Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/QStyDU56wt8yOeL7PZgRCE88kDQ.roa
File:                     QStyDU56wt8yOeL7PZgRCE88kDQ.roa (raw, json)
Hash identifier:          nCbPDBwnC0AGJbWDe4kdNrKTTLKpiGtaT5h63XyAw6g=
Subject key identifier:   41:2B:72:0D:4E:7A:C2:DF:32:39:E2:FB:3D:98:11:08:4F:3C:90:34
Certificate issuer:       /CN=3ba5b1c09aa31f6713c61b32e558109e47966d42
Certificate serial:       019424B279DE16B0D4CD20086FF958D74ED5
Authority key identifier: 3B:A5:B1:C0:9A:A3:1F:67:13:C6:1B:32:E5:58:10:9E:47:96:6D:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/QStyDU56wt8yOeL7PZgRCE88kDQ.roa
Signing time:             Thu 02 Jan 2025 01:47:43 +0000
ROA not before:           Thu 02 Jan 2025 01:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3301
IP address blocks:        2001:2000::/48 maxlen: 48
                          2001:2000:4000::/40 maxlen: 40
                          2001:2000:9000::/40 maxlen: 40
                          2001:2001:4000::/36 maxlen: 36
                          2001:2001:9000::/40 maxlen: 40
                          2001:2002::/32 maxlen: 32
                          2001:2040::/27 maxlen: 27
                          2001:2040::/32 maxlen: 32
                          2001:2040:c010::/47 maxlen: 47
                          2001:2040:c010::/48 maxlen: 48
                          2001:2040:c011::/48 maxlen: 48
                          2001:2042::/31 maxlen: 31
                          2001:2044::/32 maxlen: 32
                          2001:2090::/31 maxlen: 31
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:79:de:16:b0:d4:cd:20:08:6f:f9:58:d7:4e:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ba5b1c09aa31f6713c61b32e558109e47966d42
        Validity
            Not Before: Jan  2 01:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=412b720d4e7ac2df3239e2fb3d9811084f3c9034
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d8:60:e4:c9:92:a0:8a:45:18:1c:de:f9:60:
                    6f:94:d7:d6:82:0e:27:b9:15:7d:42:1c:53:aa:a5:
                    fd:3c:56:c1:84:3f:73:ab:95:16:6e:91:bd:ec:19:
                    0c:79:0e:28:c8:af:51:cf:1b:f3:96:a4:cc:56:95:
                    22:14:f4:7b:34:f7:02:bb:29:a2:fa:59:ab:08:9e:
                    53:e7:44:7e:1f:2c:61:7b:ae:d0:10:3e:8d:47:34:
                    5b:0a:03:1b:6a:c1:6c:a8:d3:f8:19:32:af:a4:9f:
                    f6:51:6b:71:55:72:26:b9:f2:c5:7f:86:6f:1a:13:
                    f3:e1:8c:9b:4a:d3:d8:89:d3:2f:c2:d0:0d:da:8c:
                    0e:f9:f2:4f:39:60:98:2e:a5:48:66:3c:b7:62:bf:
                    12:28:7a:c0:c7:03:33:84:ee:23:de:c4:34:8a:33:
                    47:c2:99:ba:f3:4e:a7:a6:c2:39:a6:62:68:73:7b:
                    ef:aa:2a:8e:a9:82:e3:43:d8:d6:e3:07:72:ce:1b:
                    a6:ca:9e:e6:08:8d:c8:c6:8d:d4:6b:3c:97:10:3c:
                    32:34:c8:51:25:a9:82:0a:67:15:a8:41:c0:1c:d9:
                    cc:51:45:22:fd:78:ac:b0:26:19:42:12:e4:32:ed:
                    de:80:bd:83:69:14:11:fd:e6:45:55:e1:12:9b:57:
                    13:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:2B:72:0D:4E:7A:C2:DF:32:39:E2:FB:3D:98:11:08:4F:3C:90:34
            X509v3 Authority Key Identifier:
                keyid:3B:A5:B1:C0:9A:A3:1F:67:13:C6:1B:32:E5:58:10:9E:47:96:6D:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/QStyDU56wt8yOeL7PZgRCE88kDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:2000::/48
                  2001:2000:4000::/40
                  2001:2000:9000::/40
                  2001:2001:4000::/36
                  2001:2001:9000::/40
                  2001:2002::/32
                  2001:2040::/27
                  2001:2090::/31

    Signature Algorithm: sha256WithRSAEncryption
         58:2d:6e:3c:c4:a0:94:40:52:2f:22:22:2b:21:3c:0a:2a:f3:
         5b:95:a7:30:fa:aa:6b:2d:8f:8f:41:33:1e:99:0b:e2:a1:7f:
         7e:cb:ac:5d:f0:dd:27:35:6b:f5:72:c2:23:a5:7c:04:10:ad:
         39:3c:d3:da:99:9b:33:7d:68:8c:3f:2d:84:ee:0e:cb:84:71:
         65:d6:3e:e6:24:45:22:f6:96:d6:23:c1:2d:91:f1:87:cd:d0:
         91:68:de:ae:fd:6d:7d:c0:d2:6f:54:63:07:64:d9:a4:a2:37:
         b8:3b:b3:75:cc:1c:f1:d7:e3:5a:ba:64:27:d1:6c:aa:cd:6c:
         ac:9c:ee:d4:25:17:e0:46:29:fc:a4:63:6b:17:e7:16:87:05:
         01:49:65:58:a0:98:49:a5:28:06:07:36:20:06:4e:a2:66:5a:
         6c:3a:02:fb:b7:57:f2:57:49:f8:4d:54:7b:99:63:59:ff:8c:
         47:13:e8:8d:b6:49:85:aa:99:9e:81:f0:1c:33:d8:eb:e9:4b:
         c1:f3:29:50:56:16:6e:7e:79:d5:26:2e:fd:7c:8b:e5:29:cf:
         a1:80:4d:bc:e9:a8:c2:99:94:d9:61:48:ab:94:e1:13:1f:f9:
         32:5d:a2:40:c6:3c:ae:4f:8d:d6:8f:0e:35:2c:26:13:1b:27:
         9d:ea:86:96
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZQksnneFrDUzSAIb/lY107VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYTViMWMwOWFhMzFmNjcxM2M2MWIzMmU1NTgxMDllNDc5
NjZkNDIwHhcNMjUwMTAyMDE0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTJiNzIwZDRlN2FjMmRmMzIzOWUyZmIzZDk4MTEwODRmM2M5MDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodhg5MmSoIpFGBze+WBvlNfWgg4n
uRV9QhxTqqX9PFbBhD9zq5UWbpG97BkMeQ4oyK9RzxvzlqTMVpUiFPR7NPcCuymi
+lmrCJ5T50R+Hyxhe67QED6NRzRbCgMbasFsqNP4GTKvpJ/2UWtxVXImufLFf4Zv
GhPz4YybStPYidMvwtAN2owO+fJPOWCYLqVIZjy3Yr8SKHrAxwMzhO4j3sQ0ijNH
wpm6806npsI5pmJoc3vvqiqOqYLjQ9jW4wdyzhumyp7mCI3Ixo3UazyXEDwyNMhR
JamCCmcVqEHAHNnMUUUi/XissCYZQhLkMu3egL2DaRQR/eZFVeESm1cTSQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFEErcg1OesLfMjni+z2YEQhPPJA0MB8GA1UdIwQY
MBaAFDulscCaox9nE8YbMuVYEJ5Hlm1CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzZXeHdKcWpIMmNUeGhzeTVWZ1Fua2VXYlVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8xM2JkNzctZDI5Ny00Njg5LWJlZTQt
NDY2ZTljYWI3ODY0LzEvUVN0eURVNTZ3dDh5T2VMN1BaZ1JDRTg4a0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8xM2JkNzctZDI5Ny00Njg5LWJlZTQtNDY2ZTljYWI3ODY0
LzEvTzZXeHdKcWpIMmNUeGhzeTVWZ1Fua2VXYlVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAAjA+AwcAIAEgAAAA
AwYAIAEgAEADBgAgASAAkAMGBCABIAFAAwYAIAEgAZADBQAgASACAwUFIAEgQAMF
ASABIJAwDQYJKoZIhvcNAQELBQADggEBAFgtbjzEoJRAUi8iIishPAoq81uVpzD6
qmstj49BMx6ZC+Khf37LrF3w3Sc1a/VywiOlfAQQrTk809qZmzN9aIw/LYTuDsuE
cWXWPuYkRSL2ltYjwS2R8YfN0JFo3q79bX3A0m9UYwdk2aSiN7g7s3XMHPHX41q6
ZCfRbKrNbKyc7tQlF+BGKfykY2sX5xaHBQFJZVigmEmlKAYHNiAGTqJmWmw6Avu3
V/JXSfhNVHuZY1n/jEcT6I22SYWqmZ6B8Bwz2OvpS8HzKVBWFm5+edUmLv18i+Up
z6GATbzpqMKZlNlhSKuU4RMf+TJdokDGPK5PjdaPDjUsJhMbJ53qhpY=
-----END CERTIFICATE-----