Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/cf7d93-a076-49ff-9baf-5a37af43904c/1/GFf5ZtXrNwa7evWAyQ0ljWbp-B8.roa
File:                     GFf5ZtXrNwa7evWAyQ0ljWbp-B8.roa (raw, json)
Hash identifier:          6ayhfX2zhSul3x6Ln+wEAXzm9NXeb8fXoOolYzFQygs=
Subject key identifier:   18:57:F9:66:D5:EB:37:06:BB:7A:F5:80:C9:0D:25:8D:66:E9:F8:1F
Certificate issuer:       /CN=eecc4cf37241ced1467c918aa276d388b0a82ed5
Certificate serial:       019424B378411C9E015694E84E01DAFD2BD8
Authority key identifier: EE:CC:4C:F3:72:41:CE:D1:46:7C:91:8A:A2:76:D3:88:B0:A8:2E:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7sxM83JBztFGfJGKonbTiLCoLtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/cf7d93-a076-49ff-9baf-5a37af43904c/1/GFf5ZtXrNwa7evWAyQ0ljWbp-B8.roa
Signing time:             Thu 02 Jan 2025 01:48:48 +0000
ROA not before:           Thu 02 Jan 2025 01:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39505
IP address blocks:        78.40.136.0/24 maxlen: 24
                          78.40.137.0/24 maxlen: 24
                          78.40.138.0/24 maxlen: 24
                          87.247.248.0/24 maxlen: 24
                          87.247.249.0/24 maxlen: 24
                          87.247.250.0/24 maxlen: 24
                          87.247.252.0/24 maxlen: 24
                          87.247.254.0/24 maxlen: 24
                          87.247.255.0/24 maxlen: 24
                          93.93.8.0/24 maxlen: 24
                          93.93.12.0/24 maxlen: 24
                          93.93.13.0/24 maxlen: 24
                          178.249.170.0/24 maxlen: 24
                          185.75.48.0/24 maxlen: 24
                          2a00:6580::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:78:41:1c:9e:01:56:94:e8:4e:01:da:fd:2b:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eecc4cf37241ced1467c918aa276d388b0a82ed5
        Validity
            Not Before: Jan  2 01:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1857f966d5eb3706bb7af580c90d258d66e9f81f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:89:c6:f6:ff:92:06:fa:6e:21:68:68:90:d8:
                    c7:22:e8:d6:73:8a:19:bf:dc:63:aa:d8:aa:63:10:
                    dc:32:97:99:d2:59:fe:8e:aa:9f:4d:cf:1a:58:23:
                    c6:de:86:1d:1f:b6:74:be:b1:c5:d6:77:a5:9b:98:
                    43:16:91:dc:87:a9:02:cc:26:f8:81:3b:a1:0a:b4:
                    93:d6:45:d6:34:29:e2:4e:fb:94:d1:96:da:02:e1:
                    8d:b7:70:65:b2:ae:5b:5e:e7:6d:df:e9:af:6f:d2:
                    13:0a:6c:68:1e:67:b0:eb:a5:41:4c:78:55:22:18:
                    56:03:57:4d:69:39:b2:e8:6a:62:be:8f:0d:87:68:
                    a8:da:4a:16:bf:76:43:40:d8:8b:ce:a4:9e:55:ab:
                    40:6f:f6:e2:13:8d:7e:7d:fd:17:5b:78:70:38:0a:
                    c2:80:d1:64:e2:4c:a3:fe:f1:b2:34:12:02:88:ce:
                    36:db:ad:bc:33:1e:a7:a4:43:7b:15:31:f0:37:d1:
                    9a:af:a1:a7:b0:2b:54:38:13:72:d1:d1:f2:2c:fa:
                    41:1c:cf:2f:b5:62:70:d7:b3:45:d8:d5:47:04:6f:
                    82:ad:9d:05:b6:aa:ca:68:00:d0:fd:fd:50:82:81:
                    e5:30:e1:3b:a8:a5:1f:34:db:7b:7e:3d:0b:84:94:
                    85:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:57:F9:66:D5:EB:37:06:BB:7A:F5:80:C9:0D:25:8D:66:E9:F8:1F
            X509v3 Authority Key Identifier:
                keyid:EE:CC:4C:F3:72:41:CE:D1:46:7C:91:8A:A2:76:D3:88:B0:A8:2E:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7sxM83JBztFGfJGKonbTiLCoLtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/cf7d93-a076-49ff-9baf-5a37af43904c/1/GFf5ZtXrNwa7evWAyQ0ljWbp-B8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/cf7d93-a076-49ff-9baf-5a37af43904c/1/7sxM83JBztFGfJGKonbTiLCoLtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.136.0-78.40.138.255
                  87.247.248.0-87.247.250.255
                  87.247.252.0/24
                  87.247.254.0/23
                  93.93.8.0/24
                  93.93.12.0/23
                  178.249.170.0/24
                  185.75.48.0/24
                IPv6:
                  2a00:6580::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:9f:56:5b:b1:33:56:b9:94:a8:e0:ea:f0:e3:bb:56:6f:25:
         cd:b3:3e:76:fa:00:77:7e:b5:97:1e:0e:f9:51:72:d5:9d:fb:
         14:62:75:78:02:2f:d9:ca:d0:04:54:03:31:5d:08:6a:44:b0:
         cd:0c:4f:3e:d6:16:c6:c2:f2:89:e5:18:ef:bb:88:d8:17:30:
         4a:4a:bc:3b:7b:64:bc:53:ca:16:e0:9d:bf:01:ee:97:1a:49:
         2a:6b:a8:86:e3:97:d0:f5:4b:13:53:0d:4c:ae:7f:19:39:96:
         92:83:2b:92:98:d4:60:65:33:87:a1:55:77:58:8a:52:87:23:
         5a:b0:29:34:1f:d9:61:4a:c2:87:50:99:42:ab:b6:f2:b3:07:
         a5:a4:7a:ed:5f:ed:de:e6:8d:9f:d4:f7:b5:4b:65:1d:4f:96:
         d4:87:8a:fb:cd:27:2e:a1:36:df:ad:2c:b1:5e:41:2b:77:d6:
         c7:2c:8f:a0:3b:60:69:1f:e4:2d:3e:21:ec:e5:dc:3d:57:92:
         db:30:2d:eb:54:a7:54:b9:54:84:61:72:ab:09:ac:a9:57:6a:
         93:5d:99:b1:50:14:ff:28:37:ce:c5:e7:f5:f2:30:d8:4a:50:
         52:1d:45:63:3f:ed:3c:e8:f9:88:c9:2f:74:e3:6e:23:66:57:
         cf:c0:24:e1
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAZQks3hBHJ4BVpToTgHa/SvYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlY2M0Y2YzNzI0MWNlZDE0NjdjOTE4YWEyNzZkMzg4YjBh
ODJlZDUwHhcNMjUwMTAyMDE0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODU3Zjk2NmQ1ZWIzNzA2YmI3YWY1ODBjOTBkMjU4ZDY2ZTlmODFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkInG9v+SBvpuIWhokNjHIujWc4oZ
v9xjqtiqYxDcMpeZ0ln+jqqfTc8aWCPG3oYdH7Z0vrHF1nelm5hDFpHch6kCzCb4
gTuhCrST1kXWNCniTvuU0ZbaAuGNt3Blsq5bXudt3+mvb9ITCmxoHmew66VBTHhV
IhhWA1dNaTmy6Gpivo8Nh2io2koWv3ZDQNiLzqSeVatAb/biE41+ff0XW3hwOArC
gNFk4kyj/vGyNBICiM422628Mx6npEN7FTHwN9Gar6GnsCtUOBNy0dHyLPpBHM8v
tWJw17NF2NVHBG+CrZ0FtqrKaADQ/f1QgoHlMOE7qKUfNNt7fj0LhJSFTwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFBhX+WbV6zcGu3r1gMkNJY1m6fgfMB8GA1UdIwQY
MBaAFO7MTPNyQc7RRnyRiqJ204iwqC7VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3N4TTgzSkJ6dEZHZkpHS29uYlRpTENvTHRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9jZjdkOTMtYTA3Ni00OWZmLTliYWYt
NWEzN2FmNDM5MDRjLzEvR0ZmNVp0WHJOd2E3ZXZXQXlRMGxqV2JwLUI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9jZjdkOTMtYTA3Ni00OWZmLTliYWYtNWEzN2FmNDM5MDRj
LzEvN3N4TTgzSkJ6dEZHZkpHS29uYlRpTENvTHRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAMAwDBANOKIgD
BABOKIowDAMEA1f3+AMEAFf3+gMEAFf3/AMEAVf3/gMEAF1dCAMEAV1dDAMEALL5
qgMEALlLMDANBAIAAjAHAwUAKgBlgDANBgkqhkiG9w0BAQsFAAOCAQEABp9WW7Ez
VrmUqODq8OO7Vm8lzbM+dvoAd361lx4O+VFy1Z37FGJ1eAIv2crQBFQDMV0IakSw
zQxPPtYWxsLyieUY77uI2BcwSkq8O3tkvFPKFuCdvwHulxpJKmuohuOX0PVLE1MN
TK5/GTmWkoMrkpjUYGUzh6FVd1iKUocjWrApNB/ZYUrCh1CZQqu28rMHpaR67V/t
3uaNn9T3tUtlHU+W1IeK+80nLqE2360ssV5BK3fWxyyPoDtgaR/kLT4h7OXcPVeS
2zAt61SnVLlUhGFyqwmsqVdqk12ZsVAU/yg3zsXn9fIw2EpQUh1FYz/tPOj5iMkv
dONuI2ZXz8Ak4Q==
-----END CERTIFICATE-----