Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/e4912b-5484-4ac0-8768-535bf9b1e8b7/1/B0B4Y6WmKTSsGtgiy_GaSYzTEw4.roa
File:                     B0B4Y6WmKTSsGtgiy_GaSYzTEw4.roa (raw, json)
Hash identifier:          fz9V9BUWuOk2Mh3Jcg5jFOYmVDkKnHhcxn1Jkrdsy98=
Subject key identifier:   07:40:78:63:A5:A6:29:34:AC:1A:D8:22:CB:F1:9A:49:8C:D3:13:0E
Certificate issuer:       /CN=278f62f3a5f84722852fc70f052cf13dea2374d0
Certificate serial:       019426D9FC7CF92B9069B0C60E0604CB1D1C
Authority key identifier: 27:8F:62:F3:A5:F8:47:22:85:2F:C7:0F:05:2C:F1:3D:EA:23:74:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J49i86X4RyKFL8cPBSzxPeojdNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/e4912b-5484-4ac0-8768-535bf9b1e8b7/1/B0B4Y6WmKTSsGtgiy_GaSYzTEw4.roa
Signing time:             Thu 02 Jan 2025 11:50:07 +0000
ROA not before:           Thu 02 Jan 2025 11:50:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205741
IP address blocks:        94.136.176.0/22 maxlen: 24
                          94.136.176.0/23 maxlen: 23
                          94.136.176.0/24 maxlen: 24
                          94.136.177.0/24 maxlen: 24
                          94.136.178.0/24 maxlen: 24
                          94.136.179.0/24 maxlen: 24
                          185.141.64.0/22 maxlen: 22
                          185.141.64.0/24 maxlen: 24
                          185.141.65.0/24 maxlen: 24
                          185.141.66.0/24 maxlen: 24
                          185.141.67.0/24 maxlen: 24
                          185.207.208.0/22 maxlen: 22
                          185.207.208.0/24 maxlen: 24
                          185.207.209.0/24 maxlen: 24
                          185.207.210.0/24 maxlen: 24
                          185.207.211.0/24 maxlen: 24
                          185.235.56.0/24 maxlen: 24
                          185.235.57.0/24 maxlen: 24
                          185.235.58.0/24 maxlen: 24
                          185.235.59.0/24 maxlen: 24
                          2a0b:2c40::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:fc:7c:f9:2b:90:69:b0:c6:0e:06:04:cb:1d:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278f62f3a5f84722852fc70f052cf13dea2374d0
        Validity
            Not Before: Jan  2 11:50:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07407863a5a62934ac1ad822cbf19a498cd3130e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a2:08:23:40:4e:6b:49:89:ed:6f:5c:5d:4d:
                    7c:6b:bd:7a:ab:48:f1:c2:ce:7f:dc:2d:82:82:45:
                    c7:3c:02:a7:7b:bb:44:33:bf:30:32:de:26:87:dd:
                    00:9e:81:7a:51:3b:5f:b7:0a:f1:5e:21:c3:96:3a:
                    27:74:95:ef:87:64:25:d5:5d:fc:96:86:25:77:7f:
                    e4:b5:27:4e:fa:00:9e:5a:fe:8a:4f:c1:c2:a7:cd:
                    d3:2e:d7:ba:33:b9:2e:a8:8d:ec:0b:58:e8:63:7d:
                    0d:4e:bd:1c:38:3a:3f:65:f7:12:69:ff:f2:c8:69:
                    53:31:87:00:be:36:9f:8f:a0:83:38:a0:dc:d2:9d:
                    fe:4f:82:73:29:e5:f6:16:71:80:f8:68:62:5f:d9:
                    b7:f9:14:bb:47:cf:73:2f:2f:21:34:76:8d:08:a8:
                    3d:c3:56:ea:92:30:34:8d:1c:8f:c0:98:5e:e6:db:
                    8d:d6:13:7b:89:60:eb:d5:e0:56:a3:47:44:48:65:
                    f7:fc:06:1b:a8:a7:a0:7f:c2:00:54:1e:65:58:30:
                    9b:92:c7:36:fb:ef:20:f1:0a:a9:bf:38:49:14:92:
                    d0:74:a0:bc:b0:d4:6a:75:65:8e:2a:25:b2:d2:70:
                    31:66:10:fd:9a:89:ab:3e:e1:72:d1:02:f4:74:f3:
                    3a:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:40:78:63:A5:A6:29:34:AC:1A:D8:22:CB:F1:9A:49:8C:D3:13:0E
            X509v3 Authority Key Identifier:
                keyid:27:8F:62:F3:A5:F8:47:22:85:2F:C7:0F:05:2C:F1:3D:EA:23:74:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J49i86X4RyKFL8cPBSzxPeojdNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/e4912b-5484-4ac0-8768-535bf9b1e8b7/1/B0B4Y6WmKTSsGtgiy_GaSYzTEw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/e4912b-5484-4ac0-8768-535bf9b1e8b7/1/J49i86X4RyKFL8cPBSzxPeojdNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.136.176.0/22
                  185.141.64.0/22
                  185.207.208.0/22
                  185.235.56.0/22
                IPv6:
                  2a0b:2c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:f6:4b:90:a7:dd:24:eb:11:04:6f:70:56:07:a6:44:b1:1d:
         fe:3e:1d:42:07:b9:e9:57:6c:75:ff:86:c8:c0:38:76:2b:37:
         9c:84:72:6e:29:3f:f4:97:64:5a:6b:74:34:06:6a:cc:0a:80:
         20:d7:20:bb:18:37:d9:28:46:af:9f:2e:16:22:12:be:f7:f5:
         d8:07:b9:a2:cf:e4:a6:41:ff:bd:2f:82:ba:c1:3b:96:aa:c7:
         af:32:41:f6:65:81:f6:aa:81:1b:89:8c:fe:a1:06:87:76:4c:
         d8:6e:b9:55:7e:8b:a9:de:af:58:59:ff:e8:cd:42:10:b5:2b:
         12:09:f5:c7:42:c4:44:7f:6c:24:96:60:c6:4a:0b:51:83:ab:
         04:fa:0f:15:ab:fc:ab:92:26:56:61:4e:00:bb:93:8e:0e:cf:
         85:e5:1b:d9:52:9c:d7:7b:f6:29:f1:9e:78:d1:93:96:ad:2c:
         30:e5:ef:69:71:a8:af:a2:f5:a5:07:a4:e7:69:e1:b7:48:ab:
         b4:e5:32:3b:a9:76:43:43:73:b7:bd:ab:5a:61:32:7d:c6:ff:
         18:4d:a8:f8:af:b6:b7:5c:61:82:00:5b:db:14:9c:bc:5a:a9:
         7a:7f:83:b7:9e:3a:7b:d2:19:15:39:da:cb:29:38:43:10:b9:
         90:c5:9d:94
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZQm2fx8+SuQabDGDgYEyx0cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OGY2MmYzYTVmODQ3MjI4NTJmYzcwZjA1MmNmMTNkZWEy
Mzc0ZDAwHhcNMjUwMTAyMTE1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzQwNzg2M2E1YTYyOTM0YWMxYWQ4MjJjYmYxOWE0OThjZDMxMzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6III0BOa0mJ7W9cXU18a716q0jx
ws5/3C2CgkXHPAKne7tEM78wMt4mh90AnoF6UTtftwrxXiHDljondJXvh2Ql1V38
loYld3/ktSdO+gCeWv6KT8HCp83TLte6M7kuqI3sC1joY30NTr0cODo/ZfcSaf/y
yGlTMYcAvjafj6CDOKDc0p3+T4JzKeX2FnGA+GhiX9m3+RS7R89zLy8hNHaNCKg9
w1bqkjA0jRyPwJhe5tuN1hN7iWDr1eBWo0dESGX3/AYbqKegf8IAVB5lWDCbksc2
++8g8QqpvzhJFJLQdKC8sNRqdWWOKiWy0nAxZhD9momrPuFy0QL0dPM6owIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFAdAeGOlpik0rBrYIsvxmkmM0xMOMB8GA1UdIwQY
MBaAFCePYvOl+EcihS/HDwUs8T3qI3TQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjQ5aTg2WDRSeUtGTDhjUEJTenhQZW9qZE5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9lNDkxMmItNTQ4NC00YWMwLTg3Njgt
NTM1YmY5YjFlOGI3LzEvQjBCNFk2V21LVFNzR3RnaXlfR2FTWXpURXc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9lNDkxMmItNTQ4NC00YWMwLTg3NjgtNTM1YmY5YjFlOGI3
LzEvSjQ5aTg2WDRSeUtGTDhjUEJTenhQZW9qZE5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCXoiwAwQC
uY1AAwQCuc/QAwQCues4MA0EAgACMAcDBQMqCyxAMA0GCSqGSIb3DQEBCwUAA4IB
AQAg9kuQp90k6xEEb3BWB6ZEsR3+Ph1CB7npV2x1/4bIwDh2KzechHJuKT/0l2Ra
a3Q0BmrMCoAg1yC7GDfZKEavny4WIhK+9/XYB7miz+SmQf+9L4K6wTuWqsevMkH2
ZYH2qoEbiYz+oQaHdkzYbrlVfoup3q9YWf/ozUIQtSsSCfXHQsREf2wklmDGSgtR
g6sE+g8Vq/yrkiZWYU4Au5OODs+F5RvZUpzXe/Yp8Z540ZOWrSww5e9pcaivovWl
B6TnaeG3SKu05TI7qXZDQ3O3vataYTJ9xv8YTaj4r7a3XGGCAFvbFJy8Wql6f4O3
njp70hkVOdrLKThDELmQxZ2U
-----END CERTIFICATE-----