Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/8lbp7gEnolb7fg1MZ6N2ZuFn9Zs.roa
File:                     8lbp7gEnolb7fg1MZ6N2ZuFn9Zs.roa (raw, json)
Hash identifier:          +pVKesx7Hp1mQ1pr0YTu5RxoH5HP3GdCf/sjsy6eEro=
Subject key identifier:   F2:56:E9:EE:01:27:A2:56:FB:7E:0D:4C:67:A3:76:66:E1:67:F5:9B
Certificate issuer:       /CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Certificate serial:       0194228D9C0CFC026670AD96912F727D4824
Authority key identifier: DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/8lbp7gEnolb7fg1MZ6N2ZuFn9Zs.roa
Signing time:             Wed 01 Jan 2025 15:48:13 +0000
ROA not before:           Wed 01 Jan 2025 15:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25393
IP address blocks:        5.149.120.0/22 maxlen: 24
                          5.149.124.0/22 maxlen: 24
                          77.87.192.0/21 maxlen: 21
                          78.27.224.0/19 maxlen: 24
                          89.184.68.0/22 maxlen: 24
                          89.184.72.0/21 maxlen: 21
                          89.184.88.0/21 maxlen: 21
                          193.178.144.0/23 maxlen: 23
                          195.39.197.0/24 maxlen: 24
                          195.177.116.0/22 maxlen: 22
                          2a02:2278:100::/44 maxlen: 56
                          2a02:2278:200::/40 maxlen: 56
                          2a02:2278:204::/48 maxlen: 48
                          2a02:2278:208::/48 maxlen: 48
                          2a02:2279::/32 maxlen: 32
                          2a02:2279::/40 maxlen: 56
                          2a02:2279:200::/40 maxlen: 56
                          2a02:2279:1200::/40 maxlen: 56
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:9c:0c:fc:02:66:70:ad:96:91:2f:72:7d:48:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
        Validity
            Not Before: Jan  1 15:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f256e9ee0127a256fb7e0d4c67a37666e167f59b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b5:d8:54:89:5d:f8:c9:4d:e4:0a:11:00:32:
                    eb:ca:a3:12:13:f4:96:1e:bf:f9:50:a5:e3:39:54:
                    82:2e:8e:eb:f5:d6:07:15:71:e9:2a:04:a0:a6:5e:
                    79:93:b1:ec:05:d8:f6:81:15:95:7c:34:d3:b4:35:
                    fa:d4:74:45:0d:c5:85:97:f2:d9:a9:5f:55:6d:9c:
                    8a:10:17:46:9c:77:9b:95:34:ed:d7:2d:ce:e7:47:
                    8b:0c:09:67:1b:9a:8a:16:19:a3:da:4d:75:06:5e:
                    d8:af:c7:2b:86:e7:10:f9:99:92:16:d7:71:68:58:
                    02:0b:18:cc:91:90:bc:3b:99:7f:71:e4:ca:7e:a9:
                    ae:8a:88:5e:c1:d4:d1:57:86:ac:a0:40:e7:d3:a7:
                    18:37:4a:a7:4e:e6:7d:e1:61:67:b9:3a:97:7c:07:
                    c7:ab:48:94:c9:64:b2:16:53:cd:1b:5c:a5:d0:6c:
                    5f:85:14:79:1f:dd:53:2e:5e:52:47:9f:38:0a:04:
                    d2:76:66:4b:6c:38:e7:ee:d2:de:1f:a4:93:01:a2:
                    b3:6f:00:9e:51:96:2a:4f:82:c1:ee:88:3c:f6:ba:
                    46:44:a5:69:d9:b8:53:92:61:4a:ab:99:f0:87:9a:
                    30:35:c3:59:26:95:1c:54:e0:51:3d:82:a5:b0:f0:
                    d3:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:56:E9:EE:01:27:A2:56:FB:7E:0D:4C:67:A3:76:66:E1:67:F5:9B
            X509v3 Authority Key Identifier:
                keyid:DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/8lbp7gEnolb7fg1MZ6N2ZuFn9Zs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.120.0/21
                  77.87.192.0/21
                  78.27.224.0/19
                  89.184.68.0-89.184.79.255
                  89.184.88.0/21
                  193.178.144.0/23
                  195.39.197.0/24
                  195.177.116.0/22
                IPv6:
                  2a02:2278:100::/44
                  2a02:2278:200::/40
                  2a02:2279::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:85:54:08:29:ab:fd:04:f9:c4:e7:5c:34:0d:2f:b9:d8:5e:
         b2:65:b7:8e:8e:09:8e:4d:13:7a:66:4c:aa:78:49:bc:7d:b4:
         d0:13:9b:2c:49:74:c9:53:1a:78:fd:80:33:c7:b6:10:f8:68:
         fc:44:a2:fd:08:01:36:95:66:cf:20:e9:bd:bb:f7:31:38:64:
         39:16:aa:10:c2:37:65:e5:cf:63:de:d4:a0:9f:fd:62:cc:14:
         c5:35:a2:28:90:95:b7:df:1c:58:c4:8e:96:32:a0:75:63:65:
         8b:50:59:52:a5:a0:08:ed:d7:2d:d1:a8:68:81:2c:f2:49:a0:
         57:8d:ce:00:35:fe:05:f9:12:1e:7f:27:eb:ac:e2:13:21:d5:
         e9:22:c3:b0:2b:2b:e8:1a:77:e3:b0:e4:1f:d7:32:1f:31:9e:
         d1:bb:a3:44:55:42:a4:65:8c:6b:8c:36:d1:23:2d:fc:c3:3a:
         f4:c5:3e:4d:1a:e7:32:6c:d5:36:df:db:62:d0:44:c0:0a:ba:
         63:de:ed:b0:f2:cf:b0:00:2a:89:c4:bf:b5:d4:34:69:e5:52:
         ee:a4:6e:6b:48:18:4f:d0:c4:b5:c0:f9:38:34:38:cc:12:40:
         77:ba:72:3d:1b:f1:bb:9f:39:06:3c:c2:22:39:d3:61:d4:0a:
         9b:80:a3:fd
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAZQijZwM/AJmcK2WkS9yfUgkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMWRhZWNkMzBhZWI3NDY1MmJiZGRhNWRhZDk2NzZjZTQ4
OGFhNDkwHhcNMjUwMTAxMTU0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjU2ZTllZTAxMjdhMjU2ZmI3ZTBkNGM2N2EzNzY2NmUxNjdmNTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLXYVIld+MlN5AoRADLryqMSE/SW
Hr/5UKXjOVSCLo7r9dYHFXHpKgSgpl55k7HsBdj2gRWVfDTTtDX61HRFDcWFl/LZ
qV9VbZyKEBdGnHeblTTt1y3O50eLDAlnG5qKFhmj2k11Bl7Yr8crhucQ+ZmSFtdx
aFgCCxjMkZC8O5l/ceTKfqmuiohewdTRV4asoEDn06cYN0qnTuZ94WFnuTqXfAfH
q0iUyWSyFlPNG1yl0GxfhRR5H91TLl5SR584CgTSdmZLbDjn7tLeH6STAaKzbwCe
UZYqT4LB7og89rpGRKVp2bhTkmFKq5nwh5owNcNZJpUcVOBRPYKlsPDTDwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFPJW6e4BJ6JW+34NTGejdmbhZ/WbMB8GA1UdIwQY
MBaAFN0drs0wrrdGUrvdpdrZZ2zkiKpJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTct
MDYwYWMwODkwOTY2LzEvOGxicDdnRW5vbGI3ZmcxTVo2TjJadUZuOVpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTctMDYwYWMwODkwOTY2
LzEvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDA+BAIAATA4AwQDBZV4AwQD
TVfAAwQFThvgMAwDBAJZuEQDBARZuEADBANZuFgDBAHBspADBADDJ8UDBALDsXQw
HgQCAAIwGAMHBCoCIngBAAMGACoCIngCAwUAKgIieTANBgkqhkiG9w0BAQsFAAOC
AQEAhIVUCCmr/QT5xOdcNA0vudhesmW3jo4Jjk0TemZMqnhJvH200BObLEl0yVMa
eP2AM8e2EPho/ESi/QgBNpVmzyDpvbv3MThkORaqEMI3ZeXPY97UoJ/9YswUxTWi
KJCVt98cWMSOljKgdWNli1BZUqWgCO3XLdGoaIEs8kmgV43OADX+BfkSHn8n66zi
EyHV6SLDsCsr6Bp347DkH9cyHzGe0bujRFVCpGWMa4w20SMt/MM69MU+TRrnMmzV
Nt/bYtBEwAq6Y97tsPLPsAAqicS/tdQ0aeVS7qRua0gYT9DEtcD5ODQ4zBJAd7py
PRvxu585BjzCIjnTYdQKm4Cj/Q==
-----END CERTIFICATE-----