Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/kBLhq9Dxp7s8N_q9WFIfxijzvlk.roa
File:                     kBLhq9Dxp7s8N_q9WFIfxijzvlk.roa (raw, json)
Hash identifier:          nfSw00TcGWj2ANOBaGLxXRRg2HPdNnkEvG3chiJNw94=
Subject key identifier:   90:12:E1:AB:D0:F1:A7:BB:3C:37:FA:BD:58:52:1F:C6:28:F3:BE:59
Certificate issuer:       /CN=e754c347d68d15493de71bb962f0a567e134d603
Certificate serial:       01952AA2BB8973F4F5FCAB3C9A8BDAD6B32F
Authority key identifier: E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/kBLhq9Dxp7s8N_q9WFIfxijzvlk.roa
Signing time:             Fri 21 Feb 2025 22:31:02 +0000
ROA not before:           Fri 21 Feb 2025 22:31:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50077
IP address blocks:        43.239.88.0/22 maxlen: 24
                          91.210.64.0/22 maxlen: 24
                          103.206.232.0/22 maxlen: 24
                          107.181.156.0/22 maxlen: 24
                          155.254.40.0/22 maxlen: 24
                          155.254.44.0/22 maxlen: 24
                          155.254.50.0/23 maxlen: 24
                          155.254.52.0/22 maxlen: 24
                          155.254.56.0/22 maxlen: 24
                          185.135.212.0/22 maxlen: 24
                          198.105.96.0/22 maxlen: 24
                          198.105.104.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:2a:a2:bb:89:73:f4:f5:fc:ab:3c:9a:8b:da:d6:b3:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e754c347d68d15493de71bb962f0a567e134d603
        Validity
            Not Before: Feb 21 22:31:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9012e1abd0f1a7bb3c37fabd58521fc628f3be59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:12:69:94:0c:14:44:e6:d0:3b:20:d5:20:66:
                    b5:b3:47:c8:28:0f:27:71:61:b3:96:94:7c:69:c5:
                    29:d6:c7:68:8c:ef:0e:9a:99:e3:fb:60:37:72:59:
                    4b:4e:4c:98:c5:20:b5:25:36:43:41:86:19:60:d2:
                    4d:a9:e0:08:33:2a:03:ea:9a:91:2e:d0:40:d2:f1:
                    f0:70:bf:67:67:9a:74:d5:33:06:77:26:46:73:1c:
                    b0:9d:18:3d:ae:d6:0d:b7:55:ae:73:c4:ec:f8:b2:
                    24:37:3c:15:6b:24:02:f6:05:74:c7:ec:f2:79:05:
                    b5:66:3a:5c:f9:ee:da:75:98:23:e7:5a:2c:4b:2e:
                    15:25:cf:a9:56:c5:78:53:76:8f:ed:d1:b2:20:a6:
                    a2:6c:cb:c2:b8:19:19:62:a7:0c:46:44:27:bf:d7:
                    39:e1:ae:81:f8:54:97:ec:47:35:a2:2c:4a:d4:01:
                    91:6e:b4:6c:52:ae:db:3d:43:42:df:b7:a2:92:2f:
                    da:64:4a:26:7f:5e:59:46:03:4c:eb:e4:d5:73:3c:
                    97:82:75:e3:cc:77:ec:8f:cf:1b:67:33:62:eb:bd:
                    f1:21:03:cd:87:35:7d:f0:eb:f7:c2:cf:23:0d:96:
                    ac:dd:03:be:2e:e5:3b:52:e5:2d:03:c4:ae:1e:d9:
                    d3:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:12:E1:AB:D0:F1:A7:BB:3C:37:FA:BD:58:52:1F:C6:28:F3:BE:59
            X509v3 Authority Key Identifier:
                keyid:E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/kBLhq9Dxp7s8N_q9WFIfxijzvlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.88.0/22
                  91.210.64.0/22
                  103.206.232.0/22
                  107.181.156.0/22
                  155.254.40.0/21
                  155.254.50.0-155.254.59.255
                  185.135.212.0/22
                  198.105.96.0/22
                  198.105.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:89:e0:de:6a:f3:64:aa:d9:d6:6e:24:9a:52:b7:82:44:f5:
         94:fb:b5:d7:55:26:2d:67:2c:53:1a:46:63:b5:38:36:8b:d0:
         72:7d:ed:e8:a1:ab:a1:37:be:f1:07:a5:71:1c:f4:b5:88:2f:
         68:b7:66:52:d5:1c:37:a6:d5:ca:07:72:3a:6b:fa:7b:1c:b2:
         fa:67:af:70:46:f4:32:c6:da:f5:6d:36:dc:02:1b:65:bb:29:
         b2:1d:32:7c:e6:5f:86:a5:84:6c:b0:4c:a5:39:be:89:9e:e6:
         8b:07:3d:ad:44:8d:da:09:a1:99:47:ed:fd:51:7f:6b:f1:6c:
         2f:b1:27:c9:34:74:9e:7d:78:7e:c3:e3:e0:c9:50:8e:cc:13:
         30:83:04:b7:b9:5c:ee:9b:4a:c3:03:f8:29:b4:06:c2:26:aa:
         79:bd:b4:74:92:d9:df:c1:33:ee:66:a8:93:ad:7b:e9:21:47:
         d8:48:56:66:f6:d1:9d:3f:85:3d:cc:fc:ed:69:e6:a4:0e:8d:
         b3:d4:c6:44:1b:4f:e4:43:7c:6d:b5:47:01:ff:26:3c:f2:f8:
         ee:10:e2:9f:e8:12:44:bf:f4:5c:10:02:a9:56:5c:53:2a:5b:
         37:71:3d:58:ed:56:e6:cf:70:30:65:cb:14:36:47:e5:94:ea:
         0a:63:13:25
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZUqoruJc/T1/Ks8mova1rMvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTRjMzQ3ZDY4ZDE1NDkzZGU3MWJiOTYyZjBhNTY3ZTEz
NGQ2MDMwHhcNMjUwMjIxMjIzMTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDEyZTFhYmQwZjFhN2JiM2MzN2ZhYmQ1ODUyMWZjNjI4ZjNiZTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxJplAwURObQOyDVIGa1s0fIKA8n
cWGzlpR8acUp1sdojO8Ompnj+2A3cllLTkyYxSC1JTZDQYYZYNJNqeAIMyoD6pqR
LtBA0vHwcL9nZ5p01TMGdyZGcxywnRg9rtYNt1Wuc8Ts+LIkNzwVayQC9gV0x+zy
eQW1Zjpc+e7adZgj51osSy4VJc+pVsV4U3aP7dGyIKaibMvCuBkZYqcMRkQnv9c5
4a6B+FSX7Ec1oixK1AGRbrRsUq7bPUNC37eiki/aZEomf15ZRgNM6+TVczyXgnXj
zHfsj88bZzNi673xIQPNhzV98Ov3ws8jDZas3QO+LuU7UuUtA8SuHtnTxQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFJAS4avQ8ae7PDf6vVhSH8Yo875ZMB8GA1UdIwQY
MBaAFOdUw0fWjRVJPecbuWLwpWfhNNYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2It
MzdiNjJkMjIzOTI0LzEva0JMaHE5RHhwN3M4Tl9xOVdGSWZ4aWp6dmxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2ItMzdiNjJkMjIzOTI0
LzEvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQCK+9YAwQC
W9JAAwQCZ87oAwQCa7WcAwQDm/4oMAwDBAGb/jIDBAKb/jgDBAK5h9QDBALGaWAD
BALGaWgwDQYJKoZIhvcNAQELBQADggEBAKqJ4N5q82Sq2dZuJJpSt4JE9ZT7tddV
Ji1nLFMaRmO1ODaL0HJ97eihq6E3vvEHpXEc9LWIL2i3ZlLVHDem1coHcjpr+nsc
svpnr3BG9DLG2vVtNtwCG2W7KbIdMnzmX4alhGywTKU5vome5osHPa1EjdoJoZlH
7f1Rf2vxbC+xJ8k0dJ59eH7D4+DJUI7MEzCDBLe5XO6bSsMD+Cm0BsImqnm9tHSS
2d/BM+5mqJOte+khR9hIVmb20Z0/hT3M/O1p5qQOjbPUxkQbT+RDfG21RwH/Jjzy
+O4Q4p/oEkS/9FwQAqlWXFMqWzdxPVjtVubPcDBlyxQ2R+WU6gpjEyU=
-----END CERTIFICATE-----