Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/in6uIxNnZM7I0z3O85uNI25LRTk.roa
File:                     in6uIxNnZM7I0z3O85uNI25LRTk.roa (raw, json)
Hash identifier:          ifPsTsYgaPKJf3bNTPvp+vt6tD0Bbh24SwNc7Ybn9xQ=
Subject key identifier:   8A:7E:AE:23:13:67:64:CE:C8:D3:3D:CE:F3:9B:8D:23:6E:4B:45:39
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       0194244486F8A31915EB3D6B4044097B8360
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/in6uIxNnZM7I0z3O85uNI25LRTk.roa
Signing time:             Wed 01 Jan 2025 23:47:38 +0000
ROA not before:           Wed 01 Jan 2025 23:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        45.136.184.0/22 maxlen: 24
                          62.106.75.0/24 maxlen: 24
                          62.133.34.0/24 maxlen: 24
                          77.75.225.0/24 maxlen: 24
                          79.110.231.0/24 maxlen: 24
                          91.213.17.0/24 maxlen: 24
                          146.19.112.0/24 maxlen: 24
                          178.212.76.0/24 maxlen: 24
                          185.255.54.0/24 maxlen: 24
                          193.3.174.0/24 maxlen: 24
                          212.23.197.0/24 maxlen: 24
                          213.232.238.0/24 maxlen: 24
                          2a0b:4080::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:86:f8:a3:19:15:eb:3d:6b:40:44:09:7b:83:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  1 23:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a7eae23136764cec8d33dcef39b8d236e4b4539
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:93:4e:ea:87:96:ba:42:c9:aa:18:bc:34:36:
                    09:3d:ec:47:2c:2c:80:d3:86:82:f5:b6:6f:08:7f:
                    b4:8c:15:9a:6c:38:63:34:2c:4e:b0:1a:89:be:0d:
                    02:66:07:d0:d2:02:d4:0f:1c:45:3a:8f:55:46:58:
                    3c:f3:06:53:c6:e1:43:4f:11:4d:33:4e:db:e0:c0:
                    4e:ee:1e:35:cd:07:46:c2:cc:4d:62:58:81:12:4f:
                    63:73:4e:f8:05:61:9c:d9:f5:aa:b5:ee:19:87:38:
                    3e:52:e7:41:ef:a8:15:d6:c7:d7:e3:23:64:cc:dd:
                    23:96:24:44:98:4e:01:72:7f:a9:69:45:83:7a:2f:
                    84:20:9f:89:92:19:6c:af:c7:7c:0c:d6:1e:7a:a6:
                    f4:b5:8d:e0:9c:7e:3c:cb:1a:4c:f6:2e:7c:6b:4b:
                    67:12:fa:3b:e1:04:8b:49:d0:68:d6:86:31:64:dc:
                    94:65:2e:0c:ac:9c:a9:86:b5:41:e9:8f:9c:a2:9d:
                    01:01:db:bc:f0:d1:65:ad:57:3c:72:77:81:f1:82:
                    c7:f4:65:bf:cf:cb:3d:7f:e9:e2:1f:0e:f6:98:64:
                    d9:f8:6e:0e:6f:f8:4b:cb:5e:0d:d4:1d:92:7f:8b:
                    04:96:8c:00:36:96:31:6c:e0:10:c7:86:b4:69:4d:
                    70:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:7E:AE:23:13:67:64:CE:C8:D3:3D:CE:F3:9B:8D:23:6E:4B:45:39
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/in6uIxNnZM7I0z3O85uNI25LRTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.184.0/22
                  62.106.75.0/24
                  62.133.34.0/24
                  77.75.225.0/24
                  79.110.231.0/24
                  91.213.17.0/24
                  146.19.112.0/24
                  178.212.76.0/24
                  185.255.54.0/24
                  193.3.174.0/24
                  212.23.197.0/24
                  213.232.238.0/24
                IPv6:
                  2a0b:4080::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:12:78:ad:26:82:be:0b:71:91:46:19:39:41:37:1d:27:71:
         95:16:45:c7:84:81:ce:5b:6c:fd:f5:b4:28:a5:f1:10:94:ed:
         53:f7:a1:32:fa:cb:53:f5:bc:91:03:a3:21:46:c0:d9:0a:79:
         c8:bf:92:dd:a0:72:04:5a:28:e5:3f:52:6b:92:4c:ac:e5:b1:
         03:24:d5:a8:20:5a:60:51:40:a7:e5:9f:72:33:a1:e5:65:8e:
         5c:0d:c7:37:4e:47:3d:2c:ec:25:b3:e9:d9:6d:bc:7a:de:ee:
         67:14:7e:37:18:d5:f6:49:d6:e3:cd:0c:d0:2b:36:02:6e:91:
         31:ed:c3:49:9e:c6:3e:bd:1c:1d:f4:fb:7a:cf:76:53:8d:08:
         13:f7:69:01:49:b9:fc:43:70:7c:cd:53:48:06:c0:6f:8b:a2:
         c9:3e:bb:fc:16:b5:f3:da:28:d9:3c:e8:f0:b6:52:f4:e2:e2:
         01:17:a5:57:73:01:5e:1b:0e:e6:31:29:d5:e8:33:7d:68:d4:
         70:4d:cf:53:af:a8:c0:01:a1:d0:06:ac:5f:59:64:72:53:89:
         c5:7d:7f:2a:2f:cd:6c:27:40:ec:bd:21:97:83:30:2c:2c:8d:
         6d:07:ee:35:16:69:31:0b:b8:cf:22:26:fe:b6:5d:b8:62:00:
         0e:be:05:0d
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAZQkRIb4oxkV6z1rQEQJe4NgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjUwMTAxMjM0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTdlYWUyMzEzNjc2NGNlYzhkMzNkY2VmMzliOGQyMzZlNGI0NTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZNO6oeWukLJqhi8NDYJPexHLCyA
04aC9bZvCH+0jBWabDhjNCxOsBqJvg0CZgfQ0gLUDxxFOo9VRlg88wZTxuFDTxFN
M07b4MBO7h41zQdGwsxNYliBEk9jc074BWGc2fWqte4Zhzg+UudB76gV1sfX4yNk
zN0jliREmE4Bcn+paUWDei+EIJ+Jkhlsr8d8DNYeeqb0tY3gnH48yxpM9i58a0tn
Evo74QSLSdBo1oYxZNyUZS4MrJyphrVB6Y+cop0BAdu88NFlrVc8cneB8YLH9GW/
z8s9f+niHw72mGTZ+G4Ob/hLy14N1B2Sf4sElowANpYxbOAQx4a0aU1wxwIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFIp+riMTZ2TOyNM9zvObjSNuS0U5MB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvaW42dUl4Tm5aTTdJMHozTzg1dU5JMjVMUlRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQCLYi4AwQA
PmpLAwQAPoUiAwQATUvhAwQAT27nAwQAW9URAwQAkhNwAwQAstRMAwQAuf82AwQA
wQOuAwQA1BfFAwQA1ejuMA0EAgACMAcDBQAqC0CAMA0GCSqGSIb3DQEBCwUAA4IB
AQAlEnitJoK+C3GRRhk5QTcdJ3GVFkXHhIHOW2z99bQopfEQlO1T96Ey+stT9byR
A6MhRsDZCnnIv5LdoHIEWijlP1Jrkkys5bEDJNWoIFpgUUCn5Z9yM6HlZY5cDcc3
Tkc9LOwls+nZbbx63u5nFH43GNX2SdbjzQzQKzYCbpEx7cNJnsY+vRwd9Pt6z3ZT
jQgT92kBSbn8Q3B8zVNIBsBvi6LJPrv8FrXz2ijZPOjwtlL04uIBF6VXcwFeGw7m
MSnV6DN9aNRwTc9Tr6jAAaHQBqxfWWRyU4nFfX8qL81sJ0DsvSGXgzAsLI1tB+41
FmkxC7jPIib+tl24YgAOvgUN
-----END CERTIFICATE-----