Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/42a193-b30b-403f-befe-3245450d3742/1/GtnbuughA7lHebTG_DZyY-rxvp0.roa
File:                     GtnbuughA7lHebTG_DZyY-rxvp0.roa (raw, json)
Hash identifier:          0ytXaby9nsfJsM0kCLclgYx+EoqtC/Er8+W1ubhewEg=
Subject key identifier:   1A:D9:DB:BA:E8:21:03:B9:47:79:B4:C6:FC:36:72:63:EA:F1:BE:9D
Certificate issuer:       /CN=e52acfcbd79f232c5d72a550bc4c66f11107a0e2
Certificate serial:       019424B38C341647F2EAB6F940F2D2918C1C
Authority key identifier: E5:2A:CF:CB:D7:9F:23:2C:5D:72:A5:50:BC:4C:66:F1:11:07:A0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5SrPy9efIyxdcqVQvExm8REHoOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/42a193-b30b-403f-befe-3245450d3742/1/GtnbuughA7lHebTG_DZyY-rxvp0.roa
Signing time:             Thu 02 Jan 2025 01:48:54 +0000
ROA not before:           Thu 02 Jan 2025 01:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206866
IP address blocks:        157.97.88.0/24 maxlen: 24
                          157.97.89.0/24 maxlen: 24
                          157.97.90.0/24 maxlen: 24
                          157.97.91.0/24 maxlen: 24
                          157.97.92.0/24 maxlen: 24
                          157.97.93.0/24 maxlen: 24
                          157.97.94.0/24 maxlen: 24
                          157.97.95.0/24 maxlen: 24
                          176.98.216.0/23 maxlen: 23
                          176.98.218.0/23 maxlen: 23
                          185.56.180.0/24 maxlen: 24
                          185.56.181.0/24 maxlen: 24
                          185.56.182.0/23 maxlen: 24
                          2a02:52e0::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:8c:34:16:47:f2:ea:b6:f9:40:f2:d2:91:8c:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e52acfcbd79f232c5d72a550bc4c66f11107a0e2
        Validity
            Not Before: Jan  2 01:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ad9dbbae82103b94779b4c6fc367263eaf1be9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:79:9b:e6:05:62:79:1f:50:8d:d8:3f:70:35:
                    3e:21:01:45:9d:c8:f9:6c:f1:13:7d:f8:ae:5b:8c:
                    33:27:af:51:62:66:f7:61:c5:3e:46:21:fc:77:46:
                    62:4f:a0:2c:8b:a2:6c:ad:7d:a3:41:1b:13:89:8e:
                    fb:06:6f:a2:5c:59:33:cd:28:94:67:12:45:55:d0:
                    d9:b4:4b:bd:36:54:10:b6:76:d6:b5:f6:85:40:7b:
                    7d:f3:fb:94:2a:9b:fc:54:4e:f0:32:4c:d5:57:ad:
                    81:c3:86:a3:66:9a:36:81:ea:24:7f:ae:0b:26:d3:
                    7b:73:1c:9e:a3:d1:d4:e4:30:40:af:3f:84:85:ad:
                    6d:d9:6f:c5:95:aa:cf:20:c0:10:19:d9:a1:17:5e:
                    52:1c:ac:53:35:50:a8:c5:89:6b:1b:0c:78:67:87:
                    1b:91:1c:70:eb:77:56:7f:fa:8a:48:c6:ed:23:af:
                    23:b1:8d:bc:a8:62:27:53:a7:b2:bb:ae:e7:ea:d3:
                    4a:94:aa:15:c1:27:30:6f:75:14:e5:dc:ee:82:42:
                    61:a1:68:cb:00:4f:f5:17:3c:9b:b6:d4:60:40:10:
                    f6:6c:fd:88:07:2a:05:7a:2b:57:d4:c0:6e:60:2a:
                    8b:6a:93:ec:53:76:77:2a:28:19:13:0b:c9:cd:25:
                    52:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:D9:DB:BA:E8:21:03:B9:47:79:B4:C6:FC:36:72:63:EA:F1:BE:9D
            X509v3 Authority Key Identifier:
                keyid:E5:2A:CF:CB:D7:9F:23:2C:5D:72:A5:50:BC:4C:66:F1:11:07:A0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5SrPy9efIyxdcqVQvExm8REHoOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/42a193-b30b-403f-befe-3245450d3742/1/GtnbuughA7lHebTG_DZyY-rxvp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/42a193-b30b-403f-befe-3245450d3742/1/5SrPy9efIyxdcqVQvExm8REHoOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.97.88.0/21
                  176.98.216.0/22
                  185.56.180.0/22
                IPv6:
                  2a02:52e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:27:be:31:2c:90:b4:2e:47:9c:07:38:a3:3a:f9:78:a3:4b:
         c3:c9:33:b3:6d:81:17:c9:80:f5:a3:55:9e:91:1d:a9:84:88:
         3e:8e:cc:91:24:35:5e:97:3c:54:34:dc:f4:e4:85:3a:c9:2b:
         6a:01:2a:3e:3c:54:b0:07:b1:9d:12:53:eb:11:c0:51:a0:f4:
         73:5f:69:51:95:c3:36:cd:6a:bd:23:d1:bb:aa:2e:5f:a1:09:
         83:42:72:4c:8e:83:1b:43:8a:00:70:37:14:20:17:82:4c:44:
         bf:c9:dd:8c:02:1f:03:37:4b:c0:c5:4a:e2:a1:ba:10:fe:5c:
         c2:30:e7:4a:94:db:ea:d7:fc:a4:49:52:90:9f:56:99:74:ee:
         d2:11:2f:8f:93:95:93:82:30:61:06:87:0e:b2:4b:6d:de:97:
         a9:f6:f8:9b:51:74:a2:12:d1:47:d0:7e:3b:3c:4c:ed:d9:5a:
         97:2c:a4:f9:e8:c0:4e:67:73:e1:fa:cd:72:15:61:aa:b7:a9:
         07:40:a4:bb:dd:1f:56:2b:b6:a7:25:68:64:23:8c:48:0e:42:
         a6:49:98:46:5e:78:89:fb:6f:a6:be:00:cf:0b:7d:84:09:6e:
         10:51:fa:73:f5:fd:7b:f5:38:7d:2e:7f:d0:1b:27:05:67:01:
         2a:52:c3:49
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQks4w0Fkfy6rb5QPLSkYwcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MmFjZmNiZDc5ZjIzMmM1ZDcyYTU1MGJjNGM2NmYxMTEw
N2EwZTIwHhcNMjUwMTAyMDE0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWQ5ZGJiYWU4MjEwM2I5NDc3OWI0YzZmYzM2NzI2M2VhZjFiZTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHmb5gVieR9Qjdg/cDU+IQFFncj5
bPETffiuW4wzJ69RYmb3YcU+RiH8d0ZiT6Asi6JsrX2jQRsTiY77Bm+iXFkzzSiU
ZxJFVdDZtEu9NlQQtnbWtfaFQHt98/uUKpv8VE7wMkzVV62Bw4ajZpo2geokf64L
JtN7cxyeo9HU5DBArz+Eha1t2W/FlarPIMAQGdmhF15SHKxTNVCoxYlrGwx4Z4cb
kRxw63dWf/qKSMbtI68jsY28qGInU6eyu67n6tNKlKoVwScwb3UU5dzugkJhoWjL
AE/1FzybttRgQBD2bP2IByoFeitX1MBuYCqLapPsU3Z3KigZEwvJzSVSqQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFBrZ27roIQO5R3m0xvw2cmPq8b6dMB8GA1UdIwQY
MBaAFOUqz8vXnyMsXXKlULxMZvERB6DiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVNyUHk5ZWZJeXhkY3FWUXZFeG04UkVIb09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS80MmExOTMtYjMwYi00MDNmLWJlZmUt
MzI0NTQ1MGQzNzQyLzEvR3RuYnV1Z2hBN2xIZWJUR19EWnlZLXJ4dnAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS80MmExOTMtYjMwYi00MDNmLWJlZmUtMzI0NTQ1MGQzNzQy
LzEvNVNyUHk5ZWZJeXhkY3FWUXZFeG04UkVIb09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDnWFYAwQC
sGLYAwQCuTi0MA0EAgACMAcDBQAqAlLgMA0GCSqGSIb3DQEBCwUAA4IBAQBMJ74x
LJC0LkecBzijOvl4o0vDyTOzbYEXyYD1o1WekR2phIg+jsyRJDVelzxUNNz05IU6
yStqASo+PFSwB7GdElPrEcBRoPRzX2lRlcM2zWq9I9G7qi5foQmDQnJMjoMbQ4oA
cDcUIBeCTES/yd2MAh8DN0vAxUrioboQ/lzCMOdKlNvq1/ykSVKQn1aZdO7SES+P
k5WTgjBhBocOsktt3pep9vibUXSiEtFH0H47PEzt2VqXLKT56MBOZ3Ph+s1yFWGq
t6kHQKS73R9WK7anJWhkI4xIDkKmSZhGXniJ+2+mvgDPC32ECW4QUfpz9f179Th9
Ln/QGycFZwEqUsNJ
-----END CERTIFICATE-----