Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/d3e3d7-0357-487e-9fed-a8e8b8931552/1/nE72fRq5x2AdGCpsReX1DOqVoW0.roa
File:                     nE72fRq5x2AdGCpsReX1DOqVoW0.roa (raw, json)
Hash identifier:          LAILnXnxyWYExTH4qCTlNLIx2ujkg7Q+2T14oqEfAzc=
Subject key identifier:   9C:4E:F6:7D:1A:B9:C7:60:1D:18:2A:6C:45:E5:F5:0C:EA:95:A1:6D
Certificate issuer:       /CN=f99abe45f21f12e4b802f309444c24759000ebcf
Certificate serial:       0194222010ACFB4D6F9329E4A600EA2AC9CD
Authority key identifier: F9:9A:BE:45:F2:1F:12:E4:B8:02:F3:09:44:4C:24:75:90:00:EB:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-Zq-RfIfEuS4AvMJREwkdZAA688.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/d3e3d7-0357-487e-9fed-a8e8b8931552/1/nE72fRq5x2AdGCpsReX1DOqVoW0.roa
Signing time:             Wed 01 Jan 2025 13:48:34 +0000
ROA not before:           Wed 01 Jan 2025 13:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6830
IP address blocks:        82.119.96.0/19 maxlen: 19
                          82.119.96.0/20 maxlen: 20
                          82.119.112.0/20 maxlen: 20
                          85.216.128.0/17 maxlen: 17
                          85.216.128.0/18 maxlen: 18
                          85.216.192.0/18 maxlen: 18
                          89.173.0.0/16 maxlen: 16
                          89.173.0.0/17 maxlen: 17
                          89.173.128.0/17 maxlen: 17
                          188.167.0.0/16 maxlen: 16
                          188.167.0.0/17 maxlen: 17
                          188.167.128.0/17 maxlen: 17
                          217.23.240.0/20 maxlen: 20
                          217.23.240.0/21 maxlen: 21
                          217.23.248.0/21 maxlen: 21
                          2a02:ab00::/29 maxlen: 29
                          2a02:ab00::/30 maxlen: 30
                          2a02:ab04::/30 maxlen: 30
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:10:ac:fb:4d:6f:93:29:e4:a6:00:ea:2a:c9:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f99abe45f21f12e4b802f309444c24759000ebcf
        Validity
            Not Before: Jan  1 13:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c4ef67d1ab9c7601d182a6c45e5f50cea95a16d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c4:4f:03:2c:fc:2a:3f:14:13:0b:cf:55:bd:
                    63:73:02:ff:54:8b:9f:84:57:d0:5d:cc:34:fb:29:
                    89:b4:85:f4:7b:9b:91:ae:c1:9c:9f:0c:6d:d6:96:
                    83:ec:27:3c:b0:93:23:e7:0c:0b:52:3e:22:1b:9d:
                    31:d1:71:92:65:38:d0:a2:af:6a:83:c7:73:c6:4f:
                    a9:42:f1:d0:68:cd:be:68:8c:64:07:c6:b8:54:70:
                    af:9c:5e:e7:a9:2c:71:c4:fc:35:2c:f8:67:87:74:
                    ee:9d:23:72:cd:ec:5e:97:da:51:08:4d:61:e1:5f:
                    2f:75:c6:55:58:95:13:77:88:6d:be:63:df:01:dc:
                    e9:42:ab:21:b8:94:9a:a3:8a:46:78:2a:f2:8c:2c:
                    bf:b7:54:73:db:68:dd:ba:05:b3:8e:c2:d8:39:bb:
                    c8:22:9c:0b:2f:25:cd:e5:56:56:4d:03:04:e6:27:
                    8f:96:51:c3:bf:39:62:80:2f:91:37:12:44:0d:9f:
                    bc:5f:8c:af:e8:8d:b2:97:9e:89:d9:3e:3a:d9:6c:
                    7c:6f:42:6f:8b:42:42:65:00:18:f7:53:61:aa:07:
                    2f:26:04:02:83:51:e1:d2:e5:3c:9e:37:fa:86:d0:
                    70:23:da:1f:44:e7:e9:cd:9a:5f:e6:e2:0d:bb:fa:
                    6b:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:4E:F6:7D:1A:B9:C7:60:1D:18:2A:6C:45:E5:F5:0C:EA:95:A1:6D
            X509v3 Authority Key Identifier:
                keyid:F9:9A:BE:45:F2:1F:12:E4:B8:02:F3:09:44:4C:24:75:90:00:EB:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Zq-RfIfEuS4AvMJREwkdZAA688.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/d3e3d7-0357-487e-9fed-a8e8b8931552/1/nE72fRq5x2AdGCpsReX1DOqVoW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/d3e3d7-0357-487e-9fed-a8e8b8931552/1/1-Zq-RfIfEuS4AvMJREwkdZAA688.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.119.96.0/19
                  85.216.128.0/17
                  89.173.0.0/16
                  188.167.0.0/16
                  217.23.240.0/20
                IPv6:
                  2a02:ab00::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:7f:6a:7c:3f:d8:e0:71:c3:71:1a:3d:c1:9e:24:04:16:39:
         19:c7:d7:e6:9e:99:10:8e:7c:f2:b8:f3:83:bc:3f:79:1c:3c:
         9b:aa:56:98:f7:de:88:b7:4b:5f:d5:1e:37:1f:53:93:c3:ea:
         85:4e:1c:2a:2b:b7:e3:07:fa:9d:1b:d7:49:f6:aa:aa:b2:2c:
         2a:37:b6:84:b1:f6:1c:7d:0d:24:a6:d2:f7:16:e7:fd:e6:6a:
         84:e7:0a:29:87:c8:27:70:bb:28:b6:79:5d:e4:a8:8f:ad:2a:
         2d:e7:fc:fd:d7:6e:1b:0a:23:ef:07:5f:9f:c1:f3:ac:8f:8e:
         77:86:bb:01:27:76:68:1a:5f:6f:85:f1:8f:e8:fb:26:64:57:
         c3:83:b0:c8:84:0e:f6:90:68:00:ca:81:7a:c5:bc:bb:69:b5:
         cb:8c:d3:e0:91:74:0e:cc:b8:07:46:5f:b0:21:cf:90:6e:7a:
         df:e9:cc:cc:72:9a:33:da:81:14:4b:43:a3:62:66:21:0e:6d:
         f7:8b:71:98:2a:da:39:5f:01:f9:d7:83:47:0b:3b:a3:33:08:
         0b:89:3e:97:19:83:65:4c:9d:ce:23:69:1b:94:63:8c:61:53:
         28:c8:7a:af:36:ad:19:14:8b:c6:53:0a:57:f8:0a:3f:30:a6:
         9a:8b:94:08
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQiIBCs+01vkynkpgDqKsnNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5OWFiZTQ1ZjIxZjEyZTRiODAyZjMwOTQ0NGMyNDc1OTAw
MGViY2YwHhcNMjUwMTAxMTM0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzRlZjY3ZDFhYjljNzYwMWQxODJhNmM0NWU1ZjUwY2VhOTVhMTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMRPAyz8Kj8UEwvPVb1jcwL/VIuf
hFfQXcw0+ymJtIX0e5uRrsGcnwxt1paD7Cc8sJMj5wwLUj4iG50x0XGSZTjQoq9q
g8dzxk+pQvHQaM2+aIxkB8a4VHCvnF7nqSxxxPw1LPhnh3TunSNyzexel9pRCE1h
4V8vdcZVWJUTd4htvmPfAdzpQqshuJSao4pGeCryjCy/t1Rz22jdugWzjsLYObvI
IpwLLyXN5VZWTQME5iePllHDvzligC+RNxJEDZ+8X4yv6I2yl56J2T462Wx8b0Jv
i0JCZQAY91NhqgcvJgQCg1Hh0uU8njf6htBwI9ofROfpzZpf5uINu/pr3wIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFJxO9n0aucdgHRgqbEXl9QzqlaFtMB8GA1UdIwQY
MBaAFPmavkXyHxLkuALzCURMJHWQAOvPMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1acS1SZklmRXVTNEF2TUpSRXdrZFpBQTY4OC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjcvZDNlM2Q3LTAzNTctNDg3ZS05ZmVk
LWE4ZThiODkzMTU1Mi8xL25FNzJmUnE1eDJBZEdDcHNSZVgxRE9xVm9XMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjcvZDNlM2Q3LTAzNTctNDg3ZS05ZmVkLWE4ZThiODkzMTU1
Mi8xLzEtWnEtUmZJZkV1UzRBdk1KUkV3a2RaQUE2ODguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwRAYIKwYBBQUHAQcBAf8ENTAzMCIEAgABMBwDBAVSd2AD
BAdV2IADAwBZrQMDALynAwQE2RfwMA0EAgACMAcDBQMqAqsAMA0GCSqGSIb3DQEB
CwUAA4IBAQAgf2p8P9jgccNxGj3BniQEFjkZx9fmnpkQjnzyuPODvD95HDybqlaY
996It0tf1R43H1OTw+qFThwqK7fjB/qdG9dJ9qqqsiwqN7aEsfYcfQ0kptL3Fuf9
5mqE5woph8gncLsotnld5KiPrSot5/z9124bCiPvB1+fwfOsj453hrsBJ3ZoGl9v
hfGP6PsmZFfDg7DIhA72kGgAyoF6xby7abXLjNPgkXQOzLgHRl+wIc+Qbnrf6czM
cpoz2oEUS0OjYmYhDm33i3GYKto5XwH514NHCzujMwgLiT6XGYNlTJ3OI2kblGOM
YVMoyHqvNq0ZFIvGUwpX+Ao/MKaai5QI
-----END CERTIFICATE-----