Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/nXO9ZD7OJiN-E6KmZV4kRHtBmBI.roa
File:                     nXO9ZD7OJiN-E6KmZV4kRHtBmBI.roa (raw, json)
Hash identifier:          R2L2uowPuXilVCETZnm6Iuoakr30MLG7uX9vIcN2GR0=
Subject key identifier:   9D:73:BD:64:3E:CE:26:23:7E:13:A2:A6:65:5E:24:44:7B:41:98:12
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       019421B21CE9E0A7727CCB8448835918CC16
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/nXO9ZD7OJiN-E6KmZV4kRHtBmBI.roa
Signing time:             Wed 01 Jan 2025 11:48:28 +0000
ROA not before:           Wed 01 Jan 2025 11:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12444
IP address blocks:        84.17.67.0/24 maxlen: 24
                          84.17.68.0/24 maxlen: 24
                          84.17.70.0/24 maxlen: 24
                          84.17.71.0/24 maxlen: 24
                          84.17.75.0/24 maxlen: 24
                          84.17.76.0/24 maxlen: 24
                          84.17.78.0/24 maxlen: 24
                          84.17.79.0/24 maxlen: 24
                          84.17.83.0/24 maxlen: 24
                          84.17.84.0/24 maxlen: 24
                          84.17.86.0/24 maxlen: 24
                          84.17.87.0/24 maxlen: 24
                          84.17.89.0/24 maxlen: 24
                          84.17.90.0/24 maxlen: 24
                          84.17.91.0/24 maxlen: 24
                          84.17.93.0/24 maxlen: 24
                          185.118.176.0/24 maxlen: 24
                          185.118.177.0/24 maxlen: 24
                          185.118.178.0/24 maxlen: 24
                          185.118.179.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:1c:e9:e0:a7:72:7c:cb:84:48:83:59:18:cc:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Jan  1 11:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d73bd643ece26237e13a2a6655e24447b419812
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:d5:7d:d3:62:19:e2:a8:84:b2:3d:fc:b4:82:
                    33:08:56:07:da:6e:ec:84:00:f8:21:34:6a:bb:eb:
                    cb:bf:3c:13:f3:cd:ef:b9:a7:6b:24:38:b9:e0:72:
                    ef:d8:fd:41:31:41:61:1b:3d:72:81:96:a1:c1:5b:
                    41:74:d6:63:a7:85:1a:53:4b:b3:52:46:53:12:46:
                    c6:33:b0:0b:37:69:13:03:3b:7d:d4:5b:cf:d9:50:
                    e4:18:b4:eb:ba:ed:78:e3:2e:69:9c:70:40:69:52:
                    60:b5:aa:bf:8e:ae:d8:c4:77:d1:34:0e:ba:6c:2c:
                    67:19:8f:e9:7b:82:90:65:b2:28:23:dc:69:ef:65:
                    df:4a:9d:b3:9c:52:ac:32:c0:cd:98:ed:e1:7d:9f:
                    4f:32:be:44:9b:77:fb:b3:bb:15:34:7a:0e:15:e4:
                    7e:ac:60:25:3b:38:f7:fe:b0:1a:7d:b0:0b:4d:5b:
                    5f:55:4d:e4:6f:53:d9:ff:0e:d5:99:a5:08:00:6c:
                    8a:11:c2:71:e0:a4:98:79:d0:53:99:50:74:c0:07:
                    d3:e6:15:88:99:57:5a:a0:87:16:af:a2:01:ec:e3:
                    1d:14:b7:5c:7b:37:a6:e8:27:fa:11:50:36:bb:a9:
                    8f:2c:e8:80:15:c0:c8:f6:30:81:e3:c2:3d:73:64:
                    9a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:73:BD:64:3E:CE:26:23:7E:13:A2:A6:65:5E:24:44:7B:41:98:12
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/nXO9ZD7OJiN-E6KmZV4kRHtBmBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.67.0-84.17.68.255
                  84.17.70.0/23
                  84.17.75.0-84.17.76.255
                  84.17.78.0/23
                  84.17.83.0-84.17.84.255
                  84.17.86.0/23
                  84.17.89.0-84.17.91.255
                  84.17.93.0/24
                  185.118.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:cf:16:79:47:5d:ff:df:2b:6d:c4:4d:0c:75:7e:62:c9:0f:
         9c:82:b3:b2:6a:48:c7:7b:2e:b8:93:4d:28:2f:f4:14:f3:c2:
         c7:9e:d5:73:2c:ce:0d:03:b6:63:ab:19:fa:72:35:98:cf:52:
         98:ef:75:ed:30:d1:53:b3:ab:62:bd:2e:0a:7c:90:4a:0e:13:
         d1:89:be:07:61:93:58:44:8b:c4:99:5e:c1:6f:28:93:be:e4:
         0e:f1:ad:de:3c:45:bf:a2:b6:f5:f8:7e:cd:5e:92:44:e4:d2:
         36:1e:1d:4f:d7:9c:2d:02:46:db:04:e6:b2:8c:95:8a:6a:87:
         5c:10:76:84:8a:2e:eb:a6:8e:b6:b4:e9:0f:59:0c:75:1c:e1:
         40:89:fb:b3:6b:e8:5a:a7:58:ca:a2:9f:d7:7d:cb:f4:68:48:
         15:74:62:6f:31:73:9d:56:d4:c2:ef:e3:50:30:84:60:70:57:
         c2:2f:43:f9:1f:fd:2e:c4:97:ba:7d:45:f9:15:cb:b0:6c:12:
         60:f3:a4:da:c4:1e:04:ec:bc:42:29:7f:f5:f2:cf:09:12:8d:
         69:2d:ed:aa:99:c0:1a:8b:2d:9b:ce:5f:d6:98:57:8e:a2:f5:
         89:20:e4:2f:c6:87:11:02:13:84:1b:c9:b5:47:b3:c4:05:cf:
         37:15:bc:bb
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAZQhshzp4KdyfMuESINZGMwWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2Mjk1MGViNzkxNjY2OGJiZmE4ZDFiODcwNTYwYjFj
YTc3MzkwHhcNMjUwMTAxMTE0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDczYmQ2NDNlY2UyNjIzN2UxM2EyYTY2NTVlMjQ0NDdiNDE5ODEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0NV902IZ4qiEsj38tIIzCFYH2m7s
hAD4ITRqu+vLvzwT883vuadrJDi54HLv2P1BMUFhGz1ygZahwVtBdNZjp4UaU0uz
UkZTEkbGM7ALN2kTAzt91FvP2VDkGLTruu144y5pnHBAaVJgtaq/jq7YxHfRNA66
bCxnGY/pe4KQZbIoI9xp72XfSp2znFKsMsDNmO3hfZ9PMr5Em3f7s7sVNHoOFeR+
rGAlOzj3/rAafbALTVtfVU3kb1PZ/w7VmaUIAGyKEcJx4KSYedBTmVB0wAfT5hWI
mVdaoIcWr6IB7OMdFLdcezem6Cf6EVA2u6mPLOiAFcDI9jCB48I9c2SakQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFJ1zvWQ+ziYjfhOipmVeJER7QZgSMB8GA1UdIwQY
MBaAFPS3YpUOt5FmaLv6jRuHBWCxync5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAt
MmY4ZGYxODdmOThiLzEvblhPOVpEN09KaU4tRTZLbVpWNGtSSHRCbUJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAtMmY4ZGYxODdmOThi
LzEvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWMAwDBABUEUMD
BABUEUQDBAFUEUYwDAMEAFQRSwMEAFQRTAMEAVQRTjAMAwQAVBFTAwQAVBFUAwQB
VBFWMAwDBABUEVkDBAJUEVgDBABUEV0DBAK5drAwDQYJKoZIhvcNAQELBQADggEB
AGfPFnlHXf/fK23ETQx1fmLJD5yCs7JqSMd7LriTTSgv9BTzwsee1XMszg0DtmOr
GfpyNZjPUpjvde0w0VOzq2K9Lgp8kEoOE9GJvgdhk1hEi8SZXsFvKJO+5A7xrd48
Rb+itvX4fs1ekkTk0jYeHU/XnC0CRtsE5rKMlYpqh1wQdoSKLuumjra06Q9ZDHUc
4UCJ+7Nr6FqnWMqin9d9y/RoSBV0Ym8xc51W1MLv41AwhGBwV8IvQ/kf/S7El7p9
RfkVy7BsEmDzpNrEHgTsvEIpf/XyzwkSjWkt7aqZwBqLLZvOX9aYV46i9Ykg5C/G
hxECE4QbybVHs8QFzzcVvLs=
-----END CERTIFICATE-----