Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/QYbNWHxrT0uxT4ZYvzCvXBtf-nQ.roa
File:                     QYbNWHxrT0uxT4ZYvzCvXBtf-nQ.roa (raw, json)
Hash identifier:          l2V1BuFIGyEitk3w+UalEIDhPlBOrJXR38Ei58YIfmY=
Subject key identifier:   41:86:CD:58:7C:6B:4F:4B:B1:4F:86:58:BF:30:AF:5C:1B:5F:FA:74
Certificate issuer:       /CN=624ad4535ac88dd534199f2a726095af71afe44e
Certificate serial:       0687A998
Authority key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/QYbNWHxrT0uxT4ZYvzCvXBtf-nQ.roa
Signing time:             Wed 26 Jan 2022 10:51:44 +0000
ROA not before:           Wed 26 Jan 2022 10:51:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     197706
IP address blocks:        185.233.124.0/24 maxlen: 24
                          185.233.125.0/24 maxlen: 24
                          185.233.126.0/24 maxlen: 24
                          185.53.100.0/22 maxlen: 24
                          31.171.152.0/21 maxlen: 21
                          31.171.152.0/22 maxlen: 22
                          31.171.159.0/24 maxlen: 24
                          31.171.158.0/24 maxlen: 24
                          31.171.157.0/24 maxlen: 24
                          45.66.252.0/22 maxlen: 22
                          194.113.80.0/23 maxlen: 23
                          194.113.94.0/24 maxlen: 24
                          194.113.95.0/24 maxlen: 24
                          45.142.24.0/22 maxlen: 22
                          2a0d:4a40::/29 maxlen: 29
                          2a04:27c0::/29 maxlen: 29
                          2a0e:d4c0::/29 maxlen: 29
                          2a0d:42c0::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 109554072 (0x687a998)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=624ad4535ac88dd534199f2a726095af71afe44e
        Validity
            Not Before: Jan 26 10:51:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4186cd587c6b4f4bb14f8658bf30af5c1b5ffa74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:b0:fc:5e:aa:15:ce:45:59:cd:d0:94:50:2f:
                    76:71:91:3c:31:79:b3:9c:67:d0:1c:91:02:1b:b5:
                    01:dd:55:8b:30:c4:18:b0:ca:cb:85:88:11:17:06:
                    7b:32:b6:5e:69:ef:b2:70:6d:99:4f:c8:2b:09:50:
                    2d:74:02:47:c5:23:5d:e9:ef:5f:a4:f9:71:7b:34:
                    90:d4:69:7e:6d:6e:8f:8b:1d:2d:bc:87:77:ca:3c:
                    c0:67:a3:da:77:10:1a:84:24:b9:94:f0:46:c8:7b:
                    5d:cb:f5:3a:bf:5e:81:28:7c:43:2d:34:39:54:a7:
                    a6:19:cc:4d:60:55:60:a3:5a:eb:b1:c2:aa:8b:6c:
                    2e:3e:dd:b8:2f:31:b3:78:cc:1a:9a:86:bd:91:a8:
                    9f:7a:8f:2c:24:58:9e:11:70:54:e9:df:af:2b:e0:
                    5f:f2:f8:15:24:52:62:c3:f4:d8:c0:89:38:2e:f6:
                    3c:82:5b:b5:22:bc:64:bf:35:65:cf:fb:b0:77:8b:
                    0a:19:0b:1f:1e:3e:7c:40:35:f9:39:78:88:db:af:
                    32:18:2f:94:a8:54:c6:e7:8b:11:56:b6:ff:20:ce:
                    73:b8:3c:15:e8:c9:57:27:b0:9e:4a:4c:89:4f:c9:
                    10:07:f1:9f:e9:58:5a:17:53:df:a5:2e:63:07:76:
                    61:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:86:CD:58:7C:6B:4F:4B:B1:4F:86:58:BF:30:AF:5C:1B:5F:FA:74
            X509v3 Authority Key Identifier:
                keyid:62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/QYbNWHxrT0uxT4ZYvzCvXBtf-nQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.171.152.0/21
                  45.66.252.0/22
                  45.142.24.0/22
                  185.53.100.0/22
                  185.233.124.0-185.233.126.255
                  194.113.80.0/23
                  194.113.94.0/23
                IPv6:
                  2a04:27c0::/29
                  2a0d:42c0::/29
                  2a0d:4a40::/29
                  2a0e:d4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1b:c8:fe:93:d2:15:20:5d:82:f9:da:ee:43:92:59:77:86:e5:
         ca:11:90:88:4a:17:61:65:16:1c:e6:69:57:7c:0f:1e:b2:9f:
         b9:9e:59:25:15:3c:1d:33:eb:b9:05:9f:ee:08:02:86:f6:34:
         b2:88:f2:82:05:72:43:24:09:16:fb:dd:ba:e2:f4:a8:5b:a6:
         35:c5:a7:12:e1:91:54:91:5c:2a:2c:b1:7b:42:6a:17:e6:07:
         83:fe:54:9a:7e:b7:b9:7c:73:11:0a:14:5e:05:ee:02:46:f8:
         e4:f5:6d:c7:cd:5b:54:1b:7b:3e:c2:86:d6:9e:51:d9:67:a9:
         77:25:16:d6:83:4d:54:da:95:fd:d6:45:96:24:c1:2b:85:1a:
         62:82:ee:4e:b8:af:71:9f:4a:1a:de:04:c2:39:a0:7d:61:b6:
         84:f2:8e:12:69:78:23:35:f2:e5:b5:1c:c7:23:b2:d1:67:08:
         ea:4b:c6:b7:01:84:9e:3f:ca:c5:5f:e3:96:49:73:7b:ff:6d:
         a1:74:f8:16:d9:5f:49:9a:7e:f2:95:6c:52:d1:3b:e4:be:3a:
         b3:a0:58:33:ed:a8:8f:11:ea:56:f0:d9:82:b9:89:fc:46:a4:
         13:c9:5c:26:0b:24:2e:ea:c4:c1:0d:5f:94:5a:6a:9a:05:ae:
         0c:d6:63:d0
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgIEBoepmDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
MjRhZDQ1MzVhYzg4ZGQ1MzQxOTlmMmE3MjYwOTVhZjcxYWZlNDRlMB4XDTIyMDEy
NjEwNTE0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDE4NmNkNTg3YzZi
NGY0YmIxNGY4NjU4YmYzMGFmNWMxYjVmZmE3NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANWw/F6qFc5FWc3QlFAvdnGRPDF5s5xn0ByRAhu1Ad1VizDE
GLDKy4WIERcGezK2XmnvsnBtmU/IKwlQLXQCR8UjXenvX6T5cXs0kNRpfm1uj4sd
LbyHd8o8wGej2ncQGoQkuZTwRsh7Xcv1Or9egSh8Qy00OVSnphnMTWBVYKNa67HC
qotsLj7duC8xs3jMGpqGvZGon3qPLCRYnhFwVOnfryvgX/L4FSRSYsP02MCJOC72
PIJbtSK8ZL81Zc/7sHeLChkLHx4+fEA1+Tl4iNuvMhgvlKhUxueLEVa2/yDOc7g8
FejJVyewnkpMiU/JEAfxn+lYWhdT36UuYwd2Ya0CAwEAAaOCAlkwggJVMB0GA1Ud
DgQWBBRBhs1YfGtPS7FPhli/MK9cG1/6dDAfBgNVHSMEGDAWgBRiStRTWsiN1TQZ
nypyYJWvca/kTjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1lrclVVMXJJamRVMEdaOHFjbUNWcjNHdjVFNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDAvYWExMDE5LTU2NGYtNGM0Ni1hMjE3LWZiNTk0OTgwOGRkYy8x
L1FZYk5XSHhyVDB1eFQ0Wll2ekN2WEJ0Zi1uUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDAv
YWExMDE5LTU2NGYtNGM0Ni1hMjE3LWZiNTk0OTgwOGRkYy8xL1lrclVVMXJJamRV
MEdaOHFjbUNWcjNHdjVFNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBv
BggrBgEFBQcBBwEB/wRgMF4wOAQCAAEwMgMEAx+rmAMEAi1C/AMEAi2OGAMEArk1
ZDAMAwQCuel8AwQAuel+AwQBwnFQAwQBwnFeMCIEAgACMBwDBQMqBCfAAwUDKg1C
wAMFAyoNSkADBQMqDtTAMA0GCSqGSIb3DQEBCwUAA4IBAQAbyP6T0hUgXYL52u5D
kll3huXKEZCIShdhZRYc5mlXfA8esp+5nlklFTwdM+u5BZ/uCAKG9jSyiPKCBXJD
JAkW+9264vSoW6Y1xacS4ZFUkVwqLLF7QmoX5geD/lSafre5fHMRChReBe4CRvjk
9W3HzVtUG3s+wobWnlHZZ6l3JRbWg01U2pX91kWWJMErhRpigu5OuK9xn0oa3gTC
OaB9YbaE8o4SaXgjNfLltRzHI7LRZwjqS8a3AYSeP8rFX+OWSXN7/22hdPgW2V9J
mn7ylWxS0TvkvjqzoFgz7aiPEepW8NmCuYn8RqQTyVwmCyQu6sTBDV+UWmqaBa4M
1mPQ
-----END CERTIFICATE-----