Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/ucC9i3XEX6RhZkWqb6NvZwx0--U.roa
File:                     ucC9i3XEX6RhZkWqb6NvZwx0--U.roa (raw, json)
Hash identifier:          2+uO/5ecRW47tQiINeeU4pOO33FM+U1i9JrXKMVUjI4=
Subject key identifier:   B9:C0:BD:8B:75:C4:5F:A4:61:66:45:AA:6F:A3:6F:67:0C:74:FB:E5
Certificate issuer:       /CN=940a10a256728f11a4bbaadc3204b7f0a35a5000
Certificate serial:       0194266C06D93AA7A07749FC553879A924E1
Authority key identifier: 94:0A:10:A2:56:72:8F:11:A4:BB:AA:DC:32:04:B7:F0:A3:5A:50:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/ucC9i3XEX6RhZkWqb6NvZwx0--U.roa
Signing time:             Thu 02 Jan 2025 09:50:01 +0000
ROA not before:           Thu 02 Jan 2025 09:50:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8860
IP address blocks:        79.98.104.0/21 maxlen: 24
                          185.52.204.0/22 maxlen: 24
                          185.55.228.0/22 maxlen: 24
                          185.199.37.0/24 maxlen: 24
                          185.199.38.0/24 maxlen: 24
                          185.228.24.0/22 maxlen: 24
                          185.239.124.0/24 maxlen: 24
                          185.239.126.0/24 maxlen: 24
                          185.239.127.0/24 maxlen: 24
                          194.145.63.0/24 maxlen: 24
                          195.189.80.0/22 maxlen: 24
                          2a01:b6a0::/32 maxlen: 32
                          2a02:80e0::/30 maxlen: 30
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:06:d9:3a:a7:a0:77:49:fc:55:38:79:a9:24:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=940a10a256728f11a4bbaadc3204b7f0a35a5000
        Validity
            Not Before: Jan  2 09:50:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9c0bd8b75c45fa4616645aa6fa36f670c74fbe5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:5b:a7:da:3c:17:a2:09:c9:2a:b2:6e:31:65:
                    84:77:22:c7:21:45:b4:33:99:b8:4f:82:bd:ec:04:
                    61:f1:f9:02:8a:7a:c9:ea:ff:b0:fc:39:48:f1:bc:
                    fe:06:c7:80:9a:8a:9d:d4:d8:dc:54:fc:c5:d1:99:
                    4a:eb:af:89:88:e0:18:6c:88:4c:45:c1:06:da:2c:
                    0d:3a:49:fc:34:aa:ed:50:2f:34:b6:20:2f:f0:d9:
                    54:87:0b:45:a1:c1:8e:73:15:7a:5f:88:87:63:5a:
                    fa:19:d2:99:f5:49:3f:e2:0d:cf:04:9e:8f:91:13:
                    73:0c:da:b5:4b:fc:ee:98:38:4b:a8:2d:e8:53:5d:
                    34:e2:ee:4b:1a:34:66:f4:e6:2b:e2:c8:db:d2:d7:
                    e5:59:0e:2d:0f:2e:6d:4a:f4:79:b2:d5:df:8f:08:
                    a5:9e:26:c3:8a:f8:71:eb:cc:7d:4c:bf:58:19:66:
                    3e:af:e4:62:51:a9:b0:df:08:03:b0:76:f8:c5:be:
                    e3:1d:c5:f3:b2:4f:18:ab:6b:e7:fb:44:ea:d3:99:
                    f4:fb:69:ef:97:ab:38:86:ab:9b:55:b5:89:43:ab:
                    aa:73:89:69:4d:32:be:d2:75:f5:03:78:79:0e:74:
                    57:e6:e1:4d:7b:0c:7f:99:c9:4f:4b:24:aa:be:40:
                    70:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:C0:BD:8B:75:C4:5F:A4:61:66:45:AA:6F:A3:6F:67:0C:74:FB:E5
            X509v3 Authority Key Identifier:
                keyid:94:0A:10:A2:56:72:8F:11:A4:BB:AA:DC:32:04:B7:F0:A3:5A:50:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/ucC9i3XEX6RhZkWqb6NvZwx0--U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/lAoQolZyjxGku6rcMgS38KNaUAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.98.104.0/21
                  185.52.204.0/22
                  185.55.228.0/22
                  185.199.37.0-185.199.38.255
                  185.228.24.0/22
                  185.239.124.0/24
                  185.239.126.0/23
                  194.145.63.0/24
                  195.189.80.0/22
                IPv6:
                  2a01:b6a0::/32
                  2a02:80e0::/30

    Signature Algorithm: sha256WithRSAEncryption
         9d:4f:ec:21:b6:68:3f:e3:b7:5c:91:d1:27:27:5b:d5:02:cd:
         06:6b:cc:76:34:63:23:26:38:47:70:c4:0d:82:cf:17:ee:a4:
         f3:a6:62:20:32:2e:75:79:99:7f:d1:64:c4:7a:9a:8c:cc:97:
         6a:da:ff:40:17:81:e0:9e:e3:53:ce:f7:ac:da:86:1f:2c:27:
         fa:a5:3c:ef:56:1e:d2:58:6d:11:1d:88:63:67:f2:fd:7d:76:
         bc:ab:74:d3:77:d3:00:e9:34:cf:d7:9c:d1:1a:5a:09:b2:e5:
         ba:9b:bb:6d:f6:ea:1d:8f:8f:9d:1a:ec:76:b5:82:fe:52:4d:
         7a:d8:3a:48:70:62:04:f0:f4:72:22:90:18:7e:4d:51:46:1b:
         8e:8c:9e:35:42:a3:1f:98:d8:62:5a:e9:36:cf:9b:c0:94:88:
         ab:98:21:b0:73:1d:e5:49:dd:2b:0e:ce:1c:3e:26:de:f5:73:
         31:1e:5f:08:a6:ff:6d:7d:ee:9e:79:e6:87:38:1e:90:5f:6c:
         f3:d1:bc:2a:d7:1c:30:2d:9d:87:a6:fc:4e:a2:d6:a5:8b:72:
         15:cb:94:91:de:f3:64:08:c7:66:67:e1:ab:1e:34:ac:92:08:
         39:f7:fc:aa:77:3c:bc:fb:fa:34:06:ec:dc:e7:8e:00:d2:e9:
         ee:e9:82:ec
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZQmbAbZOqegd0n8VTh5qSThMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MGExMGEyNTY3MjhmMTFhNGJiYWFkYzMyMDRiN2YwYTM1
YTUwMDAwHhcNMjUwMTAyMDk1MDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWMwYmQ4Yjc1YzQ1ZmE0NjE2NjQ1YWE2ZmEzNmY2NzBjNzRmYmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Fun2jwXognJKrJuMWWEdyLHIUW0
M5m4T4K97ARh8fkCinrJ6v+w/DlI8bz+BseAmoqd1NjcVPzF0ZlK66+JiOAYbIhM
RcEG2iwNOkn8NKrtUC80tiAv8NlUhwtFocGOcxV6X4iHY1r6GdKZ9Uk/4g3PBJ6P
kRNzDNq1S/zumDhLqC3oU1004u5LGjRm9OYr4sjb0tflWQ4tDy5tSvR5stXfjwil
nibDivhx68x9TL9YGWY+r+RiUamw3wgDsHb4xb7jHcXzsk8Yq2vn+0Tq05n0+2nv
l6s4hqubVbWJQ6uqc4lpTTK+0nX1A3h5DnRX5uFNewx/mclPSySqvkBwIQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFLnAvYt1xF+kYWZFqm+jb2cMdPvlMB8GA1UdIwQY
MBaAFJQKEKJWco8RpLuq3DIEt/CjWlAAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEFvUW9sWnlqeEdrdTZyY01nUzM4S05hVUFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hMWFlNzUtMmQ2Yi00Y2M2LWFjZWYt
ZGNlNmQ2OTA5MjQ3LzEvdWNDOWkzWEVYNlJoWmtXcWI2TnZad3gwLS1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hMWFlNzUtMmQ2Yi00Y2M2LWFjZWYtZGNlNmQ2OTA5MjQ3
LzEvbEFvUW9sWnlqeEdrdTZyY01nUzM4S05hVUFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBEBAIAATA+AwQDT2JoAwQC
uTTMAwQCuTfkMAwDBAC5xyUDBAC5xyYDBAK55BgDBAC573wDBAG5734DBADCkT8D
BALDvVAwFAQCAAIwDgMFACoBtqADBQIqAoDgMA0GCSqGSIb3DQEBCwUAA4IBAQCd
T+whtmg/47dckdEnJ1vVAs0Ga8x2NGMjJjhHcMQNgs8X7qTzpmIgMi51eZl/0WTE
epqMzJdq2v9AF4HgnuNTzves2oYfLCf6pTzvVh7SWG0RHYhjZ/L9fXa8q3TTd9MA
6TTP15zRGloJsuW6m7tt9uodj4+dGux2tYL+Uk162DpIcGIE8PRyIpAYfk1RRhuO
jJ41QqMfmNhiWuk2z5vAlIirmCGwcx3lSd0rDs4cPibe9XMxHl8Ipv9tfe6eeeaH
OB6QX2zz0bwq1xwwLZ2HpvxOotali3IVy5SR3vNkCMdmZ+GrHjSskgg59/yqdzy8
+/o0Buzc544A0unu6YLs
-----END CERTIFICATE-----