Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/t292OmKp-GnX0MyFpL72FnDc9MA.roa
File:                     t292OmKp-GnX0MyFpL72FnDc9MA.roa (raw, json)
Hash identifier:          uIDL5vQGM8ia+mjLC9CmEE4toRqUWbIawZ8YzQbIFpY=
Subject key identifier:   B7:6F:76:3A:62:A9:F8:69:D7:D0:CC:85:A4:BE:F6:16:70:DC:F4:C0
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       019421B21DA135511846E39F130C0D92F088
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/t292OmKp-GnX0MyFpL72FnDc9MA.roa
Signing time:             Wed 01 Jan 2025 11:48:28 +0000
ROA not before:           Wed 01 Jan 2025 11:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42926
IP address blocks:        84.17.64.0/24 maxlen: 24
                          84.17.66.0/24 maxlen: 24
                          84.17.77.0/24 maxlen: 24
                          84.17.80.0/24 maxlen: 24
                          84.17.81.0/24 maxlen: 24
                          84.17.82.0/24 maxlen: 24
                          84.17.85.0/24 maxlen: 24
                          84.17.92.0/24 maxlen: 24
                          84.17.94.0/24 maxlen: 24
                          193.254.252.0/24 maxlen: 24
                          193.254.253.0/24 maxlen: 24
                          195.128.32.0/24 maxlen: 24
                          195.128.33.0/24 maxlen: 24
                          195.128.34.0/24 maxlen: 24
                          195.128.36.0/24 maxlen: 24
                          195.128.38.0/24 maxlen: 24
                          195.128.39.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:1d:a1:35:51:18:46:e3:9f:13:0c:0d:92:f0:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Jan  1 11:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b76f763a62a9f869d7d0cc85a4bef61670dcf4c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:79:62:98:cb:20:aa:5f:fc:42:4d:3a:cb:c3:
                    f7:dc:ac:3b:79:a8:79:75:17:ea:ba:f3:15:14:8e:
                    d6:0d:09:43:ee:8b:83:4a:b2:92:08:cc:c0:e5:26:
                    5e:13:ac:fa:a3:7d:8a:2e:a9:ee:ed:cc:49:a5:5d:
                    dc:40:20:97:35:01:c2:5c:22:ca:8c:69:37:e2:84:
                    b3:19:1c:f9:d6:4f:ee:db:0c:f6:31:7d:2a:03:2e:
                    a2:42:74:1d:08:8d:47:df:92:09:f7:f1:c6:c6:8d:
                    9a:d9:24:47:b2:9e:d9:a6:ba:f3:59:93:bf:e5:f8:
                    b4:0e:4b:50:7f:53:db:d2:6a:41:10:1d:fd:6e:ca:
                    26:6a:02:6f:69:2c:e0:1e:7e:00:87:29:0f:0a:58:
                    ae:fe:d4:70:3c:09:9b:18:04:51:61:50:2c:a2:2e:
                    bc:da:5d:2a:fe:d7:c9:5b:b3:7d:c8:0d:22:84:4c:
                    3f:85:16:fa:14:1f:40:8d:e9:71:e4:6d:0a:43:4e:
                    da:2a:2c:cd:54:34:60:db:e4:c1:31:d5:02:5f:c9:
                    d2:0f:6f:57:a1:24:0a:3f:99:6d:1b:b2:85:47:f2:
                    52:26:22:e9:27:55:fc:42:74:15:a9:50:19:2d:57:
                    4a:b2:93:68:dd:3e:50:fc:5c:89:f6:9b:49:29:1c:
                    70:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:6F:76:3A:62:A9:F8:69:D7:D0:CC:85:A4:BE:F6:16:70:DC:F4:C0
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/t292OmKp-GnX0MyFpL72FnDc9MA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.64.0/24
                  84.17.66.0/24
                  84.17.77.0/24
                  84.17.80.0-84.17.82.255
                  84.17.85.0/24
                  84.17.92.0/24
                  84.17.94.0/24
                  193.254.252.0/23
                  195.128.32.0-195.128.34.255
                  195.128.36.0/24
                  195.128.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:85:7a:60:b3:96:1e:7d:e9:2a:93:68:11:ca:99:c9:a6:c8:
         10:69:50:9e:b0:6c:e7:bd:13:8b:4e:b0:86:a0:79:bb:0c:ed:
         e4:7f:4a:1d:20:32:8c:29:4f:0a:a2:80:b7:9b:e1:72:63:7e:
         d3:d8:80:8f:06:2c:62:c4:5f:31:e5:6e:42:29:fc:2c:84:aa:
         c2:01:4c:8b:6c:f6:05:c2:6f:ed:46:6f:76:71:ed:dc:28:23:
         17:60:dc:51:f4:11:05:9e:c4:74:c6:5b:f1:48:93:bf:94:3b:
         ae:e7:c8:43:84:71:0e:05:1f:21:cd:fd:b7:0b:da:b9:98:e0:
         0d:86:1f:b1:80:9f:01:c8:c5:d0:e1:54:93:6b:dd:25:4f:d9:
         3a:f6:e3:6c:78:e5:2c:9b:da:14:dc:57:eb:4a:70:49:0d:4b:
         c7:7e:fb:0c:f4:c2:9d:34:50:0e:04:42:90:bb:56:57:cd:d8:
         3b:ac:b0:dd:4b:f1:eb:c4:2f:ab:60:d9:4e:9f:4f:07:c5:23:
         f6:23:41:29:93:c7:1d:19:2e:f1:6c:53:e9:31:7c:8a:9a:08:
         46:69:2b:09:68:1a:f8:22:4d:ae:a6:fa:07:84:07:c3:7a:bb:
         33:3e:f5:5d:0d:98:66:63:d7:fb:60:cf:8b:92:37:74:76:a7:
         ac:6a:93:d6
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAZQhsh2hNVEYRuOfEwwNkvCIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2Mjk1MGViNzkxNjY2OGJiZmE4ZDFiODcwNTYwYjFj
YTc3MzkwHhcNMjUwMTAxMTE0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzZmNzYzYTYyYTlmODY5ZDdkMGNjODVhNGJlZjYxNjcwZGNmNGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3HlimMsgql/8Qk06y8P33Kw7eah5
dRfquvMVFI7WDQlD7ouDSrKSCMzA5SZeE6z6o32KLqnu7cxJpV3cQCCXNQHCXCLK
jGk34oSzGRz51k/u2wz2MX0qAy6iQnQdCI1H35IJ9/HGxo2a2SRHsp7ZprrzWZO/
5fi0DktQf1Pb0mpBEB39bsomagJvaSzgHn4AhykPCliu/tRwPAmbGARRYVAsoi68
2l0q/tfJW7N9yA0ihEw/hRb6FB9Ajelx5G0KQ07aKizNVDRg2+TBMdUCX8nSD29X
oSQKP5ltG7KFR/JSJiLpJ1X8QnQVqVAZLVdKspNo3T5Q/FyJ9ptJKRxwKwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFLdvdjpiqfhp19DMhaS+9hZw3PTAMB8GA1UdIwQY
MBaAFPS3YpUOt5FmaLv6jRuHBWCxync5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAt
MmY4ZGYxODdmOThiLzEvdDI5Mk9tS3AtR25YME15RnBMNzJGbkRjOU1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAtMmY4ZGYxODdmOThi
LzEvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQAVBFAAwQA
VBFCAwQAVBFNMAwDBARUEVADBABUEVIDBABUEVUDBABUEVwDBABUEV4DBAHB/vww
DAMEBcOAIAMEAMOAIgMEAMOAJAMEAcOAJjANBgkqhkiG9w0BAQsFAAOCAQEAJIV6
YLOWHn3pKpNoEcqZyabIEGlQnrBs570Ti06whqB5uwzt5H9KHSAyjClPCqKAt5vh
cmN+09iAjwYsYsRfMeVuQin8LISqwgFMi2z2BcJv7UZvdnHt3CgjF2DcUfQRBZ7E
dMZb8UiTv5Q7rufIQ4RxDgUfIc39twvauZjgDYYfsYCfAcjF0OFUk2vdJU/ZOvbj
bHjlLJvaFNxX60pwSQ1Lx377DPTCnTRQDgRCkLtWV83YO6yw3Uvx68Qvq2DZTp9P
B8Uj9iNBKZPHHRku8WxT6TF8ipoIRmkrCWga+CJNrqb6B4QHw3q7Mz71XQ2YZmPX
+2DPi5I3dHanrGqT1g==
-----END CERTIFICATE-----