Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/AdJusCDEaaWUWL_SsEKfWaq7GKY.roa
File:                     AdJusCDEaaWUWL_SsEKfWaq7GKY.roa (raw, json)
Hash identifier:          5Pi0I8u6jgd5d5NRjP0XdLdVQciECPLHpfnT8v5T5mU=
Subject key identifier:   01:D2:6E:B0:20:C4:69:A5:94:58:BF:D2:B0:42:9F:59:AA:BB:18:A6
Certificate issuer:       /CN=29993007c7c92df6178e7cb43183fd7f52a526d8
Certificate serial:       0193702DCEABC2A254FDB8F7F2F97309E443
Authority key identifier: 29:99:30:07:C7:C9:2D:F6:17:8E:7C:B4:31:83:FD:7F:52:A5:26:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KZkwB8fJLfYXjny0MYP9f1KlJtg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/AdJusCDEaaWUWL_SsEKfWaq7GKY.roa
Signing time:             Thu 28 Nov 2024 00:31:10 +0000
ROA not before:           Thu 28 Nov 2024 00:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39582
IP address blocks:        37.77.0.0/19 maxlen: 24
                          37.77.1.0/24 maxlen: 24
                          37.77.2.0/24 maxlen: 24
                          37.77.3.0/24 maxlen: 24
                          37.77.4.0/24 maxlen: 24
                          37.77.5.0/24 maxlen: 24
                          37.77.6.0/24 maxlen: 24
                          37.77.7.0/24 maxlen: 24
                          37.77.8.0/24 maxlen: 24
                          37.77.9.0/24 maxlen: 24
                          37.77.10.0/24 maxlen: 24
                          37.77.15.0/24 maxlen: 24
                          37.77.16.0/24 maxlen: 24
                          37.77.17.0/24 maxlen: 24
                          37.77.18.0/24 maxlen: 24
                          37.77.20.0/24 maxlen: 24
                          37.77.21.0/24 maxlen: 24
                          37.77.22.0/24 maxlen: 24
                          37.77.23.0/24 maxlen: 24
                          37.77.24.0/24 maxlen: 24
                          37.77.26.0/24 maxlen: 24
                          37.77.30.0/24 maxlen: 24
                          37.77.31.0/24 maxlen: 24
                          2a02:4300::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:70:2d:ce:ab:c2:a2:54:fd:b8:f7:f2:f9:73:09:e4:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29993007c7c92df6178e7cb43183fd7f52a526d8
        Validity
            Not Before: Nov 28 00:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01d26eb020c469a59458bfd2b0429f59aabb18a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:40:0a:01:a1:6d:82:82:20:61:bf:5a:4d:1f:
                    5e:6d:09:d1:18:42:ee:64:a4:e8:4c:1a:1e:8e:10:
                    fc:ae:1f:d6:19:bf:c0:f9:ae:92:c5:96:42:61:b4:
                    25:74:8a:00:5e:08:16:e7:18:ae:61:ea:1c:38:7f:
                    ee:ab:98:3d:eb:dd:02:a9:82:d2:93:2d:40:32:c6:
                    ca:a3:44:97:30:19:44:05:cf:b9:a1:50:eb:1c:75:
                    99:82:f8:b9:a2:7e:5b:84:3f:7b:80:a5:78:45:04:
                    fa:48:cf:ef:e7:42:74:9b:ca:a0:c6:1e:dd:d3:de:
                    4e:6e:3e:00:45:03:e9:c9:e5:89:6a:0f:03:7b:3d:
                    c2:26:a5:56:e5:9b:e1:12:77:4f:f9:b7:41:d0:be:
                    00:5f:ca:b4:f2:01:cc:e3:60:cc:23:71:95:b8:6d:
                    ea:dc:d6:40:e5:33:cf:3b:df:20:dc:fb:81:e2:0a:
                    0b:40:a6:84:d4:10:c1:af:20:ed:b1:30:29:31:e2:
                    89:70:8d:f5:3b:a1:58:a2:14:e9:84:0a:c2:fb:03:
                    2e:f5:5b:8d:a2:0c:5a:6d:ee:22:4f:ae:4b:c6:49:
                    5b:ae:89:9e:60:8a:ed:e4:ab:3b:91:45:e8:14:49:
                    e1:a9:31:17:11:bd:8b:43:90:5f:cf:14:8c:5c:4e:
                    2b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:D2:6E:B0:20:C4:69:A5:94:58:BF:D2:B0:42:9F:59:AA:BB:18:A6
            X509v3 Authority Key Identifier:
                keyid:29:99:30:07:C7:C9:2D:F6:17:8E:7C:B4:31:83:FD:7F:52:A5:26:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KZkwB8fJLfYXjny0MYP9f1KlJtg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/AdJusCDEaaWUWL_SsEKfWaq7GKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/KZkwB8fJLfYXjny0MYP9f1KlJtg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.0.0/19
                IPv6:
                  2a02:4300::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:5c:92:b4:43:1f:50:88:e2:27:7d:1d:ee:03:ad:40:bf:7c:
         a1:53:a8:be:f3:2e:e8:e2:8c:20:09:71:5f:a2:70:3c:f6:c1:
         9b:c3:70:74:a5:85:49:52:44:56:49:44:a1:39:5b:42:cc:7d:
         4f:f6:22:45:55:ce:ee:8f:a2:ad:0d:23:95:51:26:a1:d2:9a:
         0a:93:ce:9b:f9:7f:b2:86:19:5a:46:51:fe:3f:ee:09:0b:1d:
         ef:da:a5:9b:17:24:f0:7d:e8:9c:de:01:24:e9:01:d1:aa:2a:
         c6:03:98:cb:00:86:2e:d1:9c:6f:ea:82:91:74:9b:13:d9:14:
         92:57:5e:6c:f7:a3:9c:72:e9:a8:44:a9:68:5d:0a:3e:ea:9e:
         14:d0:92:e6:90:af:2e:a2:53:53:f3:d2:64:1c:f2:5b:83:a2:
         d2:af:8d:87:47:4d:62:fc:d8:5a:a1:ca:41:28:32:c6:f2:2d:
         16:59:8c:10:1c:0a:91:1c:39:22:74:f8:2d:7d:c6:3a:01:74:
         14:28:66:29:11:e9:53:87:f1:73:1a:8e:4d:86:52:29:2b:f2:
         06:93:d7:5e:94:70:9d:83:18:60:5a:c8:6a:47:e4:19:97:32:
         2b:ef:c5:b4:a8:4d:ce:d9:b1:cb:d1:0f:f7:ca:0e:25:be:03:
         6c:60:14:da
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZNwLc6rwqJU/bj38vlzCeRDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5OTkzMDA3YzdjOTJkZjYxNzhlN2NiNDMxODNmZDdmNTJh
NTI2ZDgwHhcNMjQxMTI4MDAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWQyNmViMDIwYzQ2OWE1OTQ1OGJmZDJiMDQyOWY1OWFhYmIxOGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0AKAaFtgoIgYb9aTR9ebQnRGELu
ZKToTBoejhD8rh/WGb/A+a6SxZZCYbQldIoAXggW5xiuYeocOH/uq5g9690CqYLS
ky1AMsbKo0SXMBlEBc+5oVDrHHWZgvi5on5bhD97gKV4RQT6SM/v50J0m8qgxh7d
095Obj4ARQPpyeWJag8Dez3CJqVW5ZvhEndP+bdB0L4AX8q08gHM42DMI3GVuG3q
3NZA5TPPO98g3PuB4goLQKaE1BDBryDtsTApMeKJcI31O6FYohTphArC+wMu9VuN
ogxabe4iT65LxklbromeYIrt5Ks7kUXoFEnhqTEXEb2LQ5BfzxSMXE4rwwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAHSbrAgxGmllFi/0rBCn1mquximMB8GA1UdIwQY
MBaAFCmZMAfHyS32F458tDGD/X9SpSbYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1prd0I4ZkpMZllYam55ME1ZUDlmMUtsSnRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kYzliNmYtM2E2ZC00NDlmLThiODkt
MWU4MjlmZmExYzNhLzEvQWRKdXNDREVhYVdVV0xfU3NFS2ZXYXE3R0tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kYzliNmYtM2E2ZC00NDlmLThiODktMWU4MjlmZmExYzNh
LzEvS1prd0I4ZkpMZllYam55ME1ZUDlmMUtsSnRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFJU0AMA0E
AgACMAcDBQAqAkMAMA0GCSqGSIb3DQEBCwUAA4IBAQA+XJK0Qx9QiOInfR3uA61A
v3yhU6i+8y7o4owgCXFfonA89sGbw3B0pYVJUkRWSUShOVtCzH1P9iJFVc7uj6Kt
DSOVUSah0poKk86b+X+yhhlaRlH+P+4JCx3v2qWbFyTwfeic3gEk6QHRqirGA5jL
AIYu0Zxv6oKRdJsT2RSSV15s96OccumoRKloXQo+6p4U0JLmkK8uolNT89JkHPJb
g6LSr42HR01i/NhaocpBKDLG8i0WWYwQHAqRHDkidPgtfcY6AXQUKGYpEelTh/Fz
Go5NhlIpK/IGk9delHCdgxhgWshqR+QZlzIr78W0qE3O2bHL0Q/3yg4lvgNsYBTa
-----END CERTIFICATE-----