Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/47645f-3cd0-4b36-8c53-1850fff04425/1/trR0gOkOqLM9i33P9z5lDKAYVLA.roa
File:                     trR0gOkOqLM9i33P9z5lDKAYVLA.roa (raw, json)
Hash identifier:          yYJpYO73PDxpmBJL0VJQpTeNGi0zNN4BxZzYljkZajw=
Subject key identifier:   B6:B4:74:80:E9:0E:A8:B3:3D:8B:7D:CF:F7:3E:65:0C:A0:18:54:B0
Certificate issuer:       /CN=53585138107965c389f367b55abd792b531eb9ca
Certificate serial:       019421B1D52C099DA8B4653F7A5470DB747A
Authority key identifier: 53:58:51:38:10:79:65:C3:89:F3:67:B5:5A:BD:79:2B:53:1E:B9:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U1hROBB5ZcOJ82e1Wr15K1Meuco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/47645f-3cd0-4b36-8c53-1850fff04425/1/trR0gOkOqLM9i33P9z5lDKAYVLA.roa
Signing time:             Wed 01 Jan 2025 11:48:10 +0000
ROA not before:           Wed 01 Jan 2025 11:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41369
IP address blocks:        5.250.160.0/21 maxlen: 24
                          77.240.16.0/23 maxlen: 24
                          77.240.24.0/21 maxlen: 24
                          79.171.224.0/21 maxlen: 24
                          80.242.16.0/20 maxlen: 24
                          89.250.48.0/20 maxlen: 24
                          93.191.120.0/21 maxlen: 24
                          94.199.112.0/21 maxlen: 24
                          185.87.244.0/22 maxlen: 24
                          185.145.172.0/22 maxlen: 24
                          195.60.252.0/22 maxlen: 24
                          2a00:f5c0::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d5:2c:09:9d:a8:b4:65:3f:7a:54:70:db:74:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53585138107965c389f367b55abd792b531eb9ca
        Validity
            Not Before: Jan  1 11:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6b47480e90ea8b33d8b7dcff73e650ca01854b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6c:bc:59:ff:90:07:de:c3:db:6e:17:f2:07:
                    bd:5c:8e:cb:b4:5d:0e:e0:9f:7a:42:7f:f5:e6:e2:
                    0e:54:08:8b:3b:b7:c1:cf:63:18:d7:0d:04:2a:e3:
                    c9:28:b9:9e:89:cd:fc:61:1a:38:de:72:95:43:e7:
                    8e:fc:a3:eb:b5:8a:c1:73:8c:06:32:03:64:75:cd:
                    d0:79:d8:9f:e9:8e:d0:c5:33:6f:f2:ba:b7:46:91:
                    bb:be:a1:9d:b1:89:d8:97:c0:65:f8:d4:60:ad:d4:
                    2f:5b:c8:bd:7a:38:8b:5d:96:22:19:d8:a9:d3:70:
                    eb:be:e7:8b:5d:00:63:a9:bd:91:3a:8d:cf:31:76:
                    4d:c5:84:4f:d0:7a:78:51:9b:f6:ff:81:ce:31:80:
                    4d:f8:07:63:87:d6:18:38:fd:5a:5d:af:8a:2f:66:
                    68:f8:81:b7:71:c0:3a:be:aa:5a:8a:e1:33:dc:19:
                    84:b5:0a:6a:97:08:ba:50:1d:ac:bd:33:46:3e:d0:
                    5d:4c:71:e2:e0:b2:ab:0b:21:3f:c0:91:29:73:3f:
                    21:5f:e3:e3:85:f2:15:72:e2:f9:0f:b4:d8:1c:01:
                    cd:12:7c:36:2b:e9:bc:e4:57:8c:2e:9d:95:8e:cd:
                    38:51:f1:89:da:7a:92:99:a8:c6:9d:66:a4:a4:4b:
                    b6:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:B4:74:80:E9:0E:A8:B3:3D:8B:7D:CF:F7:3E:65:0C:A0:18:54:B0
            X509v3 Authority Key Identifier:
                keyid:53:58:51:38:10:79:65:C3:89:F3:67:B5:5A:BD:79:2B:53:1E:B9:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U1hROBB5ZcOJ82e1Wr15K1Meuco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/47645f-3cd0-4b36-8c53-1850fff04425/1/trR0gOkOqLM9i33P9z5lDKAYVLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/47645f-3cd0-4b36-8c53-1850fff04425/1/U1hROBB5ZcOJ82e1Wr15K1Meuco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.250.160.0/21
                  77.240.16.0/23
                  77.240.24.0/21
                  79.171.224.0/21
                  80.242.16.0/20
                  89.250.48.0/20
                  93.191.120.0/21
                  94.199.112.0/21
                  185.87.244.0/22
                  185.145.172.0/22
                  195.60.252.0/22
                IPv6:
                  2a00:f5c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:33:43:a4:85:38:78:ad:5d:14:56:d0:9b:32:f2:52:aa:3e:
         f4:5c:66:c4:51:29:82:90:68:bc:fc:88:fa:f4:90:f8:10:74:
         08:ca:37:36:fe:55:b5:2f:af:a3:e5:91:ad:43:51:93:50:1f:
         ad:64:cc:00:f6:92:ca:6a:45:95:62:21:4c:f2:79:be:40:32:
         3a:1a:4f:b2:2c:9e:e7:73:23:62:de:92:4d:78:a2:ca:b6:e5:
         4d:76:f8:c1:d2:df:e1:b2:f2:7f:4e:01:4c:b9:96:99:f3:ca:
         fd:9c:a0:26:80:c0:96:a9:ab:67:f2:2f:6f:ff:5f:f7:73:e0:
         a9:36:ec:6c:04:73:2d:82:ff:89:27:bd:20:1c:4e:bc:0b:b6:
         0d:de:26:9c:68:ca:de:e1:3d:3c:fc:b6:02:12:7e:4d:be:07:
         25:16:52:8d:8f:9b:41:f7:cf:03:bd:96:32:25:c6:ab:6a:4b:
         6e:6b:ab:05:ca:1b:a9:d6:1e:5b:9e:55:e0:03:5e:82:82:64:
         ab:e7:7e:66:eb:b0:29:c4:28:83:15:0c:9d:13:ae:70:3f:20:
         a0:bf:e8:d5:60:8b:92:da:ac:a8:40:8b:08:27:d7:a4:88:23:
         a0:2c:05:e7:cb:d9:07:9d:a7:39:7a:01:d2:41:e3:70:36:e6:
         bf:ad:e9:fc
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAZQhsdUsCZ2otGU/elRw23R6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNTg1MTM4MTA3OTY1YzM4OWYzNjdiNTVhYmQ3OTJiNTMx
ZWI5Y2EwHhcNMjUwMTAxMTE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmI0NzQ4MGU5MGVhOGIzM2Q4YjdkY2ZmNzNlNjUwY2EwMTg1NGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGy8Wf+QB97D224X8ge9XI7LtF0O
4J96Qn/15uIOVAiLO7fBz2MY1w0EKuPJKLmeic38YRo43nKVQ+eO/KPrtYrBc4wG
MgNkdc3Qedif6Y7QxTNv8rq3RpG7vqGdsYnYl8Bl+NRgrdQvW8i9ejiLXZYiGdip
03DrvueLXQBjqb2ROo3PMXZNxYRP0Hp4UZv2/4HOMYBN+Adjh9YYOP1aXa+KL2Zo
+IG3ccA6vqpaiuEz3BmEtQpqlwi6UB2svTNGPtBdTHHi4LKrCyE/wJEpcz8hX+Pj
hfIVcuL5D7TYHAHNEnw2K+m85FeMLp2Vjs04UfGJ2nqSmajGnWakpEu2OwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFLa0dIDpDqizPYt9z/c+ZQygGFSwMB8GA1UdIwQY
MBaAFFNYUTgQeWXDifNntVq9eStTHrnKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTFoUk9CQjVaY09KODJlMVdyMTVLMU1ldWNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy80NzY0NWYtM2NkMC00YjM2LThjNTMt
MTg1MGZmZjA0NDI1LzEvdHJSMGdPa09xTE05aTMzUDl6NWxES0FZVkxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy80NzY0NWYtM2NkMC00YjM2LThjNTMtMTg1MGZmZjA0NDI1
LzEvVTFoUk9CQjVaY09KODJlMVdyMTVLMU1ldWNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQDBfqgAwQB
TfAQAwQDTfAYAwQDT6vgAwQEUPIQAwQEWfowAwQDXb94AwQDXsdwAwQCuVf0AwQC
uZGsAwQCwzz8MA0EAgACMAcDBQAqAPXAMA0GCSqGSIb3DQEBCwUAA4IBAQA+M0Ok
hTh4rV0UVtCbMvJSqj70XGbEUSmCkGi8/Ij69JD4EHQIyjc2/lW1L6+j5ZGtQ1GT
UB+tZMwA9pLKakWVYiFM8nm+QDI6Gk+yLJ7ncyNi3pJNeKLKtuVNdvjB0t/hsvJ/
TgFMuZaZ88r9nKAmgMCWqatn8i9v/1/3c+CpNuxsBHMtgv+JJ70gHE68C7YN3iac
aMre4T08/LYCEn5NvgclFlKNj5tB988DvZYyJcaraktua6sFyhup1h5bnlXgA16C
gmSr535m67ApxCiDFQydE65wPyCgv+jVYIuS2qyoQIsIJ9ekiCOgLAXny9kHnac5
egHSQeNwNua/ren8
-----END CERTIFICATE-----