Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/6ccab3-479b-4da8-ae98-2cb6e3fdf9cd/1/JyDYgc1-tOOxV8Gjmhin4PvkNRI.roa
File:                     JyDYgc1-tOOxV8Gjmhin4PvkNRI.roa (raw, json)
Hash identifier:          /LRmC6CKtmo4PW8u6G7ciX/ak6dY+QoiyDd7MByDDwI=
Subject key identifier:   27:20:D8:81:CD:7E:B4:E3:B1:57:C1:A3:9A:18:A7:E0:FB:E4:35:12
Certificate issuer:       /CN=3ec9fb0d13552aad04f3aaaeb58d4dd4e7cf40f0
Certificate serial:       01942747136F3AAFD65F48715AB0FE12B5E8
Authority key identifier: 3E:C9:FB:0D:13:55:2A:AD:04:F3:AA:AE:B5:8D:4D:D4:E7:CF:40:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Psn7DRNVKq0E86qutY1N1OfPQPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/6ccab3-479b-4da8-ae98-2cb6e3fdf9cd/1/JyDYgc1-tOOxV8Gjmhin4PvkNRI.roa
Signing time:             Thu 02 Jan 2025 13:49:16 +0000
ROA not before:           Thu 02 Jan 2025 13:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62166
IP address blocks:        185.83.172.0/22 maxlen: 22
                          185.83.172.0/23 maxlen: 23
                          185.83.174.0/23 maxlen: 23
                          185.208.44.0/22 maxlen: 22
                          185.208.44.0/23 maxlen: 23
                          185.208.46.0/23 maxlen: 23
                          185.240.68.0/22 maxlen: 22
                          185.240.68.0/23 maxlen: 23
                          185.240.70.0/23 maxlen: 23
                          193.58.36.0/22 maxlen: 22
                          193.58.36.0/23 maxlen: 23
                          193.58.38.0/23 maxlen: 23
                          2a05:9d40::/29 maxlen: 29
                          2a05:9d40:8000::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:13:6f:3a:af:d6:5f:48:71:5a:b0:fe:12:b5:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec9fb0d13552aad04f3aaaeb58d4dd4e7cf40f0
        Validity
            Not Before: Jan  2 13:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2720d881cd7eb4e3b157c1a39a18a7e0fbe43512
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:44:cf:6a:b4:6f:3f:0e:de:a4:8b:a6:3c:be:
                    0a:0a:fa:ac:2f:9c:fc:de:27:ab:cc:30:ef:ef:ec:
                    61:b9:e3:e4:ef:58:15:9c:88:1b:90:86:a3:9c:f8:
                    dd:62:97:9e:2d:5c:96:e4:70:9e:48:35:02:99:d1:
                    55:05:b7:22:1c:42:bd:50:93:98:c7:81:7f:da:ae:
                    c9:1e:06:e1:34:cf:5b:0e:5c:b7:39:f3:c5:46:e1:
                    63:53:df:eb:dd:35:2a:46:77:19:89:dc:ff:af:f9:
                    68:90:24:a6:6c:19:0a:65:1d:82:3e:75:0d:82:7b:
                    d8:cb:9e:17:51:d2:5e:34:c4:a0:40:b8:70:0a:3d:
                    78:14:ca:9d:0d:cc:30:4a:ac:5d:8c:05:16:5d:48:
                    7c:43:1c:d6:e3:61:f7:26:b0:9e:c0:b3:a5:8c:8d:
                    29:5e:f7:fa:79:a4:bb:f0:1f:64:38:4a:90:72:7a:
                    16:d6:63:79:d3:54:92:dc:79:3e:b3:1f:fe:1b:86:
                    bd:00:ab:ae:de:95:72:a1:71:94:15:46:57:c0:f7:
                    c0:21:59:34:7f:75:ed:22:c5:1b:f4:2b:ab:7d:2f:
                    85:a2:b0:43:d4:ea:06:dd:f5:c6:37:e0:27:99:52:
                    6d:72:82:03:1b:ea:e7:2d:92:d8:e0:a9:43:61:92:
                    70:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:20:D8:81:CD:7E:B4:E3:B1:57:C1:A3:9A:18:A7:E0:FB:E4:35:12
            X509v3 Authority Key Identifier:
                keyid:3E:C9:FB:0D:13:55:2A:AD:04:F3:AA:AE:B5:8D:4D:D4:E7:CF:40:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Psn7DRNVKq0E86qutY1N1OfPQPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6ccab3-479b-4da8-ae98-2cb6e3fdf9cd/1/JyDYgc1-tOOxV8Gjmhin4PvkNRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6ccab3-479b-4da8-ae98-2cb6e3fdf9cd/1/Psn7DRNVKq0E86qutY1N1OfPQPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.172.0/22
                  185.208.44.0/22
                  185.240.68.0/22
                  193.58.36.0/22
                IPv6:
                  2a05:9d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         40:ad:83:f2:cb:0e:7b:df:a6:15:78:bc:2e:52:76:4c:4c:d4:
         27:6a:cf:24:ad:ab:86:ba:9c:12:32:2d:70:e7:0d:62:77:9e:
         56:15:0a:5f:48:b8:6e:e0:96:ff:c8:ae:3b:65:11:51:f5:92:
         39:5b:37:7a:39:bd:6b:bf:1c:8b:06:35:15:43:d3:f7:6d:84:
         d3:1d:ac:4b:3a:de:f1:29:c8:3c:96:29:ce:75:5d:3b:10:05:
         14:97:9b:b0:3e:ac:50:53:2e:b7:79:63:a8:11:8d:69:4a:de:
         86:a3:c0:ae:68:37:13:a5:3f:3a:a8:f0:44:ff:52:28:ad:55:
         8b:ea:23:da:c7:e7:a0:88:0c:42:00:bc:9b:4d:ac:ef:c2:38:
         66:4e:e4:94:9c:b0:26:54:de:3c:06:8d:5d:b4:2f:1e:a0:d6:
         29:f0:20:71:8e:e2:52:45:af:99:3b:d8:78:5c:50:09:23:00:
         ad:b7:6e:04:26:14:fd:55:6e:42:6d:49:e1:be:b9:cb:f7:79:
         39:a4:04:90:e0:b8:6d:ad:73:e9:43:71:23:e8:c1:0b:5e:83:
         90:a2:84:62:3e:17:d0:6e:64:da:ac:ae:f0:85:bc:4b:2b:ed:
         f8:1d:a1:af:88:aa:a8:ba:9c:2f:aa:a7:3a:5a:12:eb:a7:d9:
         b0:0d:05:6d
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZQnRxNvOq/WX0hxWrD+ErXoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzlmYjBkMTM1NTJhYWQwNGYzYWFhZWI1OGQ0ZGQ0ZTdj
ZjQwZjAwHhcNMjUwMTAyMTM0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzIwZDg4MWNkN2ViNGUzYjE1N2MxYTM5YTE4YTdlMGZiZTQzNTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UTParRvPw7epIumPL4KCvqsL5z8
3ierzDDv7+xhuePk71gVnIgbkIajnPjdYpeeLVyW5HCeSDUCmdFVBbciHEK9UJOY
x4F/2q7JHgbhNM9bDly3OfPFRuFjU9/r3TUqRncZidz/r/lokCSmbBkKZR2CPnUN
gnvYy54XUdJeNMSgQLhwCj14FMqdDcwwSqxdjAUWXUh8QxzW42H3JrCewLOljI0p
Xvf6eaS78B9kOEqQcnoW1mN501SS3Hk+sx/+G4a9AKuu3pVyoXGUFUZXwPfAIVk0
f3XtIsUb9CurfS+ForBD1OoG3fXGN+AnmVJtcoIDG+rnLZLY4KlDYZJwrQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFCcg2IHNfrTjsVfBo5oYp+D75DUSMB8GA1UdIwQY
MBaAFD7J+w0TVSqtBPOqrrWNTdTnz0DwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNuN0RSTlZLcTBFODZxdXRZMU4xT2ZQUVBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82Y2NhYjMtNDc5Yi00ZGE4LWFlOTgt
MmNiNmUzZmRmOWNkLzEvSnlEWWdjMS10T094VjhHam1oaW40UHZrTlJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny82Y2NhYjMtNDc5Yi00ZGE4LWFlOTgtMmNiNmUzZmRmOWNk
LzEvUHNuN0RSTlZLcTBFODZxdXRZMU4xT2ZQUVBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCuVOsAwQC
udAsAwQCufBEAwQCwTokMA0EAgACMAcDBQMqBZ1AMA0GCSqGSIb3DQEBCwUAA4IB
AQBArYPyyw5736YVeLwuUnZMTNQnas8krauGupwSMi1w5w1id55WFQpfSLhu4Jb/
yK47ZRFR9ZI5Wzd6Ob1rvxyLBjUVQ9P3bYTTHaxLOt7xKcg8linOdV07EAUUl5uw
PqxQUy63eWOoEY1pSt6Go8CuaDcTpT86qPBE/1IorVWL6iPax+egiAxCALybTazv
wjhmTuSUnLAmVN48Bo1dtC8eoNYp8CBxjuJSRa+ZO9h4XFAJIwCtt24EJhT9VW5C
bUnhvrnL93k5pASQ4LhtrXPpQ3Ej6MELXoOQooRiPhfQbmTarK7whbxLK+34HaGv
iKqoupwvqqc6WhLrp9mwDQVt
-----END CERTIFICATE-----