Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/m68kh8jw3mr7wjRjKoLJ0fkepmw.roa
File:                     m68kh8jw3mr7wjRjKoLJ0fkepmw.roa (raw, json)
Hash identifier:          hpLgvPy3NfESkthNtUOLmW0mmhjz/41M6ProH05lgm0=
Subject key identifier:   9B:AF:24:87:C8:F0:DE:6A:FB:C2:34:63:2A:82:C9:D1:F9:1E:A6:6C
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0194BB40B21F7D5610D11C80815CCECF54D2
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/m68kh8jw3mr7wjRjKoLJ0fkepmw.roa
Signing time:             Fri 31 Jan 2025 07:26:06 +0000
ROA not before:           Fri 31 Jan 2025 07:26:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        64.226.54.0/23 maxlen: 23
                          64.226.156.0/22 maxlen: 22
                          2a0d:8f80::/29 maxlen: 29
                          2a0e:1a81::/32 maxlen: 32
                          2a0e:c783::/32 maxlen: 32
                          2a0e:f500::/29 maxlen: 29
                          2a0e:f602::/32 maxlen: 32
                          2a0f:1e82::/32 maxlen: 32
                          2a0f:3d83::/32 maxlen: 32
                          2a10:37c0::/29 maxlen: 29
                          2a10:67c0::/32 maxlen: 32
                          2a13:9281::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:bb:40:b2:1f:7d:56:10:d1:1c:80:81:5c:ce:cf:54:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jan 31 07:26:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9baf2487c8f0de6afbc234632a82c9d1f91ea66c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:3d:8e:3d:b0:50:60:d0:5d:be:72:fe:18:10:
                    15:26:ab:72:35:a1:98:37:d7:d6:2b:ac:cb:0e:6c:
                    78:30:e3:4d:c4:18:05:c5:79:e6:9c:c7:e7:1d:71:
                    91:01:5c:76:cf:f8:4a:ae:1b:7f:37:74:5a:c2:5f:
                    b3:e6:09:d7:9c:29:73:0b:4a:0c:26:d2:fe:89:6f:
                    99:61:21:30:a6:00:00:cc:6b:95:0b:61:f4:86:96:
                    92:f0:61:10:71:49:a0:0c:5f:53:bd:ff:77:b8:88:
                    05:cb:c2:b1:1e:b5:c2:c7:20:e0:89:16:a5:5a:dd:
                    d8:67:13:bd:6d:60:b6:c6:9e:cd:e3:73:27:bb:b4:
                    f7:da:36:0b:dc:60:52:7a:0c:63:4f:e4:9e:d5:81:
                    79:f4:26:b2:6d:4b:fc:32:44:c9:05:96:67:19:06:
                    40:75:ec:63:d2:4a:85:03:7c:e3:ab:ce:b9:f1:83:
                    84:15:45:3f:21:22:e7:52:ab:f0:aa:d3:6e:ff:4e:
                    9c:09:5d:54:ec:09:83:c3:86:33:84:e0:93:6e:d1:
                    fe:b5:ee:de:8b:9d:69:3b:60:21:f4:a8:69:0c:8f:
                    0f:84:7c:97:44:cc:ed:a5:af:0f:9c:99:4f:4f:51:
                    ee:12:b9:06:55:25:f5:d3:ff:02:ba:ab:04:e8:4a:
                    de:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:AF:24:87:C8:F0:DE:6A:FB:C2:34:63:2A:82:C9:D1:F9:1E:A6:6C
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/m68kh8jw3mr7wjRjKoLJ0fkepmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.226.54.0/23
                  64.226.156.0/22
                IPv6:
                  2a0d:8f80::/29
                  2a0e:1a81::/32
                  2a0e:c783::/32
                  2a0e:f500::/29
                  2a0e:f602::/32
                  2a0f:1e82::/32
                  2a0f:3d83::/32
                  2a10:37c0::/29
                  2a10:67c0::/32
                  2a13:9281::/32

    Signature Algorithm: sha256WithRSAEncryption
         2c:24:e3:0e:b2:4d:50:ef:95:45:bc:69:4e:38:15:89:6d:45:
         17:df:bb:72:89:7b:f3:58:12:df:54:a0:59:18:d3:43:f9:6b:
         47:07:24:95:be:1d:5b:10:06:da:ef:b6:2d:99:84:bb:22:af:
         8b:bb:c9:2f:13:ac:06:51:59:ac:56:39:fe:66:1f:58:c6:35:
         29:e4:1a:04:f6:d0:e4:62:fa:58:0d:5e:85:c6:b5:2f:cb:c5:
         73:10:bd:77:a9:4d:db:c0:8c:23:e1:d2:94:b2:c5:d0:b9:76:
         2a:b4:f0:c5:fd:4b:89:5a:73:6c:70:55:2f:a0:1b:a6:fc:7a:
         94:3a:20:9b:43:22:75:52:5a:a8:43:6b:1e:b0:4f:40:5c:db:
         b8:1e:a5:87:23:e7:1d:48:b9:54:2d:ce:c2:8e:0e:72:3b:1a:
         ae:ad:31:f9:22:3c:28:89:cb:cc:66:49:7a:0e:d8:b4:31:7e:
         c9:2f:e7:80:11:c9:d7:f8:cb:bc:8a:a2:fe:8d:84:f4:d0:84:
         c4:6a:d7:ff:37:86:10:fc:7b:1f:e6:48:a7:57:7f:b5:80:f6:
         0f:16:30:d6:1b:23:7a:cd:61:5c:3e:d4:68:a6:75:07:2c:e0:
         93:e1:bd:15:40:b0:53:9a:65:70:46:da:f4:02:2b:74:26:00:
         a2:ab:f7:e0
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAZS7QLIffVYQ0RyAgVzOz1TSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwMTMxMDcyNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmFmMjQ4N2M4ZjBkZTZhZmJjMjM0NjMyYTgyYzlkMWY5MWVhNjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2z2OPbBQYNBdvnL+GBAVJqtyNaGY
N9fWK6zLDmx4MONNxBgFxXnmnMfnHXGRAVx2z/hKrht/N3Rawl+z5gnXnClzC0oM
JtL+iW+ZYSEwpgAAzGuVC2H0hpaS8GEQcUmgDF9Tvf93uIgFy8KxHrXCxyDgiRal
Wt3YZxO9bWC2xp7N43Mnu7T32jYL3GBSegxjT+Se1YF59CaybUv8MkTJBZZnGQZA
dexj0kqFA3zjq8658YOEFUU/ISLnUqvwqtNu/06cCV1U7AmDw4YzhOCTbtH+te7e
i51pO2Ah9KhpDI8PhHyXRMztpa8PnJlPT1HuErkGVSX10/8CuqsE6EreVQIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFJuvJIfI8N5q+8I0YyqCydH5HqZsMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvbTY4a2g4anczbXI3d2pSaktvTEowZmtlcG13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjASBAIAATAMAwQBQOI2AwQC
QOKcMEwEAgACMEYDBQMqDY+AAwUAKg4agQMFACoOx4MDBQMqDvUAAwUAKg72AgMF
ACoPHoIDBQAqDz2DAwUDKhA3wAMFACoQZ8ADBQAqE5KBMA0GCSqGSIb3DQEBCwUA
A4IBAQAsJOMOsk1Q75VFvGlOOBWJbUUX37tyiXvzWBLfVKBZGNND+WtHBySVvh1b
EAba77YtmYS7Iq+Lu8kvE6wGUVmsVjn+Zh9YxjUp5BoE9tDkYvpYDV6FxrUvy8Vz
EL13qU3bwIwj4dKUssXQuXYqtPDF/UuJWnNscFUvoBum/HqUOiCbQyJ1UlqoQ2se
sE9AXNu4HqWHI+cdSLlULc7Cjg5yOxqurTH5IjwoicvMZkl6Dti0MX7JL+eAEcnX
+Mu8iqL+jYT00ITEatf/N4YQ/Hsf5kinV3+1gPYPFjDWGyN6zWFcPtRopnUHLOCT
4b0VQLBTmmVwRtr0Ait0JgCiq/fg
-----END CERTIFICATE-----