Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/F0xtYGfQ_s_LJkUkk89IHcL9J5M.roa
File:                     F0xtYGfQ_s_LJkUkk89IHcL9J5M.roa (raw, json)
Hash identifier:          JVjlGGRIJlPuTdOW/N8SfdRvr3fAH3HHybxJ5aP4RD0=
Subject key identifier:   17:4C:6D:60:67:D0:FE:CF:CB:26:45:24:93:CF:48:1D:C2:FD:27:93
Certificate issuer:       /CN=b4bdc376a159d05e2af97176a3eba8360e60d176
Certificate serial:       01942669E7F6C602CF086C55973FCC89F0E4
Authority key identifier: B4:BD:C3:76:A1:59:D0:5E:2A:F9:71:76:A3:EB:A8:36:0E:60:D1:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tL3DdqFZ0F4q-XF2o-uoNg5g0XY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/F0xtYGfQ_s_LJkUkk89IHcL9J5M.roa
Signing time:             Thu 02 Jan 2025 09:47:42 +0000
ROA not before:           Thu 02 Jan 2025 09:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50247
IP address blocks:        45.85.184.0/23 maxlen: 24
                          45.85.184.0/24 maxlen: 24
                          45.85.185.0/24 maxlen: 24
                          45.131.33.0/24 maxlen: 24
                          45.131.34.0/24 maxlen: 24
                          91.218.240.0/24 maxlen: 24
                          91.224.142.0/23 maxlen: 24
                          91.224.142.0/24 maxlen: 24
                          91.224.143.0/24 maxlen: 24
                          109.95.88.0/21 maxlen: 21
                          109.196.80.0/20 maxlen: 20
                          109.197.36.0/23 maxlen: 23
                          109.207.103.0/24 maxlen: 24
                          185.178.236.0/22 maxlen: 22
                          2a0a:7080::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:69:e7:f6:c6:02:cf:08:6c:55:97:3f:cc:89:f0:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4bdc376a159d05e2af97176a3eba8360e60d176
        Validity
            Not Before: Jan  2 09:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=174c6d6067d0fecfcb26452493cf481dc2fd2793
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:12:d2:9c:cf:dc:72:3e:cf:a3:1d:86:bf:69:
                    9e:ff:55:b0:9d:00:ec:8f:f3:c1:b9:61:0d:0f:05:
                    f5:b4:0a:0c:01:d2:da:70:e6:db:1c:07:35:7b:36:
                    8a:d3:61:23:7d:8f:76:1c:96:e9:e8:74:71:1f:39:
                    8b:de:a7:01:5c:01:14:f8:71:e8:31:a2:36:62:e5:
                    86:bd:96:07:8c:89:47:33:95:dd:7a:aa:48:d4:21:
                    cc:d5:8e:e8:1d:e8:1b:cc:1c:93:bb:93:50:b9:f7:
                    c4:48:4e:b3:5f:cf:5b:42:34:c7:c8:f2:d4:2e:c4:
                    69:3f:ea:1f:5c:e5:6b:8f:d2:e8:b2:27:0a:14:a7:
                    12:9a:eb:6d:ae:48:a3:e0:0d:5a:c8:23:75:79:8a:
                    28:b2:05:0a:bc:af:5b:ef:11:18:40:fe:1d:cd:73:
                    77:e0:f8:eb:6e:bc:65:fb:ab:02:f9:41:5f:9d:0c:
                    e8:bc:02:80:5a:69:75:26:f1:81:74:e0:ab:13:bc:
                    db:c5:51:a7:f8:ff:89:2b:dc:92:5b:f5:e6:f5:d9:
                    07:28:59:51:25:0a:fa:51:b8:f2:9d:57:d2:b1:96:
                    f0:e2:23:f4:e9:39:b2:75:71:35:d7:32:a4:4d:ac:
                    6c:2c:8c:5c:ab:90:40:94:3e:64:ae:b9:dd:5e:b4:
                    b0:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:4C:6D:60:67:D0:FE:CF:CB:26:45:24:93:CF:48:1D:C2:FD:27:93
            X509v3 Authority Key Identifier:
                keyid:B4:BD:C3:76:A1:59:D0:5E:2A:F9:71:76:A3:EB:A8:36:0E:60:D1:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tL3DdqFZ0F4q-XF2o-uoNg5g0XY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/F0xtYGfQ_s_LJkUkk89IHcL9J5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/tL3DdqFZ0F4q-XF2o-uoNg5g0XY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.184.0/23
                  45.131.33.0-45.131.34.255
                  91.218.240.0/24
                  91.224.142.0/23
                  109.95.88.0/21
                  109.196.80.0/20
                  109.197.36.0/23
                  109.207.103.0/24
                  185.178.236.0/22
                IPv6:
                  2a0a:7080::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:96:ef:81:29:46:08:b2:4e:49:51:01:dd:65:85:fd:0d:2b:
         c2:ee:5f:8c:53:bd:b6:2b:49:32:95:4e:4f:6e:67:f4:27:c3:
         2a:b5:b2:be:a8:d5:92:ad:85:48:7e:7b:b4:3f:24:94:a9:3b:
         14:93:b1:fe:da:ec:53:ac:7c:40:5d:3d:a4:17:68:18:69:db:
         50:57:5a:2d:d7:b1:da:10:8b:64:94:e5:44:34:49:a2:ae:9e:
         2c:8b:0c:76:33:09:23:05:9f:21:19:2a:94:01:08:08:9c:ba:
         37:49:fe:cc:ab:1e:c4:42:3e:50:2f:92:52:19:a9:8b:ca:87:
         74:eb:ed:dc:26:26:85:d5:96:4d:a8:51:dd:8d:14:6a:7c:11:
         4d:fa:16:43:b8:ba:8b:4f:d0:e0:e1:66:94:d3:19:af:ba:1b:
         41:19:82:60:57:b8:cc:d9:dd:8d:a2:12:be:d1:5e:78:67:0b:
         ab:2a:94:71:b7:c1:7a:a8:9a:9b:a0:d2:f1:d5:50:b1:34:d7:
         54:e1:3b:0b:43:30:94:09:50:f6:1e:f2:95:dc:f8:fc:5d:65:
         1d:e5:11:ed:e2:c9:fd:09:3c:f6:88:23:32:3a:6b:d1:a0:dd:
         01:85:68:0b:5e:1a:9d:44:f6:9e:2c:52:ea:a8:05:93:c2:42:
         92:21:7e:f4
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZQmaef2xgLPCGxVlz/MifDkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0YmRjMzc2YTE1OWQwNWUyYWY5NzE3NmEzZWJhODM2MGU2
MGQxNzYwHhcNMjUwMTAyMDk0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzRjNmQ2MDY3ZDBmZWNmY2IyNjQ1MjQ5M2NmNDgxZGMyZmQyNzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhLSnM/ccj7Pox2Gv2me/1WwnQDs
j/PBuWENDwX1tAoMAdLacObbHAc1ezaK02EjfY92HJbp6HRxHzmL3qcBXAEU+HHo
MaI2YuWGvZYHjIlHM5XdeqpI1CHM1Y7oHegbzByTu5NQuffESE6zX89bQjTHyPLU
LsRpP+ofXOVrj9LosicKFKcSmuttrkij4A1ayCN1eYoosgUKvK9b7xEYQP4dzXN3
4Pjrbrxl+6sC+UFfnQzovAKAWml1JvGBdOCrE7zbxVGn+P+JK9ySW/Xm9dkHKFlR
JQr6UbjynVfSsZbw4iP06TmydXE11zKkTaxsLIxcq5BAlD5krrndXrSwiQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFBdMbWBn0P7PyyZFJJPPSB3C/SeTMB8GA1UdIwQY
MBaAFLS9w3ahWdBeKvlxdqPrqDYOYNF2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEwzRGRxRlowRjRxLVhGMm8tdW9OZzVnMFhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy80MGVhMTQtZGM1MC00YWEwLWFhODUt
MjhkMDEwNjAzNTI5LzEvRjB4dFlHZlFfc19MSmtVa2s4OUlIY0w5SjVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy80MGVhMTQtZGM1MC00YWEwLWFhODUtMjhkMDEwNjAzNTI5
LzEvdEwzRGRxRlowRjRxLVhGMm8tdW9OZzVnMFhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBEBAIAATA+AwQBLVW4MAwD
BAAtgyEDBAAtgyIDBABb2vADBAFb4I4DBANtX1gDBARtxFADBAFtxSQDBABtz2cD
BAK5suwwDQQCAAIwBwMFAyoKcIAwDQYJKoZIhvcNAQELBQADggEBAB2W74EpRgiy
TklRAd1lhf0NK8LuX4xTvbYrSTKVTk9uZ/Qnwyq1sr6o1ZKthUh+e7Q/JJSpOxST
sf7a7FOsfEBdPaQXaBhp21BXWi3XsdoQi2SU5UQ0SaKuniyLDHYzCSMFnyEZKpQB
CAicujdJ/syrHsRCPlAvklIZqYvKh3Tr7dwmJoXVlk2oUd2NFGp8EU36FkO4uotP
0ODhZpTTGa+6G0EZgmBXuMzZ3Y2iEr7RXnhnC6sqlHG3wXqompug0vHVULE011Th
OwtDMJQJUPYe8pXc+PxdZR3lEe3iyf0JPPaIIzI6a9Gg3QGFaAteGp1E9p4sUuqo
BZPCQpIhfvQ=
-----END CERTIFICATE-----