Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/24c324-a15e-4cd0-94c1-73ff40959348/1/1xBOXK08ayYmXTP02VY6B1nLxzM.roa
File:                     1xBOXK08ayYmXTP02VY6B1nLxzM.roa (raw, json)
Hash identifier:          i3M6fLqdaeK2FPWeVuDR5IZ7NJxGGIksWNp/em3DNSo=
Subject key identifier:   D7:10:4E:5C:AD:3C:6B:26:26:5D:33:F4:D9:56:3A:07:59:CB:C7:33
Certificate issuer:       /CN=567190854786a16afa6b0ec78dfb0620abaacfef
Certificate serial:       019422203537F87B83DE79D8C88AF8C3FC18
Authority key identifier: 56:71:90:85:47:86:A1:6A:FA:6B:0E:C7:8D:FB:06:20:AB:AA:CF:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VnGQhUeGoWr6aw7HjfsGIKuqz-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/24c324-a15e-4cd0-94c1-73ff40959348/1/1xBOXK08ayYmXTP02VY6B1nLxzM.roa
Signing time:             Wed 01 Jan 2025 13:48:43 +0000
ROA not before:           Wed 01 Jan 2025 13:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20712
IP address blocks:        5.172.160.0/20 maxlen: 24
                          5.172.170.0/24 maxlen: 24
                          81.2.64.0/18 maxlen: 24
                          81.187.0.0/16 maxlen: 24
                          81.187.161.0/24 maxlen: 24
                          90.155.0.0/18 maxlen: 24
                          90.155.64.0/19 maxlen: 20
                          90.155.96.0/20 maxlen: 20
                          178.238.144.0/20 maxlen: 24
                          194.4.172.0/22 maxlen: 24
                          217.169.0.0/19 maxlen: 24
                          2001:8b0::/32 maxlen: 63
                          2001:8b0:a::666/128 maxlen: 128
                          2001:8b6::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:35:37:f8:7b:83:de:79:d8:c8:8a:f8:c3:fc:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=567190854786a16afa6b0ec78dfb0620abaacfef
        Validity
            Not Before: Jan  1 13:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7104e5cad3c6b26265d33f4d9563a0759cbc733
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6e:ef:06:36:2d:0a:ab:b4:45:39:c0:f1:8e:
                    17:be:c7:56:84:04:ef:b9:cb:75:e2:64:15:55:3d:
                    a9:80:3d:90:be:34:40:b6:07:e1:4c:be:06:14:b3:
                    ff:dc:9f:93:a2:5c:80:1d:90:4e:19:c4:88:24:ae:
                    bc:33:28:7c:f3:3a:3a:5d:49:32:1c:41:d1:10:4b:
                    0c:0a:b5:90:89:21:9d:4a:65:cc:76:85:72:7b:dd:
                    99:6c:b5:ab:e1:a6:0e:4c:63:d2:16:1f:85:b6:cf:
                    97:c6:a4:6b:da:d4:a2:6d:0a:80:71:ce:dd:df:ef:
                    12:c2:5f:0e:02:eb:dc:1a:c7:5c:3d:51:8d:52:cc:
                    f9:04:de:75:68:69:1c:c5:9a:98:32:df:3a:be:9e:
                    ad:ba:3c:7d:4a:c8:4d:97:3a:48:e7:6c:66:d4:e4:
                    28:c5:ad:a4:3c:97:c3:37:70:86:bd:ae:25:44:32:
                    04:44:be:33:de:f4:24:39:37:a3:1d:d0:70:76:90:
                    fd:4e:d5:7a:78:c4:e0:09:44:1f:f2:28:73:ce:e2:
                    87:20:95:cd:fe:a8:1c:87:d2:8b:60:1e:1a:df:07:
                    1a:0f:1c:db:ad:8e:5b:54:fb:2d:64:f9:47:28:fa:
                    d6:b3:3a:ce:bd:24:3b:5b:43:a9:2a:d1:62:0f:d8:
                    8e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:10:4E:5C:AD:3C:6B:26:26:5D:33:F4:D9:56:3A:07:59:CB:C7:33
            X509v3 Authority Key Identifier:
                keyid:56:71:90:85:47:86:A1:6A:FA:6B:0E:C7:8D:FB:06:20:AB:AA:CF:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VnGQhUeGoWr6aw7HjfsGIKuqz-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/24c324-a15e-4cd0-94c1-73ff40959348/1/1xBOXK08ayYmXTP02VY6B1nLxzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/24c324-a15e-4cd0-94c1-73ff40959348/1/VnGQhUeGoWr6aw7HjfsGIKuqz-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.172.160.0/20
                  81.2.64.0/18
                  81.187.0.0/16
                  90.155.0.0-90.155.111.255
                  178.238.144.0/20
                  194.4.172.0/22
                  217.169.0.0/19
                IPv6:
                  2001:8b0::/32
                  2001:8b6::/32

    Signature Algorithm: sha256WithRSAEncryption
         4f:2b:90:a3:47:f1:9f:66:ac:b5:8c:27:77:73:6e:00:be:e2:
         7e:90:71:7c:70:f0:26:cd:1f:9c:2d:53:b4:f3:21:b4:23:aa:
         7e:77:2b:8c:79:54:f6:15:fe:92:c6:17:82:66:f6:90:aa:06:
         b4:cf:9e:bc:06:93:89:01:19:fd:69:6a:da:cc:4f:2b:32:d6:
         78:71:54:2a:58:f3:83:2a:d1:fb:5d:09:22:f9:e6:77:aa:50:
         30:e4:f7:ed:f2:8e:3f:35:10:ba:27:a4:ea:d8:18:5d:53:2f:
         a8:1f:30:09:90:37:91:29:95:ce:10:ce:da:07:4e:7c:db:cf:
         1c:82:bb:1e:a1:fd:c2:b8:2f:78:ab:15:86:19:42:3f:67:b6:
         d7:b9:82:91:87:9a:13:67:b9:62:e4:5f:6b:9d:8e:82:33:d9:
         1a:49:88:19:95:0e:55:d2:00:b0:94:51:64:e4:92:c1:69:fa:
         62:80:b6:11:13:5f:08:88:57:18:c3:bb:5a:8e:7e:ba:cf:5d:
         c1:7f:bf:b5:6a:bd:4e:a4:a4:d8:26:f8:d8:b2:57:62:9f:a9:
         81:ec:f0:aa:27:6a:4b:70:8c:2d:2c:c1:7c:df:62:ad:e0:75:
         85:b5:32:42:58:e5:aa:9c:b1:e2:fb:fd:71:5d:f5:23:c4:5b:
         52:f3:9e:73
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZQiIDU3+HuD3nnYyIr4w/wYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NzE5MDg1NDc4NmExNmFmYTZiMGVjNzhkZmIwNjIwYWJh
YWNmZWYwHhcNMjUwMTAxMTM0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzEwNGU1Y2FkM2M2YjI2MjY1ZDMzZjRkOTU2M2EwNzU5Y2JjNzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyW7vBjYtCqu0RTnA8Y4XvsdWhATv
uct14mQVVT2pgD2QvjRAtgfhTL4GFLP/3J+TolyAHZBOGcSIJK68Myh88zo6XUky
HEHREEsMCrWQiSGdSmXMdoVye92ZbLWr4aYOTGPSFh+Fts+XxqRr2tSibQqAcc7d
3+8Swl8OAuvcGsdcPVGNUsz5BN51aGkcxZqYMt86vp6tujx9SshNlzpI52xm1OQo
xa2kPJfDN3CGva4lRDIERL4z3vQkOTejHdBwdpD9TtV6eMTgCUQf8ihzzuKHIJXN
/qgch9KLYB4a3wcaDxzbrY5bVPstZPlHKPrWszrOvSQ7W0OpKtFiD9iOvQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFNcQTlytPGsmJl0z9NlWOgdZy8czMB8GA1UdIwQY
MBaAFFZxkIVHhqFq+msOx437BiCrqs/vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm5HUWhVZUdvV3I2YXc3SGpmc0dJS3Vxei04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8yNGMzMjQtYTE1ZS00Y2QwLTk0YzEt
NzNmZjQwOTU5MzQ4LzEvMXhCT1hLMDhheVltWFRQMDJWWTZCMW5MeHpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8yNGMzMjQtYTE1ZS00Y2QwLTk0YzEtNzNmZjQwOTU5MzQ4
LzEvVm5HUWhVZUdvV3I2YXc3SGpmc0dJS3Vxei04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQEBaygAwQG
UQJAAwMAUbswCwMDAFqbAwQEWptgAwQEsu6QAwQCwgSsAwQF2akAMBQEAgACMA4D
BQAgAQiwAwUAIAEItjANBgkqhkiG9w0BAQsFAAOCAQEATyuQo0fxn2astYwnd3Nu
AL7ifpBxfHDwJs0fnC1TtPMhtCOqfncrjHlU9hX+ksYXgmb2kKoGtM+evAaTiQEZ
/Wlq2sxPKzLWeHFUKljzgyrR+10JIvnmd6pQMOT37fKOPzUQuiek6tgYXVMvqB8w
CZA3kSmVzhDO2gdOfNvPHIK7HqH9wrgveKsVhhlCP2e217mCkYeaE2e5YuRfa52O
gjPZGkmIGZUOVdIAsJRRZOSSwWn6YoC2ERNfCIhXGMO7Wo5+us9dwX+/tWq9TqSk
2Cb42LJXYp+pgezwqidqS3CMLSzBfN9ireB1hbUyQljlqpyx4vv9cV31I8RbUvOe
cw==
-----END CERTIFICATE-----