Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/hd67_XZte5UJxG8Z9Bjjhd5C3aY.roa
File:                     hd67_XZte5UJxG8Z9Bjjhd5C3aY.roa (raw, json)
Hash identifier:          m5+Tgfa03sp40l5g/5GYZoTIL8T/7QDNBIaZ6t+2ge8=
Subject key identifier:   85:DE:BB:FD:76:6D:7B:95:09:C4:6F:19:F4:18:E3:85:DE:42:DD:A6
Certificate issuer:       /CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
Certificate serial:       0194252176F6FF3A9A81B5F8BD69CA2DF3E9
Authority key identifier: 46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/hd67_XZte5UJxG8Z9Bjjhd5C3aY.roa
Signing time:             Thu 02 Jan 2025 03:48:57 +0000
ROA not before:           Thu 02 Jan 2025 03:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57073
IP address blocks:        85.198.76.0/22 maxlen: 24
                          91.230.107.0/24 maxlen: 24
                          94.141.112.0/22 maxlen: 24
                          176.101.88.0/21 maxlen: 24
                          185.62.200.0/23 maxlen: 24
                          185.62.202.0/24 maxlen: 24
                          185.138.252.0/22 maxlen: 24
                          185.138.252.0/24 maxlen: 24
                          185.138.253.0/24 maxlen: 24
                          185.138.254.0/24 maxlen: 24
                          185.138.255.0/24 maxlen: 24
                          194.1.214.0/24 maxlen: 24
                          213.184.154.0/23 maxlen: 24
                          213.184.154.0/24 maxlen: 24
                          213.184.156.0/22 maxlen: 24
                          2a03:720::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:76:f6:ff:3a:9a:81:b5:f8:bd:69:ca:2d:f3:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
        Validity
            Not Before: Jan  2 03:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85debbfd766d7b9509c46f19f418e385de42dda6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:6a:27:49:5e:a2:ac:f3:ff:bb:5e:c5:2c:89:
                    e3:aa:ff:d2:43:27:c2:7f:ed:e6:bc:4b:c7:b0:17:
                    da:c0:bd:7a:a9:aa:f5:34:70:89:72:c8:ca:9a:34:
                    4b:e5:c8:ac:8d:a5:87:62:09:42:a6:61:15:71:7b:
                    c5:e1:3f:fa:11:f1:e2:bf:1c:ca:bd:b5:ba:90:d6:
                    b1:18:23:00:88:54:24:82:ce:33:39:ee:e0:5e:24:
                    76:d9:9c:34:e0:b3:83:13:49:17:2a:bf:7e:61:ae:
                    ea:95:6a:ab:71:a4:7a:92:46:01:12:13:76:e3:66:
                    96:7e:b3:cd:59:6e:3f:45:cc:2d:7d:22:02:94:8d:
                    40:7f:c6:22:b8:6b:61:8a:90:f2:fa:05:18:7b:25:
                    4a:a7:fc:58:9f:6b:b1:1e:ac:38:e4:d0:d9:65:e7:
                    ad:d1:60:c3:36:44:52:b6:b1:c3:81:94:1a:27:e5:
                    9d:68:ba:7a:f7:2c:fb:b0:e6:ee:ce:55:74:4e:22:
                    fb:53:fe:55:f6:bb:7d:d0:44:35:72:5c:24:25:74:
                    4a:24:8a:18:8d:0f:23:6e:e8:d6:41:12:a5:dc:ab:
                    d1:de:95:e5:00:a0:99:03:5f:e4:14:74:fc:a4:0a:
                    21:3c:b9:c7:00:ff:27:4c:e1:eb:cf:b3:90:9f:61:
                    a3:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:DE:BB:FD:76:6D:7B:95:09:C4:6F:19:F4:18:E3:85:DE:42:DD:A6
            X509v3 Authority Key Identifier:
                keyid:46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/hd67_XZte5UJxG8Z9Bjjhd5C3aY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.198.76.0/22
                  91.230.107.0/24
                  94.141.112.0/22
                  176.101.88.0/21
                  185.62.200.0-185.62.202.255
                  185.138.252.0/22
                  194.1.214.0/24
                  213.184.154.0-213.184.159.255
                IPv6:
                  2a03:720::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:37:a6:91:db:3d:b7:87:5d:10:96:bc:bf:4f:26:aa:87:2f:
         ae:85:d5:bb:a1:60:09:65:dd:33:29:4e:e5:55:2a:44:aa:ee:
         b7:51:12:4f:fe:ed:7f:dc:c0:15:73:1f:af:ae:2a:d2:24:8a:
         6b:bb:78:02:a3:71:88:b7:6d:a9:d8:6a:d8:a7:eb:9e:17:4c:
         35:5a:fc:4c:20:6c:a7:7d:74:3b:7b:00:2b:02:53:39:89:fd:
         50:a6:48:db:ba:34:b3:54:ca:42:fc:20:18:ee:cb:3d:0b:ae:
         21:07:67:64:1b:e8:4a:6f:1b:4e:f1:48:5d:9c:6e:95:bc:3e:
         44:73:33:39:1e:23:91:4a:c1:0d:d4:8c:5e:0e:fc:f0:55:2b:
         27:ce:1d:99:ed:2e:ae:3a:8b:40:70:11:8e:47:a2:b8:2d:08:
         b2:fb:ea:8f:10:f3:5b:da:ec:27:91:3e:8b:e4:3d:25:af:07:
         fd:35:63:8d:ba:c0:04:1e:79:41:64:5f:9d:a3:94:72:8f:94:
         b6:81:39:1f:23:b9:24:21:f8:20:98:4f:d7:86:59:30:d3:16:
         38:90:21:56:87:2b:66:d7:5c:0b:93:5f:80:0a:a2:94:5b:82:
         71:09:4e:ef:0b:0e:bd:c7:51:36:e1:95:4c:01:58:bc:f8:57:
         07:e3:4e:1f
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAZQlIXb2/zqagbX4vWnKLfPpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YmEzZjgwMDM5YjllNzg0Y2ZiMjRiZjJjN2RkYjI0ZTE5
MDBhNzYwHhcNMjUwMTAyMDM0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWRlYmJmZDc2NmQ3Yjk1MDljNDZmMTlmNDE4ZTM4NWRlNDJkZGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4GonSV6irPP/u17FLInjqv/SQyfC
f+3mvEvHsBfawL16qar1NHCJcsjKmjRL5cisjaWHYglCpmEVcXvF4T/6EfHivxzK
vbW6kNaxGCMAiFQkgs4zOe7gXiR22Zw04LODE0kXKr9+Ya7qlWqrcaR6kkYBEhN2
42aWfrPNWW4/RcwtfSIClI1Af8YiuGthipDy+gUYeyVKp/xYn2uxHqw45NDZZeet
0WDDNkRStrHDgZQaJ+WdaLp69yz7sObuzlV0TiL7U/5V9rt90EQ1clwkJXRKJIoY
jQ8jbujWQRKl3KvR3pXlAKCZA1/kFHT8pAohPLnHAP8nTOHrz7OQn2GjhwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFIXeu/12bXuVCcRvGfQY44XeQt2mMB8GA1UdIwQY
MBaAFEa6P4ADm554TPskvyx92yThkAp2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWIt
ODlhY2UzODIyMGZiLzEvaGQ2N19YWnRlNVVKeEc4WjlCampoZDVDM2FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWItODlhY2UzODIyMGZi
LzEvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAAwQCVcZMAwQA
W+ZrAwQCXo1wAwQDsGVYMAwDBAO5PsgDBAC5PsoDBAK5ivwDBADCAdYwDAMEAdW4
mgMEBdW4gDANBAIAAjAHAwUAKgMHIDANBgkqhkiG9w0BAQsFAAOCAQEAaDemkds9
t4ddEJa8v08mqocvroXVu6FgCWXdMylO5VUqRKrut1EST/7tf9zAFXMfr64q0iSK
a7t4AqNxiLdtqdhq2KfrnhdMNVr8TCBsp310O3sAKwJTOYn9UKZI27o0s1TKQvwg
GO7LPQuuIQdnZBvoSm8bTvFIXZxulbw+RHMzOR4jkUrBDdSMXg788FUrJ84dme0u
rjqLQHARjkeiuC0IsvvqjxDzW9rsJ5E+i+Q9Ja8H/TVjjbrABB55QWRfnaOUco+U
toE5HyO5JCH4IJhP14ZZMNMWOJAhVocrZtdcC5NfgAqilFuCcQlO7wsOvcdRNuGV
TAFYvPhXB+NOHw==
-----END CERTIFICATE-----