadvLDQhAvL4Mi6rC4aR+OLgKxBmM
5n9yhqeVlChy+oY5V0I/QjGJhmhLLGAdgT8deXFjg3ewDVv4fkyeOqMkjzf1K5nL
cLKUowQJtYGW2jGOQ24vqkEOqedWT/5vwSqBiRTx8a1CPhtvdUF7wR1ddwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFIAI+nhW+lBv92+LDOlPLFnlxKLWMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvZ0FqNmVGYjZVR18zYjRzTTZVOHNXZVhFb3RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCAjsoAwQA
LV3JAwQBLZlGAwQAUEw8AwQAW8bcAwQAXV3PAwQCsDWgAwQBucD2AwQAufsUAwQB
waDQMA0GCSqGSIb3DQEBCwUAA4IBAQCSMPjQ8dvzEjRaigLaiRJ+3+MIcUq7xbOo
DlIeb7eH7ZtsM18ckkdrkoArEHVp0cxYa4E2S+M+Nvdu2tJ6BwAQbRUHkdcoOKoG
fOo4otbmSw6PJ5IoGVeWWUqE/6zNzzEYu/4YZQzoKVT2bULr/wqGQ6FaeB0UGgNc
kGOZ3k6xPVtzVp8GiLsadfqCOL6wx8A4Hz5bPBMi3ToFFz9lJHny8XUcLI4f87LL
jGqHLX0Rk0faSV5txemU6JjR4VOOJoRjmQVniBsfLkWO6o0qYOkByUs/4NDSapPu
Kf831K3dcb6AsyLJULxVTq2tgRr4XjZz4KYrQ3Um/7rph5Q6lgej
-----END CERTIFICATE-----