Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/5b0cd9-e279-46aa-81da-1bb17a8b26fe/1/Rowc--7buNg_Ew_zrmynFHimxmQ.roa
File:                     Rowc--7buNg_Ew_zrmynFHimxmQ.roa (raw, json)
Hash identifier:          tRqjTRWW7K8WV4ruLRwNapxECkPe5ofBmkCYh5TfGtI=
Subject key identifier:   46:8C:1C:FB:EE:DB:B8:D8:3F:13:0F:F3:AE:6C:A7:14:78:A6:C6:64
Certificate issuer:       /CN=f5c371f3a34abf1957d1895df8063f4d6207ec02
Certificate serial:       019427487B8C21874268BDB7903218A5ABF1
Authority key identifier: F5:C3:71:F3:A3:4A:BF:19:57:D1:89:5D:F8:06:3F:4D:62:07:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9cNx86NKvxlX0Yld-AY_TWIH7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/5b0cd9-e279-46aa-81da-1bb17a8b26fe/1/Rowc--7buNg_Ew_zrmynFHimxmQ.roa
Signing time:             Thu 02 Jan 2025 13:50:49 +0000
ROA not before:           Thu 02 Jan 2025 13:50:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202468
IP address blocks:        37.32.0.0/19 maxlen: 24
                          37.152.176.0/20 maxlen: 24
                          94.101.176.0/20 maxlen: 24
                          185.97.116.0/22 maxlen: 24
                          185.143.232.0/22 maxlen: 24
                          185.206.92.0/22 maxlen: 24
                          185.220.224.0/22 maxlen: 24
                          185.226.116.0/22 maxlen: 24
                          185.228.236.0/22 maxlen: 24
                          185.231.180.0/22 maxlen: 24
                          185.239.104.0/22 maxlen: 24
                          188.121.96.0/19 maxlen: 24
                          193.176.240.0/22 maxlen: 24
                          2a07:3900::/29 maxlen: 48
                          2a0c:a7c0::/29 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:7b:8c:21:87:42:68:bd:b7:90:32:18:a5:ab:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5c371f3a34abf1957d1895df8063f4d6207ec02
        Validity
            Not Before: Jan  2 13:50:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=468c1cfbeedbb8d83f130ff3ae6ca71478a6c664
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:72:0b:10:d6:93:0c:75:60:54:2d:ff:4e:95:
                    f2:62:e0:82:07:1f:cd:cc:7f:bf:79:49:4f:7e:2c:
                    c6:ae:9e:b4:ed:10:3f:44:86:cb:36:bd:76:8b:f0:
                    0e:82:62:db:a8:17:5b:5c:b4:33:65:24:76:50:5e:
                    ec:2f:ad:04:66:4b:48:d9:a0:a2:8e:a5:1c:c2:8f:
                    15:f4:71:66:4f:e4:db:8a:88:4d:4d:a7:97:be:e8:
                    48:64:91:2f:9f:1e:89:75:a7:95:e4:31:e9:99:9a:
                    fa:22:51:76:d9:7e:89:af:6a:76:f8:fe:11:1b:73:
                    17:47:d5:72:ed:74:da:52:c1:66:d9:14:1b:c4:30:
                    57:64:16:47:78:33:41:e8:bd:93:67:bb:60:c3:91:
                    c0:a4:a5:73:34:ef:4a:e9:f3:1e:a6:23:52:57:d9:
                    df:9f:97:01:39:19:bd:6b:15:ed:b6:b6:a1:8d:a1:
                    98:69:7d:d6:74:b4:71:c6:95:0e:75:d8:9f:b0:60:
                    53:14:be:45:13:6d:0a:58:c6:c3:99:43:14:71:c2:
                    43:56:2f:d0:8c:e1:ee:eb:c0:c7:e6:b9:7a:df:32:
                    7f:1f:cd:cc:ca:be:a2:94:f8:70:4f:a2:4c:c1:5e:
                    85:8b:12:fe:c4:6b:e2:14:8f:72:cc:4e:2b:6a:ca:
                    96:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:8C:1C:FB:EE:DB:B8:D8:3F:13:0F:F3:AE:6C:A7:14:78:A6:C6:64
            X509v3 Authority Key Identifier:
                keyid:F5:C3:71:F3:A3:4A:BF:19:57:D1:89:5D:F8:06:3F:4D:62:07:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9cNx86NKvxlX0Yld-AY_TWIH7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/5b0cd9-e279-46aa-81da-1bb17a8b26fe/1/Rowc--7buNg_Ew_zrmynFHimxmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/5b0cd9-e279-46aa-81da-1bb17a8b26fe/1/9cNx86NKvxlX0Yld-AY_TWIH7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.0.0/19
                  37.152.176.0/20
                  94.101.176.0/20
                  185.97.116.0/22
                  185.143.232.0/22
                  185.206.92.0/22
                  185.220.224.0/22
                  185.226.116.0/22
                  185.228.236.0/22
                  185.231.180.0/22
                  185.239.104.0/22
                  188.121.96.0/19
                  193.176.240.0/22
                IPv6:
                  2a07:3900::/29
                  2a0c:a7c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         84:e9:6e:9c:5e:1f:04:7e:a4:8c:d0:04:64:1b:04:19:1c:8a:
         64:ed:45:92:f8:15:30:e6:5e:c6:f9:6e:c7:c7:aa:87:2e:55:
         16:b5:0b:53:6a:d8:ca:d6:8b:12:56:e3:2d:c6:f0:da:de:c2:
         6e:66:73:d9:3c:86:8b:8b:46:ea:18:fa:63:c9:b4:cf:ba:10:
         b6:59:54:44:fb:db:2b:1c:5a:37:18:9d:1f:c8:96:c7:8f:ad:
         c6:18:d6:86:6b:28:70:5c:22:c3:37:81:ff:d9:5c:aa:c4:05:
         f1:f6:8d:ed:fb:89:55:24:fd:67:f1:90:60:15:33:a2:99:3d:
         ab:87:f6:b1:fc:f1:e1:21:35:f4:3f:47:71:c4:89:44:3f:a7:
         f8:98:7a:77:68:27:2f:64:ce:d4:e7:40:57:c4:4d:40:99:de:
         d2:f9:e6:76:d9:0f:7f:6b:c4:b9:f0:43:2c:19:14:37:a6:93:
         29:62:49:8e:f6:81:22:f3:76:7c:aa:b9:cf:9b:dc:14:e3:46:
         b3:8b:4b:6d:68:9e:a1:da:52:2f:ab:b5:b4:07:72:fd:33:6f:
         a2:c2:b5:0f:ec:d8:e4:c0:e3:b1:c7:c5:0d:f8:87:68:35:77:
         61:b8:ff:e2:cb:2c:f9:1e:a9:9e:3b:30:63:dd:8d:df:59:cf:
         72:58:c1:fe
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAZQnSHuMIYdCaL23kDIYpavxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1YzM3MWYzYTM0YWJmMTk1N2QxODk1ZGY4MDYzZjRkNjIw
N2VjMDIwHhcNMjUwMTAyMTM1MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjhjMWNmYmVlZGJiOGQ4M2YxMzBmZjNhZTZjYTcxNDc4YTZjNjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3ILENaTDHVgVC3/TpXyYuCCBx/N
zH+/eUlPfizGrp607RA/RIbLNr12i/AOgmLbqBdbXLQzZSR2UF7sL60EZktI2aCi
jqUcwo8V9HFmT+TbiohNTaeXvuhIZJEvnx6JdaeV5DHpmZr6IlF22X6Jr2p2+P4R
G3MXR9Vy7XTaUsFm2RQbxDBXZBZHeDNB6L2TZ7tgw5HApKVzNO9K6fMepiNSV9nf
n5cBORm9axXttrahjaGYaX3WdLRxxpUOddifsGBTFL5FE20KWMbDmUMUccJDVi/Q
jOHu68DH5rl63zJ/H83Myr6ilPhwT6JMwV6FixL+xGviFI9yzE4rasqWWQIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFEaMHPvu27jYPxMP865spxR4psZkMB8GA1UdIwQY
MBaAFPXDcfOjSr8ZV9GJXfgGP01iB+wCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWNOeDg2Tkt2eGxYMFlsZC1BWV9UV0lIN0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS81YjBjZDktZTI3OS00NmFhLTgxZGEt
MWJiMTdhOGIyNmZlLzEvUm93Yy0tN2J1TmdfRXdfenJteW5GSGlteG1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS81YjBjZDktZTI3OS00NmFhLTgxZGEtMWJiMTdhOGIyNmZl
LzEvOWNOeDg2Tkt2eGxYMFlsZC1BWV9UV0lIN0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBUBAIAATBOAwQFJSAAAwQE
JZiwAwQEXmWwAwQCuWF0AwQCuY/oAwQCuc5cAwQCudzgAwQCueJ0AwQCueTsAwQC
uee0AwQCue9oAwQFvHlgAwQCwbDwMBQEAgACMA4DBQMqBzkAAwUDKgynwDANBgkq
hkiG9w0BAQsFAAOCAQEAhOlunF4fBH6kjNAEZBsEGRyKZO1FkvgVMOZexvlux8eq
hy5VFrULU2rYytaLElbjLcbw2t7CbmZz2TyGi4tG6hj6Y8m0z7oQtllURPvbKxxa
NxidH8iWx4+txhjWhmsocFwiwzeB/9lcqsQF8faN7fuJVST9Z/GQYBUzopk9q4f2
sfzx4SE19D9HccSJRD+n+Jh6d2gnL2TO1OdAV8RNQJne0vnmdtkPf2vEufBDLBkU
N6aTKWJJjvaBIvN2fKq5z5vcFONGs4tLbWieodpSL6u1tAdy/TNvosK1D+zY5MDj
scfFDfiHaDV3Ybj/4sss+R6pnjswY92N31nPcljB/g==
-----END CERTIFICATE-----