Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/Zd2TIy3J3EGY8gRTx2VctwWafNA.roa
File:                     Zd2TIy3J3EGY8gRTx2VctwWafNA.roa (raw, json)
Hash identifier:          jSPU+Ktlv17KDLnxr4WS4KGPoqym5KTNrXt7UU3beYs=
Subject key identifier:   65:DD:93:23:2D:C9:DC:41:98:F2:04:53:C7:65:5C:B7:05:9A:7C:D0
Certificate issuer:       /CN=01626ffd800eafa336bdf343141f03f7c393c364
Certificate serial:       0195D7BA0F1B845B6B535F7DCC868DC985BD
Authority key identifier: 01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/Zd2TIy3J3EGY8gRTx2VctwWafNA.roa
Signing time:             Thu 27 Mar 2025 13:10:49 +0000
ROA not before:           Thu 27 Mar 2025 13:10:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3573
IP address blocks:        2a02:ee80:404a::/47 maxlen: 47
                          2a02:ee80:404a::/48 maxlen: 48
                          2a02:ee80:404b::/48 maxlen: 48
                          2a02:ee80:4066::/47 maxlen: 47
                          2a02:ee80:4066::/48 maxlen: 48
                          2a02:ee80:4067::/48 maxlen: 48
                          2a02:ee80:415c::/47 maxlen: 47
                          2a02:ee80:4170::/47 maxlen: 47
                          2a02:ee80:4170::/48 maxlen: 48
                          2a02:ee80:4171::/48 maxlen: 48
                          2a02:ee80:41a8::/47 maxlen: 47
                          2a02:ee80:4354::/47 maxlen: 47
                          2a02:ee80:4354::/48 maxlen: 48
                          2a02:ee80:4355::/48 maxlen: 48
                          2a02:ee80:437e::/47 maxlen: 47
                          2a02:ee80:437e::/48 maxlen: 48
                          2a02:ee80:437f::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d7:ba:0f:1b:84:5b:6b:53:5f:7d:cc:86:8d:c9:85:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01626ffd800eafa336bdf343141f03f7c393c364
        Validity
            Not Before: Mar 27 13:10:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65dd93232dc9dc4198f20453c7655cb7059a7cd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:c8:d7:ad:51:00:9e:23:07:33:31:79:d7:24:
                    9f:9d:94:6d:69:f3:4e:42:d5:84:9b:e4:6d:a6:b0:
                    50:6c:80:73:fb:43:e6:da:9d:69:ff:90:35:82:02:
                    52:92:16:3f:72:d9:9a:4c:c6:9d:52:58:3e:bb:aa:
                    07:62:2b:f0:ea:d6:0f:b9:b0:9c:c9:da:30:c3:1f:
                    05:8d:10:7f:e0:87:40:64:95:35:6b:06:67:3b:17:
                    8f:a9:86:f0:4e:15:f9:c8:1e:d2:0d:ff:33:3c:51:
                    49:2a:d5:1a:25:16:37:b1:3b:63:e6:b7:c4:a9:33:
                    5d:ba:13:e4:67:bd:ac:51:ae:c5:44:69:1c:ff:1a:
                    69:dc:74:e7:02:ef:4c:23:2f:f0:e6:d4:85:27:9c:
                    f8:95:e9:9b:69:f0:93:f8:1d:e0:36:d0:2e:dc:df:
                    e3:b4:b9:9c:42:e0:cd:34:9e:69:e1:dc:35:ba:19:
                    58:29:e3:10:d6:3f:ba:84:78:cc:8d:79:6e:19:01:
                    9c:18:62:83:9f:69:55:ee:76:50:93:ef:e6:8f:ff:
                    d0:18:a1:f9:46:8d:b1:58:78:12:e9:1f:cb:f8:bc:
                    c4:f7:0c:ca:56:31:94:f3:00:bc:d1:7b:68:bd:e3:
                    c4:1a:64:57:bb:cf:2e:6b:8d:30:ca:8e:c0:b2:85:
                    21:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:DD:93:23:2D:C9:DC:41:98:F2:04:53:C7:65:5C:B7:05:9A:7C:D0
            X509v3 Authority Key Identifier:
                keyid:01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/Zd2TIy3J3EGY8gRTx2VctwWafNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:ee80:404a::/47
                  2a02:ee80:4066::/47
                  2a02:ee80:415c::/47
                  2a02:ee80:4170::/47
                  2a02:ee80:41a8::/47
                  2a02:ee80:4354::/47
                  2a02:ee80:437e::/47

    Signature Algorithm: sha256WithRSAEncryption
         b6:b7:c9:91:bf:e2:16:ad:63:59:2e:65:53:71:d6:94:a2:4c:
         b6:65:eb:36:4b:2b:98:4d:4f:d0:d0:da:f8:7f:10:f5:75:2c:
         82:d0:9b:91:a0:33:15:92:13:30:40:fc:cd:54:b8:eb:28:a8:
         27:23:a0:d7:0d:7a:45:ff:69:2b:86:87:f9:d5:e0:1e:67:d2:
         c4:cd:7e:82:75:f9:1f:6d:5c:83:70:99:0a:17:b2:49:af:42:
         cb:77:2c:24:56:1a:30:38:08:54:60:f1:4a:a0:f4:eb:a8:69:
         11:ab:53:ea:3d:b3:f0:7b:c8:52:c3:53:71:3e:6a:b9:fe:96:
         f4:65:4a:b1:70:f4:0e:4e:57:d0:1d:06:27:39:da:ac:ca:c1:
         4c:0d:37:a3:76:e1:17:96:f7:f3:dc:63:c2:83:9f:f8:f3:28:
         ee:4d:17:40:b1:99:ad:b9:0c:51:66:28:a7:95:e8:53:2e:a0:
         d0:54:bb:50:6b:d2:36:e7:8a:06:9d:7c:d1:58:61:38:48:79:
         8e:6c:ec:d5:5a:f5:d6:bf:c3:e5:fc:2f:c4:92:ba:ff:c0:21:
         b7:9f:42:92:fd:cd:57:88:e4:12:e6:1d:cb:86:38:69:6b:3a:
         e3:62:d8:ed:ef:5c:fc:2a:6a:c6:3c:71:81:35:f0:2e:42:42:
         b7:31:44:2e
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZXXug8bhFtrU199zIaNyYW9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNjI2ZmZkODAwZWFmYTMzNmJkZjM0MzE0MWYwM2Y3YzM5
M2MzNjQwHhcNMjUwMzI3MTMxMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWRkOTMyMzJkYzlkYzQxOThmMjA0NTNjNzY1NWNiNzA1OWE3Y2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA38jXrVEAniMHMzF51ySfnZRtafNO
QtWEm+RtprBQbIBz+0Pm2p1p/5A1ggJSkhY/ctmaTMadUlg+u6oHYivw6tYPubCc
ydowwx8FjRB/4IdAZJU1awZnOxePqYbwThX5yB7SDf8zPFFJKtUaJRY3sTtj5rfE
qTNduhPkZ72sUa7FRGkc/xpp3HTnAu9MIy/w5tSFJ5z4lembafCT+B3gNtAu3N/j
tLmcQuDNNJ5p4dw1uhlYKeMQ1j+6hHjMjXluGQGcGGKDn2lV7nZQk+/mj//QGKH5
Ro2xWHgS6R/L+LzE9wzKVjGU8wC80XtovePEGmRXu88ua40wyo7AsoUhIwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFGXdkyMtydxBmPIEU8dlXLcFmnzQMB8GA1UdIwQY
MBaAFAFib/2ADq+jNr3zQxQfA/fDk8NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODct
MWY0YmVhMjNlNGM3LzEvWmQyVEl5M0ozRUdZOGdSVHgyVmN0d1dhZk5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODctMWY0YmVhMjNlNGM3
LzEvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAAjA/AwcBKgLugEBK
AwcBKgLugEBmAwcBKgLugEFcAwcBKgLugEFwAwcBKgLugEGoAwcBKgLugENUAwcB
KgLugEN+MA0GCSqGSIb3DQEBCwUAA4IBAQC2t8mRv+IWrWNZLmVTcdaUoky2Zes2
SyuYTU/Q0Nr4fxD1dSyC0JuRoDMVkhMwQPzNVLjrKKgnI6DXDXpF/2krhof51eAe
Z9LEzX6CdfkfbVyDcJkKF7JJr0LLdywkVhowOAhUYPFKoPTrqGkRq1PqPbPwe8hS
w1NxPmq5/pb0ZUqxcPQOTlfQHQYnOdqsysFMDTejduEXlvfz3GPCg5/48yjuTRdA
sZmtuQxRZiinlehTLqDQVLtQa9I254oGnXzRWGE4SHmObOzVWvXWv8Pl/C/Ekrr/
wCG3n0KS/c1XiOQS5h3LhjhpazrjYtjt71z8KmrGPHGBNfAuQkK3MUQu
-----END CERTIFICATE-----