Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1b9a66-f820-45a0-b02d-d78766d8c858/1/4siTv1cIQqiRqqbBP3me0G2tMEA.roa
File:                     4siTv1cIQqiRqqbBP3me0G2tMEA.roa (raw, json)
Hash identifier:          SDh+UpJOyjnagfNdrfriJXPS5zpz808h3YCOrbfCctg=
Subject key identifier:   E2:C8:93:BF:57:08:42:A8:91:AA:A6:C1:3F:79:9E:D0:6D:AD:30:40
Certificate issuer:       /CN=4186e6b9d1f78c94d63fac934ab9aadc0c96d43e
Certificate serial:       01941FF9FF4C995E5F204B5F1D22CC915B4B
Authority key identifier: 41:86:E6:B9:D1:F7:8C:94:D6:3F:AC:93:4A:B9:AA:DC:0C:96:D4:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QYbmudH3jJTWP6yTSrmq3AyW1D4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1b9a66-f820-45a0-b02d-d78766d8c858/1/4siTv1cIQqiRqqbBP3me0G2tMEA.roa
Signing time:             Wed 01 Jan 2025 03:47:45 +0000
ROA not before:           Wed 01 Jan 2025 03:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15516
IP address blocks:        62.61.128.0/19 maxlen: 19
                          77.75.160.0/21 maxlen: 21
                          79.98.192.0/21 maxlen: 21
                          81.161.128.0/18 maxlen: 18
                          82.147.224.0/19 maxlen: 19
                          82.211.224.0/19 maxlen: 19
                          85.24.0.0/17 maxlen: 17
                          87.72.0.0/15 maxlen: 15
                          91.100.0.0/15 maxlen: 15
                          195.135.216.0/22 maxlen: 22
                          2001:14d0::/29 maxlen: 29
                          2a01:558::/32 maxlen: 32
                          2a07:8900::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:f9:ff:4c:99:5e:5f:20:4b:5f:1d:22:cc:91:5b:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4186e6b9d1f78c94d63fac934ab9aadc0c96d43e
        Validity
            Not Before: Jan  1 03:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2c893bf570842a891aaa6c13f799ed06dad3040
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5a:02:07:94:6a:c9:31:b0:8d:80:50:4d:57:
                    27:d0:8f:16:bc:4e:06:3b:fa:5e:4d:04:b5:3a:ed:
                    36:73:45:92:a9:74:8b:06:58:e3:b7:f5:91:fa:e4:
                    8d:64:a5:e0:91:bf:b7:f4:b4:63:2e:64:b5:ad:62:
                    ef:c5:08:e1:16:6a:7d:ed:e6:64:e4:7e:91:f3:7d:
                    9e:2a:ee:23:99:f6:b8:ec:1c:b5:cb:f3:dd:ec:68:
                    17:c4:78:b3:fd:56:c5:ca:38:47:5e:3b:49:e3:c6:
                    c9:b6:62:8a:62:37:8c:55:46:9f:cf:a6:e2:d5:74:
                    14:e0:e1:69:37:f2:5a:02:ba:e8:c3:46:37:ac:29:
                    eb:83:15:c2:08:c8:62:6d:bd:62:a3:36:41:a7:2b:
                    65:3e:8f:e2:9f:c3:a3:22:ab:1c:ac:10:05:7c:a7:
                    35:95:eb:f8:2d:0b:c1:ac:fe:2e:45:26:8e:70:7e:
                    b3:af:fe:ae:2b:8c:e3:39:a2:54:a6:86:d0:05:b9:
                    e4:37:c9:0d:d9:01:c5:99:d0:ee:34:5f:09:3e:b8:
                    f3:c9:6e:96:db:3a:6d:6e:bf:ab:9b:32:e9:31:74:
                    55:f8:f0:a0:45:de:ee:cc:88:cf:73:87:2e:3b:ba:
                    4b:15:96:d3:11:e9:6f:33:5f:63:69:80:c0:6e:e7:
                    c5:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:C8:93:BF:57:08:42:A8:91:AA:A6:C1:3F:79:9E:D0:6D:AD:30:40
            X509v3 Authority Key Identifier:
                keyid:41:86:E6:B9:D1:F7:8C:94:D6:3F:AC:93:4A:B9:AA:DC:0C:96:D4:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QYbmudH3jJTWP6yTSrmq3AyW1D4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1b9a66-f820-45a0-b02d-d78766d8c858/1/4siTv1cIQqiRqqbBP3me0G2tMEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1b9a66-f820-45a0-b02d-d78766d8c858/1/QYbmudH3jJTWP6yTSrmq3AyW1D4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.61.128.0/19
                  77.75.160.0/21
                  79.98.192.0/21
                  81.161.128.0/18
                  82.147.224.0/19
                  82.211.224.0/19
                  85.24.0.0/17
                  87.72.0.0/15
                  91.100.0.0/15
                  195.135.216.0/22
                IPv6:
                  2001:14d0::/29
                  2a01:558::/32
                  2a07:8900::/29

    Signature Algorithm: sha256WithRSAEncryption
         a7:0c:74:ae:d3:39:5f:5a:d8:6c:69:0f:32:ab:d3:9e:1a:f8:
         54:b5:48:09:e5:e6:f5:ec:8e:01:07:59:21:51:65:f5:3c:08:
         f8:24:5e:0b:56:05:d0:7f:d7:0c:a0:e8:1e:2b:87:1a:77:1e:
         c0:e9:6a:c2:32:89:89:88:6d:a8:2b:f9:fa:79:34:86:23:4e:
         e4:72:03:47:bf:80:84:de:b0:86:24:c4:00:ac:cb:98:33:46:
         bd:b3:3d:ce:a5:41:59:68:e6:f0:32:fc:f5:1d:42:46:9d:40:
         cc:15:7e:bd:d5:97:15:c6:ca:97:b5:f7:ca:0a:7d:b4:e7:13:
         37:4e:32:d4:66:d9:8c:ba:5c:7c:a3:fe:aa:92:56:7d:ce:36:
         0d:cc:1e:bb:b0:d1:e4:d4:a4:53:ae:e0:b8:40:36:fa:4b:87:
         8b:6d:07:83:b3:32:4e:3b:fa:a9:dc:65:37:4a:f1:ad:f3:50:
         0c:01:9e:b0:86:ee:e2:95:33:4a:57:32:61:18:db:5f:93:ad:
         ee:92:4a:32:c8:58:02:f8:33:b0:8a:99:62:76:b5:63:f0:95:
         75:96:a5:34:c6:14:6e:40:56:c5:b1:66:db:d3:d9:86:98:d9:
         d2:7c:03:4d:2e:64:34:a6:79:63:7b:b6:18:c9:b8:8c:d6:a7:
         64:ca:a2:a4
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAZQf+f9MmV5fIEtfHSLMkVtLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxODZlNmI5ZDFmNzhjOTRkNjNmYWM5MzRhYjlhYWRjMGM5
NmQ0M2UwHhcNMjUwMTAxMDM0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmM4OTNiZjU3MDg0MmE4OTFhYWE2YzEzZjc5OWVkMDZkYWQzMDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoloCB5RqyTGwjYBQTVcn0I8WvE4G
O/peTQS1Ou02c0WSqXSLBljjt/WR+uSNZKXgkb+39LRjLmS1rWLvxQjhFmp97eZk
5H6R832eKu4jmfa47By1y/Pd7GgXxHiz/VbFyjhHXjtJ48bJtmKKYjeMVUafz6bi
1XQU4OFpN/JaArrow0Y3rCnrgxXCCMhibb1iozZBpytlPo/in8OjIqscrBAFfKc1
lev4LQvBrP4uRSaOcH6zr/6uK4zjOaJUpobQBbnkN8kN2QHFmdDuNF8JPrjzyW6W
2zptbr+rmzLpMXRV+PCgRd7uzIjPc4cuO7pLFZbTEelvM19jaYDAbufF2wIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFOLIk79XCEKokaqmwT95ntBtrTBAMB8GA1UdIwQY
MBaAFEGG5rnR94yU1j+sk0q5qtwMltQ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVlibXVkSDNqSlRXUDZ5VFNybXEzQXlXMUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xYjlhNjYtZjgyMC00NWEwLWIwMmQt
ZDc4NzY2ZDhjODU4LzEvNHNpVHYxY0lRcWlScXFiQlAzbWUwRzJ0TUVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xYjlhNjYtZjgyMC00NWEwLWIwMmQtZDc4NzY2ZDhjODU4
LzEvUVlibXVkSDNqSlRXUDZ5VFNybXEzQXlXMUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBABAIAATA6AwQFPj2AAwQD
TUugAwQDT2LAAwQGUaGAAwQFUpPgAwQFUtPgAwQHVRgAAwMBV0gDAwFbZAMEAsOH
2DAbBAIAAjAVAwUDIAEU0AMFACoBBVgDBQMqB4kAMA0GCSqGSIb3DQEBCwUAA4IB
AQCnDHSu0zlfWthsaQ8yq9OeGvhUtUgJ5eb17I4BB1khUWX1PAj4JF4LVgXQf9cM
oOgeK4cadx7A6WrCMomJiG2oK/n6eTSGI07kcgNHv4CE3rCGJMQArMuYM0a9sz3O
pUFZaObwMvz1HUJGnUDMFX691ZcVxsqXtffKCn205xM3TjLUZtmMulx8o/6qklZ9
zjYNzB67sNHk1KRTruC4QDb6S4eLbQeDszJOO/qp3GU3SvGt81AMAZ6whu7ilTNK
VzJhGNtfk63ukkoyyFgC+DOwiplidrVj8JV1lqU0xhRuQFbFsWbb09mGmNnSfANN
LmQ0pnlje7YYybiM1qdkyqKk
-----END CERTIFICATE-----