Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/ae09fb-f536-47a1-9787-f1f603f91971/1/9jNi3XWKVAeYgvXNk0P0T-yhT_A.roa
File:                     9jNi3XWKVAeYgvXNk0P0T-yhT_A.roa (raw, json)
Hash identifier:          r6wD0yfA7SejIQA44lGGyfTLE1iB9zVRdLay3h3WMPk=
Subject key identifier:   F6:33:62:DD:75:8A:54:07:98:82:F5:CD:93:43:F4:4F:EC:A1:4F:F0
Certificate issuer:       /CN=4aafe45b30fa7f594925dd395ba14cefb673e2c0
Certificate serial:       019423D6FEED02C9596EDC8FD3AB538974E5
Authority key identifier: 4A:AF:E4:5B:30:FA:7F:59:49:25:DD:39:5B:A1:4C:EF:B6:73:E2:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sq_kWzD6f1lJJd05W6FM77Zz4sA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/ae09fb-f536-47a1-9787-f1f603f91971/1/9jNi3XWKVAeYgvXNk0P0T-yhT_A.roa
Signing time:             Wed 01 Jan 2025 21:47:59 +0000
ROA not before:           Wed 01 Jan 2025 21:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35032
IP address blocks:        85.236.160.0/20 maxlen: 20
                          85.236.176.0/20 maxlen: 20
                          109.124.192.0/19 maxlen: 19
                          109.124.224.0/21 maxlen: 21
                          109.124.232.0/21 maxlen: 21
                          109.124.240.0/21 maxlen: 21
                          109.124.248.0/22 maxlen: 22
                          109.124.252.0/23 maxlen: 23
                          109.124.254.0/23 maxlen: 23
                          185.224.8.0/22 maxlen: 22
                          2a13:73c0::/34 maxlen: 34
                          2a13:73c0:4000::/34 maxlen: 34
                          2a13:73c0:8000::/34 maxlen: 34
                          2a13:73c0:c000::/34 maxlen: 34
                          2a13:73c1::/34 maxlen: 34
                          2a13:73c1:4000::/34 maxlen: 34
                          2a13:73c1:8000::/34 maxlen: 34
                          2a13:73c1:c000::/34 maxlen: 34
                          2a13:73c2::/31 maxlen: 31
                          2a13:73c4::/31 maxlen: 31
                          2a13:73c6::/32 maxlen: 32
                          2a13:73c7::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:fe:ed:02:c9:59:6e:dc:8f:d3:ab:53:89:74:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4aafe45b30fa7f594925dd395ba14cefb673e2c0
        Validity
            Not Before: Jan  1 21:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f63362dd758a54079882f5cd9343f44feca14ff0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c8:80:d1:f7:92:b7:a5:45:49:59:2e:c3:64:
                    61:ef:8d:15:fd:d0:c4:bf:75:3a:3a:52:58:b4:0d:
                    05:d0:a4:ce:66:9f:27:24:a6:0d:5d:d7:15:45:aa:
                    c5:c9:89:66:b0:39:a9:bf:c6:ae:14:28:45:2f:11:
                    e1:1f:2c:32:aa:b7:bb:f8:25:92:1c:34:8c:1d:81:
                    12:6f:7f:60:b6:a8:b6:62:07:92:37:04:90:c8:74:
                    96:29:0b:81:e2:2b:d0:06:d0:91:97:00:0c:10:d3:
                    61:a6:d8:29:96:c3:ec:81:b9:1d:bb:94:e6:f9:a9:
                    5d:41:ea:ed:d9:a8:1c:ed:e7:3e:40:8d:6f:93:b6:
                    3c:ff:f9:a3:05:12:03:a6:fb:d2:c2:0d:8e:c4:17:
                    8f:57:16:b4:83:4f:c9:98:6d:bb:b4:5b:4f:e5:1a:
                    88:be:cb:c6:dd:20:61:91:80:23:2d:0d:32:0b:c0:
                    47:41:ab:d6:b7:17:b3:d9:e0:68:35:b9:81:c4:8f:
                    3a:de:c9:ec:38:39:81:f1:5e:1c:d9:e4:92:e8:27:
                    a8:0e:96:7c:94:0f:83:ca:e4:e3:db:38:f5:60:f0:
                    97:f4:7f:5b:ea:bc:00:1c:86:72:d6:37:8f:0b:7d:
                    63:e2:da:c4:49:c9:3d:31:34:15:af:82:65:43:e9:
                    27:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:33:62:DD:75:8A:54:07:98:82:F5:CD:93:43:F4:4F:EC:A1:4F:F0
            X509v3 Authority Key Identifier:
                keyid:4A:AF:E4:5B:30:FA:7F:59:49:25:DD:39:5B:A1:4C:EF:B6:73:E2:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sq_kWzD6f1lJJd05W6FM77Zz4sA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ae09fb-f536-47a1-9787-f1f603f91971/1/9jNi3XWKVAeYgvXNk0P0T-yhT_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ae09fb-f536-47a1-9787-f1f603f91971/1/Sq_kWzD6f1lJJd05W6FM77Zz4sA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.236.160.0/19
                  109.124.192.0/18
                  185.224.8.0/22
                IPv6:
                  2a13:73c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:63:f4:bd:3f:0f:0c:78:1a:5e:46:b0:6b:43:90:79:18:95:
         31:43:18:fa:14:f0:32:c5:d3:00:d3:e3:0a:e0:d0:69:7d:f5:
         9e:f7:2f:54:56:51:28:4c:c3:d6:7d:e1:db:d4:08:ba:ee:26:
         a3:55:1a:0f:6f:76:68:52:64:9b:89:99:d0:da:11:0b:a9:1f:
         27:72:28:0e:03:0e:a4:4e:df:f9:2d:31:2f:39:1a:b9:a0:24:
         90:00:7b:55:f4:8e:de:ba:89:75:bd:86:1c:0d:77:da:96:4c:
         36:00:0b:f4:46:46:ee:ef:3f:1c:23:2e:7d:e8:9d:ee:2b:67:
         0f:54:14:4b:c8:bb:8f:a5:56:02:40:39:be:85:f8:84:2f:79:
         29:99:a9:8c:3f:3e:eb:8a:23:f4:08:95:25:85:e7:28:15:31:
         56:d3:b3:27:28:c4:87:13:ee:bc:01:b4:bd:97:d8:9f:48:b8:
         8d:ea:4c:7d:2a:f7:5d:b4:7e:42:45:57:32:03:b7:c3:d6:2d:
         87:67:71:1c:92:a2:b7:9b:e4:33:cc:e6:30:26:fa:7a:a4:fd:
         87:ca:d5:23:dd:01:10:69:2e:e8:80:04:a9:6e:65:54:6e:0c:
         d5:9f:a6:c8:7f:cf:dc:1b:6d:13:4a:c2:3a:8f:11:79:39:b9:
         1c:8e:bb:c9
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQj1v7tAslZbtyP06tTiXTlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhYWZlNDViMzBmYTdmNTk0OTI1ZGQzOTViYTE0Y2VmYjY3
M2UyYzAwHhcNMjUwMTAxMjE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjMzNjJkZDc1OGE1NDA3OTg4MmY1Y2Q5MzQzZjQ0ZmVjYTE0ZmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsiA0feSt6VFSVkuw2Rh740V/dDE
v3U6OlJYtA0F0KTOZp8nJKYNXdcVRarFyYlmsDmpv8auFChFLxHhHywyqre7+CWS
HDSMHYESb39gtqi2YgeSNwSQyHSWKQuB4ivQBtCRlwAMENNhptgplsPsgbkdu5Tm
+aldQert2agc7ec+QI1vk7Y8//mjBRIDpvvSwg2OxBePVxa0g0/JmG27tFtP5RqI
vsvG3SBhkYAjLQ0yC8BHQavWtxez2eBoNbmBxI863snsODmB8V4c2eSS6CeoDpZ8
lA+DyuTj2zj1YPCX9H9b6rwAHIZy1jePC31j4trESck9MTQVr4JlQ+knSwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFPYzYt11ilQHmIL1zZND9E/soU/wMB8GA1UdIwQY
MBaAFEqv5Fsw+n9ZSSXdOVuhTO+2c+LAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3Ffa1d6RDZmMWxKSmQwNVc2Rk03N1p6NHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZTA5ZmItZjUzNi00N2ExLTk3ODct
ZjFmNjAzZjkxOTcxLzEvOWpOaTNYV0tWQWVZZ3ZYTmswUDBULXloVF9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZTA5ZmItZjUzNi00N2ExLTk3ODctZjFmNjAzZjkxOTcx
LzEvU3Ffa1d6RDZmMWxKSmQwNVc2Rk03N1p6NHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQFVeygAwQG
bXzAAwQCueAIMA0EAgACMAcDBQMqE3PAMA0GCSqGSIb3DQEBCwUAA4IBAQBVY/S9
Pw8MeBpeRrBrQ5B5GJUxQxj6FPAyxdMA0+MK4NBpffWe9y9UVlEoTMPWfeHb1Ai6
7iajVRoPb3ZoUmSbiZnQ2hELqR8ncigOAw6kTt/5LTEvORq5oCSQAHtV9I7euol1
vYYcDXfalkw2AAv0Rkbu7z8cIy596J3uK2cPVBRLyLuPpVYCQDm+hfiEL3kpmamM
Pz7riiP0CJUlhecoFTFW07MnKMSHE+68AbS9l9ifSLiN6kx9KvddtH5CRVcyA7fD
1i2HZ3EckqK3m+QzzOYwJvp6pP2HytUj3QEQaS7ogASpbmVUbgzVn6bIf8/cG20T
SsI6jxF5ObkcjrvJ
-----END CERTIFICATE-----