Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/BUWWyL7TUzg3RHqgYePGWtJvSm8.roa
File:                     BUWWyL7TUzg3RHqgYePGWtJvSm8.roa (raw, json)
Hash identifier:          +Xj+0nFSnvpA/JEfro3eKYQGi5rKGMOHUih8ONyfJHU=
Subject key identifier:   05:45:96:C8:BE:D3:53:38:37:44:7A:A0:61:E3:C6:5A:D2:6F:4A:6F
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       019426513D69896DE03759EE2EF0E485DB23
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/BUWWyL7TUzg3RHqgYePGWtJvSm8.roa
Signing time:             Thu 02 Jan 2025 09:20:45 +0000
ROA not before:           Thu 02 Jan 2025 09:20:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6700
IP address blocks:        62.108.96.0/19 maxlen: 24
                          62.193.128.0/19 maxlen: 24
                          85.222.160.0/23 maxlen: 24
                          91.148.64.0/18 maxlen: 24
                          91.223.162.0/24 maxlen: 24
                          178.20.205.0/24 maxlen: 24
                          178.20.207.0/24 maxlen: 24
                          185.47.208.0/22 maxlen: 24
                          194.106.160.0/19 maxlen: 24
                          195.252.64.0/18 maxlen: 24
                          213.244.228.0/22 maxlen: 24
                          213.244.232.0/21 maxlen: 24
                          217.26.64.0/20 maxlen: 24
                          2001:8c8::/32 maxlen: 32
                          2a02:e40::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:51:3d:69:89:6d:e0:37:59:ee:2e:f0:e4:85:db:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: Jan  2 09:20:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=054596c8bed3533837447aa061e3c65ad26f4a6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:5c:17:35:3e:a5:ac:47:d3:39:ef:71:62:44:
                    d3:df:8e:0b:03:bb:64:1f:f1:a7:e6:fb:03:7e:41:
                    94:ae:8d:fa:18:a7:06:b9:29:42:5a:9d:68:03:79:
                    c5:67:13:a8:83:39:f2:5f:a0:fa:d2:08:fa:c1:25:
                    68:39:9e:92:de:73:af:cf:f2:fe:ac:50:24:20:a1:
                    cb:35:fc:6a:88:10:f5:74:13:a6:1a:62:4f:56:a1:
                    f6:31:2f:94:8c:8d:ef:82:40:e3:00:2e:18:55:c5:
                    7d:3c:2e:88:2c:b4:2d:a7:ae:a6:1b:c9:3a:1e:a6:
                    8c:e6:fe:28:74:b0:71:7c:d8:77:6b:df:ef:60:40:
                    e0:64:ad:ae:37:f3:8c:d1:c9:c1:49:3c:92:95:14:
                    97:5f:d0:0a:a7:af:43:6d:1e:13:fb:54:6f:9f:c9:
                    7b:c9:f0:46:e8:69:21:08:1d:0d:ff:2c:24:5b:be:
                    f7:24:6a:ea:8c:dc:d4:5d:73:55:36:d6:21:93:7b:
                    71:93:54:b6:39:35:32:ac:77:ba:fa:8b:43:18:43:
                    0c:c9:7d:90:ad:9f:a1:db:c3:a9:c3:f3:25:90:76:
                    af:c9:ed:88:4e:2d:af:6d:98:a9:44:f7:52:22:01:
                    ed:76:bc:5b:c7:de:0e:9d:7d:27:c4:f8:66:36:cd:
                    ba:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:45:96:C8:BE:D3:53:38:37:44:7A:A0:61:E3:C6:5A:D2:6F:4A:6F
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/BUWWyL7TUzg3RHqgYePGWtJvSm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.96.0/19
                  62.193.128.0/19
                  85.222.160.0/23
                  91.148.64.0/18
                  91.223.162.0/24
                  178.20.205.0/24
                  178.20.207.0/24
                  185.47.208.0/22
                  194.106.160.0/19
                  195.252.64.0/18
                  213.244.228.0-213.244.239.255
                  217.26.64.0/20
                IPv6:
                  2001:8c8::/32
                  2a02:e40::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:58:70:8a:e8:4f:16:fc:fa:f4:c5:bf:53:3e:2c:73:13:ae:
         1f:64:41:21:84:34:a9:c5:5d:3c:a4:29:ff:84:ea:89:98:d0:
         46:84:b1:9e:7c:7d:90:fe:90:a1:68:04:16:c5:42:1d:3b:06:
         69:82:7f:67:53:0b:79:9d:bd:f6:4d:a1:4a:53:a2:cb:07:42:
         0d:f9:ba:4d:d1:1f:22:98:3f:76:a4:f7:58:b3:71:53:57:ba:
         7e:53:93:9b:6b:01:e4:cc:78:a0:e1:da:af:d6:37:56:d4:dc:
         e3:1f:50:3c:41:29:1b:7e:ae:22:39:ef:7b:61:1f:c6:ac:a6:
         69:7b:18:40:3a:1d:02:4e:7f:c4:6a:fb:fc:ef:5c:47:c1:47:
         a9:da:6a:f7:60:e1:84:23:80:94:8c:5c:aa:54:0f:85:4c:22:
         b3:69:c9:d7:13:01:72:cc:74:04:51:f3:e0:1b:91:28:f3:95:
         2b:80:f6:91:bb:e6:07:57:fe:10:60:82:6b:cb:fb:46:24:c7:
         a3:7a:50:93:8b:02:fe:35:df:16:3c:48:da:d4:4f:ff:d0:b2:
         5e:6d:ba:a5:00:d3:9b:dc:04:b8:66:f6:81:cd:48:82:e9:df:
         fb:5c:f8:ef:66:5e:a3:a5:7c:79:d6:a6:52:06:66:a0:04:62:
         4a:83:ea:1f
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAZQmUT1piW3gN1nuLvDkhdsjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjUwMTAyMDkyMDQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTQ1OTZjOGJlZDM1MzM4Mzc0NDdhYTA2MWUzYzY1YWQyNmY0YTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVwXNT6lrEfTOe9xYkTT344LA7tk
H/Gn5vsDfkGUro36GKcGuSlCWp1oA3nFZxOogznyX6D60gj6wSVoOZ6S3nOvz/L+
rFAkIKHLNfxqiBD1dBOmGmJPVqH2MS+UjI3vgkDjAC4YVcV9PC6ILLQtp66mG8k6
HqaM5v4odLBxfNh3a9/vYEDgZK2uN/OM0cnBSTySlRSXX9AKp69DbR4T+1Rvn8l7
yfBG6GkhCB0N/ywkW773JGrqjNzUXXNVNtYhk3txk1S2OTUyrHe6+otDGEMMyX2Q
rZ+h28Opw/MlkHavye2ITi2vbZipRPdSIgHtdrxbx94OnX0nxPhmNs26kQIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFAVFlsi+01M4N0R6oGHjxlrSb0pvMB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvQlVXV3lMN1RVemczUkhxZ1llUEdXdEp2U204LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBWBAIAATBQAwQFPmxgAwQF
PsGAAwQBVd6gAwQGW5RAAwQAW9+iAwQAshTNAwQAshTPAwQCuS/QAwQFwmqgAwQG
w/xAMAwDBALV9OQDBATV9OADBATZGkAwFAQCAAIwDgMFACABCMgDBQAqAg5AMA0G
CSqGSIb3DQEBCwUAA4IBAQBMWHCK6E8W/Pr0xb9TPixzE64fZEEhhDSpxV08pCn/
hOqJmNBGhLGefH2Q/pChaAQWxUIdOwZpgn9nUwt5nb32TaFKU6LLB0IN+bpN0R8i
mD92pPdYs3FTV7p+U5ObawHkzHig4dqv1jdW1NzjH1A8QSkbfq4iOe97YR/GrKZp
exhAOh0CTn/Eavv871xHwUep2mr3YOGEI4CUjFyqVA+FTCKzacnXEwFyzHQEUfPg
G5Eo85UrgPaRu+YHV/4QYIJry/tGJMejelCTiwL+Nd8WPEja1E//0LJebbqlANOb
3AS4ZvaBzUiC6d/7XPjvZl6jpXx51qZSBmagBGJKg+of
-----END CERTIFICATE-----