Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/CWfB_esiwG-d_usYv-4w6WkVcRM.roa
File:                     CWfB_esiwG-d_usYv-4w6WkVcRM.roa (raw, json)
Hash identifier:          AIgpz2RLNt3wv0YsSOW3gi7PeMlWLKDEzscBoQxPcNI=
Subject key identifier:   09:67:C1:FD:EB:22:C0:6F:9D:FE:EB:18:BF:EE:30:E9:69:15:71:13
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018F0A5885C2F1C49B83AED8C47435DFD588
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/CWfB_esiwG-d_usYv-4w6WkVcRM.roa
Signing time:             Tue 23 Apr 2024 09:45:24 +0000
ROA not before:           Tue 23 Apr 2024 09:45:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49505
IP address blocks:        2a0e:b140::/32 maxlen: 32
                          2a0e:b141::/32 maxlen: 32
                          2a0e:b142::/32 maxlen: 32
                          2a0e:b143::/32 maxlen: 32
                          2a0e:b144::/32 maxlen: 32
                          2a0e:b145::/32 maxlen: 32
                          2a0e:b146::/32 maxlen: 32
                          2a0e:b147::/32 maxlen: 32
                          2a0f:db80::/32 maxlen: 32
                          2a0f:db81::/32 maxlen: 32
                          2a0f:db82::/32 maxlen: 32
                          2a0f:db83::/32 maxlen: 32
                          2a0f:db84::/32 maxlen: 32
                          2a0f:db85::/32 maxlen: 32
                          2a0f:db86::/32 maxlen: 32
                          2a0f:db87::/32 maxlen: 32
                          2a10:4700::/31 maxlen: 31
                          2a10:4702::/31 maxlen: 31
                          2a10:4704::/31 maxlen: 31
                          2a10:4706::/31 maxlen: 31
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0a:58:85:c2:f1:c4:9b:83:ae:d8:c4:74:35:df:d5:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Apr 23 09:45:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0967c1fdeb22c06f9dfeeb18bfee30e969157113
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:21:30:68:7c:90:6b:58:af:98:9b:fd:4b:da:
                    a2:8d:d4:5e:84:83:cf:e5:38:cf:60:8d:00:38:9f:
                    eb:b7:45:c5:7e:7d:9d:e3:27:05:38:3f:ca:f9:bc:
                    f1:59:33:c9:64:18:7b:44:c1:0f:5b:7b:21:2c:9a:
                    54:d9:e3:b7:9b:73:e3:55:37:28:84:18:8c:8e:b9:
                    ea:bc:b9:44:51:07:ea:9b:07:ee:6d:b2:bc:05:9b:
                    99:4f:11:82:1b:e2:1a:45:f8:9a:19:63:d7:d4:19:
                    24:68:5a:c6:df:17:9c:8a:6b:cf:82:7f:ed:5b:0f:
                    58:ea:f6:58:36:ac:bd:8e:c0:1a:d7:f1:9d:ea:41:
                    7c:5b:16:5f:ad:a1:11:c9:e4:8f:49:c5:ff:d4:79:
                    a9:f1:35:f3:a8:a2:92:a0:39:5c:0a:97:f6:25:8c:
                    d1:12:d2:b0:25:e0:da:16:84:62:a9:b0:f6:de:a3:
                    58:c6:96:0a:4a:1d:de:08:fe:5c:2e:6c:ca:53:06:
                    9d:42:2c:7d:de:b2:8a:b8:1d:f3:0f:16:e4:b5:cb:
                    94:1c:94:14:fc:38:ee:ad:de:cf:a2:c6:57:57:08:
                    f6:c9:ef:b0:1e:b7:b4:33:b1:f2:e9:01:1b:d7:69:
                    de:0b:58:9a:a5:af:52:f2:6a:38:73:26:d7:99:eb:
                    f7:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:67:C1:FD:EB:22:C0:6F:9D:FE:EB:18:BF:EE:30:E9:69:15:71:13
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/CWfB_esiwG-d_usYv-4w6WkVcRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b140::/29
                  2a0f:db80::/29
                  2a10:4700::/29

    Signature Algorithm: sha256WithRSAEncryption
         30:6f:ed:a6:29:a6:c2:a3:1b:ce:29:f9:94:f8:c4:04:d0:9f:
         48:b4:3d:02:fc:44:3e:19:4c:62:58:44:c6:56:23:71:a6:60:
         54:20:f1:bc:f3:66:4a:87:96:fe:87:59:0d:6d:f2:58:29:d4:
         47:5a:99:24:ad:ee:f1:be:b6:fc:4c:69:13:0e:3a:33:3f:3c:
         20:5b:0f:dd:80:73:3b:46:63:78:25:5f:b8:8b:e2:8e:8d:c3:
         ba:09:f1:6b:e6:a9:d3:8e:f7:18:0a:7f:ed:aa:79:ab:bd:20:
         6a:29:f2:ea:e2:00:8e:55:eb:9e:e5:e6:ce:58:21:5d:38:ff:
         4f:13:32:37:c4:11:a2:af:6c:2c:ab:49:f3:7f:e0:55:95:ac:
         95:df:0a:a6:54:af:0b:64:8f:37:16:51:1a:b0:0a:d5:57:78:
         62:13:8f:99:ff:84:b5:45:09:2b:07:56:47:27:d8:d3:6d:1a:
         d0:17:22:d8:1c:56:1d:c4:9f:12:e7:cc:39:f7:de:4d:fe:23:
         ae:51:74:ec:dd:a3:ec:e3:30:6f:8f:14:07:c9:cc:b7:1f:b3:
         c9:f0:d5:ff:82:82:8b:e9:bb:c9:35:ac:c3:ad:9e:c8:ff:77:
         6e:a5:13:22:44:cb:b7:6b:4e:82:b0:ca:51:94:9a:c5:47:6d:
         c6:be:22:6f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY8KWIXC8cSbg67YxHQ139WIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwNDIzMDk0NTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTY3YzFmZGViMjJjMDZmOWRmZWViMThiZmVlMzBlOTY5MTU3MTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiyEwaHyQa1ivmJv9S9qijdRehIPP
5TjPYI0AOJ/rt0XFfn2d4ycFOD/K+bzxWTPJZBh7RMEPW3shLJpU2eO3m3PjVTco
hBiMjrnqvLlEUQfqmwfubbK8BZuZTxGCG+IaRfiaGWPX1BkkaFrG3xecimvPgn/t
Ww9Y6vZYNqy9jsAa1/Gd6kF8WxZfraERyeSPScX/1Hmp8TXzqKKSoDlcCpf2JYzR
EtKwJeDaFoRiqbD23qNYxpYKSh3eCP5cLmzKUwadQix93rKKuB3zDxbktcuUHJQU
/Djurd7PosZXVwj2ye+wHre0M7Hy6QEb12neC1iapa9S8mo4cybXmev3SQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAlnwf3rIsBvnf7rGL/uMOlpFXETMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvQ1dmQl9lc2l3Ry1kX3VzWXYtNHc2V2tWY1JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKg6xQAMF
AyoP24ADBQMqEEcAMA0GCSqGSIb3DQEBCwUAA4IBAQAwb+2mKabCoxvOKfmU+MQE
0J9ItD0C/EQ+GUxiWETGViNxpmBUIPG882ZKh5b+h1kNbfJYKdRHWpkkre7xvrb8
TGkTDjozPzwgWw/dgHM7RmN4JV+4i+KOjcO6CfFr5qnTjvcYCn/tqnmrvSBqKfLq
4gCOVeue5ebOWCFdOP9PEzI3xBGir2wsq0nzf+BVlayV3wqmVK8LZI83FlEasArV
V3hiE4+Z/4S1RQkrB1ZHJ9jTbRrQFyLYHFYdxJ8S58w5995N/iOuUXTs3aPs4zBv
jxQHycy3H7PJ8NX/goKL6bvJNazDrZ7I/3dupRMiRMu3a06CsMpRlJrFR23GviJv
-----END CERTIFICATE-----