Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/nh5NhSKUCOZvA0PX-MutnlzNzr0.roa
File:                     nh5NhSKUCOZvA0PX-MutnlzNzr0.roa (raw, json)
Hash identifier:          rMUx4sRjj5BLU/vJgZBKJqyHigJv6wDRFQlbGQCNv4w=
Subject key identifier:   9E:1E:4D:85:22:94:08:E6:6F:03:43:D7:F8:CB:AD:9E:5C:CD:CE:BD
Certificate issuer:       /CN=1e8d205c798ed78f3c44ca0c8f2852e8bec8eaa2
Certificate serial:       01947E68D5D3EE2B49106CD15DA662D557B6
Authority key identifier: 1E:8D:20:5C:79:8E:D7:8F:3C:44:CA:0C:8F:28:52:E8:BE:C8:EA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ho0gXHmO1488RMoMjyhS6L7I6qI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/nh5NhSKUCOZvA0PX-MutnlzNzr0.roa
Signing time:             Sun 19 Jan 2025 11:53:07 +0000
ROA not before:           Sun 19 Jan 2025 11:53:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43766
IP address blocks:        93.191.104.0/24 maxlen: 24
                          93.191.105.0/24 maxlen: 24
                          93.191.106.0/24 maxlen: 24
                          2a00:5400:f000::/48 maxlen: 48
                          2a00:5400:f001::/48 maxlen: 48
                          2a00:5400:f002::/48 maxlen: 48
                          2a00:5400:f003::/48 maxlen: 48
                          2a00:5400:f004::/48 maxlen: 48
                          2a00:5400:f005::/48 maxlen: 48
                          2a00:5400:f006::/48 maxlen: 48
                          2a00:5400:f007::/48 maxlen: 48
                          2a00:5400:f008::/47 maxlen: 47
                          2a00:5400:f008::/48 maxlen: 48
                          2a00:5400:f009::/48 maxlen: 48
                          2a00:5400:f00a::/47 maxlen: 47
                          2a00:5400:f00a::/48 maxlen: 48
                          2a00:5400:f00b::/48 maxlen: 48
                          2a00:5400:f00c::/47 maxlen: 47
                          2a00:5400:f00c::/48 maxlen: 48
                          2a00:5400:f00d::/48 maxlen: 48
                          2a00:5400:f00e::/47 maxlen: 47
                          2a00:5400:f00e::/48 maxlen: 48
                          2a00:5400:f00f::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:7e:68:d5:d3:ee:2b:49:10:6c:d1:5d:a6:62:d5:57:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e8d205c798ed78f3c44ca0c8f2852e8bec8eaa2
        Validity
            Not Before: Jan 19 11:53:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e1e4d85229408e66f0343d7f8cbad9e5ccdcebd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:5b:a8:07:5f:2c:9d:f3:c2:8a:38:18:1a:55:
                    b1:d8:4c:a6:22:49:e8:ed:73:4b:f1:1e:02:c7:03:
                    7e:e2:5a:5a:ba:a8:48:38:51:53:7a:ed:48:27:5a:
                    36:b9:ad:96:4e:90:03:76:93:29:bd:50:65:54:41:
                    99:ef:34:61:f6:93:e3:b9:50:7b:50:ad:b8:1f:06:
                    e9:3d:25:03:db:6a:84:6d:4c:52:0f:af:12:3d:f1:
                    04:f9:69:00:64:df:df:fc:64:b0:55:59:62:7e:3c:
                    e9:b4:2f:68:8f:8b:02:c0:3b:5c:ec:25:c8:d1:43:
                    1c:b0:0a:a3:6e:8b:a8:90:f0:72:0c:f9:54:dd:1f:
                    0e:b8:19:ec:53:bd:4b:bc:85:bf:9b:0e:41:5b:08:
                    29:1b:6b:20:37:95:f0:40:0b:7f:68:2d:00:64:ba:
                    ee:c3:6d:7a:8e:51:21:2f:34:15:cc:35:b4:98:cd:
                    68:b9:95:ae:73:08:7e:de:77:1e:b3:2f:1b:fc:11:
                    af:e2:0b:91:14:16:26:59:eb:8a:29:1a:55:ae:a6:
                    5c:25:fe:e4:ab:b0:4f:e6:44:10:e0:67:1b:ce:41:
                    59:1d:cc:42:d4:c6:ef:0b:1a:ec:18:c4:e0:39:46:
                    7c:ba:b9:11:14:ce:6a:da:65:08:6e:a3:c5:8a:8f:
                    18:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:1E:4D:85:22:94:08:E6:6F:03:43:D7:F8:CB:AD:9E:5C:CD:CE:BD
            X509v3 Authority Key Identifier:
                keyid:1E:8D:20:5C:79:8E:D7:8F:3C:44:CA:0C:8F:28:52:E8:BE:C8:EA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ho0gXHmO1488RMoMjyhS6L7I6qI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/nh5NhSKUCOZvA0PX-MutnlzNzr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/Ho0gXHmO1488RMoMjyhS6L7I6qI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.191.104.0-93.191.106.255
                IPv6:
                  2a00:5400:f000::/44

    Signature Algorithm: sha256WithRSAEncryption
         c5:21:90:e4:f2:43:b1:b7:57:9d:b2:69:18:a7:a4:4b:7a:ce:
         6e:4c:05:e3:67:4a:f7:f2:dd:38:68:be:1a:0b:4b:02:a8:e9:
         31:de:c6:c2:a5:8b:8e:4b:78:5c:16:2f:29:cd:c2:73:0c:71:
         65:29:02:8a:31:83:ea:5b:71:03:99:2e:33:bb:bd:ae:f7:e7:
         a2:c5:c9:e6:de:c9:c2:98:d2:5d:68:27:23:6c:dd:a4:71:c2:
         03:79:5d:36:8d:27:50:10:94:dd:0c:56:1e:23:69:23:90:29:
         ff:a3:7e:f9:be:ed:0e:e1:84:c8:98:59:35:4a:85:0f:83:fd:
         90:1c:b3:12:0d:3a:ff:58:38:c8:a0:9c:ba:e0:07:68:1a:d9:
         67:59:0d:fe:b0:4b:32:82:7a:df:24:9d:be:bd:63:09:ff:e7:
         35:67:df:fd:82:a0:0f:73:9a:a0:45:4d:69:93:c2:2b:9a:42:
         6d:bd:2a:9c:52:3a:4c:fd:b5:43:07:49:22:45:34:d4:42:c2:
         46:cb:7c:e0:6d:b0:e9:67:4f:53:8b:e3:60:17:21:d3:f7:4c:
         cb:d0:34:6f:7e:cb:25:15:0a:bc:0b:93:7f:d7:b0:c9:1b:46:
         4b:11:d4:8b:02:c5:87:52:00:7e:02:6f:4b:15:43:6d:70:a5:
         a0:a6:64:3d
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZR+aNXT7itJEGzRXaZi1Ve2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOGQyMDVjNzk4ZWQ3OGYzYzQ0Y2EwYzhmMjg1MmU4YmVj
OGVhYTIwHhcNMjUwMTE5MTE1MzA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTFlNGQ4NTIyOTQwOGU2NmYwMzQzZDdmOGNiYWQ5ZTVjY2RjZWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0luoB18snfPCijgYGlWx2EymIkno
7XNL8R4CxwN+4lpauqhIOFFTeu1IJ1o2ua2WTpADdpMpvVBlVEGZ7zRh9pPjuVB7
UK24HwbpPSUD22qEbUxSD68SPfEE+WkAZN/f/GSwVVlifjzptC9oj4sCwDtc7CXI
0UMcsAqjbouokPByDPlU3R8OuBnsU71LvIW/mw5BWwgpG2sgN5XwQAt/aC0AZLru
w216jlEhLzQVzDW0mM1ouZWucwh+3ncesy8b/BGv4guRFBYmWeuKKRpVrqZcJf7k
q7BP5kQQ4GcbzkFZHcxC1MbvCxrsGMTgOUZ8urkRFM5q2mUIbqPFio8YRQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFJ4eTYUilAjmbwND1/jLrZ5czc69MB8GA1UdIwQY
MBaAFB6NIFx5jtePPETKDI8oUui+yOqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG8wZ1hIbU8xNDg4Uk1vTWp5aFM2TDdJNnFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yOTg4OTgtNzQ1NC00MDJiLTgxZTkt
ZWUxYmQzNDRmMDE1LzEvbmg1TmhTS1VDT1p2QTBQWC1NdXRubHpOenIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yOTg4OTgtNzQ1NC00MDJiLTgxZTktZWUxYmQzNDRmMDE1
LzEvSG8wZ1hIbU8xNDg4Uk1vTWp5aFM2TDdJNnFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBANdv2gD
BABdv2owDwQCAAIwCQMHBCoAVADwADANBgkqhkiG9w0BAQsFAAOCAQEAxSGQ5PJD
sbdXnbJpGKekS3rObkwF42dK9/LdOGi+GgtLAqjpMd7GwqWLjkt4XBYvKc3Ccwxx
ZSkCijGD6ltxA5kuM7u9rvfnosXJ5t7JwpjSXWgnI2zdpHHCA3ldNo0nUBCU3QxW
HiNpI5Ap/6N++b7tDuGEyJhZNUqFD4P9kByzEg06/1g4yKCcuuAHaBrZZ1kN/rBL
MoJ63ySdvr1jCf/nNWff/YKgD3OaoEVNaZPCK5pCbb0qnFI6TP21QwdJIkU01ELC
Rst84G2w6WdPU4vjYBch0/dMy9A0b37LJRUKvAuTf9ewyRtGSxHUiwLFh1IAfgJv
SxVDbXCloKZkPQ==
-----END CERTIFICATE-----