Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/f220a0-df81-42fb-b714-dedd35293230/1/OjBtCeyPan69d0XehZ1Y7krgxls.roa
File:                     OjBtCeyPan69d0XehZ1Y7krgxls.roa (raw, json)
Hash identifier:          W1KAw0zYJe5m606/A252b1C5PxXLmLJKBwyduc+N0XU=
Subject key identifier:   3A:30:6D:09:EC:8F:6A:7E:BD:77:45:DE:85:9D:58:EE:4A:E0:C6:5B
Certificate issuer:       /CN=c74ca0855178a0cdd71914bcf223aa31af6369a4
Certificate serial:       018CCA2BDD132D64FB7DB7CEC1D16282C671
Authority key identifier: C7:4C:A0:85:51:78:A0:CD:D7:19:14:BC:F2:23:AA:31:AF:63:69:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0yghVF4oM3XGRS88iOqMa9jaaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/f220a0-df81-42fb-b714-dedd35293230/1/OjBtCeyPan69d0XehZ1Y7krgxls.roa
Signing time:             Tue 02 Jan 2024 12:35:21 +0000
ROA not before:           Tue 02 Jan 2024 12:35:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59790
IP address blocks:        194.135.200.0/21 maxlen: 21
                          5.183.208.0/24 maxlen: 24
                          94.176.100.0/22 maxlen: 22
                          193.32.11.0/24 maxlen: 24
                          195.216.136.0/22 maxlen: 22
                          185.67.120.0/24 maxlen: 24
                          185.107.24.0/22 maxlen: 22
                          93.92.116.0/22 maxlen: 22
                          193.124.144.0/21 maxlen: 21
                          5.154.233.0/24 maxlen: 24
                          185.224.116.0/22 maxlen: 22
                          185.125.36.0/22 maxlen: 22
                          193.124.76.0/22 maxlen: 22
                          185.35.232.0/22 maxlen: 22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:dd:13:2d:64:fb:7d:b7:ce:c1:d1:62:82:c6:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74ca0855178a0cdd71914bcf223aa31af6369a4
        Validity
            Not Before: Jan  2 12:35:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a306d09ec8f6a7ebd7745de859d58ee4ae0c65b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:b3:8a:7f:df:60:27:62:fb:f2:65:79:c4:88:
                    f1:8b:b2:ec:29:fe:1a:a1:7f:18:8b:5d:78:cf:e8:
                    e0:a1:a7:27:32:08:b4:ff:5e:7f:60:a6:5c:0f:18:
                    72:7c:5a:ca:24:da:40:5b:d3:b9:cb:f5:12:1a:7b:
                    cd:3a:1e:a9:71:ea:75:87:e4:ad:f0:59:03:1b:68:
                    ef:ff:5e:3e:9d:f8:4b:89:82:87:e8:c4:10:fd:b0:
                    e3:bc:f8:55:1d:ad:3a:56:fe:03:98:93:84:02:ec:
                    d7:90:f0:0e:e1:61:c4:77:36:fc:db:0e:9b:5b:ae:
                    39:a4:77:24:ed:a5:37:78:bc:ea:2d:d9:db:9e:9b:
                    b1:52:96:f0:f5:70:5c:d3:ec:f4:74:5c:8a:94:73:
                    70:21:43:5b:93:4c:f7:1d:5a:4d:ec:88:e2:d1:2b:
                    35:0f:19:be:20:7a:fe:e5:41:53:91:fe:8f:92:b7:
                    71:2b:de:3e:f1:da:60:40:f7:b7:d3:11:50:85:0c:
                    af:41:01:94:88:64:6c:71:aa:ca:a2:e1:cf:5f:ee:
                    fb:fc:79:1b:10:7e:ce:fe:28:d0:54:02:2e:8d:d0:
                    42:34:7e:d2:27:be:d8:ee:bf:0b:90:31:87:a6:69:
                    53:86:41:ad:d4:65:a9:1d:28:7c:13:59:2b:71:bd:
                    22:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:30:6D:09:EC:8F:6A:7E:BD:77:45:DE:85:9D:58:EE:4A:E0:C6:5B
            X509v3 Authority Key Identifier:
                keyid:C7:4C:A0:85:51:78:A0:CD:D7:19:14:BC:F2:23:AA:31:AF:63:69:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0yghVF4oM3XGRS88iOqMa9jaaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f220a0-df81-42fb-b714-dedd35293230/1/OjBtCeyPan69d0XehZ1Y7krgxls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f220a0-df81-42fb-b714-dedd35293230/1/x0yghVF4oM3XGRS88iOqMa9jaaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.154.233.0/24
                  5.183.208.0/24
                  93.92.116.0/22
                  94.176.100.0/22
                  185.35.232.0/22
                  185.67.120.0/24
                  185.107.24.0/22
                  185.125.36.0/22
                  185.224.116.0/22
                  193.32.11.0/24
                  193.124.76.0/22
                  193.124.144.0/21
                  194.135.200.0/21
                  195.216.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:a5:05:69:be:56:11:33:3e:3c:ed:39:25:b1:6e:99:f7:14:
         86:a2:c7:a5:13:91:a2:5b:69:f8:09:8d:48:06:e6:b4:8d:7c:
         d5:26:30:40:87:fc:63:90:0d:be:54:da:d5:c2:27:6d:80:ea:
         39:a5:34:2c:74:14:6b:23:39:ab:71:b2:38:7b:3a:b6:50:f6:
         5c:8c:93:fd:57:ae:c3:52:4d:15:0e:a3:24:11:a9:26:33:25:
         da:e0:12:6f:76:69:e5:ea:f8:70:2f:fd:bf:4d:26:ce:f2:31:
         01:00:da:c0:d6:45:ff:20:c3:7e:e4:cb:38:38:98:b1:34:e5:
         ea:10:da:60:22:05:61:a1:05:ed:57:1f:5e:66:0f:ec:66:b1:
         8b:0b:77:ef:f6:86:0b:61:1d:29:80:ae:98:a3:22:ff:ab:eb:
         2f:a1:fa:cd:c8:60:88:03:02:dc:c6:10:06:77:c0:03:37:f1:
         80:5d:7c:43:5d:8c:df:7a:d2:4f:09:96:9e:09:2f:13:25:30:
         c3:a6:4f:1c:b7:c1:03:e7:2d:9d:fe:42:01:a1:32:00:c9:ec:
         f0:48:26:69:44:bf:0f:52:2e:a2:69:4c:11:be:79:d2:74:6c:
         95:c7:1a:a3:55:1a:99:9b:a0:97:d9:7e:e4:6b:eb:74:62:c6:
         01:a7:d7:cc
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYzKK90TLWT7fbfOwdFigsZxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGNhMDg1NTE3OGEwY2RkNzE5MTRiY2YyMjNhYTMxYWY2
MzY5YTQwHhcNMjQwMTAyMTIzNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTMwNmQwOWVjOGY2YTdlYmQ3NzQ1ZGU4NTlkNThlZTRhZTBjNjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7OKf99gJ2L78mV5xIjxi7LsKf4a
oX8Yi114z+jgoacnMgi0/15/YKZcDxhyfFrKJNpAW9O5y/USGnvNOh6pcep1h+St
8FkDG2jv/14+nfhLiYKH6MQQ/bDjvPhVHa06Vv4DmJOEAuzXkPAO4WHEdzb82w6b
W645pHck7aU3eLzqLdnbnpuxUpbw9XBc0+z0dFyKlHNwIUNbk0z3HVpN7Iji0Ss1
Dxm+IHr+5UFTkf6PkrdxK94+8dpgQPe30xFQhQyvQQGUiGRscarKouHPX+77/Hkb
EH7O/ijQVAIujdBCNH7SJ77Y7r8LkDGHpmlThkGt1GWpHSh8E1krcb0i6wIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFDowbQnsj2p+vXdF3oWdWO5K4MZbMB8GA1UdIwQY
MBaAFMdMoIVReKDN1xkUvPIjqjGvY2mkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB5Z2hWRjRvTTNYR1JTODhpT3FNYTlqYWFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9mMjIwYTAtZGY4MS00MmZiLWI3MTQt
ZGVkZDM1MjkzMjMwLzEvT2pCdENleVBhbjY5ZDBYZWhaMVk3a3JneGxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9mMjIwYTAtZGY4MS00MmZiLWI3MTQtZGVkZDM1MjkzMjMw
LzEveDB5Z2hWRjRvTTNYR1JTODhpT3FNYTlqYWFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQABZrpAwQA
BbfQAwQCXVx0AwQCXrBkAwQCuSPoAwQAuUN4AwQCuWsYAwQCuX0kAwQCueB0AwQA
wSALAwQCwXxMAwQDwXyQAwQDwofIAwQCw9iIMA0GCSqGSIb3DQEBCwUAA4IBAQBS
pQVpvlYRMz487TklsW6Z9xSGoselE5GiW2n4CY1IBua0jXzVJjBAh/xjkA2+VNrV
widtgOo5pTQsdBRrIzmrcbI4ezq2UPZcjJP9V67DUk0VDqMkEakmMyXa4BJvdmnl
6vhwL/2/TSbO8jEBANrA1kX/IMN+5Ms4OJixNOXqENpgIgVhoQXtVx9eZg/sZrGL
C3fv9oYLYR0pgK6YoyL/q+svofrNyGCIAwLcxhAGd8ADN/GAXXxDXYzfetJPCZae
CS8TJTDDpk8ct8ED5y2d/kIBoTIAyezwSCZpRL8PUi6iaUwRvnnSdGyVxxqjVRqZ
m6CX2X7ka+t0YsYBp9fM
-----END CERTIFICATE-----