Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/RRUpL52l3ZrqY8b8jGRVhiS5uEE.roa
File:                     RRUpL52l3ZrqY8b8jGRVhiS5uEE.roa (raw, json)
Hash identifier:          99dVMD1TXYwoMLx8QjIwWd3Nc5ZFt32evoZk+tkvBwI=
Subject key identifier:   45:15:29:2F:9D:A5:DD:9A:EA:63:C6:FC:8C:64:55:86:24:B9:B8:41
Certificate issuer:       /CN=b467367967dc763349fd0b50e31f75b823028590
Certificate serial:       0195A8825B1B5FC7B3DB14854A26808656C5
Authority key identifier: B4:67:36:79:67:DC:76:33:49:FD:0B:50:E3:1F:75:B8:23:02:85:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tGc2eWfcdjNJ_QtQ4x91uCMChZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/RRUpL52l3ZrqY8b8jGRVhiS5uEE.roa
Signing time:             Tue 18 Mar 2025 09:07:49 +0000
ROA not before:           Tue 18 Mar 2025 09:07:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201178
IP address blocks:        37.75.8.0/21 maxlen: 24
                          185.28.0.0/22 maxlen: 24
                          185.81.236.0/22 maxlen: 24
                          185.81.236.0/24 maxlen: 24
                          185.81.237.0/24 maxlen: 24
                          185.81.238.0/24 maxlen: 24
                          185.81.239.0/24 maxlen: 24
                          185.153.248.0/22 maxlen: 24
                          185.155.148.0/22 maxlen: 24
                          185.155.148.0/24 maxlen: 24
                          185.155.149.0/24 maxlen: 24
                          185.155.150.0/24 maxlen: 24
                          185.155.151.0/24 maxlen: 24
                          195.142.0.0/22 maxlen: 24
                          195.142.104.0/21 maxlen: 24
                          195.142.132.0/22 maxlen: 24
                          2a05:8a00::/29 maxlen: 48
                          2a05:8a00:6::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a8:82:5b:1b:5f:c7:b3:db:14:85:4a:26:80:86:56:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b467367967dc763349fd0b50e31f75b823028590
        Validity
            Not Before: Mar 18 09:07:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4515292f9da5dd9aea63c6fc8c64558624b9b841
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:76:a0:d1:47:74:95:64:18:10:c1:6f:b6:b5:
                    8a:29:68:f2:a6:f2:23:50:39:9e:90:1e:d6:dd:b3:
                    9b:ab:37:13:5b:76:57:6e:c7:f8:6c:3d:2c:cd:0f:
                    ab:fb:d9:66:58:e7:af:67:c1:61:d0:62:7f:b3:26:
                    14:fe:7f:65:10:e8:cb:59:ac:bf:f8:9c:85:f4:df:
                    34:4b:43:c2:41:c1:33:59:94:84:da:12:cb:09:a5:
                    2b:dc:78:7c:3f:78:84:ce:f6:24:f4:97:58:f5:25:
                    dc:38:dd:a1:bf:83:03:39:7d:6d:c9:d1:0d:08:dd:
                    95:64:a0:c7:60:3b:74:19:30:51:f3:c0:af:b7:bd:
                    35:32:e5:05:53:29:fb:83:6f:a8:a6:d9:90:00:4f:
                    e4:7f:7f:3b:82:eb:5e:d0:67:f2:1c:13:92:80:9a:
                    12:24:2b:f8:7f:6d:6b:bd:36:9f:02:84:8e:0b:ea:
                    53:7d:9f:cf:d7:b6:f2:cc:e0:d3:9b:15:2d:2e:12:
                    57:ce:24:a3:b3:b7:9d:70:6e:00:c8:c0:a5:8e:62:
                    02:c0:80:f5:ce:ee:b5:79:8b:94:f1:46:10:e6:96:
                    af:7d:60:c5:02:46:a8:8d:d4:84:77:eb:e7:57:46:
                    54:3a:c2:64:ed:1a:94:38:73:2f:ca:7b:ab:d8:58:
                    97:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:15:29:2F:9D:A5:DD:9A:EA:63:C6:FC:8C:64:55:86:24:B9:B8:41
            X509v3 Authority Key Identifier:
                keyid:B4:67:36:79:67:DC:76:33:49:FD:0B:50:E3:1F:75:B8:23:02:85:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tGc2eWfcdjNJ_QtQ4x91uCMChZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/RRUpL52l3ZrqY8b8jGRVhiS5uEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/tGc2eWfcdjNJ_QtQ4x91uCMChZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.75.8.0/21
                  185.28.0.0/22
                  185.81.236.0/22
                  185.153.248.0/22
                  185.155.148.0/22
                  195.142.0.0/22
                  195.142.104.0/21
                  195.142.132.0/22
                IPv6:
                  2a05:8a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:9e:c7:21:ac:cb:14:17:b2:a8:32:dc:9b:55:1b:0b:e9:59:
         b9:20:9d:06:3e:a2:f2:be:b8:08:30:d4:b7:f0:e9:42:4c:63:
         2c:48:18:cc:92:42:61:09:e1:12:37:7c:dd:d9:9a:4a:5b:c1:
         76:5d:23:d2:d6:f1:6c:3f:59:cb:31:c3:09:fb:23:29:6e:0b:
         00:57:0c:f6:a0:78:e6:bb:86:d5:c2:fe:7a:89:58:43:eb:b2:
         74:99:6b:ab:32:1c:bf:db:65:1f:cb:42:0a:ed:23:ef:93:70:
         fb:3a:fe:4b:77:f4:65:4a:80:e9:ca:38:20:bc:5d:8f:d9:89:
         52:a5:da:ab:9f:5c:10:90:e8:33:a2:9a:0e:31:ee:74:50:23:
         28:79:f8:4b:d2:97:b6:c5:1a:5d:c0:f2:38:02:cb:ca:71:21:
         86:ae:e1:60:bd:96:03:5b:78:4e:41:21:d5:56:e8:c9:0e:24:
         85:6b:03:d9:c2:17:f5:d6:b6:af:44:40:28:57:0b:f2:29:09:
         19:56:f5:28:eb:f7:e2:26:ca:0b:c8:17:6e:e3:ce:8c:07:f7:
         d0:9c:77:fc:cd:91:96:a2:e3:93:b3:cd:bc:f1:3e:49:d8:36:
         62:9b:86:29:3a:ac:bf:db:06:99:44:b1:39:bb:96:5f:d7:4b:
         4f:73:ce:cc
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZWoglsbX8ez2xSFSiaAhlbFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NjczNjc5NjdkYzc2MzM0OWZkMGI1MGUzMWY3NWI4MjMw
Mjg1OTAwHhcNMjUwMzE4MDkwNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTE1MjkyZjlkYTVkZDlhZWE2M2M2ZmM4YzY0NTU4NjI0YjliODQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Hag0Ud0lWQYEMFvtrWKKWjypvIj
UDmekB7W3bObqzcTW3ZXbsf4bD0szQ+r+9lmWOevZ8Fh0GJ/syYU/n9lEOjLWay/
+JyF9N80S0PCQcEzWZSE2hLLCaUr3Hh8P3iEzvYk9JdY9SXcON2hv4MDOX1tydEN
CN2VZKDHYDt0GTBR88Cvt701MuUFUyn7g2+optmQAE/kf387gute0GfyHBOSgJoS
JCv4f21rvTafAoSOC+pTfZ/P17byzODTmxUtLhJXziSjs7edcG4AyMCljmICwID1
zu61eYuU8UYQ5pavfWDFAkaojdSEd+vnV0ZUOsJk7RqUOHMvynur2FiXLQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFEUVKS+dpd2a6mPG/IxkVYYkubhBMB8GA1UdIwQY
MBaAFLRnNnln3HYzSf0LUOMfdbgjAoWQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEdjMmVXZmNkak5KX1F0UTR4OTF1Q01DaFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9kZmM0ZjItZWQ3ZC00NjEwLTg2MGMt
YjgxMzczYzQwZGM5LzEvUlJVcEw1MmwzWnJxWThiOGpHUlZoaVM1dUVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9kZmM0ZjItZWQ3ZC00NjEwLTg2MGMtYjgxMzczYzQwZGM5
LzEvdEdjMmVXZmNkak5KX1F0UTR4OTF1Q01DaFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDJUsIAwQC
uRwAAwQCuVHsAwQCuZn4AwQCuZuUAwQCw44AAwQDw45oAwQCw46EMA0EAgACMAcD
BQMqBYoAMA0GCSqGSIb3DQEBCwUAA4IBAQCOnschrMsUF7KoMtybVRsL6Vm5IJ0G
PqLyvrgIMNS38OlCTGMsSBjMkkJhCeESN3zd2ZpKW8F2XSPS1vFsP1nLMcMJ+yMp
bgsAVwz2oHjmu4bVwv56iVhD67J0mWurMhy/22Ufy0IK7SPvk3D7Ov5Ld/RlSoDp
yjggvF2P2YlSpdqrn1wQkOgzopoOMe50UCMoefhL0pe2xRpdwPI4AsvKcSGGruFg
vZYDW3hOQSHVVujJDiSFawPZwhf11ravREAoVwvyKQkZVvUo6/fiJsoLyBdu486M
B/fQnHf8zZGWouOTs8288T5J2DZim4YpOqy/2waZRLE5u5Zf10tPc87M
-----END CERTIFICATE-----