Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/i6d_wSF6B7XpMiMocY9g5Bflzus.roa
File:                     i6d_wSF6B7XpMiMocY9g5Bflzus.roa (raw, json)
Hash identifier:          Ie39FF54w1T4xPfnonYM6fmqfVN96lUmKfBb590VzVU=
Subject key identifier:   8B:A7:7F:C1:21:7A:07:B5:E9:32:23:28:71:8F:60:E4:17:E5:CE:EB
Certificate issuer:       /CN=d1ca1a706abcfbe1b85865238d8435ee33e75820
Certificate serial:       019425FCD1214AFD4D35830853798D3CE455
Authority key identifier: D1:CA:1A:70:6A:BC:FB:E1:B8:58:65:23:8D:84:35:EE:33:E7:58:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0coacGq8--G4WGUjjYQ17jPnWCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/i6d_wSF6B7XpMiMocY9g5Bflzus.roa
Signing time:             Thu 02 Jan 2025 07:48:33 +0000
ROA not before:           Thu 02 Jan 2025 07:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42846
IP address blocks:        45.84.188.0/24 maxlen: 24
                          45.84.189.0/24 maxlen: 24
                          45.84.190.0/24 maxlen: 24
                          45.84.191.0/24 maxlen: 24
                          89.252.178.0/24 maxlen: 24
                          89.252.179.0/24 maxlen: 24
                          89.252.180.0/24 maxlen: 24
                          89.252.181.0/24 maxlen: 24
                          89.252.182.0/24 maxlen: 24
                          89.252.183.0/24 maxlen: 24
                          89.252.184.0/24 maxlen: 24
                          89.252.185.0/24 maxlen: 24
                          89.252.186.0/24 maxlen: 24
                          89.252.187.0/24 maxlen: 24
                          185.106.208.0/24 maxlen: 24
                          185.106.209.0/24 maxlen: 24
                          185.106.210.0/24 maxlen: 24
                          185.106.211.0/24 maxlen: 24
                          2a06:41c0::/48 maxlen: 48
                          2a06:41c0:1::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:d1:21:4a:fd:4d:35:83:08:53:79:8d:3c:e4:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1ca1a706abcfbe1b85865238d8435ee33e75820
        Validity
            Not Before: Jan  2 07:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ba77fc1217a07b5e9322328718f60e417e5ceeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:a2:9b:7e:33:08:be:0a:7e:54:c2:c0:13:74:
                    d7:5b:cb:85:05:8d:be:e1:79:b8:bc:98:4b:84:c9:
                    89:6d:2d:fa:81:e3:da:f7:c4:59:50:96:a6:b8:9d:
                    39:22:c5:00:5f:b9:3d:8a:72:65:85:ac:40:10:6f:
                    34:67:65:44:bb:b2:49:da:81:2b:38:81:e9:0a:f0:
                    73:7c:60:cb:ca:e4:3a:23:98:19:7c:66:e0:0d:94:
                    ef:d0:dd:ec:45:6f:e5:c6:87:e4:c8:c7:a8:37:08:
                    5c:fd:4e:e7:10:15:e1:fa:6e:ab:5e:23:48:48:f0:
                    eb:48:90:00:63:e6:d5:b0:51:b2:25:a9:47:5e:35:
                    f4:0e:d0:93:fc:2a:25:68:38:87:0f:03:be:9c:ae:
                    4c:00:9d:8e:e2:b0:c9:35:ec:ba:35:9d:3e:61:39:
                    48:ca:91:6b:b1:00:a1:99:8c:86:8a:7e:1a:72:77:
                    f9:fa:68:fc:43:c9:c8:32:d9:c0:32:dc:22:53:0c:
                    84:08:96:e9:a3:38:5d:e1:6f:bc:42:10:56:80:bf:
                    25:35:ac:5a:61:f5:6b:2c:98:2b:04:ad:01:90:01:
                    b2:e1:47:0e:f1:1e:bd:aa:c4:8b:2f:8a:53:5d:fe:
                    d8:97:89:de:e3:df:c3:a5:1e:f7:d2:1b:17:93:16:
                    78:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:A7:7F:C1:21:7A:07:B5:E9:32:23:28:71:8F:60:E4:17:E5:CE:EB
            X509v3 Authority Key Identifier:
                keyid:D1:CA:1A:70:6A:BC:FB:E1:B8:58:65:23:8D:84:35:EE:33:E7:58:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0coacGq8--G4WGUjjYQ17jPnWCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/i6d_wSF6B7XpMiMocY9g5Bflzus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/0coacGq8--G4WGUjjYQ17jPnWCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.188.0/22
                  89.252.178.0-89.252.187.255
                  185.106.208.0/22
                IPv6:
                  2a06:41c0::/47

    Signature Algorithm: sha256WithRSAEncryption
         5d:c2:a7:c7:ce:e5:86:e9:c9:57:45:98:58:b6:73:b5:c7:89:
         5a:bd:63:78:2b:3f:b1:7c:c4:4d:01:7e:ec:79:65:2c:68:53:
         ea:a6:ea:7d:87:4b:de:f3:fd:9c:ea:05:1b:93:ef:d0:e4:31:
         a2:e9:8f:ea:25:50:41:34:3f:f0:c9:e5:16:df:b1:35:ca:b6:
         fe:b3:b7:e7:a4:9d:e8:d8:a8:46:c9:37:17:24:fa:a9:3c:97:
         19:a9:4d:02:f6:24:a1:68:55:bf:e2:50:69:3e:b6:d9:29:10:
         f3:28:f8:33:5e:47:53:0a:7c:e4:cb:0b:59:65:e9:de:89:38:
         57:49:63:0c:b6:6d:b5:df:ff:f5:31:46:f6:6a:18:82:e3:6d:
         d8:3c:f8:c2:26:85:0d:37:ba:a7:84:7c:c3:40:10:17:8f:f7:
         5e:c9:8a:ca:3a:8c:f5:29:f0:ca:a2:b2:6b:96:09:02:c9:af:
         e8:5c:bf:e9:88:3b:47:95:5a:23:da:8a:f3:56:46:5d:ab:5f:
         91:b4:5f:da:36:e9:3b:9e:4b:55:90:e5:a4:83:c3:c9:79:fe:
         50:b0:2d:08:3b:db:8d:8b:53:80:ce:40:b1:eb:bf:27:81:15:
         db:59:7e:33:0a:27:9b:5f:15:72:56:1d:14:2d:2f:35:a7:8b:
         46:a5:ec:58
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAZQl/NEhSv1NNYMIU3mNPORVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxY2ExYTcwNmFiY2ZiZTFiODU4NjUyMzhkODQzNWVlMzNl
NzU4MjAwHhcNMjUwMTAyMDc0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmE3N2ZjMTIxN2EwN2I1ZTkzMjIzMjg3MThmNjBlNDE3ZTVjZWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6KbfjMIvgp+VMLAE3TXW8uFBY2+
4Xm4vJhLhMmJbS36gePa98RZUJamuJ05IsUAX7k9inJlhaxAEG80Z2VEu7JJ2oEr
OIHpCvBzfGDLyuQ6I5gZfGbgDZTv0N3sRW/lxofkyMeoNwhc/U7nEBXh+m6rXiNI
SPDrSJAAY+bVsFGyJalHXjX0DtCT/ColaDiHDwO+nK5MAJ2O4rDJNey6NZ0+YTlI
ypFrsQChmYyGin4acnf5+mj8Q8nIMtnAMtwiUwyECJbpozhd4W+8QhBWgL8lNaxa
YfVrLJgrBK0BkAGy4UcO8R69qsSLL4pTXf7Yl4ne49/DpR730hsXkxZ4qQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFIunf8Ehege16TIjKHGPYOQX5c7rMB8GA1UdIwQY
MBaAFNHKGnBqvPvhuFhlI42ENe4z51ggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGNvYWNHcTgtLUc0V0dVampZUTE3alBuV0NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jZjc5YTMtZjNjYy00ZDVhLTk2NzIt
ZThmN2ZkM2E0MDc4LzEvaTZkX3dTRjZCN1hwTWlNb2NZOWc1QmZsenVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jZjc5YTMtZjNjYy00ZDVhLTk2NzItZThmN2ZkM2E0MDc4
LzEvMGNvYWNHcTgtLUc0V0dVampZUTE3alBuV0NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAgBAIAATAaAwQCLVS8MAwD
BAFZ/LIDBAJZ/LgDBAK5atAwDwQCAAIwCQMHASoGQcAAADANBgkqhkiG9w0BAQsF
AAOCAQEAXcKnx87lhunJV0WYWLZztceJWr1jeCs/sXzETQF+7HllLGhT6qbqfYdL
3vP9nOoFG5Pv0OQxoumP6iVQQTQ/8MnlFt+xNcq2/rO356Sd6NioRsk3FyT6qTyX
GalNAvYkoWhVv+JQaT622SkQ8yj4M15HUwp85MsLWWXp3ok4V0ljDLZttd//9TFG
9moYguNt2Dz4wiaFDTe6p4R8w0AQF4/3XsmKyjqM9SnwyqKya5YJAsmv6Fy/6Yg7
R5VaI9qK81ZGXatfkbRf2jbpO55LVZDlpIPDyXn+ULAtCDvbjYtTgM5Aseu/J4EV
21l+Mwonm18VclYdFC0vNaeLRqXsWA==
-----END CERTIFICATE-----