Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/IfyTxXArbgCSA62FeIomLZmRT98.roa
File:                     IfyTxXArbgCSA62FeIomLZmRT98.roa (raw, json)
Hash identifier:          jZqcQzLhww658CuWrBEXMcpPTSASFdLNQt5gHg+35ac=
Subject key identifier:   21:FC:93:C5:70:2B:6E:00:92:03:AD:85:78:8A:26:2D:99:91:4F:DF
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       0193D3ADCE9D75EC882EB614A1DD66F60DB3
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/IfyTxXArbgCSA62FeIomLZmRT98.roa
Signing time:             Tue 17 Dec 2024 08:13:23 +0000
ROA not before:           Tue 17 Dec 2024 08:13:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5411
IP address blocks:        192.36.44.0/23 maxlen: 24
                          192.71.132.0/23 maxlen: 24
                          192.71.134.0/23 maxlen: 24
                          192.71.178.0/23 maxlen: 24
                          192.121.79.0/24 maxlen: 24
                          192.165.117.0/24 maxlen: 24
                          192.165.118.0/24 maxlen: 24
                          192.176.131.0/24 maxlen: 24
                          192.176.132.0/23 maxlen: 24
                          192.176.148.0/23 maxlen: 24
                          192.176.162.0/23 maxlen: 24
                          194.14.63.0/24 maxlen: 24
                          194.14.66.0/23 maxlen: 24
                          194.14.70.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:d3:ad:ce:9d:75:ec:88:2e:b6:14:a1:dd:66:f6:0d:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Dec 17 08:13:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21fc93c5702b6e009203ad85788a262d99914fdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:05:e9:7a:81:f6:c7:76:c7:ad:f6:a5:3e:fa:
                    14:37:86:84:f2:0c:f4:5c:5e:c6:70:31:8f:9a:b8:
                    2b:8c:80:05:81:49:e8:aa:c1:6a:04:47:5c:30:ae:
                    ef:bf:3e:a2:68:3f:01:36:b0:0a:09:6d:3c:6b:f4:
                    7c:22:35:c0:d6:90:2e:24:86:f1:cd:57:2c:16:91:
                    8b:05:a5:1b:5d:fa:41:63:80:b8:e0:42:42:f7:e5:
                    a8:6f:d9:87:9e:5a:14:63:68:42:df:23:a1:82:de:
                    97:68:98:8e:a6:42:c5:91:4e:d2:92:e3:90:c9:b7:
                    27:53:c3:b2:1e:24:00:60:eb:2d:78:c6:6f:17:0c:
                    6b:4c:9d:4c:fd:d4:71:a2:4f:c3:77:8e:77:cf:e4:
                    68:ac:c7:74:4b:a6:7b:43:82:51:6d:df:81:74:cb:
                    71:25:b6:23:a7:3c:e7:58:95:51:48:95:a8:7c:26:
                    7b:80:e0:ee:84:8f:f6:ce:ee:b6:76:e3:c1:94:44:
                    9b:07:f5:68:91:36:50:a4:22:a8:93:c8:83:96:73:
                    68:34:e2:5d:1c:c5:1b:58:9f:47:1e:7f:77:0c:a1:
                    04:c6:c9:22:47:b5:99:57:da:77:18:44:58:44:b3:
                    27:10:78:c3:38:da:44:34:8b:9f:d0:95:78:ce:73:
                    1b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:FC:93:C5:70:2B:6E:00:92:03:AD:85:78:8A:26:2D:99:91:4F:DF
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/IfyTxXArbgCSA62FeIomLZmRT98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.36.44.0/23
                  192.71.132.0/22
                  192.71.178.0/23
                  192.121.79.0/24
                  192.165.117.0-192.165.118.255
                  192.176.131.0-192.176.133.255
                  192.176.148.0/23
                  192.176.162.0/23
                  194.14.63.0/24
                  194.14.66.0/23
                  194.14.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:08:0b:7c:56:61:2a:e5:7d:3f:62:b8:2e:b7:68:18:15:e3:
         b9:1f:28:37:3e:ab:94:cb:16:ba:f8:0c:15:4f:6b:dc:e8:5b:
         57:24:50:5c:68:4c:22:49:3c:79:0e:38:cb:03:43:32:e3:a1:
         75:a0:8b:59:73:89:dd:e3:72:de:b0:2b:c2:b4:ff:6a:6d:e3:
         a8:a9:29:f6:bb:cf:2d:e9:0a:ca:a7:e7:69:13:d5:38:fc:48:
         39:d8:fb:c4:48:57:88:1c:ff:e4:e5:2c:20:cc:d2:59:96:93:
         3a:f1:e5:6a:58:bb:8a:a9:8a:db:c6:f3:5e:cd:4c:21:65:19:
         06:50:87:3d:f3:94:1d:3d:ff:ce:de:ed:60:dc:8d:d2:07:b3:
         a9:0e:bc:10:26:f4:3d:47:6e:f1:df:74:1b:f0:ca:fd:96:ee:
         8f:ec:d5:02:d4:de:27:30:9f:3e:4b:d4:8c:68:6d:23:e3:78:
         ec:f2:62:e6:55:65:fe:1f:98:cc:20:59:4c:bf:76:a2:bd:51:
         d8:50:df:b1:52:60:df:a1:fc:20:61:c4:7a:51:db:1c:0e:fb:
         95:ac:fc:30:69:6c:23:b9:ef:37:cc:a2:36:d6:aa:a9:0f:ba:
         d9:72:44:13:bf:cb:83:13:80:c4:1c:0a:fc:19:56:ce:20:92:
         bd:c1:a7:6b
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAZPTrc6ddeyILrYUod1m9g2zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQxMjE3MDgxMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWZjOTNjNTcwMmI2ZTAwOTIwM2FkODU3ODhhMjYyZDk5OTE0ZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQXpeoH2x3bHrfalPvoUN4aE8gz0
XF7GcDGPmrgrjIAFgUnoqsFqBEdcMK7vvz6iaD8BNrAKCW08a/R8IjXA1pAuJIbx
zVcsFpGLBaUbXfpBY4C44EJC9+Wob9mHnloUY2hC3yOhgt6XaJiOpkLFkU7SkuOQ
ybcnU8OyHiQAYOsteMZvFwxrTJ1M/dRxok/Dd453z+RorMd0S6Z7Q4JRbd+BdMtx
JbYjpzznWJVRSJWofCZ7gODuhI/2zu62duPBlESbB/VokTZQpCKok8iDlnNoNOJd
HMUbWJ9HHn93DKEExskiR7WZV9p3GERYRLMnEHjDONpENIuf0JV4znMbyQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFCH8k8VwK24AkgOthXiKJi2ZkU/fMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvSWZ5VHhYQXJiZ0NTQTYyRmVJb21MWm1SVDk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQBwCQsAwQC
wEeEAwQBwEeyAwQAwHlPMAwDBADApXUDBADApXYwDAMEAMCwgwMEAcCwhAMEAcCw
lAMEAcCwogMEAMIOPwMEAcIOQgMEAcIORjANBgkqhkiG9w0BAQsFAAOCAQEABggL
fFZhKuV9P2K4LrdoGBXjuR8oNz6rlMsWuvgMFU9r3OhbVyRQXGhMIkk8eQ44ywND
MuOhdaCLWXOJ3eNy3rArwrT/am3jqKkp9rvPLekKyqfnaRPVOPxIOdj7xEhXiBz/
5OUsIMzSWZaTOvHlali7iqmK28bzXs1MIWUZBlCHPfOUHT3/zt7tYNyN0gezqQ68
ECb0PUdu8d90G/DK/Zbuj+zVAtTeJzCfPkvUjGhtI+N47PJi5lVl/h+YzCBZTL92
or1R2FDfsVJg36H8IGHEelHbHA77laz8MGlsI7nvN8yiNtaqqQ+62XJEE7/LgxOA
xBwK/BlWziCSvcGnaw==
-----END CERTIFICATE-----