Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/eWNwoG2gNqVOl4jxtgq3km86-j8.roa
File:                     eWNwoG2gNqVOl4jxtgq3km86-j8.roa (raw, json)
Hash identifier:          tuYXWwSXyhuCjeV5A6/luy4IrIPezyScgsOJmMQtw38=
Subject key identifier:   79:63:70:A0:6D:A0:36:A5:4E:97:88:F1:B6:0A:B7:92:6F:3A:FA:3F
Certificate issuer:       /CN=8f368feb9e553bdd131562584a3353b1d7555c50
Certificate serial:       0194236A0522EE5646C4F5905C075884502C
Authority key identifier: 8F:36:8F:EB:9E:55:3B:DD:13:15:62:58:4A:33:53:B1:D7:55:5C:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzaP655VO90TFWJYSjNTsddVXFA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/eWNwoG2gNqVOl4jxtgq3km86-j8.roa
Signing time:             Wed 01 Jan 2025 19:48:58 +0000
ROA not before:           Wed 01 Jan 2025 19:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201565
IP address blocks:        89.35.206.0/24 maxlen: 24
                          89.35.207.0/24 maxlen: 24
                          185.11.232.0/22 maxlen: 22
                          185.59.96.0/22 maxlen: 22
                          185.62.248.0/24 maxlen: 24
                          185.62.249.0/24 maxlen: 24
                          185.62.250.0/24 maxlen: 24
                          185.62.251.0/24 maxlen: 24
                          185.91.148.0/24 maxlen: 24
                          185.91.149.0/24 maxlen: 24
                          185.91.150.0/24 maxlen: 24
                          185.91.151.0/24 maxlen: 24
                          2a03:7e40::/36 maxlen: 36
                          2a03:7e40:1000::/36 maxlen: 36
                          2a03:7e40:2000::/36 maxlen: 36
                          2a03:7e40:3000::/36 maxlen: 36
                          2a03:7e40:4000::/36 maxlen: 36
                          2a03:7e40:5000::/36 maxlen: 36
                          2a03:7e40:6000::/36 maxlen: 36
                          2a03:7e40:7000::/36 maxlen: 36
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:05:22:ee:56:46:c4:f5:90:5c:07:58:84:50:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f368feb9e553bdd131562584a3353b1d7555c50
        Validity
            Not Before: Jan  1 19:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=796370a06da036a54e9788f1b60ab7926f3afa3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b7:6b:73:77:ee:bd:b9:a6:70:b7:d3:20:fb:
                    a8:4e:4f:b8:52:08:54:4b:03:bb:5f:6d:a7:c9:07:
                    26:d0:13:56:e1:7a:2e:bb:a4:d7:5e:9b:41:20:2a:
                    0c:91:e7:4c:0a:a2:59:a6:1c:12:42:78:47:19:23:
                    d7:5b:73:56:fb:ea:8b:bf:c0:3f:af:88:fb:a3:cd:
                    d8:e2:c2:9d:fc:ce:b9:59:41:e5:7c:24:9a:3c:e2:
                    61:0b:08:76:5c:2e:e7:3d:53:bf:0d:de:81:ab:d1:
                    0c:ea:c0:04:95:65:f0:7e:d0:b5:eb:e5:dd:39:ea:
                    35:ed:6a:af:e3:c3:f5:58:82:e1:78:bc:67:18:83:
                    a6:e3:6a:47:b7:ae:99:c2:eb:0b:91:6b:7b:ca:ee:
                    99:e8:10:5b:c0:e9:15:f1:86:b0:94:4b:de:19:b5:
                    51:df:a6:a4:67:63:7c:5d:db:36:bf:dc:bf:ec:9d:
                    3e:50:e0:eb:9d:cd:cd:ee:c2:78:29:f3:33:85:c9:
                    57:70:d0:64:a1:02:df:77:8c:a0:e1:07:5f:bc:da:
                    e3:80:bd:7b:43:db:64:96:6d:3b:fb:ec:86:b8:12:
                    2a:4a:c7:f5:f0:1b:0a:a7:82:80:d8:72:1a:c7:c1:
                    fd:8f:68:e7:0c:c2:ef:70:d5:23:3d:a9:d6:19:85:
                    a9:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:63:70:A0:6D:A0:36:A5:4E:97:88:F1:B6:0A:B7:92:6F:3A:FA:3F
            X509v3 Authority Key Identifier:
                keyid:8F:36:8F:EB:9E:55:3B:DD:13:15:62:58:4A:33:53:B1:D7:55:5C:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzaP655VO90TFWJYSjNTsddVXFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/eWNwoG2gNqVOl4jxtgq3km86-j8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/jzaP655VO90TFWJYSjNTsddVXFA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.206.0/23
                  185.11.232.0/22
                  185.59.96.0/22
                  185.62.248.0/22
                  185.91.148.0/22
                IPv6:
                  2a03:7e40::/33

    Signature Algorithm: sha256WithRSAEncryption
         0c:b7:e5:f7:5f:84:7d:fb:8d:d9:30:f4:51:e0:1f:ae:22:cd:
         7b:03:c5:56:74:61:03:a8:20:8a:6a:7f:7d:d7:d4:da:de:f3:
         d5:fe:f9:28:37:6a:0b:b8:de:9f:fd:aa:cd:df:5c:50:61:a6:
         79:28:66:d5:0c:e2:71:08:41:f2:01:2b:61:4a:be:f7:f9:37:
         c1:1f:1a:81:8f:b5:d4:93:39:91:09:eb:ca:ca:4e:99:e2:79:
         37:cc:d6:1f:55:cc:3a:31:c0:e8:67:87:dc:27:bf:bd:ac:a6:
         1e:b2:a4:26:96:6c:33:b6:8c:3c:26:40:66:30:18:9c:37:0f:
         21:88:c3:c2:3d:49:bf:07:6b:d9:51:f2:81:f6:86:3a:83:2a:
         8a:1c:7b:23:15:50:a7:4c:b7:04:7e:88:61:c8:e0:03:e7:7f:
         c8:ed:4e:1a:dc:cd:1c:5c:cd:bc:09:4c:68:12:b2:3d:a9:11:
         97:a1:d6:f4:e3:84:b1:2a:c3:0b:3b:1d:58:e3:61:c3:d2:40:
         ae:7b:1a:26:af:67:32:da:19:56:e5:a1:21:30:96:52:b3:70:
         21:74:0a:e6:5b:73:49:a4:ed:65:57:69:12:16:a3:49:3a:36:
         3a:5d:bf:d2:66:2a:7c:15:d4:dc:2d:d5:04:b5:36:19:b9:16:
         63:2a:58:d8
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZQjagUi7lZGxPWQXAdYhFAsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzY4ZmViOWU1NTNiZGQxMzE1NjI1ODRhMzM1M2IxZDc1
NTVjNTAwHhcNMjUwMTAxMTk0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTYzNzBhMDZkYTAzNmE1NGU5Nzg4ZjFiNjBhYjc5MjZmM2FmYTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrdrc3fuvbmmcLfTIPuoTk+4UghU
SwO7X22nyQcm0BNW4Xouu6TXXptBICoMkedMCqJZphwSQnhHGSPXW3NW++qLv8A/
r4j7o83Y4sKd/M65WUHlfCSaPOJhCwh2XC7nPVO/Dd6Bq9EM6sAElWXwftC16+Xd
Oeo17Wqv48P1WILheLxnGIOm42pHt66ZwusLkWt7yu6Z6BBbwOkV8YawlEveGbVR
36akZ2N8Xds2v9y/7J0+UODrnc3N7sJ4KfMzhclXcNBkoQLfd4yg4QdfvNrjgL17
Q9tklm07++yGuBIqSsf18BsKp4KA2HIax8H9j2jnDMLvcNUjPanWGYWp9wIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFHljcKBtoDalTpeI8bYKt5JvOvo/MB8GA1UdIwQY
MBaAFI82j+ueVTvdExViWEozU7HXVVxQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanphUDY1NVZPOTBURldKWVNqTlRzZGRWWEZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8wNTQ3Y2ItYzVkYy00ZTJmLWFmZjct
M2VjYTdkZjJhZTU3LzEvZVdOd29HMmdOcVZPbDRqeHRncTNrbTg2LWo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8wNTQ3Y2ItYzVkYy00ZTJmLWFmZjctM2VjYTdkZjJhZTU3
LzEvanphUDY1NVZPOTBURldKWVNqTlRzZGRWWEZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAkBAIAATAeAwQBWSPOAwQC
uQvoAwQCuTtgAwQCuT74AwQCuVuUMA4EAgACMAgDBgcqA35AADANBgkqhkiG9w0B
AQsFAAOCAQEADLfl91+EffuN2TD0UeAfriLNewPFVnRhA6ggimp/fdfU2t7z1f75
KDdqC7jen/2qzd9cUGGmeShm1QzicQhB8gErYUq+9/k3wR8agY+11JM5kQnryspO
meJ5N8zWH1XMOjHA6GeH3Ce/vaymHrKkJpZsM7aMPCZAZjAYnDcPIYjDwj1Jvwdr
2VHygfaGOoMqihx7IxVQp0y3BH6IYcjgA+d/yO1OGtzNHFzNvAlMaBKyPakRl6HW
9OOEsSrDCzsdWONhw9JArnsaJq9nMtoZVuWhITCWUrNwIXQK5ltzSaTtZVdpEhaj
STo2Ol2/0mYqfBXU3C3VBLU2GbkWYypY2A==
-----END CERTIFICATE-----