Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/m05Ggb5XWOZs34Yf-NS6zcRI5OY.roa
File:                     m05Ggb5XWOZs34Yf-NS6zcRI5OY.roa (raw, json)
Hash identifier:          rUuSjeXmXHp2KyJRO/ubLM0V1qjqXxzrM1C2eHFOgaA=
Subject key identifier:   9B:4E:46:81:BE:57:58:E6:6C:DF:86:1F:F8:D4:BA:CD:C4:48:E4:E6
Certificate issuer:       /CN=ddead919b85a13051d0208b7e28ddccb398b14d6
Certificate serial:       0192B49157EBC5B35D26EC1B58597E55A92B
Authority key identifier: DD:EA:D9:19:B8:5A:13:05:1D:02:08:B7:E2:8D:DC:CB:39:8B:14:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3erZGbhaEwUdAgi34o3cyzmLFNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/m05Ggb5XWOZs34Yf-NS6zcRI5OY.roa
Signing time:             Tue 22 Oct 2024 14:11:17 +0000
ROA not before:           Tue 22 Oct 2024 14:11:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42845
IP address blocks:        37.157.224.0/21 maxlen: 24
                          45.137.144.0/22 maxlen: 22
                          77.74.208.0/21 maxlen: 24
                          89.46.96.0/22 maxlen: 24
                          95.128.144.0/21 maxlen: 24
                          149.255.48.0/21 maxlen: 21
                          185.40.224.0/22 maxlen: 22
                          185.135.124.0/22 maxlen: 22
                          185.185.116.0/22 maxlen: 22
                          185.232.224.0/22 maxlen: 22
                          193.28.233.0/24 maxlen: 24
                          194.150.92.0/22 maxlen: 22
                          2a00:7200::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b4:91:57:eb:c5:b3:5d:26:ec:1b:58:59:7e:55:a9:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddead919b85a13051d0208b7e28ddccb398b14d6
        Validity
            Not Before: Oct 22 14:11:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b4e4681be5758e66cdf861ff8d4bacdc448e4e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:fa:2b:27:d6:86:92:1f:4d:15:1e:28:d0:3b:
                    31:43:f6:19:13:5d:e3:4d:fd:6e:f7:2a:74:25:cd:
                    41:17:d5:6c:8c:bb:f8:ee:a4:c2:e8:09:fc:cd:d2:
                    ab:65:dd:90:24:12:19:82:06:a0:56:c6:05:14:84:
                    a6:df:0b:45:4a:db:5b:a2:58:11:e9:b9:fb:15:40:
                    90:8f:cf:6c:b6:94:8b:99:9d:f7:86:b3:9f:f2:e3:
                    91:e4:bb:5d:b6:3f:58:df:a4:2a:e6:81:21:da:dd:
                    5d:da:fa:20:1f:92:c3:4a:85:f0:e7:8e:91:10:29:
                    c8:29:fb:e3:75:86:35:f7:7e:7a:fe:e7:0e:c1:1f:
                    cb:58:49:f6:98:47:ea:93:fa:0c:c1:a6:13:76:7d:
                    50:c8:1c:a7:49:e2:7d:ce:1c:fa:6e:9a:5b:2a:a6:
                    0c:a9:3b:22:8f:01:af:38:d6:f9:6c:6e:92:be:3c:
                    10:00:67:df:e1:c2:20:e6:c3:f4:c4:49:59:5f:14:
                    85:e2:4b:1d:fc:c2:b1:95:6f:1b:ae:44:4d:cb:90:
                    f8:9c:ab:3e:2a:d7:6f:6b:d5:b3:fe:1e:46:3b:4d:
                    a7:22:3e:b5:b4:ad:c6:32:9b:06:98:62:98:16:b2:
                    48:ab:a6:c4:c3:34:bb:15:7b:77:96:0a:66:b6:dd:
                    52:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:4E:46:81:BE:57:58:E6:6C:DF:86:1F:F8:D4:BA:CD:C4:48:E4:E6
            X509v3 Authority Key Identifier:
                keyid:DD:EA:D9:19:B8:5A:13:05:1D:02:08:B7:E2:8D:DC:CB:39:8B:14:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3erZGbhaEwUdAgi34o3cyzmLFNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/m05Ggb5XWOZs34Yf-NS6zcRI5OY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/3erZGbhaEwUdAgi34o3cyzmLFNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.224.0/21
                  45.137.144.0/22
                  77.74.208.0/21
                  89.46.96.0/22
                  95.128.144.0/21
                  149.255.48.0/21
                  185.40.224.0/22
                  185.135.124.0/22
                  185.185.116.0/22
                  185.232.224.0/22
                  193.28.233.0/24
                  194.150.92.0/22
                IPv6:
                  2a00:7200::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:c7:9d:11:fd:9c:38:5b:6c:7e:17:9f:f6:de:71:41:b5:16:
         e6:be:6a:1b:82:e4:6b:87:3f:b8:d0:14:31:27:97:93:51:bc:
         0a:57:6d:f7:b0:31:f6:b3:fb:4d:a3:30:62:7b:28:16:fb:3f:
         3b:c9:05:17:ea:d1:61:3a:a8:ec:48:74:37:0d:7f:5c:26:77:
         a7:af:39:9e:e7:c4:65:ca:27:8f:0c:60:83:ab:f2:48:b7:ed:
         cd:f5:de:19:27:8d:2c:c7:b6:86:d9:15:af:d3:08:a1:7d:1f:
         c4:79:02:2b:60:dc:3d:f8:8a:7b:06:16:12:53:a3:df:2f:2f:
         a4:06:21:fb:f3:d5:62:05:fa:87:30:50:66:08:04:9b:fd:9a:
         14:27:2e:6f:81:aa:9f:91:9a:c2:7d:7d:f2:33:1d:4e:03:c9:
         82:13:e9:29:09:71:5c:8e:6b:45:8c:fe:1e:2c:03:e8:d7:c6:
         f5:e6:f7:24:51:c1:5c:a5:b3:75:23:cd:f9:42:53:cb:1e:68:
         58:ed:7d:b6:87:ad:f0:26:96:48:1c:ac:c9:d0:d7:fa:d7:3c:
         29:4e:c4:11:af:84:87:a8:07:67:fd:b9:33:46:db:9e:bd:ce:
         dc:59:97:5c:90:bc:4f:6d:c4:be:24:9b:d0:12:43:d2:03:de:
         48:c6:cf:96
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAZK0kVfrxbNdJuwbWFl+VakrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZWFkOTE5Yjg1YTEzMDUxZDAyMDhiN2UyOGRkY2NiMzk4
YjE0ZDYwHhcNMjQxMDIyMTQxMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjRlNDY4MWJlNTc1OGU2NmNkZjg2MWZmOGQ0YmFjZGM0NDhlNGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxforJ9aGkh9NFR4o0DsxQ/YZE13j
Tf1u9yp0Jc1BF9VsjLv47qTC6An8zdKrZd2QJBIZggagVsYFFISm3wtFSttbolgR
6bn7FUCQj89stpSLmZ33hrOf8uOR5Ltdtj9Y36Qq5oEh2t1d2vogH5LDSoXw546R
ECnIKfvjdYY19356/ucOwR/LWEn2mEfqk/oMwaYTdn1QyBynSeJ9zhz6bppbKqYM
qTsijwGvONb5bG6SvjwQAGff4cIg5sP0xElZXxSF4ksd/MKxlW8brkRNy5D4nKs+
Ktdva9Wz/h5GO02nIj61tK3GMpsGmGKYFrJIq6bEwzS7FXt3lgpmtt1S2wIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFJtORoG+V1jmbN+GH/jUus3ESOTmMB8GA1UdIwQY
MBaAFN3q2Rm4WhMFHQIIt+KN3Ms5ixTWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2VyWkdiaGFFd1VkQWdpMzRvM2N5em1MRk5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS84ZWZmZTQtZWRiYi00ZGQ0LTg1ZDQt
NDhiOGI1YTliNDExLzEvbTA1R2diNVhXT1pzMzRZZi1OUzZ6Y1JJNU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS84ZWZmZTQtZWRiYi00ZGQ0LTg1ZDQtNDhiOGI1YTliNDEx
LzEvM2VyWkdiaGFFd1VkQWdpMzRvM2N5em1MRk5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQDJZ3gAwQC
LYmQAwQDTUrQAwQCWS5gAwQDX4CQAwQDlf8wAwQCuSjgAwQCuYd8AwQCubl0AwQC
uejgAwQAwRzpAwQCwpZcMA0EAgACMAcDBQAqAHIAMA0GCSqGSIb3DQEBCwUAA4IB
AQArx50R/Zw4W2x+F5/23nFBtRbmvmobguRrhz+40BQxJ5eTUbwKV233sDH2s/tN
ozBieygW+z87yQUX6tFhOqjsSHQ3DX9cJnenrzme58RlyiePDGCDq/JIt+3N9d4Z
J40sx7aG2RWv0wihfR/EeQIrYNw9+Ip7BhYSU6PfLy+kBiH789ViBfqHMFBmCASb
/ZoUJy5vgaqfkZrCfX3yMx1OA8mCE+kpCXFcjmtFjP4eLAPo18b15vckUcFcpbN1
I835QlPLHmhY7X22h63wJpZIHKzJ0Nf61zwpTsQRr4SHqAdn/bkzRtuevc7cWZdc
kLxPbcS+JJvQEkPSA95Ixs+W
-----END CERTIFICATE-----