Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/5c0fd2-6743-4682-967b-5f15beafa9b1/1/XgpSQjhhfxwk9vZfnDmQ4hugM38.roa
File:                     XgpSQjhhfxwk9vZfnDmQ4hugM38.roa (raw, json)
Hash identifier:          0VqbQTYbejzGPg6sOJbQNqmXP31XYN5qUoi8IUVN5jw=
Subject key identifier:   5E:0A:52:42:38:61:7F:1C:24:F6:F6:5F:9C:39:90:E2:1B:A0:33:7F
Certificate issuer:       /CN=3c86ec321e72fd46c98dcc0cd7c70bcad557d59c
Certificate serial:       019421B17F339CD434834B5872EB6625EAE3
Authority key identifier: 3C:86:EC:32:1E:72:FD:46:C9:8D:CC:0C:D7:C7:0B:CA:D5:57:D5:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PIbsMh5y_UbJjcwM18cLytVX1Zw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/5c0fd2-6743-4682-967b-5f15beafa9b1/1/XgpSQjhhfxwk9vZfnDmQ4hugM38.roa
Signing time:             Wed 01 Jan 2025 11:47:48 +0000
ROA not before:           Wed 01 Jan 2025 11:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209097
IP address blocks:        5.182.144.0/24 maxlen: 24
                          5.182.145.0/24 maxlen: 24
                          5.182.146.0/24 maxlen: 24
                          5.182.147.0/24 maxlen: 24
                          45.149.56.0/24 maxlen: 24
                          45.149.57.0/24 maxlen: 24
                          45.149.58.0/24 maxlen: 24
                          45.149.59.0/24 maxlen: 24
                          185.115.204.0/24 maxlen: 24
                          2a0e:5c00::/32 maxlen: 32
                          2a0e:5c01::/32 maxlen: 32
                          2a0e:5c02::/32 maxlen: 32
                          2a0e:5c03::/32 maxlen: 32
                          2a0e:5c04::/30 maxlen: 30
                          2a12:f280::/32 maxlen: 32
                          2a12:f281::/32 maxlen: 32
                          2a12:f282::/32 maxlen: 32
                          2a12:f283::/32 maxlen: 32
                          2a12:f284::/32 maxlen: 32
                          2a12:f285::/32 maxlen: 32
                          2a12:f286::/31 maxlen: 31
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:7f:33:9c:d4:34:83:4b:58:72:eb:66:25:ea:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c86ec321e72fd46c98dcc0cd7c70bcad557d59c
        Validity
            Not Before: Jan  1 11:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e0a524238617f1c24f6f65f9c3990e21ba0337f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:de:9e:fe:1e:f4:a3:b0:33:2b:04:e6:94:d3:
                    ee:15:69:76:6d:2a:06:ab:a0:4d:b6:04:12:f4:19:
                    70:4d:9e:a9:c7:28:a4:37:58:c0:31:34:25:52:44:
                    49:e5:83:fa:e4:72:a2:ee:ca:d6:d3:c3:43:a3:00:
                    fe:d0:b7:af:f4:83:f7:1c:05:44:31:db:3b:9d:02:
                    5d:17:18:d1:d9:be:75:ec:bb:3e:98:16:9b:b8:f4:
                    7c:ff:d7:1b:83:cc:1e:52:d6:42:fa:00:97:a5:85:
                    1f:e2:81:af:c9:b6:61:d1:c8:80:ee:ee:e3:99:74:
                    ca:1b:63:c5:42:81:f3:10:45:78:8a:a7:bf:ce:5e:
                    45:7b:7a:44:c2:fc:27:71:9b:50:28:7f:5a:12:3d:
                    c2:67:79:27:15:88:f3:3c:c3:aa:68:0a:61:28:4e:
                    09:94:60:ee:3c:56:55:da:9f:fa:2c:a9:df:58:a9:
                    cb:e7:85:ea:15:45:69:13:3d:04:29:aa:c6:da:f2:
                    61:cd:af:9b:4a:52:79:4e:98:f0:51:f1:73:aa:dd:
                    e3:83:38:d9:d9:c5:a5:84:24:b5:09:0c:83:cc:a4:
                    da:cf:0c:9e:4f:f9:b0:03:46:28:e3:db:60:a1:78:
                    3e:b9:ce:9e:10:87:ed:fb:63:7f:1c:b6:71:f3:30:
                    8f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:0A:52:42:38:61:7F:1C:24:F6:F6:5F:9C:39:90:E2:1B:A0:33:7F
            X509v3 Authority Key Identifier:
                keyid:3C:86:EC:32:1E:72:FD:46:C9:8D:CC:0C:D7:C7:0B:CA:D5:57:D5:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PIbsMh5y_UbJjcwM18cLytVX1Zw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5c0fd2-6743-4682-967b-5f15beafa9b1/1/XgpSQjhhfxwk9vZfnDmQ4hugM38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5c0fd2-6743-4682-967b-5f15beafa9b1/1/PIbsMh5y_UbJjcwM18cLytVX1Zw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.144.0/22
                  45.149.56.0/22
                  185.115.204.0/24
                IPv6:
                  2a0e:5c00::/29
                  2a12:f280::/29

    Signature Algorithm: sha256WithRSAEncryption
         93:ff:44:84:c2:39:c3:81:96:8b:7e:9f:28:4e:d0:83:dd:12:
         3b:2f:f9:00:3c:69:93:a9:ed:8e:c6:28:04:72:44:99:64:78:
         8a:6c:57:59:ba:dc:55:ee:d7:e3:f0:24:84:3e:10:5d:52:c2:
         60:ca:ca:d6:b2:7f:de:7d:47:6c:3b:f0:98:c7:0a:be:2c:9e:
         91:0e:85:56:42:09:e8:16:14:8a:08:45:59:31:0f:bf:54:0e:
         c2:74:d0:49:06:7f:fe:8f:01:e0:23:78:31:f2:e7:c2:03:9c:
         53:85:8a:93:21:9b:a2:1f:de:36:f7:7e:ad:dd:67:5a:9f:04:
         be:0e:9f:85:27:95:11:b1:09:f9:29:97:60:d6:4d:88:d5:5b:
         df:f7:de:26:7c:15:c1:cb:29:e1:28:de:45:7a:0e:80:da:55:
         27:e7:10:b5:53:8b:a4:14:9a:c4:e2:71:ea:28:6c:c1:d6:d8:
         fb:54:e0:7d:e1:c3:3d:77:17:22:7f:2b:12:cf:cb:e1:3e:5a:
         03:d6:0d:77:04:76:23:d2:97:bb:c3:50:33:f2:bc:ff:8b:83:
         16:b3:3a:89:4f:23:b2:d6:a8:e9:3d:33:e5:55:8a:2a:ca:dd:
         58:20:2a:4f:72:fb:5d:f4:af:65:53:14:3c:87:81:98:3f:b2:
         b0:f2:01:7b
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZQhsX8znNQ0g0tYcutmJerjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjODZlYzMyMWU3MmZkNDZjOThkY2MwY2Q3YzcwYmNhZDU1
N2Q1OWMwHhcNMjUwMTAxMTE0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTBhNTI0MjM4NjE3ZjFjMjRmNmY2NWY5YzM5OTBlMjFiYTAzMzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjN6e/h70o7AzKwTmlNPuFWl2bSoG
q6BNtgQS9BlwTZ6pxyikN1jAMTQlUkRJ5YP65HKi7srW08NDowD+0Lev9IP3HAVE
Mds7nQJdFxjR2b517Ls+mBabuPR8/9cbg8weUtZC+gCXpYUf4oGvybZh0ciA7u7j
mXTKG2PFQoHzEEV4iqe/zl5Fe3pEwvwncZtQKH9aEj3CZ3knFYjzPMOqaAphKE4J
lGDuPFZV2p/6LKnfWKnL54XqFUVpEz0EKarG2vJhza+bSlJ5TpjwUfFzqt3jgzjZ
2cWlhCS1CQyDzKTazwyeT/mwA0Yo49tgoXg+uc6eEIft+2N/HLZx8zCPPwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFF4KUkI4YX8cJPb2X5w5kOIboDN/MB8GA1UdIwQY
MBaAFDyG7DIecv1GyY3MDNfHC8rVV9WcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUElic01oNXlfVWJKamN3TTE4Y0x5dFZYMVp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi81YzBmZDItNjc0My00NjgyLTk2N2It
NWYxNWJlYWZhOWIxLzEvWGdwU1FqaGhmeHdrOXZaZm5EbVE0aHVnTTM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi81YzBmZDItNjc0My00NjgyLTk2N2ItNWYxNWJlYWZhOWIx
LzEvUElic01oNXlfVWJKamN3TTE4Y0x5dFZYMVp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQCBbaQAwQC
LZU4AwQAuXPMMBQEAgACMA4DBQMqDlwAAwUDKhLygDANBgkqhkiG9w0BAQsFAAOC
AQEAk/9EhMI5w4GWi36fKE7Qg90SOy/5ADxpk6ntjsYoBHJEmWR4imxXWbrcVe7X
4/AkhD4QXVLCYMrK1rJ/3n1HbDvwmMcKviyekQ6FVkIJ6BYUighFWTEPv1QOwnTQ
SQZ//o8B4CN4MfLnwgOcU4WKkyGboh/eNvd+rd1nWp8Evg6fhSeVEbEJ+SmXYNZN
iNVb3/feJnwVwcsp4SjeRXoOgNpVJ+cQtVOLpBSaxOJx6ihswdbY+1TgfeHDPXcX
In8rEs/L4T5aA9YNdwR2I9KXu8NQM/K8/4uDFrM6iU8jstao6T0z5VWKKsrdWCAq
T3L7XfSvZVMUPIeBmD+ysPIBew==
-----END CERTIFICATE-----