Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/np1E8UqVaVmKedJtcdTE2cxKY1U.roa
File:                     np1E8UqVaVmKedJtcdTE2cxKY1U.roa (raw, json)
Hash identifier:          NXmlve8uZsnii6Bbmop167cP3mqKjYL/LIXlIgY60do=
Subject key identifier:   9E:9D:44:F1:4A:95:69:59:8A:79:D2:6D:71:D4:C4:D9:CC:4A:63:55
Certificate issuer:       /CN=691242c33bc2e2e9e45850a0fc64ab2c7506a4b8
Certificate serial:       019423D7D15C5BB893E036AFFFD610111EFA
Authority key identifier: 69:12:42:C3:3B:C2:E2:E9:E4:58:50:A0:FC:64:AB:2C:75:06:A4:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aRJCwzvC4unkWFCg_GSrLHUGpLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/np1E8UqVaVmKedJtcdTE2cxKY1U.roa
Signing time:             Wed 01 Jan 2025 21:48:53 +0000
ROA not before:           Wed 01 Jan 2025 21:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202015
IP address blocks:        77.83.199.0/24 maxlen: 24
                          79.141.160.0/23 maxlen: 23
                          79.141.162.0/23 maxlen: 23
                          79.141.172.0/24 maxlen: 24
                          79.141.173.0/24 maxlen: 24
                          91.193.19.0/24 maxlen: 24
                          185.33.84.0/23 maxlen: 23
                          185.33.86.0/23 maxlen: 23
                          193.42.38.0/24 maxlen: 24
                          194.124.229.0/24 maxlen: 24
                          2a01:8640:4::/48 maxlen: 48
                          2a01:8640:5::/48 maxlen: 48
                          2a01:8640:b::/48 maxlen: 48
                          2a01:8640:e::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:d1:5c:5b:b8:93:e0:36:af:ff:d6:10:11:1e:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=691242c33bc2e2e9e45850a0fc64ab2c7506a4b8
        Validity
            Not Before: Jan  1 21:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e9d44f14a9569598a79d26d71d4c4d9cc4a6355
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:53:96:25:51:fa:9c:97:52:03:36:9d:ef:9a:
                    fb:49:33:7a:27:75:b4:ac:3b:00:bc:ff:6e:b3:79:
                    45:23:8c:02:ee:5a:e3:e3:7e:a5:ca:4b:26:d0:b9:
                    22:e5:22:2d:ec:59:f0:96:2a:1c:5c:f1:c7:13:13:
                    bc:8e:4d:f6:e4:22:88:86:6f:7d:ca:29:7a:39:c5:
                    c4:e8:41:c7:ca:21:ad:cf:f8:a7:b7:4e:d3:82:7a:
                    0a:ff:47:a5:5f:d5:5d:7f:90:7f:cc:0f:40:33:3d:
                    a8:c8:ff:94:c3:e0:bd:0e:38:26:b1:3d:c5:b8:c0:
                    c1:83:0d:c4:3a:03:30:43:17:f3:23:3b:00:b9:71:
                    72:3a:3a:b8:ee:5f:5e:5f:2a:9e:0d:bd:32:20:c8:
                    b0:b1:a0:b6:5b:ac:33:c9:02:0f:ae:8b:5a:81:30:
                    6e:ee:6b:21:1b:5c:e8:0c:e2:fb:35:33:f6:b2:a1:
                    b4:e2:50:f8:e3:73:e3:55:44:c1:2f:a2:b2:64:66:
                    f1:d3:fd:83:79:16:df:33:90:ae:03:75:5a:52:ec:
                    5c:5b:7e:6b:c3:1f:02:cd:10:0a:18:85:e5:32:4b:
                    b2:43:04:dc:cb:1d:6d:69:9f:1a:df:68:8e:b1:c5:
                    39:39:24:44:fe:f1:0c:85:69:ee:40:6c:5b:0e:0f:
                    38:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:9D:44:F1:4A:95:69:59:8A:79:D2:6D:71:D4:C4:D9:CC:4A:63:55
            X509v3 Authority Key Identifier:
                keyid:69:12:42:C3:3B:C2:E2:E9:E4:58:50:A0:FC:64:AB:2C:75:06:A4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aRJCwzvC4unkWFCg_GSrLHUGpLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/np1E8UqVaVmKedJtcdTE2cxKY1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/aRJCwzvC4unkWFCg_GSrLHUGpLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.199.0/24
                  79.141.160.0/22
                  79.141.172.0/23
                  91.193.19.0/24
                  185.33.84.0/22
                  193.42.38.0/24
                  194.124.229.0/24
                IPv6:
                  2a01:8640:4::/47
                  2a01:8640:b::/48
                  2a01:8640:e::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:b0:07:f3:b9:98:7a:76:38:fd:a0:c3:72:d7:d2:32:ef:45:
         f9:67:72:73:d8:71:18:89:40:90:68:87:0f:85:6c:04:4a:b8:
         a7:cf:67:4a:4b:4e:9a:a8:bd:68:ea:34:fe:2e:41:45:90:78:
         c9:02:a3:42:c2:7f:43:ac:27:98:ee:4f:01:41:e1:f7:c7:61:
         f8:bb:a2:e7:5d:b2:a2:7d:ca:50:7c:48:df:f5:7f:71:eb:d5:
         4f:4f:31:0a:ee:11:5e:30:4d:a4:a7:e7:ae:fe:9a:28:37:ee:
         a9:bc:c2:3e:fb:cb:0d:21:47:74:bd:f8:88:41:98:4e:df:67:
         6c:6d:e1:a8:0d:da:20:71:9c:87:b0:03:e0:7a:0f:7c:af:ba:
         21:9e:c9:20:d1:8a:47:bf:48:ad:35:b4:7b:d2:21:39:b7:6a:
         55:64:03:09:8c:a4:ff:8d:de:d0:30:ca:8e:95:a6:9b:8d:a3:
         25:14:76:a6:0f:9e:67:09:be:e9:ce:3e:3a:d2:47:ad:5e:ae:
         76:d2:79:61:e3:aa:a0:09:33:5a:ff:79:bd:c9:cd:74:a8:9d:
         16:bc:c8:d7:2d:ca:9b:e6:40:31:1a:42:a2:e6:b3:52:97:ce:
         0f:78:a3:8d:1b:d0:52:98:82:05:64:36:c3:8c:9a:fc:80:5d:
         02:96:e0:11
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZQj19FcW7iT4Dav/9YQER76MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MTI0MmMzM2JjMmUyZTllNDU4NTBhMGZjNjRhYjJjNzUw
NmE0YjgwHhcNMjUwMTAxMjE0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTlkNDRmMTRhOTU2OTU5OGE3OWQyNmQ3MWQ0YzRkOWNjNGE2MzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVOWJVH6nJdSAzad75r7STN6J3W0
rDsAvP9us3lFI4wC7lrj436lyksm0Lki5SIt7FnwliocXPHHExO8jk325CKIhm99
yil6OcXE6EHHyiGtz/int07TgnoK/0elX9Vdf5B/zA9AMz2oyP+Uw+C9DjgmsT3F
uMDBgw3EOgMwQxfzIzsAuXFyOjq47l9eXyqeDb0yIMiwsaC2W6wzyQIProtagTBu
7mshG1zoDOL7NTP2sqG04lD443PjVUTBL6KyZGbx0/2DeRbfM5CuA3VaUuxcW35r
wx8CzRAKGIXlMkuyQwTcyx1taZ8a32iOscU5OSRE/vEMhWnuQGxbDg84xQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFJ6dRPFKlWlZinnSbXHUxNnMSmNVMB8GA1UdIwQY
MBaAFGkSQsM7wuLp5FhQoPxkqyx1BqS4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVJKQ3d6dkM0dW5rV0ZDZ19HU3JMSFVHcExnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy82MzU2YjktYzQ5Zi00YjRkLThlMjkt
MzYyZmZlOGVlMjcwLzEvbnAxRThVcVZhVm1LZWRKdGNkVEUyY3hLWTFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy82MzU2YjktYzQ5Zi00YjRkLThlMjktMzYyZmZlOGVlMjcw
LzEvYVJKQ3d6dkM0dW5rV0ZDZ19HU3JMSFVHcExnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTAwBAIAATAqAwQATVPHAwQC
T42gAwQBT42sAwQAW8ETAwQCuSFUAwQAwSomAwQAwnzlMCEEAgACMBsDBwEqAYZA
AAQDBwAqAYZAAAsDBwAqAYZAAA4wDQYJKoZIhvcNAQELBQADggEBAIiwB/O5mHp2
OP2gw3LX0jLvRflncnPYcRiJQJBohw+FbARKuKfPZ0pLTpqovWjqNP4uQUWQeMkC
o0LCf0OsJ5juTwFB4ffHYfi7ouddsqJ9ylB8SN/1f3Hr1U9PMQruEV4wTaSn567+
mig37qm8wj77yw0hR3S9+IhBmE7fZ2xt4agN2iBxnIewA+B6D3yvuiGeySDRike/
SK01tHvSITm3alVkAwmMpP+N3tAwyo6VppuNoyUUdqYPnmcJvunOPjrSR61ernbS
eWHjqqAJM1r/eb3JzXSonRa8yNctypvmQDEaQqLms1KXzg94o40b0FKYggVkNsOM
mvyAXQKW4BE=
-----END CERTIFICATE-----