Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/ff1078-d196-46a5-a741-ed31e43f1e08/1/p1mXcIQxL77L_jQGXA_KIyns_RU.roa
File:                     p1mXcIQxL77L_jQGXA_KIyns_RU.roa (raw, json)
Hash identifier:          z0OqGXTq8kuCQJixhA0eSGU0mlbhHaHOLMCmElSbQgI=
Subject key identifier:   A7:59:97:70:84:31:2F:BE:CB:FE:34:06:5C:0F:CA:23:29:EC:FD:15
Certificate issuer:       /CN=0cdc07fda6f4d55b7c8182c929a3c4ac3c0a82fd
Certificate serial:       019420D5EA65C437B9E9E5393DFDB2E3CA49
Authority key identifier: 0C:DC:07:FD:A6:F4:D5:5B:7C:81:82:C9:29:A3:C4:AC:3C:0A:82:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DNwH_ab01Vt8gYLJKaPErDwKgv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/ff1078-d196-46a5-a741-ed31e43f1e08/1/p1mXcIQxL77L_jQGXA_KIyns_RU.roa
Signing time:             Wed 01 Jan 2025 07:47:57 +0000
ROA not before:           Wed 01 Jan 2025 07:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199666
IP address blocks:        146.247.64.0/22 maxlen: 22
                          146.247.64.0/24 maxlen: 24
                          146.247.65.0/24 maxlen: 24
                          146.247.66.0/24 maxlen: 24
                          146.247.67.0/24 maxlen: 24
                          146.247.68.0/23 maxlen: 23
                          146.247.68.0/24 maxlen: 24
                          146.247.69.0/24 maxlen: 24
                          146.247.70.0/23 maxlen: 23
                          146.247.70.0/24 maxlen: 24
                          185.127.220.0/23 maxlen: 23
                          185.127.222.0/23 maxlen: 23
                          2a05:9dc0::/48 maxlen: 48
                          2a05:9dc0:400::/48 maxlen: 48
                          2a05:9dc0:410::/48 maxlen: 48
                          2a05:9dc0:420::/48 maxlen: 48
                          2a05:9dc0:ffff::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ea:65:c4:37:b9:e9:e5:39:3d:fd:b2:e3:ca:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0cdc07fda6f4d55b7c8182c929a3c4ac3c0a82fd
        Validity
            Not Before: Jan  1 07:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a759977084312fbecbfe34065c0fca2329ecfd15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:16:6d:5e:df:fa:e8:d9:78:0f:87:55:3b:18:
                    5b:3c:56:1b:3d:4b:14:01:84:d0:41:77:b3:26:ac:
                    05:bc:5f:bf:a3:ee:62:ce:2e:ed:cc:df:e4:29:ee:
                    c8:92:17:c6:50:35:cc:72:60:5f:02:df:c4:fb:04:
                    66:4f:15:10:48:b6:b0:bb:64:2b:d7:70:fd:58:0a:
                    28:0c:22:13:e4:0d:52:49:48:f1:8f:27:7c:fa:ba:
                    65:8f:be:c9:cf:b8:03:ad:b3:64:e5:36:db:59:0b:
                    22:bb:94:bd:24:7b:42:45:9c:1a:52:c9:2b:8f:dc:
                    49:5b:89:3b:48:2c:47:2e:9d:66:d4:83:13:67:ba:
                    03:fd:d4:78:cc:0f:f4:34:08:cb:0c:16:66:90:7f:
                    1d:27:77:b1:c9:2c:9b:c6:57:e1:70:fa:e4:8f:e1:
                    58:4a:3e:e7:1c:c6:20:c8:5a:0c:84:17:3d:89:ce:
                    da:f0:a0:40:6d:06:52:bc:7a:43:b4:8d:90:7d:0a:
                    30:03:be:d3:8f:56:63:13:50:3a:07:0e:7e:64:86:
                    ff:b7:7e:74:27:89:e6:bf:53:0f:14:07:c6:cf:d5:
                    cd:2f:de:29:04:ef:f8:9c:33:0c:ec:be:bc:44:fd:
                    69:26:59:a8:e3:c3:7f:21:4e:9c:40:6c:a0:70:98:
                    58:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:59:97:70:84:31:2F:BE:CB:FE:34:06:5C:0F:CA:23:29:EC:FD:15
            X509v3 Authority Key Identifier:
                keyid:0C:DC:07:FD:A6:F4:D5:5B:7C:81:82:C9:29:A3:C4:AC:3C:0A:82:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DNwH_ab01Vt8gYLJKaPErDwKgv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/ff1078-d196-46a5-a741-ed31e43f1e08/1/p1mXcIQxL77L_jQGXA_KIyns_RU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/ff1078-d196-46a5-a741-ed31e43f1e08/1/DNwH_ab01Vt8gYLJKaPErDwKgv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.64.0/21
                  185.127.220.0/22
                IPv6:
                  2a05:9dc0::/48
                  2a05:9dc0:400::/48
                  2a05:9dc0:410::/48
                  2a05:9dc0:420::/48
                  2a05:9dc0:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:a5:9d:8a:bb:70:ee:68:b8:a1:8b:65:d2:7d:32:81:cc:14:
         ba:69:f2:ca:bc:a2:92:e7:15:72:04:33:97:4d:91:ce:2e:0a:
         5d:11:35:a2:b5:61:99:22:8b:c3:05:1d:81:01:1f:1b:db:be:
         2e:76:57:f1:fb:8f:02:d3:37:55:f4:53:88:de:db:bf:8a:64:
         4d:b7:7c:d0:0b:49:65:62:bc:9e:9d:a5:8b:cc:0b:1d:eb:a9:
         27:52:bf:15:49:d8:6f:c2:1d:77:68:61:52:65:e0:86:5e:2c:
         95:14:e4:cd:8d:a3:46:54:91:85:e3:bd:71:57:92:0a:af:6d:
         be:43:38:64:4f:ca:12:c1:6e:c6:10:50:05:70:1b:8a:78:f0:
         d6:7f:b8:2f:b7:22:aa:ab:8b:d4:3d:ce:44:c0:25:63:ab:dd:
         ee:bf:8d:61:f9:19:6c:fd:10:dd:75:81:83:d2:16:2f:1a:f0:
         d0:a1:4c:e5:71:66:50:95:df:b1:25:84:d5:91:ff:17:05:f5:
         a2:e4:15:a5:ad:b6:02:cb:ee:04:fd:b0:a0:1f:aa:82:cb:92:
         40:8a:01:36:4c:5b:f9:b8:bf:6c:b2:8d:f3:8e:dd:95:1f:68:
         e0:3b:a3:0a:83:e0:31:18:a2:97:39:89:b6:9c:c5:9a:e9:e7:
         11:26:75:11
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZQg1eplxDe56eU5Pf2y48pJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZGMwN2ZkYTZmNGQ1NWI3YzgxODJjOTI5YTNjNGFjM2Mw
YTgyZmQwHhcNMjUwMTAxMDc0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzU5OTc3MDg0MzEyZmJlY2JmZTM0MDY1YzBmY2EyMzI5ZWNmZDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxZtXt/66Nl4D4dVOxhbPFYbPUsU
AYTQQXezJqwFvF+/o+5izi7tzN/kKe7IkhfGUDXMcmBfAt/E+wRmTxUQSLawu2Qr
13D9WAooDCIT5A1SSUjxjyd8+rplj77Jz7gDrbNk5TbbWQsiu5S9JHtCRZwaUskr
j9xJW4k7SCxHLp1m1IMTZ7oD/dR4zA/0NAjLDBZmkH8dJ3exySybxlfhcPrkj+FY
Sj7nHMYgyFoMhBc9ic7a8KBAbQZSvHpDtI2QfQowA77Tj1ZjE1A6Bw5+ZIb/t350
J4nmv1MPFAfGz9XNL94pBO/4nDMM7L68RP1pJlmo48N/IU6cQGygcJhYEwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFKdZl3CEMS++y/40BlwPyiMp7P0VMB8GA1UdIwQY
MBaAFAzcB/2m9NVbfIGCySmjxKw8CoL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE53SF9hYjAxVnQ4Z1lMSkthUEVyRHdLZ3YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9mZjEwNzgtZDE5Ni00NmE1LWE3NDEt
ZWQzMWU0M2YxZTA4LzEvcDFtWGNJUXhMNzdMX2pRR1hBX0tJeW5zX1JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9mZjEwNzgtZDE5Ni00NmE1LWE3NDEtZWQzMWU0M2YxZTA4
LzEvRE53SF9hYjAxVnQ4Z1lMSkthUEVyRHdLZ3YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTASBAIAATAMAwQDkvdAAwQC
uX/cMDMEAgACMC0DBwAqBZ3AAAADBwAqBZ3ABAADBwAqBZ3ABBADBwAqBZ3ABCAD
BwAqBZ3A//8wDQYJKoZIhvcNAQELBQADggEBAD+lnYq7cO5ouKGLZdJ9MoHMFLpp
8sq8opLnFXIEM5dNkc4uCl0RNaK1YZkii8MFHYEBHxvbvi52V/H7jwLTN1X0U4je
27+KZE23fNALSWVivJ6dpYvMCx3rqSdSvxVJ2G/CHXdoYVJl4IZeLJUU5M2No0ZU
kYXjvXFXkgqvbb5DOGRPyhLBbsYQUAVwG4p48NZ/uC+3Iqqri9Q9zkTAJWOr3e6/
jWH5GWz9EN11gYPSFi8a8NChTOVxZlCV37ElhNWR/xcF9aLkFaWttgLL7gT9sKAf
qoLLkkCKATZMW/m4v2yyjfOO3ZUfaOA7owqD4DEYopc5ibacxZrp5xEmdRE=
-----END CERTIFICATE-----