Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/_lFwipGcBULs-OtxLncFCBpHs9g.roa
File:                     _lFwipGcBULs-OtxLncFCBpHs9g.roa (raw, json)
Hash identifier:          /CL1lT0eqTnjw/VqCvPhFbClnc8+/9CwhAbZX1+HFIw=
Subject key identifier:   FE:51:70:8A:91:9C:05:42:EC:F8:EB:71:2E:77:05:08:1A:47:B3:D8
Certificate issuer:       /CN=d66738a8dadac2d0d3aeddb934f820066b9f5feb
Certificate serial:       019425FC4EEA300AD79F79B5E9752FC1B5DB
Authority key identifier: D6:67:38:A8:DA:DA:C2:D0:D3:AE:DD:B9:34:F8:20:06:6B:9F:5F:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1mc4qNrawtDTrt25NPggBmufX-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/_lFwipGcBULs-OtxLncFCBpHs9g.roa
Signing time:             Thu 02 Jan 2025 07:47:59 +0000
ROA not before:           Thu 02 Jan 2025 07:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20771
IP address blocks:        37.233.128.0/17 maxlen: 17
                          78.139.128.0/18 maxlen: 18
                          80.241.184.0/24 maxlen: 24
                          80.241.244.0/22 maxlen: 22
                          80.241.252.0/24 maxlen: 24
                          85.117.32.0/19 maxlen: 19
                          85.117.32.0/20 maxlen: 20
                          85.117.48.0/20 maxlen: 20
                          88.210.192.0/18 maxlen: 18
                          89.232.0.0/19 maxlen: 19
                          134.90.0.0/17 maxlen: 17
                          176.73.0.0/16 maxlen: 16
                          185.19.96.0/22 maxlen: 22
                          185.19.96.0/23 maxlen: 23
                          185.19.98.0/23 maxlen: 23
                          212.72.130.0/24 maxlen: 24
                          2a02:23f0::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:4e:ea:30:0a:d7:9f:79:b5:e9:75:2f:c1:b5:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d66738a8dadac2d0d3aeddb934f820066b9f5feb
        Validity
            Not Before: Jan  2 07:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe51708a919c0542ecf8eb712e7705081a47b3d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f1:e7:52:a7:34:63:a8:85:04:61:e9:a6:6d:
                    ce:e5:c7:b4:d0:55:df:6c:1f:91:b1:2d:44:e7:5f:
                    db:67:6b:7c:45:1a:69:7c:66:60:c9:33:30:42:e0:
                    fa:40:7d:ce:88:13:45:2b:34:56:7d:ec:fb:41:90:
                    76:57:2d:55:fe:fa:ff:18:eb:f4:a3:1f:9c:58:cd:
                    d4:55:36:20:83:23:ec:8e:12:a3:89:b4:62:b2:bf:
                    02:40:a0:cc:92:2c:6b:2b:d3:d2:d5:81:7d:36:c1:
                    4f:ca:ca:91:78:e9:2f:90:4c:38:4b:be:66:1b:0f:
                    1a:31:75:5e:c7:8b:a5:75:34:bd:78:ac:0c:15:e1:
                    03:73:60:16:2f:b0:90:c0:7f:aa:bc:e1:cc:0e:18:
                    ab:8d:ed:bc:87:67:e2:8e:a8:fc:4e:20:8e:16:90:
                    11:55:90:64:7a:5a:8b:14:ed:c0:c1:26:1f:a4:21:
                    16:eb:91:83:ca:e3:65:3e:cb:48:dd:f3:27:a8:57:
                    b2:f6:69:a2:b3:73:60:2b:17:09:d5:59:64:4e:fc:
                    db:8e:1b:3f:1c:bd:0f:0b:0d:7c:6e:d8:fc:0e:b5:
                    6c:f2:fb:65:31:a9:e5:0a:dc:b4:26:f6:5d:13:9d:
                    9e:d2:25:68:f6:38:6f:a0:e1:20:e6:a3:c3:a0:61:
                    0f:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:51:70:8A:91:9C:05:42:EC:F8:EB:71:2E:77:05:08:1A:47:B3:D8
            X509v3 Authority Key Identifier:
                keyid:D6:67:38:A8:DA:DA:C2:D0:D3:AE:DD:B9:34:F8:20:06:6B:9F:5F:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1mc4qNrawtDTrt25NPggBmufX-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/_lFwipGcBULs-OtxLncFCBpHs9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/1mc4qNrawtDTrt25NPggBmufX-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.233.128.0/17
                  78.139.128.0/18
                  80.241.184.0/24
                  80.241.244.0/22
                  80.241.252.0/24
                  85.117.32.0/19
                  88.210.192.0/18
                  89.232.0.0/19
                  134.90.0.0/17
                  176.73.0.0/16
                  185.19.96.0/22
                  212.72.130.0/24
                IPv6:
                  2a02:23f0::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:da:63:39:80:62:58:93:b3:99:f6:24:b9:b2:86:a1:d0:f7:
         e3:c9:39:91:0e:5b:e1:eb:a0:86:d6:ca:d4:a6:f4:be:2a:31:
         21:2a:12:4a:58:cc:52:94:d7:3f:e9:c7:55:13:2a:43:eb:fb:
         c8:5a:10:51:31:74:16:09:67:20:40:ed:a4:d4:71:6a:ba:1b:
         8a:1c:d4:41:aa:2b:9b:5e:9a:b4:c4:5a:83:a3:c1:84:8e:63:
         79:43:36:58:f2:61:78:58:52:b3:85:c9:c2:f8:ff:aa:0a:af:
         6a:a2:cc:94:60:43:ec:3e:49:68:89:46:20:ca:e7:2f:04:e5:
         2b:89:67:d6:d0:d4:1e:f1:19:14:7b:81:30:7a:1b:88:0c:0c:
         ba:2e:40:c0:81:45:20:5b:5e:f5:2d:38:e4:a2:6b:20:92:9b:
         7e:f9:13:46:45:4a:1b:dd:b8:17:74:65:4e:32:03:44:61:7f:
         31:b0:9d:57:57:5d:5b:6f:a5:80:68:44:5f:59:62:5f:39:ad:
         48:c1:ab:25:cc:16:4f:a4:ba:dd:95:3b:0c:0a:8b:0d:95:8f:
         dd:68:42:04:a1:a9:fc:d3:2d:24:3a:ca:58:3b:d7:34:32:7d:
         c4:dc:7a:a7:cf:33:d9:81:af:5a:77:00:95:d0:e5:99:62:14:
         0d:34:91:ac
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAZQl/E7qMArXn3m16XUvwbXbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NjczOGE4ZGFkYWMyZDBkM2FlZGRiOTM0ZjgyMDA2NmI5
ZjVmZWIwHhcNMjUwMTAyMDc0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTUxNzA4YTkxOWMwNTQyZWNmOGViNzEyZTc3MDUwODFhNDdiM2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfHnUqc0Y6iFBGHppm3O5ce00FXf
bB+RsS1E51/bZ2t8RRppfGZgyTMwQuD6QH3OiBNFKzRWfez7QZB2Vy1V/vr/GOv0
ox+cWM3UVTYggyPsjhKjibRisr8CQKDMkixrK9PS1YF9NsFPysqReOkvkEw4S75m
Gw8aMXVex4uldTS9eKwMFeEDc2AWL7CQwH+qvOHMDhirje28h2fijqj8TiCOFpAR
VZBkelqLFO3AwSYfpCEW65GDyuNlPstI3fMnqFey9mmis3NgKxcJ1VlkTvzbjhs/
HL0PCw18btj8DrVs8vtlManlCty0JvZdE52e0iVo9jhvoOEg5qPDoGEPnQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFP5RcIqRnAVC7PjrcS53BQgaR7PYMB8GA1UdIwQY
MBaAFNZnOKja2sLQ067duTT4IAZrn1/rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW1jNHFOcmF3dERUcnQyNU5QZ2dCbXVmWC1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jNTc3MjctOTM5Ni00YmY4LWIyNWQt
NmExZTBlYzcxZGE4LzEvX2xGd2lwR2NCVUxzLU90eExuY0ZDQnBIczlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jNTc3MjctOTM5Ni00YmY4LWIyNWQtNmExZTBlYzcxZGE4
LzEvMW1jNHFOcmF3dERUcnQyNU5QZ2dCbXVmWC1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBNBAIAATBHAwQHJemAAwQG
TouAAwQAUPG4AwQCUPH0AwQAUPH8AwQFVXUgAwQGWNLAAwQFWegAAwQHhloAAwMA
sEkDBAK5E2ADBADUSIIwDQQCAAIwBwMFACoCI/AwDQYJKoZIhvcNAQELBQADggEB
ACvaYzmAYliTs5n2JLmyhqHQ9+PJOZEOW+HroIbWytSm9L4qMSEqEkpYzFKU1z/p
x1UTKkPr+8haEFExdBYJZyBA7aTUcWq6G4oc1EGqK5temrTEWoOjwYSOY3lDNljy
YXhYUrOFycL4/6oKr2qizJRgQ+w+SWiJRiDK5y8E5SuJZ9bQ1B7xGRR7gTB6G4gM
DLouQMCBRSBbXvUtOOSiayCSm375E0ZFShvduBd0ZU4yA0RhfzGwnVdXXVtvpYBo
RF9ZYl85rUjBqyXMFk+kut2VOwwKiw2Vj91oQgShqfzTLSQ6ylg71zQyfcTceqfP
M9mBr1p3AJXQ5ZliFA00kaw=
-----END CERTIFICATE-----