Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/07ae9e-3d04-45b6-9db0-46935fcc855e/1/Fj_5uSamv3jJtjHIke52iA3Na28.roa
File:                     Fj_5uSamv3jJtjHIke52iA3Na28.roa (raw, json)
Hash identifier:          bRfKAtXHlDItQpeybK7VtR0dtUctyiWAqKlzDKS2Kn8=
Subject key identifier:   16:3F:F9:B9:26:A6:BF:78:C9:B6:31:C8:91:EE:76:88:0D:CD:6B:6F
Certificate issuer:       /CN=96f71b2273ab34ed4a5481176ef70fad867ef166
Certificate serial:       0194266BFCB13C1FD30027BA67932AA786B2
Authority key identifier: 96:F7:1B:22:73:AB:34:ED:4A:54:81:17:6E:F7:0F:AD:86:7E:F1:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lvcbInOrNO1KVIEXbvcPrYZ-8WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/07ae9e-3d04-45b6-9db0-46935fcc855e/1/Fj_5uSamv3jJtjHIke52iA3Na28.roa
Signing time:             Thu 02 Jan 2025 09:49:58 +0000
ROA not before:           Thu 02 Jan 2025 09:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42947
IP address blocks:        89.34.28.0/22 maxlen: 24
                          176.101.72.0/21 maxlen: 24
                          185.50.116.0/22 maxlen: 24
                          185.88.232.0/22 maxlen: 24
                          185.110.224.0/22 maxlen: 24
                          185.152.108.0/23 maxlen: 24
                          185.152.110.0/24 maxlen: 24
                          193.31.96.0/22 maxlen: 24
                          193.32.72.0/21 maxlen: 24
                          193.150.16.0/22 maxlen: 24
                          193.187.184.0/22 maxlen: 24
                          194.36.200.0/22 maxlen: 24
                          2a02:2b60::/32 maxlen: 64
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:fc:b1:3c:1f:d3:00:27:ba:67:93:2a:a7:86:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96f71b2273ab34ed4a5481176ef70fad867ef166
        Validity
            Not Before: Jan  2 09:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=163ff9b926a6bf78c9b631c891ee76880dcd6b6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c8:e9:dd:f2:0b:42:c6:f2:8f:f1:19:43:c4:
                    d6:37:93:04:1a:19:41:dc:fe:84:54:07:96:98:ef:
                    00:aa:a9:d5:ff:a8:91:5c:ac:15:09:ed:be:20:91:
                    d6:ce:4a:21:a3:67:97:bc:bd:9f:06:37:81:b4:31:
                    ef:04:6a:c6:39:4e:d3:1e:e5:6e:3b:12:d7:1a:1a:
                    29:92:7f:c8:cf:42:f8:47:72:a3:22:2a:cc:6a:eb:
                    52:05:5c:2f:c4:a4:a1:ec:23:58:83:2f:d8:93:50:
                    86:cd:57:36:60:0e:4d:fc:24:e9:26:3c:73:2f:3b:
                    78:15:4a:f7:46:1a:56:93:8b:a0:92:9a:91:aa:79:
                    42:27:06:13:8a:73:40:0e:fc:c0:ba:01:38:ee:2e:
                    6f:c4:dd:90:e5:f9:3a:54:f1:c3:00:6d:74:b5:8d:
                    bb:98:c5:ea:71:87:36:76:fa:01:02:76:0f:c8:4b:
                    3e:ad:d0:3e:7a:91:f7:4f:b2:d2:46:1d:98:07:b4:
                    da:1a:ca:fa:97:b3:5a:db:e0:a6:46:f1:94:d9:25:
                    ce:7b:4a:e1:6c:ac:9f:d6:82:22:84:a1:ad:db:e4:
                    43:9f:f5:4f:a5:d8:4f:19:17:7a:af:c4:fa:5f:ac:
                    2b:98:1a:0e:7f:80:c2:ad:3b:43:58:05:9e:98:86:
                    3a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:3F:F9:B9:26:A6:BF:78:C9:B6:31:C8:91:EE:76:88:0D:CD:6B:6F
            X509v3 Authority Key Identifier:
                keyid:96:F7:1B:22:73:AB:34:ED:4A:54:81:17:6E:F7:0F:AD:86:7E:F1:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lvcbInOrNO1KVIEXbvcPrYZ-8WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/07ae9e-3d04-45b6-9db0-46935fcc855e/1/Fj_5uSamv3jJtjHIke52iA3Na28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/07ae9e-3d04-45b6-9db0-46935fcc855e/1/lvcbInOrNO1KVIEXbvcPrYZ-8WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.28.0/22
                  176.101.72.0/21
                  185.50.116.0/22
                  185.88.232.0/22
                  185.110.224.0/22
                  185.152.108.0-185.152.110.255
                  193.31.96.0/22
                  193.32.72.0/21
                  193.150.16.0/22
                  193.187.184.0/22
                  194.36.200.0/22
                IPv6:
                  2a02:2b60::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:89:8f:d9:f5:91:b9:4c:df:78:08:7b:3e:5b:7f:ed:1f:88:
         9d:17:ab:e1:35:d8:9b:ea:d6:c7:0f:48:6f:4d:a0:11:50:b2:
         fb:3b:ee:af:b8:75:34:05:f6:a2:ce:41:e5:90:83:20:f0:f5:
         61:65:9b:c5:c4:76:ee:e1:a1:ec:de:ed:77:be:60:50:64:97:
         b6:64:74:8e:71:97:9e:43:26:4e:7e:d9:c6:33:02:1f:a1:e3:
         86:0c:ed:e5:39:26:5d:d0:3a:c8:5c:7c:71:9e:70:f8:88:ea:
         07:39:35:4b:36:1c:7e:9c:27:94:ab:8b:34:f1:68:2e:0d:54:
         79:e2:75:dd:22:9a:11:61:4d:fe:e7:00:90:b9:16:da:52:0c:
         43:bb:74:a2:d0:71:2b:8a:3f:6a:60:5b:54:8a:79:f4:b9:0a:
         18:9c:37:f9:fc:08:e2:6a:28:1f:30:04:4c:e1:0e:27:21:63:
         04:c4:42:d8:14:e3:cc:39:c8:d7:af:88:90:51:53:fe:36:63:
         c9:75:8d:ab:ef:2e:4e:a9:7a:4f:7c:da:d9:d1:17:6c:fe:10:
         c8:37:7a:1b:d9:ca:2b:9a:94:ab:01:20:d2:12:f8:ed:7d:56:
         8b:c3:ba:f4:d3:62:70:29:ac:59:22:d4:a0:b1:cd:8a:dd:67:
         51:73:ac:48
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAZQma/yxPB/TACe6Z5Mqp4ayMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZjcxYjIyNzNhYjM0ZWQ0YTU0ODExNzZlZjcwZmFkODY3
ZWYxNjYwHhcNMjUwMTAyMDk0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjNmZjliOTI2YTZiZjc4YzliNjMxYzg5MWVlNzY4ODBkY2Q2YjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncjp3fILQsbyj/EZQ8TWN5MEGhlB
3P6EVAeWmO8AqqnV/6iRXKwVCe2+IJHWzkoho2eXvL2fBjeBtDHvBGrGOU7THuVu
OxLXGhopkn/Iz0L4R3KjIirMautSBVwvxKSh7CNYgy/Yk1CGzVc2YA5N/CTpJjxz
Lzt4FUr3RhpWk4ugkpqRqnlCJwYTinNADvzAugE47i5vxN2Q5fk6VPHDAG10tY27
mMXqcYc2dvoBAnYPyEs+rdA+epH3T7LSRh2YB7TaGsr6l7Na2+CmRvGU2SXOe0rh
bKyf1oIihKGt2+RDn/VPpdhPGRd6r8T6X6wrmBoOf4DCrTtDWAWemIY6BwIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFBY/+bkmpr94ybYxyJHudogNzWtvMB8GA1UdIwQY
MBaAFJb3GyJzqzTtSlSBF273D62GfvFmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHZjYkluT3JOTzFLVklFWGJ2Y1ByWVotOFdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8wN2FlOWUtM2QwNC00NWI2LTlkYjAt
NDY5MzVmY2M4NTVlLzEvRmpfNXVTYW12M2pKdGpISWtlNTJpQTNOYTI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8wN2FlOWUtM2QwNC00NWI2LTlkYjAtNDY5MzVmY2M4NTVl
LzEvbHZjYkluT3JOTzFLVklFWGJ2Y1ByWVotOFdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBQBAIAATBKAwQCWSIcAwQD
sGVIAwQCuTJ0AwQCuVjoAwQCuW7gMAwDBAK5mGwDBAC5mG4DBALBH2ADBAPBIEgD
BALBlhADBALBu7gDBALCJMgwDQQCAAIwBwMFACoCK2AwDQYJKoZIhvcNAQELBQAD
ggEBAFOJj9n1kblM33gIez5bf+0fiJ0Xq+E12Jvq1scPSG9NoBFQsvs77q+4dTQF
9qLOQeWQgyDw9WFlm8XEdu7hoeze7Xe+YFBkl7ZkdI5xl55DJk5+2cYzAh+h44YM
7eU5Jl3QOshcfHGecPiI6gc5NUs2HH6cJ5SrizTxaC4NVHnidd0imhFhTf7nAJC5
FtpSDEO7dKLQcSuKP2pgW1SKefS5ChicN/n8COJqKB8wBEzhDichYwTEQtgU48w5
yNeviJBRU/42Y8l1javvLk6pek982tnRF2z+EMg3ehvZyiualKsBINIS+O19VovD
uvTTYnAprFki1KCxzYrdZ1FzrEg=
-----END CERTIFICATE-----