Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/RWIbFRB6OssQFBkpAK2MtrCi0FM.roa
File:                     RWIbFRB6OssQFBkpAK2MtrCi0FM.roa (raw, json)
Hash identifier:          nT1SC5DGI4TQW8LK80pUtj2hDV3XZcZ1+yuVdwD15CE=
Subject key identifier:   45:62:1B:15:10:7A:3A:CB:10:14:19:29:00:AD:8C:B6:B0:A2:D0:53
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       0194258F99B615DC27D116E2AFB6DAE430AC
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/RWIbFRB6OssQFBkpAK2MtrCi0FM.roa
Signing time:             Thu 02 Jan 2025 05:49:15 +0000
ROA not before:           Thu 02 Jan 2025 05:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58061
IP address blocks:        2.58.99.0/24 maxlen: 24
                          91.240.33.0/24 maxlen: 24
                          109.196.104.0/24 maxlen: 24
                          109.196.106.0/24 maxlen: 24
                          109.196.107.0/24 maxlen: 24
                          109.196.108.0/24 maxlen: 24
                          109.196.109.0/24 maxlen: 24
                          109.196.111.0/24 maxlen: 24
                          176.101.56.0/24 maxlen: 24
                          176.101.57.0/24 maxlen: 24
                          176.101.58.0/24 maxlen: 24
                          176.101.59.0/24 maxlen: 24
                          176.101.60.0/24 maxlen: 24
                          176.101.61.0/24 maxlen: 24
                          176.101.62.0/24 maxlen: 24
                          176.101.63.0/24 maxlen: 24
                          213.109.109.0/24 maxlen: 24
                          213.109.110.0/24 maxlen: 24
                          213.109.111.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:99:b6:15:dc:27:d1:16:e2:af:b6:da:e4:30:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 05:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45621b15107a3acb1014192900ad8cb6b0a2d053
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:94:36:c2:ca:ef:1c:26:25:e2:43:c9:65:0b:
                    39:9a:37:1d:f6:c4:3d:bb:2d:dc:79:c9:f4:7d:c0:
                    1f:77:19:b1:2a:15:b0:bc:2b:df:f2:6a:bf:5e:98:
                    d7:40:14:1f:a5:30:07:33:96:16:34:05:bd:25:0c:
                    4a:17:f4:46:3c:6a:ec:b7:a9:e2:8b:a1:04:49:db:
                    86:dd:f7:4e:d0:d4:40:9e:c7:ab:ed:3d:a4:3a:9d:
                    6b:cf:ca:e9:b7:94:14:9c:62:fb:9f:b8:03:e9:bf:
                    8a:ff:fd:33:95:b1:c2:5c:aa:36:f3:3b:bc:42:cb:
                    ee:11:4d:f2:da:f6:fc:8f:1f:c1:44:64:87:55:33:
                    14:8b:da:12:03:ff:09:8b:d2:1b:79:ea:fc:c8:83:
                    b0:af:9b:43:d9:db:b1:52:e0:15:c6:a1:b8:36:b3:
                    54:23:51:36:23:b0:33:7f:f3:fc:f6:5d:21:57:e5:
                    cc:dc:ed:f6:81:16:e9:8e:b8:d4:bb:ab:6a:73:57:
                    d9:26:7a:02:4e:30:2b:69:4f:6b:11:d0:4c:09:9a:
                    c1:ef:ab:6f:3b:12:a2:1e:79:0f:fe:01:1c:38:7e:
                    e8:ef:47:7b:fa:14:4f:44:ba:a1:5e:de:78:12:27:
                    22:82:54:dc:5e:f4:bd:ac:fc:e3:b2:9f:20:a4:4f:
                    84:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:62:1B:15:10:7A:3A:CB:10:14:19:29:00:AD:8C:B6:B0:A2:D0:53
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/RWIbFRB6OssQFBkpAK2MtrCi0FM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.99.0/24
                  91.240.33.0/24
                  109.196.104.0/24
                  109.196.106.0-109.196.109.255
                  109.196.111.0/24
                  176.101.56.0/21
                  213.109.109.0-213.109.111.255

    Signature Algorithm: sha256WithRSAEncryption
         69:ec:33:2b:d6:8e:ad:a4:4a:19:a3:3d:af:40:5e:c2:4f:b4:
         37:1f:96:27:39:fb:25:8a:e0:f0:4f:8a:ed:73:17:31:6a:b3:
         ca:2a:df:b2:b8:1e:f3:99:59:47:f0:68:03:79:9b:54:ec:ea:
         d3:67:07:78:0b:e0:3f:00:60:5b:c2:92:1b:09:f5:a0:ed:b9:
         23:4e:84:d8:51:5d:13:c7:f9:0a:65:fc:c7:ad:bf:de:ee:86:
         38:58:47:4d:4c:08:18:47:e8:a3:30:83:ef:1e:63:4b:27:6b:
         df:85:3e:a7:fc:67:eb:e3:9b:19:a2:b6:31:a8:8d:dd:b7:9c:
         e6:b3:b9:3c:52:25:25:9a:cd:ea:d8:e3:04:8c:15:28:ab:e0:
         f4:7c:13:f3:82:c6:16:03:62:32:cb:51:cd:6b:84:07:f4:1f:
         95:96:c2:ac:16:42:97:32:60:f1:f5:41:36:21:52:37:d0:49:
         d4:67:96:27:2b:6e:b6:3b:c1:55:dc:0b:ad:2a:9a:80:b3:d7:
         71:d8:f6:26:bb:ad:17:9f:5b:e3:4b:00:a1:52:39:f0:af:75:
         1f:d2:0c:d9:41:ef:1d:ef:ba:6f:87:0f:68:6c:45:2c:f7:d1:
         b4:5a:88:82:88:57:6c:4c:98:5f:f8:f7:c0:30:41:76:ef:98:
         a6:90:99:42
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZQlj5m2Fdwn0Rbir7ba5DCsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwMTAyMDU0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTYyMWIxNTEwN2EzYWNiMTAxNDE5MjkwMGFkOGNiNmIwYTJkMDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8JQ2wsrvHCYl4kPJZQs5mjcd9sQ9
uy3cecn0fcAfdxmxKhWwvCvf8mq/XpjXQBQfpTAHM5YWNAW9JQxKF/RGPGrst6ni
i6EESduG3fdO0NRAnser7T2kOp1rz8rpt5QUnGL7n7gD6b+K//0zlbHCXKo28zu8
QsvuEU3y2vb8jx/BRGSHVTMUi9oSA/8Ji9Ibeer8yIOwr5tD2duxUuAVxqG4NrNU
I1E2I7Azf/P89l0hV+XM3O32gRbpjrjUu6tqc1fZJnoCTjAraU9rEdBMCZrB76tv
OxKiHnkP/gEcOH7o70d7+hRPRLqhXt54EiciglTcXvS9rPzjsp8gpE+EcwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFEViGxUQejrLEBQZKQCtjLawotBTMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvUldJYkZSQjZPc3NRRkJrcEFLMk10ckNpMEZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQAAjpjAwQA
W/AhAwQAbcRoMAwDBAFtxGoDBAFtxGwDBABtxG8DBAOwZTgwDAMEANVtbQMEBNVt
YDANBgkqhkiG9w0BAQsFAAOCAQEAaewzK9aOraRKGaM9r0Bewk+0Nx+WJzn7JYrg
8E+K7XMXMWqzyirfsrge85lZR/BoA3mbVOzq02cHeAvgPwBgW8KSGwn1oO25I06E
2FFdE8f5CmX8x62/3u6GOFhHTUwIGEfoozCD7x5jSydr34U+p/xn6+ObGaK2MaiN
3bec5rO5PFIlJZrN6tjjBIwVKKvg9HwT84LGFgNiMstRzWuEB/QflZbCrBZClzJg
8fVBNiFSN9BJ1GeWJytutjvBVdwLrSqagLPXcdj2JrutF59b40sAoVI58K91H9IM
2UHvHe+6b4cPaGxFLPfRtFqIgohXbEyYX/j3wDBBdu+YppCZQg==
-----END CERTIFICATE-----