Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/2d2YxncO-zH520yHmIwXuoS7jss.roa
File:                     2d2YxncO-zH520yHmIwXuoS7jss.roa (raw, json)
Hash identifier:          QE9Az012sDwA8G7SNHwvsVCLD+u2Raib3c1YGhOg3iY=
Subject key identifier:   D9:DD:98:C6:77:0E:FB:31:F9:DB:4C:87:98:8C:17:BA:84:BB:8E:CB
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       019484B8BC4A78CA5BC92C760CCFA40B4C00
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/2d2YxncO-zH520yHmIwXuoS7jss.roa
Signing time:             Mon 20 Jan 2025 17:18:06 +0000
ROA not before:           Mon 20 Jan 2025 17:18:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5511
IP address blocks:        45.136.0.0/24 maxlen: 32
                          45.136.1.0/24 maxlen: 32
                          45.136.2.0/24 maxlen: 32
                          45.136.3.0/24 maxlen: 32
                          128.0.119.0/24 maxlen: 32
                          185.117.20.0/24 maxlen: 32
                          185.117.22.0/24 maxlen: 32
                          185.117.23.0/24 maxlen: 32
                          185.211.48.0/24 maxlen: 32
                          185.211.49.0/24 maxlen: 32
                          185.211.50.0/24 maxlen: 32
                          193.201.208.0/24 maxlen: 32
                          193.201.209.0/24 maxlen: 32
                          195.85.68.0/24 maxlen: 32
                          195.85.69.0/24 maxlen: 32
                          195.85.70.0/24 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:84:b8:bc:4a:78:ca:5b:c9:2c:76:0c:cf:a4:0b:4c:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan 20 17:18:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9dd98c6770efb31f9db4c87988c17ba84bb8ecb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:2a:8f:2d:66:65:08:ba:33:98:a8:01:ba:e8:
                    64:58:8f:48:3f:ae:8a:3d:fa:ee:92:ed:6e:03:22:
                    83:ff:25:4a:89:19:6b:43:32:5b:87:0b:c0:64:9b:
                    81:9f:d3:73:19:d0:1b:25:d1:e6:71:77:d3:e5:4f:
                    cf:88:25:a3:f9:21:3f:b1:ac:27:f4:96:d0:4d:17:
                    12:da:99:41:14:ce:b0:d9:e8:19:88:1b:0b:0c:ab:
                    00:3c:79:cb:7e:57:23:cc:54:96:a1:9b:cc:86:a8:
                    e1:13:b3:8a:9c:bd:f3:d8:05:99:83:e8:6f:91:51:
                    8d:4c:48:54:61:ac:c6:4e:f3:39:50:a5:71:77:2e:
                    0f:06:fb:ce:de:76:6e:02:71:3d:f4:e6:73:13:81:
                    fa:3e:d9:66:ba:e0:50:80:3a:3e:53:9c:8d:51:f6:
                    6d:6b:ab:19:a5:83:90:94:17:1b:14:2e:19:42:3a:
                    e2:62:76:a4:22:d8:56:b7:81:9b:40:fa:92:2d:1f:
                    be:c6:ab:dc:12:d6:2f:c6:39:61:4e:76:f0:99:57:
                    d1:42:00:5f:a3:d6:1b:9d:e2:06:63:51:be:2c:f1:
                    c7:41:68:b1:2c:17:d8:fa:2d:b2:8e:41:63:04:14:
                    36:85:22:7e:27:a2:a3:65:37:35:c5:5b:3a:c1:89:
                    fe:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:DD:98:C6:77:0E:FB:31:F9:DB:4C:87:98:8C:17:BA:84:BB:8E:CB
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/2d2YxncO-zH520yHmIwXuoS7jss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.0.0/22
                  128.0.119.0/24
                  185.117.20.0/24
                  185.117.22.0/23
                  185.211.48.0-185.211.50.255
                  193.201.208.0/23
                  195.85.68.0-195.85.70.255

    Signature Algorithm: sha256WithRSAEncryption
         7f:3e:39:af:50:76:af:a8:9a:c2:b1:5f:ba:1d:18:9a:ad:57:
         0b:04:ca:c0:5f:38:b5:00:09:c2:f4:3d:e1:f7:e9:ad:d4:0c:
         ae:a5:b7:c1:03:5f:d4:8d:e5:db:2c:22:45:f4:73:31:ba:1f:
         b9:31:7f:c2:6f:c5:e8:ae:1b:68:99:c4:d5:27:36:49:d0:4f:
         a0:e5:af:17:3a:c5:6e:5b:67:f8:ec:23:08:99:9d:e3:f6:77:
         7e:c0:33:60:9c:38:8a:50:a1:76:df:fb:de:95:09:e7:ce:1e:
         6f:42:e4:73:a2:45:57:a7:5c:c5:f5:78:fc:e0:04:a2:5a:0f:
         ad:c8:46:27:88:cc:74:90:a4:a0:70:90:c5:54:27:c0:e4:1e:
         f2:01:bc:54:95:10:c8:c3:94:97:80:59:01:0a:aa:69:54:54:
         8b:0a:f7:59:b3:c7:36:cf:32:0f:1a:4d:c1:ac:4f:50:20:89:
         79:75:90:c1:56:31:0e:c8:7c:82:5e:78:c6:59:52:78:f4:7f:
         1c:cf:f0:c6:f2:89:72:2d:b8:fb:21:42:9c:bf:68:f4:72:86:
         7d:21:b5:76:da:0f:14:93:85:9d:0f:a3:c2:e0:c3:2d:a9:5f:
         c3:f4:df:fa:aa:33:a9:cb:17:80:50:c9:be:c9:b6:90:0f:9c:
         2b:c8:ea:e0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZSEuLxKeMpbySx2DM+kC0wAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwMTIwMTcxODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWRkOThjNjc3MGVmYjMxZjlkYjRjODc5ODhjMTdiYTg0YmI4ZWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuiqPLWZlCLozmKgBuuhkWI9IP66K
Pfruku1uAyKD/yVKiRlrQzJbhwvAZJuBn9NzGdAbJdHmcXfT5U/PiCWj+SE/sawn
9JbQTRcS2plBFM6w2egZiBsLDKsAPHnLflcjzFSWoZvMhqjhE7OKnL3z2AWZg+hv
kVGNTEhUYazGTvM5UKVxdy4PBvvO3nZuAnE99OZzE4H6PtlmuuBQgDo+U5yNUfZt
a6sZpYOQlBcbFC4ZQjriYnakIthWt4GbQPqSLR++xqvcEtYvxjlhTnbwmVfRQgBf
o9YbneIGY1G+LPHHQWixLBfY+i2yjkFjBBQ2hSJ+J6KjZTc1xVs6wYn+ZwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFNndmMZ3Dvsx+dtMh5iMF7qEu47LMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvMmQyWXhuY08tekg1MjB5SG1Jd1h1b1M3anNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQCLYgAAwQA
gAB3AwQAuXUUAwQBuXUWMAwDBAS50zADBAC50zIDBAHBydAwDAMEAsNVRAMEAMNV
RjANBgkqhkiG9w0BAQsFAAOCAQEAfz45r1B2r6iawrFfuh0Ymq1XCwTKwF84tQAJ
wvQ94ffprdQMrqW3wQNf1I3l2ywiRfRzMbofuTF/wm/F6K4baJnE1Sc2SdBPoOWv
FzrFbltn+OwjCJmd4/Z3fsAzYJw4ilChdt/73pUJ584eb0Lkc6JFV6dcxfV4/OAE
oloPrchGJ4jMdJCkoHCQxVQnwOQe8gG8VJUQyMOUl4BZAQqqaVRUiwr3WbPHNs8y
DxpNwaxPUCCJeXWQwVYxDsh8gl54xllSePR/HM/wxvKJci24+yFCnL9o9HKGfSG1
dtoPFJOFnQ+jwuDDLalfw/Tf+qozqcsXgFDJvsm2kA+cK8jq4A==
-----END CERTIFICATE-----