Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/c6bcba-a996-4bb5-ba4a-a46153145cf8/1/hL-DXnMsqPz6nlhjJn7RS4zQddU.roa
File:                     hL-DXnMsqPz6nlhjJn7RS4zQddU.roa (raw, json)
Hash identifier:          PY6Hm3vuvoHo1j0KhJs+BA0EtLz3qhxo9ur8To6A/3U=
Subject key identifier:   84:BF:83:5E:73:2C:A8:FC:FA:9E:58:63:26:7E:D1:4B:8C:D0:75:D5
Certificate issuer:       /CN=f2beed4df207c3609adfded80dddd9316f0a9b45
Certificate serial:       01942444FE9AC35BE02F185D28B82F5A32D1
Authority key identifier: F2:BE:ED:4D:F2:07:C3:60:9A:DF:DE:D8:0D:DD:D9:31:6F:0A:9B:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8r7tTfIHw2Ca397YDd3ZMW8Km0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/c6bcba-a996-4bb5-ba4a-a46153145cf8/1/hL-DXnMsqPz6nlhjJn7RS4zQddU.roa
Signing time:             Wed 01 Jan 2025 23:48:08 +0000
ROA not before:           Wed 01 Jan 2025 23:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202619
IP address blocks:        94.158.32.0/21 maxlen: 32
                          94.158.40.0/21 maxlen: 32
                          176.109.176.0/21 maxlen: 32
                          176.109.184.0/21 maxlen: 32
                          176.109.224.0/20 maxlen: 32
                          176.109.240.0/20 maxlen: 32
                          185.33.140.0/23 maxlen: 32
                          185.33.142.0/23 maxlen: 32
                          193.192.36.0/24 maxlen: 32
                          193.192.37.0/24 maxlen: 32
                          194.246.92.0/23 maxlen: 32
                          194.246.94.0/23 maxlen: 32
                          2a03:a9c0::/30 maxlen: 128
                          2a03:a9c4::/30 maxlen: 128
                          2a0d:ec0::/30 maxlen: 128
                          2a0d:ec4::/30 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:fe:9a:c3:5b:e0:2f:18:5d:28:b8:2f:5a:32:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2beed4df207c3609adfded80dddd9316f0a9b45
        Validity
            Not Before: Jan  1 23:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84bf835e732ca8fcfa9e5863267ed14b8cd075d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:f4:00:05:1c:38:44:47:09:3c:35:43:d5:63:
                    7e:69:7f:69:46:78:f0:4c:ca:42:24:7c:59:da:02:
                    26:59:9a:9c:b4:97:6b:c6:cc:68:57:95:7f:9a:6d:
                    ea:45:4f:e1:5a:f3:03:f4:88:c9:06:47:a5:1c:c8:
                    41:fc:1c:2e:5a:da:23:d9:4c:c2:33:03:ec:6c:26:
                    ed:cf:21:d3:f5:7c:40:f5:03:0f:5e:cc:62:f4:92:
                    03:da:87:f2:08:fc:1b:a9:07:bc:50:cf:da:5d:69:
                    f7:57:f3:3e:4f:ea:44:a4:15:f0:d2:b9:7e:2a:8d:
                    21:80:1b:33:b0:8d:cf:b4:ff:49:9e:20:9f:13:11:
                    31:c0:5e:d6:bb:27:8a:5e:b5:95:3c:81:1b:16:2d:
                    74:d3:04:96:76:01:f6:35:69:f6:3c:4b:47:26:54:
                    5d:bf:19:81:a8:e5:bc:5c:29:65:0a:e6:4a:cf:97:
                    9c:04:b3:73:fc:4c:1f:ef:6c:4f:c3:64:5d:62:9a:
                    3e:dd:7b:2f:c5:af:1c:1c:6c:63:f8:5a:65:f9:7f:
                    b2:2d:5e:8f:ff:ba:76:88:91:2b:71:32:f0:4d:2d:
                    09:e5:39:8e:e6:7b:8f:4a:69:73:a4:6d:44:9c:fc:
                    2e:55:36:28:91:8f:24:47:15:c0:a4:34:0f:1c:fe:
                    d2:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:BF:83:5E:73:2C:A8:FC:FA:9E:58:63:26:7E:D1:4B:8C:D0:75:D5
            X509v3 Authority Key Identifier:
                keyid:F2:BE:ED:4D:F2:07:C3:60:9A:DF:DE:D8:0D:DD:D9:31:6F:0A:9B:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8r7tTfIHw2Ca397YDd3ZMW8Km0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/c6bcba-a996-4bb5-ba4a-a46153145cf8/1/hL-DXnMsqPz6nlhjJn7RS4zQddU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/c6bcba-a996-4bb5-ba4a-a46153145cf8/1/8r7tTfIHw2Ca397YDd3ZMW8Km0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.158.32.0/20
                  176.109.176.0/20
                  176.109.224.0/19
                  185.33.140.0/22
                  193.192.36.0/23
                  194.246.92.0/22
                IPv6:
                  2a03:a9c0::/29
                  2a0d:ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:a8:19:e7:2b:0f:8c:4d:cd:3b:af:0b:8d:d3:c6:16:f8:c8:
         4d:66:99:ed:ff:07:73:40:5d:6b:14:2b:9a:c5:da:27:e6:e8:
         03:16:d2:3b:a0:da:e1:81:4a:ab:e1:08:a5:cd:a3:b6:e2:5f:
         cf:85:7f:76:b5:d3:f0:16:7a:f7:ba:94:56:5b:53:b5:5e:46:
         9a:dd:a5:34:42:2a:92:50:3f:15:00:26:36:4c:27:20:dd:f2:
         15:bb:85:34:f3:f0:fa:2e:ea:d4:b5:5b:2e:62:5d:6a:8a:7a:
         32:b0:22:f0:3f:8c:48:2f:e2:a4:8d:c4:31:ff:dd:1f:5a:72:
         aa:cb:cf:12:cb:9e:e3:8c:b9:83:59:e0:aa:62:48:65:3b:24:
         c3:6b:10:6c:f2:00:27:1c:58:12:d4:d6:ea:e9:6b:1b:71:d2:
         70:26:13:29:3f:6e:4b:e9:fd:7f:03:3d:ad:bc:d8:6d:a3:ea:
         f6:8a:ac:59:ba:43:8d:3d:0a:b8:9e:be:65:86:03:9d:9b:42:
         33:05:64:d2:19:ad:1a:8b:b3:a3:f6:10:60:b5:bf:fd:b3:ab:
         b6:76:50:2e:c8:c3:a4:9d:7a:24:87:d0:b4:27:51:5b:ff:5d:
         ca:ba:f8:e0:c4:67:6b:f4:84:63:95:3a:ca:26:4e:23:75:67:
         a3:2d:29:cc
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZQkRP6aw1vgLxhdKLgvWjLRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyYmVlZDRkZjIwN2MzNjA5YWRmZGVkODBkZGRkOTMxNmYw
YTliNDUwHhcNMjUwMTAxMjM0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGJmODM1ZTczMmNhOGZjZmE5ZTU4NjMyNjdlZDE0YjhjZDA3NWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvQABRw4REcJPDVD1WN+aX9pRnjw
TMpCJHxZ2gImWZqctJdrxsxoV5V/mm3qRU/hWvMD9IjJBkelHMhB/BwuWtoj2UzC
MwPsbCbtzyHT9XxA9QMPXsxi9JID2ofyCPwbqQe8UM/aXWn3V/M+T+pEpBXw0rl+
Ko0hgBszsI3PtP9JniCfExExwF7WuyeKXrWVPIEbFi100wSWdgH2NWn2PEtHJlRd
vxmBqOW8XCllCuZKz5ecBLNz/Ewf72xPw2RdYpo+3Xsvxa8cHGxj+Fpl+X+yLV6P
/7p2iJErcTLwTS0J5TmO5nuPSmlzpG1EnPwuVTYokY8kRxXApDQPHP7S5QIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFIS/g15zLKj8+p5YYyZ+0UuM0HXVMB8GA1UdIwQY
MBaAFPK+7U3yB8Ngmt/e2A3d2TFvCptFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHI3dFRmSUh3MkNhMzk3WURkM1pNVzhLbTBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jNmJjYmEtYTk5Ni00YmI1LWJhNGEt
YTQ2MTUzMTQ1Y2Y4LzEvaEwtRFhuTXNxUHo2bmxoakpuN1JTNHpRZGRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jNmJjYmEtYTk5Ni00YmI1LWJhNGEtYTQ2MTUzMTQ1Y2Y4
LzEvOHI3dFRmSUh3MkNhMzk3WURkM1pNVzhLbTBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQEXp4gAwQE
sG2wAwQFsG3gAwQCuSGMAwQBwcAkAwQCwvZcMBQEAgACMA4DBQMqA6nAAwUDKg0O
wDANBgkqhkiG9w0BAQsFAAOCAQEAiKgZ5ysPjE3NO68LjdPGFvjITWaZ7f8Hc0Bd
axQrmsXaJ+boAxbSO6Da4YFKq+EIpc2jtuJfz4V/drXT8BZ697qUVltTtV5Gmt2l
NEIqklA/FQAmNkwnIN3yFbuFNPPw+i7q1LVbLmJdaop6MrAi8D+MSC/ipI3EMf/d
H1pyqsvPEsue44y5g1ngqmJIZTskw2sQbPIAJxxYEtTW6ulrG3HScCYTKT9uS+n9
fwM9rbzYbaPq9oqsWbpDjT0KuJ6+ZYYDnZtCMwVk0hmtGouzo/YQYLW//bOrtnZQ
LsjDpJ16JIfQtCdRW/9dyrr44MRna/SEY5U6yiZOI3Vnoy0pzA==
-----END CERTIFICATE-----