Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/jyqiA1b0mhyqxcozh4dc0fl-ZFM.roa
File:                     jyqiA1b0mhyqxcozh4dc0fl-ZFM.roa (raw, json)
Hash identifier:          uET6u3FuO/KQIeIJcAJCbLrVsxI3dQiRJkCCVjuH5e0=
Subject key identifier:   8F:2A:A2:03:56:F4:9A:1C:AA:C5:CA:33:87:87:5C:D1:F9:7E:64:53
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019449DB58091E8A1116670F9BAE3DE3CF7F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/jyqiA1b0mhyqxcozh4dc0fl-ZFM.roa
Signing time:             Thu 09 Jan 2025 06:58:19 +0000
ROA not before:           Thu 09 Jan 2025 06:58:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41745
IP address blocks:        45.12.254.0/24 maxlen: 24
                          45.14.165.0/24 maxlen: 24
                          45.81.243.0/24 maxlen: 24
                          45.88.67.0/24 maxlen: 24
                          84.21.172.0/24 maxlen: 24
                          85.31.45.0/24 maxlen: 24
                          85.209.132.0/24 maxlen: 24
                          85.209.134.0/24 maxlen: 24
                          93.123.30.0/24 maxlen: 24
                          94.125.100.0/24 maxlen: 24
                          94.125.101.0/24 maxlen: 24
                          109.206.241.0/24 maxlen: 24
                          212.87.220.0/24 maxlen: 24
                          212.87.223.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:49:db:58:09:1e:8a:11:16:67:0f:9b:ae:3d:e3:cf:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  9 06:58:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f2aa20356f49a1caac5ca3387875cd1f97e6453
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f0:74:88:05:f5:50:f0:7d:f5:2f:f8:20:66:
                    ba:67:53:a7:3a:f6:27:0e:73:34:87:d7:2f:ad:5a:
                    f4:4e:30:64:db:70:31:23:d7:c8:55:36:38:e7:c8:
                    5e:af:25:2a:41:30:99:84:04:33:96:54:8b:e0:9e:
                    87:ed:d4:1f:87:5e:a3:78:68:7b:09:fa:f0:7d:2d:
                    45:c8:a3:94:f4:3f:c2:18:dc:f8:99:66:ee:1a:13:
                    4d:da:75:ca:d2:b0:6b:6b:ab:db:e1:f1:20:f3:3c:
                    01:85:2e:48:93:0b:23:8e:7f:60:2a:94:26:2e:74:
                    ba:45:bd:7b:b8:77:b9:1b:7d:7d:47:eb:6d:ef:3d:
                    ca:fc:24:62:26:48:e1:3e:08:a7:07:cd:4a:61:97:
                    af:77:c9:bb:36:09:d3:b6:9a:99:15:d5:87:97:4e:
                    02:24:c9:c0:95:8e:67:41:07:51:c7:6f:8a:a7:a2:
                    52:93:f0:4b:cc:15:a1:d1:9d:1d:31:7e:f9:62:f7:
                    5d:c2:a8:47:fb:65:1f:a4:c0:2c:39:91:8f:50:5f:
                    0d:14:06:67:b0:44:6e:7e:d2:02:5b:3c:87:96:fc:
                    4c:63:a0:36:21:18:02:aa:d5:7f:3e:2b:b7:af:03:
                    47:7e:c0:69:ef:05:38:a6:82:ae:68:2a:d6:a5:7e:
                    5c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:2A:A2:03:56:F4:9A:1C:AA:C5:CA:33:87:87:5C:D1:F9:7E:64:53
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/jyqiA1b0mhyqxcozh4dc0fl-ZFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.254.0/24
                  45.14.165.0/24
                  45.81.243.0/24
                  45.88.67.0/24
                  84.21.172.0/24
                  85.31.45.0/24
                  85.209.132.0/24
                  85.209.134.0/24
                  93.123.30.0/24
                  94.125.100.0/23
                  109.206.241.0/24
                  212.87.220.0/24
                  212.87.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:2b:72:82:95:49:ae:de:d5:48:cf:ce:57:aa:40:4b:7d:fe:
         a9:4d:e5:e0:2b:6d:05:f1:ed:fa:59:ac:55:37:95:d1:06:76:
         f4:d9:89:c1:4d:97:a4:fb:78:c9:91:a1:f6:9c:0a:01:48:88:
         ae:7f:f2:bf:22:f9:e3:ab:b1:eb:b8:bf:12:4a:c4:c0:e3:7c:
         bc:c8:63:b1:85:32:2c:03:2f:c9:2b:40:20:79:a3:48:de:c4:
         3d:71:b6:3d:19:1f:3b:2c:01:0f:cd:4a:a8:0f:58:97:f3:35:
         0a:32:53:2a:11:fa:28:cb:04:d0:0f:26:c8:cf:51:06:60:d1:
         04:dd:67:66:bb:33:50:84:df:46:c2:b4:e6:d3:94:61:a6:2c:
         42:e4:f9:e9:22:86:87:92:58:77:89:9b:ab:fe:3f:5d:15:5d:
         fa:7d:e0:2f:d5:cf:a4:85:1c:e3:2d:5f:18:3d:2b:ab:54:43:
         f3:7c:bc:cf:24:ca:2a:53:4c:7c:5b:c1:c1:91:92:5e:18:1d:
         cd:79:a2:c4:6b:64:97:e0:af:bf:f7:6e:b1:08:02:18:af:a2:
         c4:d0:1f:00:53:3d:e7:e7:76:ff:45:d2:31:a0:03:51:67:ad:
         51:c7:11:cc:dd:ee:5e:1f:b8:aa:e0:c5:79:6b:6d:94:62:14:
         c4:10:91:fb
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZRJ21gJHooRFmcPm649489/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTA5MDY1ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjJhYTIwMzU2ZjQ5YTFjYWFjNWNhMzM4Nzg3NWNkMWY5N2U2NDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvB0iAX1UPB99S/4IGa6Z1OnOvYn
DnM0h9cvrVr0TjBk23AxI9fIVTY458heryUqQTCZhAQzllSL4J6H7dQfh16jeGh7
CfrwfS1FyKOU9D/CGNz4mWbuGhNN2nXK0rBra6vb4fEg8zwBhS5Ikwsjjn9gKpQm
LnS6Rb17uHe5G319R+tt7z3K/CRiJkjhPginB81KYZevd8m7NgnTtpqZFdWHl04C
JMnAlY5nQQdRx2+Kp6JSk/BLzBWh0Z0dMX75YvddwqhH+2UfpMAsOZGPUF8NFAZn
sERuftICWzyHlvxMY6A2IRgCqtV/Piu3rwNHfsBp7wU4poKuaCrWpX5cbwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFI8qogNW9JocqsXKM4eHXNH5fmRTMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvanlxaUExYjBtaHlxeGNvemg0ZGMwZmwtWkZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQALQz+AwQA
LQ6lAwQALVHzAwQALVhDAwQAVBWsAwQAVR8tAwQAVdGEAwQAVdGGAwQAXXseAwQB
Xn1kAwQAbc7xAwQA1FfcAwQA1FffMA0GCSqGSIb3DQEBCwUAA4IBAQAjK3KClUmu
3tVIz85XqkBLff6pTeXgK20F8e36WaxVN5XRBnb02YnBTZek+3jJkaH2nAoBSIiu
f/K/Ivnjq7HruL8SSsTA43y8yGOxhTIsAy/JK0AgeaNI3sQ9cbY9GR87LAEPzUqo
D1iX8zUKMlMqEfooywTQDybIz1EGYNEE3WdmuzNQhN9GwrTm05RhpixC5PnpIoaH
klh3iZur/j9dFV36feAv1c+khRzjLV8YPSurVEPzfLzPJMoqU0x8W8HBkZJeGB3N
eaLEa2SX4K+/926xCAIYr6LE0B8AUz3n53b/RdIxoANRZ61RxxHM3e5eH7iq4MV5
a22UYhTEEJH7
-----END CERTIFICATE-----