Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/cd092e-6beb-4037-8a5a-fae8d42ae5e5/1/xANWJIQxy5Izrn9gOyePr5tbhgY.roa
File:                     xANWJIQxy5Izrn9gOyePr5tbhgY.roa (raw, json)
Hash identifier:          BAFdEGijvRbR7pMhm3hhAYe67gFmqJkY0ASzrXKygw4=
Subject key identifier:   C4:03:56:24:84:31:CB:92:33:AE:7F:60:3B:27:8F:AF:9B:5B:86:06
Certificate issuer:       /CN=e842a46658c1d01bac8d43961c6b49e788e3ccc3
Certificate serial:       019422FBB919CA499B2C0D6B11F7E371FECC
Authority key identifier: E8:42:A4:66:58:C1:D0:1B:AC:8D:43:96:1C:6B:49:E7:88:E3:CC:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6EKkZljB0BusjUOWHGtJ54jjzMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/cd092e-6beb-4037-8a5a-fae8d42ae5e5/1/xANWJIQxy5Izrn9gOyePr5tbhgY.roa
Signing time:             Wed 01 Jan 2025 17:48:29 +0000
ROA not before:           Wed 01 Jan 2025 17:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200148
IP address blocks:        2.59.16.0/22 maxlen: 24
                          5.180.236.0/22 maxlen: 24
                          85.115.196.0/22 maxlen: 22
                          185.36.128.0/22 maxlen: 24
                          185.52.112.0/22 maxlen: 24
                          185.53.192.0/22 maxlen: 24
                          185.100.176.0/22 maxlen: 24
                          185.127.36.0/22 maxlen: 24
                          185.138.216.0/22 maxlen: 24
                          185.251.136.0/22 maxlen: 24
                          188.94.80.0/22 maxlen: 24
                          194.55.148.0/22 maxlen: 24
                          212.102.110.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:b9:19:ca:49:9b:2c:0d:6b:11:f7:e3:71:fe:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e842a46658c1d01bac8d43961c6b49e788e3ccc3
        Validity
            Not Before: Jan  1 17:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c40356248431cb9233ae7f603b278faf9b5b8606
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:4d:cb:60:1d:da:42:0f:44:93:d7:a1:79:20:
                    e3:f2:4e:3d:f3:26:e4:4f:6e:25:3e:09:eb:d8:90:
                    fc:88:8f:85:97:e0:2f:59:9a:b8:62:75:fb:6f:1e:
                    8c:19:da:e8:fe:b4:cf:00:d2:aa:52:ea:a1:e3:46:
                    fd:23:5e:2c:7d:4d:05:65:54:ae:7a:d5:5f:16:50:
                    18:e4:36:8f:3c:8f:21:8a:be:b5:a2:70:02:ac:bb:
                    7f:12:e2:b2:5e:b7:6d:4c:2b:5c:99:9c:dc:9c:08:
                    ad:a9:d0:1a:40:d9:a4:32:c3:a5:22:9a:b6:dd:aa:
                    dc:0e:00:08:2d:cd:54:59:6d:17:1a:73:83:f8:96:
                    ff:fe:9e:b7:30:7b:7e:f0:b2:bf:92:be:0a:5d:3f:
                    4e:5b:73:db:de:27:13:ff:f5:11:9b:b5:cd:0d:54:
                    a9:1f:1b:d5:cd:29:a8:ef:33:e6:82:b7:92:0f:f3:
                    3b:0c:e3:4e:c3:f8:4e:41:17:87:9a:f7:93:64:f1:
                    71:6a:00:6d:6a:d4:f0:df:4c:23:12:bd:c6:be:9f:
                    90:f8:64:d8:aa:d7:ac:59:3f:23:f8:ac:f1:cf:54:
                    52:c1:9f:45:d8:b6:6c:ce:36:91:79:ca:c0:ba:8f:
                    79:13:fb:f7:f6:8c:db:0e:db:98:f0:7d:3a:7b:5e:
                    75:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:03:56:24:84:31:CB:92:33:AE:7F:60:3B:27:8F:AF:9B:5B:86:06
            X509v3 Authority Key Identifier:
                keyid:E8:42:A4:66:58:C1:D0:1B:AC:8D:43:96:1C:6B:49:E7:88:E3:CC:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EKkZljB0BusjUOWHGtJ54jjzMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/cd092e-6beb-4037-8a5a-fae8d42ae5e5/1/xANWJIQxy5Izrn9gOyePr5tbhgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/cd092e-6beb-4037-8a5a-fae8d42ae5e5/1/6EKkZljB0BusjUOWHGtJ54jjzMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.16.0/22
                  5.180.236.0/22
                  85.115.196.0/22
                  185.36.128.0/22
                  185.52.112.0/22
                  185.53.192.0/22
                  185.100.176.0/22
                  185.127.36.0/22
                  185.138.216.0/22
                  185.251.136.0/22
                  188.94.80.0/22
                  194.55.148.0/22
                  212.102.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:91:b6:da:9a:47:80:44:b2:75:1f:ae:d3:de:9e:77:a2:ea:
         60:eb:6e:a3:0d:ec:9b:a0:c2:0c:78:da:31:8d:e4:ae:f4:1c:
         a7:0e:fc:55:54:e2:08:d2:c3:88:ef:51:4f:f4:44:7a:b4:0d:
         8e:26:95:36:e7:52:17:fa:bf:e9:3c:f8:83:8f:c7:d6:b0:df:
         9f:51:a1:2d:97:9f:8d:cb:f8:0e:71:fd:cc:80:ab:2a:95:c4:
         68:2b:ea:48:ee:15:43:4a:ee:57:43:8e:cd:84:6e:51:b0:4a:
         94:0b:da:3e:22:b6:14:a0:11:69:83:f5:3b:96:6a:1b:45:90:
         c1:75:34:1b:5d:7f:c4:db:17:dc:2d:4c:21:c9:23:a1:bf:ef:
         25:71:99:b6:a4:0f:20:fb:82:43:34:cd:0f:dd:40:cb:bd:45:
         bf:f6:7c:4c:c0:77:f9:35:1f:18:ed:5a:e4:db:77:45:9e:29:
         d5:9f:98:4b:dc:5a:5c:7f:cb:11:37:ee:24:ee:48:1e:4e:d3:
         42:3b:7b:b2:78:57:c6:35:ae:9f:13:f6:da:ce:84:5b:aa:00:
         18:d5:a2:65:77:4b:02:15:5b:75:47:c1:bc:72:95:22:4e:c8:
         44:fa:ec:d1:cd:c7:92:59:72:32:6f:89:29:c1:47:46:f7:5c:
         d3:a8:cc:df
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZQi+7kZykmbLA1rEffjcf7MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDJhNDY2NThjMWQwMWJhYzhkNDM5NjFjNmI0OWU3ODhl
M2NjYzMwHhcNMjUwMTAxMTc0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDAzNTYyNDg0MzFjYjkyMzNhZTdmNjAzYjI3OGZhZjliNWI4NjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA603LYB3aQg9Ek9eheSDj8k498ybk
T24lPgnr2JD8iI+Fl+AvWZq4YnX7bx6MGdro/rTPANKqUuqh40b9I14sfU0FZVSu
etVfFlAY5DaPPI8hir61onACrLt/EuKyXrdtTCtcmZzcnAitqdAaQNmkMsOlIpq2
3arcDgAILc1UWW0XGnOD+Jb//p63MHt+8LK/kr4KXT9OW3Pb3icT//URm7XNDVSp
HxvVzSmo7zPmgreSD/M7DONOw/hOQReHmveTZPFxagBtatTw30wjEr3Gvp+Q+GTY
qtesWT8j+Kzxz1RSwZ9F2LZszjaRecrAuo95E/v39ozbDtuY8H06e151hQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFMQDViSEMcuSM65/YDsnj6+bW4YGMB8GA1UdIwQY
MBaAFOhCpGZYwdAbrI1DlhxrSeeI48zDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVLa1psakIwQnVzalVPV0hHdEo1NGpqek1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9jZDA5MmUtNmJlYi00MDM3LThhNWEt
ZmFlOGQ0MmFlNWU1LzEveEFOV0pJUXh5NUl6cm45Z095ZVByNXRiaGdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9jZDA5MmUtNmJlYi00MDM3LThhNWEtZmFlOGQ0MmFlNWU1
LzEvNkVLa1psakIwQnVzalVPV0hHdEo1NGpqek1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQCAjsQAwQC
BbTsAwQCVXPEAwQCuSSAAwQCuTRwAwQCuTXAAwQCuWSwAwQCuX8kAwQCuYrYAwQC
ufuIAwQCvF5QAwQCwjeUAwQA1GZuMA0GCSqGSIb3DQEBCwUAA4IBAQCTkbbamkeA
RLJ1H67T3p53oupg626jDeyboMIMeNoxjeSu9BynDvxVVOII0sOI71FP9ER6tA2O
JpU251IX+r/pPPiDj8fWsN+fUaEtl5+Ny/gOcf3MgKsqlcRoK+pI7hVDSu5XQ47N
hG5RsEqUC9o+IrYUoBFpg/U7lmobRZDBdTQbXX/E2xfcLUwhySOhv+8lcZm2pA8g
+4JDNM0P3UDLvUW/9nxMwHf5NR8Y7Vrk23dFninVn5hL3Fpcf8sRN+4k7kgeTtNC
O3uyeFfGNa6fE/bazoRbqgAY1aJld0sCFVt1R8G8cpUiTshE+uzRzceSWXIyb4kp
wUdG91zTqMzf
-----END CERTIFICATE-----