Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/279a3a-e7a0-4065-b6d8-0f6c412cf3df/1/vH1JJD9D24fFC1pA8PsnKijiP6M.roa
File:                     vH1JJD9D24fFC1pA8PsnKijiP6M.roa (raw, json)
Hash identifier:          i0B3P6h6TyOcZqs+27w3JzYg10hL8qvRbmomwjVt9VM=
Subject key identifier:   BC:7D:49:24:3F:43:DB:87:C5:0B:5A:40:F0:FB:27:2A:28:E2:3F:A3
Certificate issuer:       /CN=c7208a8b85bcb807cad64138543263acb204448b
Certificate serial:       019420D5EAD7C8D9B22C7786476AF05ACBF7
Authority key identifier: C7:20:8A:8B:85:BC:B8:07:CA:D6:41:38:54:32:63:AC:B2:04:44:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xyCKi4W8uAfK1kE4VDJjrLIERIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/279a3a-e7a0-4065-b6d8-0f6c412cf3df/1/vH1JJD9D24fFC1pA8PsnKijiP6M.roa
Signing time:             Wed 01 Jan 2025 07:47:57 +0000
ROA not before:           Wed 01 Jan 2025 07:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12479
IP address blocks:        37.11.0.0/16 maxlen: 24
                          37.14.0.0/15 maxlen: 24
                          37.35.128.0/17 maxlen: 24
                          37.97.124.0/22 maxlen: 24
                          37.132.0.0/14 maxlen: 24
                          62.14.0.0/15 maxlen: 24
                          87.216.0.0/13 maxlen: 24
                          95.16.0.0/13 maxlen: 24
                          146.158.128.0/17 maxlen: 24
                          185.4.188.0/22 maxlen: 24
                          188.76.0.0/14 maxlen: 24
                          212.9.64.0/19 maxlen: 24
                          212.106.192.0/18 maxlen: 24
                          213.179.96.0/19 maxlen: 24
                          2a02:2e00::/27 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ea:d7:c8:d9:b2:2c:77:86:47:6a:f0:5a:cb:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7208a8b85bcb807cad64138543263acb204448b
        Validity
            Not Before: Jan  1 07:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc7d49243f43db87c50b5a40f0fb272a28e23fa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:aa:01:d3:28:76:a7:2f:d8:bf:a7:82:db:24:
                    eb:4d:be:9f:3a:48:48:0c:b4:7f:29:3a:08:d3:6a:
                    0c:7b:5e:da:09:3b:0f:eb:82:d9:87:2b:cf:0e:d4:
                    8b:21:5e:26:6c:b4:68:39:af:c7:d8:cc:dd:b4:50:
                    89:81:1c:88:f6:a4:a7:ee:bc:e5:97:ff:1a:58:c1:
                    2e:dc:6c:b8:fe:be:10:58:d9:34:0a:3f:65:80:e7:
                    0e:d7:e1:21:9f:82:3a:22:d7:12:47:4a:e1:bb:d2:
                    49:93:94:09:6f:32:65:20:4b:cd:01:ca:94:22:cf:
                    70:86:73:6b:38:a0:0c:bc:fe:72:66:16:cb:0f:05:
                    73:ed:ae:99:5a:b6:90:30:5a:b4:b3:ce:08:df:60:
                    df:80:9f:ed:32:1d:05:df:d6:b0:e6:b0:dc:f3:7d:
                    75:da:76:94:72:8a:b7:3a:28:34:bb:b0:23:ea:2b:
                    57:03:9d:04:45:14:26:3f:ee:27:fe:8e:1f:b6:27:
                    66:4b:16:51:06:b5:bb:e7:ae:5d:23:65:81:5b:10:
                    c1:97:9c:78:69:a1:a0:41:9a:ed:5a:55:cb:8d:4f:
                    d4:74:48:bd:00:03:60:8e:88:14:e4:83:78:19:bf:
                    32:a3:68:b7:f6:01:5c:2e:36:17:59:11:92:91:da:
                    b8:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:7D:49:24:3F:43:DB:87:C5:0B:5A:40:F0:FB:27:2A:28:E2:3F:A3
            X509v3 Authority Key Identifier:
                keyid:C7:20:8A:8B:85:BC:B8:07:CA:D6:41:38:54:32:63:AC:B2:04:44:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xyCKi4W8uAfK1kE4VDJjrLIERIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/279a3a-e7a0-4065-b6d8-0f6c412cf3df/1/vH1JJD9D24fFC1pA8PsnKijiP6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/279a3a-e7a0-4065-b6d8-0f6c412cf3df/1/xyCKi4W8uAfK1kE4VDJjrLIERIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.11.0.0/16
                  37.14.0.0/15
                  37.35.128.0/17
                  37.97.124.0/22
                  37.132.0.0/14
                  62.14.0.0/15
                  87.216.0.0/13
                  95.16.0.0/13
                  146.158.128.0/17
                  185.4.188.0/22
                  188.76.0.0/14
                  212.9.64.0/19
                  212.106.192.0/18
                  213.179.96.0/19
                IPv6:
                  2a02:2e00::/27

    Signature Algorithm: sha256WithRSAEncryption
         92:60:93:05:8f:fa:8a:5d:33:c4:73:e5:37:31:24:33:5b:01:
         f7:47:b1:36:ab:69:ac:a0:18:47:95:ab:4e:19:6f:77:b0:63:
         24:86:39:2d:e1:a8:ef:e8:eb:cf:89:ca:40:bf:c2:79:b1:cb:
         c4:55:8b:50:a1:df:57:9f:f4:2b:dd:c3:9b:99:57:8f:08:68:
         75:b6:39:6a:dc:14:ad:17:a0:72:1c:fc:ce:a1:e4:2b:22:a6:
         35:0f:d3:29:a3:b6:62:d3:9f:f3:c6:08:a2:9a:e4:b5:e5:d0:
         c7:22:2e:b5:df:e4:c0:63:b4:1e:46:04:45:05:e1:34:a0:19:
         64:74:53:a8:f5:68:d1:99:65:e2:f6:75:19:89:18:3f:52:5f:
         80:cb:83:36:b4:f5:b8:3c:5e:16:35:6a:09:e0:27:23:ab:84:
         bd:aa:31:db:6e:d4:5c:96:d0:fc:ef:04:50:86:20:0e:63:89:
         7d:27:f0:a8:cf:88:61:d7:ee:3f:56:6a:bb:db:9a:90:4a:e3:
         be:d3:26:a8:8a:8b:c0:83:aa:e1:d0:02:08:1b:33:ff:83:75:
         64:1e:86:1c:20:51:7b:85:f5:bd:36:7e:19:55:82:5c:ac:e9:
         6b:9b:0d:86:e0:93:5a:4a:f1:a6:d1:2a:77:53:a2:82:2d:7d:
         1b:d7:c3:82
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAZQg1erXyNmyLHeGR2rwWsv3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3MjA4YThiODViY2I4MDdjYWQ2NDEzODU0MzI2M2FjYjIw
NDQ0OGIwHhcNMjUwMTAxMDc0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzdkNDkyNDNmNDNkYjg3YzUwYjVhNDBmMGZiMjcyYTI4ZTIzZmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaoB0yh2py/Yv6eC2yTrTb6fOkhI
DLR/KToI02oMe17aCTsP64LZhyvPDtSLIV4mbLRoOa/H2MzdtFCJgRyI9qSn7rzl
l/8aWMEu3Gy4/r4QWNk0Cj9lgOcO1+Ehn4I6ItcSR0rhu9JJk5QJbzJlIEvNAcqU
Is9whnNrOKAMvP5yZhbLDwVz7a6ZWraQMFq0s84I32DfgJ/tMh0F39aw5rDc8311
2naUcoq3Oig0u7Aj6itXA50ERRQmP+4n/o4ftidmSxZRBrW7565dI2WBWxDBl5x4
aaGgQZrtWlXLjU/UdEi9AANgjogU5IN4Gb8yo2i39gFcLjYXWRGSkdq43QIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFLx9SSQ/Q9uHxQtaQPD7Jyoo4j+jMB8GA1UdIwQY
MBaAFMcgiouFvLgHytZBOFQyY6yyBESLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHlDS2k0Vzh1QWZLMWtFNFZESmpyTElFUklzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8yNzlhM2EtZTdhMC00MDY1LWI2ZDgt
MGY2YzQxMmNmM2RmLzEvdkgxSkpEOUQyNGZGQzFwQThQc25LaWppUDZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8yNzlhM2EtZTdhMC00MDY1LWI2ZDgtMGY2YzQxMmNmM2Rm
LzEveHlDS2k0Vzh1QWZLMWtFNFZESmpyTElFUklzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBTBAIAATBNAwMAJQsDAwEl
DgMEByUjgAMEAiVhfAMDAiWEAwMBPg4DAwNX2AMDA18QAwQHkp6AAwQCuQS8AwMC
vEwDBAXUCUADBAbUasADBAXVs2AwDQQCAAIwBwMFBSoCLgAwDQYJKoZIhvcNAQEL
BQADggEBAJJgkwWP+opdM8Rz5TcxJDNbAfdHsTaraaygGEeVq04Zb3ewYySGOS3h
qO/o68+JykC/wnmxy8RVi1Ch31ef9Cvdw5uZV48IaHW2OWrcFK0XoHIc/M6h5Csi
pjUP0ymjtmLTn/PGCKKa5LXl0MciLrXf5MBjtB5GBEUF4TSgGWR0U6j1aNGZZeL2
dRmJGD9SX4DLgza09bg8XhY1agngJyOrhL2qMdtu1FyW0PzvBFCGIA5jiX0n8KjP
iGHX7j9WarvbmpBK477TJqiKi8CDquHQAggbM/+DdWQehhwgUXuF9b02fhlVglys
6WubDYbgk1pK8abRKndTooItfRvXw4I=
-----END CERTIFICATE-----