Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/cpTY6qX2f47hxdeXGQo0SY-yxBw.roa
File:                     cpTY6qX2f47hxdeXGQo0SY-yxBw.roa (raw, json)
Hash identifier:          be8pg/PeBaIU1DwD7XMfsPAPC9zrZ+0COMwYwae3S/8=
Subject key identifier:   72:94:D8:EA:A5:F6:7F:8E:E1:C5:D7:97:19:0A:34:49:8F:B2:C4:1C
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01942369C6D44323179F9DB144835E6F6EE8
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/cpTY6qX2f47hxdeXGQo0SY-yxBw.roa
Signing time:             Wed 01 Jan 2025 19:48:42 +0000
ROA not before:           Wed 01 Jan 2025 19:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55410
IP address blocks:        45.116.105.0/24 maxlen: 24
                          45.116.106.0/23 maxlen: 24
                          62.169.140.0/22 maxlen: 24
                          110.172.180.0/24 maxlen: 24
                          110.172.181.0/24 maxlen: 24
                          110.172.182.0/23 maxlen: 24
                          114.69.236.0/23 maxlen: 24
                          114.69.238.0/24 maxlen: 24
                          114.69.239.0/24 maxlen: 24
                          118.91.180.0/23 maxlen: 24
                          118.91.182.0/24 maxlen: 24
                          118.91.183.0/24 maxlen: 24
                          203.188.160.0/22 maxlen: 24
                          212.56.60.0/22 maxlen: 24
                          212.104.144.0/24 maxlen: 24
                          212.104.145.0/24 maxlen: 24
                          212.104.146.0/23 maxlen: 24
                          213.254.188.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:c6:d4:43:23:17:9f:9d:b1:44:83:5e:6f:6e:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jan  1 19:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7294d8eaa5f67f8ee1c5d797190a34498fb2c41c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:86:05:93:5f:a4:03:20:8d:b0:b2:19:97:90:
                    d0:8c:68:8f:5c:4d:a6:72:27:6c:36:ed:74:be:37:
                    ad:7a:93:f9:83:87:39:62:40:f8:12:7b:52:cd:33:
                    5f:29:8b:f6:ea:3a:ee:42:cd:f1:7e:22:e6:45:38:
                    17:dd:ca:0e:e8:c9:37:0b:d4:75:7a:fd:cb:fa:97:
                    3c:1a:d2:03:05:49:9e:aa:1a:6c:88:b1:62:f8:06:
                    3b:13:e8:54:a9:25:37:dc:e0:a2:78:a2:12:25:f0:
                    85:46:da:19:fd:19:6b:e3:56:5b:aa:43:95:12:8f:
                    94:11:d7:71:97:76:5d:70:ea:89:06:e5:59:3c:24:
                    84:d6:45:dc:12:d0:51:3d:a7:3d:ed:09:a7:a7:e5:
                    0c:86:30:79:04:f3:a4:69:9f:ca:2e:b4:6a:88:0c:
                    c5:1c:ab:32:4d:e3:12:16:dc:28:a7:c1:2b:07:d0:
                    47:11:5c:21:fc:de:9f:6e:80:4e:c0:07:df:dc:55:
                    05:33:d7:2d:a4:5c:6a:d1:75:ce:31:93:12:ec:b1:
                    a4:9a:86:e5:51:59:02:4a:87:0e:99:50:ac:1a:84:
                    30:7a:a5:58:4b:fd:80:b4:00:a5:65:b9:2e:c9:e6:
                    d1:21:4f:39:85:16:15:a0:94:40:6c:da:cd:94:c8:
                    a6:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:94:D8:EA:A5:F6:7F:8E:E1:C5:D7:97:19:0A:34:49:8F:B2:C4:1C
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/cpTY6qX2f47hxdeXGQo0SY-yxBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.116.105.0-45.116.107.255
                  62.169.140.0/22
                  110.172.180.0/22
                  114.69.236.0/22
                  118.91.180.0/22
                  203.188.160.0/22
                  212.56.60.0/22
                  212.104.144.0/22
                  213.254.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:ee:2f:21:20:cd:e6:7a:6b:9e:d0:c5:9b:62:90:34:94:e4:
         b0:63:49:7c:6c:38:d9:b8:00:37:eb:ea:81:05:28:2d:20:80:
         96:fa:63:5f:24:31:51:b8:78:8c:38:6d:54:a1:2e:db:6f:09:
         9f:9f:af:7c:e7:d4:60:9f:c0:77:43:aa:8b:3a:f6:a9:23:08:
         2d:5e:4e:68:0a:9f:84:ae:b1:37:c6:7f:71:9b:86:ac:1b:f2:
         35:8a:90:32:6e:e8:70:77:20:ce:21:93:dd:c4:c7:15:d0:72:
         8d:02:85:b9:cf:66:75:22:9d:73:4f:31:b1:36:07:56:c5:4e:
         89:b2:21:59:00:ab:2b:c3:a0:c3:ed:e5:5b:ac:b3:f7:80:f6:
         61:d1:1d:7f:bd:d1:f9:94:6a:09:3e:39:3a:bc:c6:aa:18:6a:
         ba:90:70:f3:22:c0:08:01:e5:b7:d7:30:34:70:47:9c:3a:04:
         87:fd:01:92:87:d6:b4:e6:f8:86:21:41:94:dd:f3:44:68:3c:
         ac:77:ea:ce:53:b6:d1:f9:21:a6:e0:15:02:5a:20:9f:60:df:
         ed:6a:be:14:60:62:d0:3f:1e:d2:3b:27:ee:cb:10:95:48:23:
         8d:78:11:e4:27:2b:e2:e0:31:46:b5:56:8c:f2:0f:4a:38:e8:
         bc:29:c7:7b
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZQjacbUQyMXn52xRINeb27oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwMTAxMTk0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjk0ZDhlYWE1ZjY3ZjhlZTFjNWQ3OTcxOTBhMzQ0OThmYjJjNDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoYFk1+kAyCNsLIZl5DQjGiPXE2m
cidsNu10vjetepP5g4c5YkD4EntSzTNfKYv26jruQs3xfiLmRTgX3coO6Mk3C9R1
ev3L+pc8GtIDBUmeqhpsiLFi+AY7E+hUqSU33OCieKISJfCFRtoZ/Rlr41ZbqkOV
Eo+UEddxl3ZdcOqJBuVZPCSE1kXcEtBRPac97Qmnp+UMhjB5BPOkaZ/KLrRqiAzF
HKsyTeMSFtwop8ErB9BHEVwh/N6fboBOwAff3FUFM9ctpFxq0XXOMZMS7LGkmobl
UVkCSocOmVCsGoQweqVYS/2AtAClZbkuyebRIU85hRYVoJRAbNrNlMimuwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFHKU2Oql9n+O4cXXlxkKNEmPssQcMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvY3BUWTZxWDJmNDdoeGRlWEdRbzBTWS15eEJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+MAwDBAAtdGkD
BAItdGgDBAI+qYwDBAJurLQDBAJyRewDBAJ2W7QDBALLvKADBALUODwDBALUaJAD
BALV/rwwDQYJKoZIhvcNAQELBQADggEBAF/uLyEgzeZ6a57QxZtikDSU5LBjSXxs
ONm4ADfr6oEFKC0ggJb6Y18kMVG4eIw4bVShLttvCZ+fr3zn1GCfwHdDqos69qkj
CC1eTmgKn4SusTfGf3Gbhqwb8jWKkDJu6HB3IM4hk93ExxXQco0ChbnPZnUinXNP
MbE2B1bFTomyIVkAqyvDoMPt5Vuss/eA9mHRHX+90fmUagk+OTq8xqoYarqQcPMi
wAgB5bfXMDRwR5w6BIf9AZKH1rTm+IYhQZTd80RoPKx36s5TttH5IabgFQJaIJ9g
3+1qvhRgYtA/HtI7J+7LEJVII414EeQnK+LgMUa1VozyD0o46Lwpx3s=
-----END CERTIFICATE-----