Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/MUEabXTH7J0BwsIog7I6OfzuzkI.roa
File:                     MUEabXTH7J0BwsIog7I6OfzuzkI.roa (raw, json)
Hash identifier:          9N5LvBOATRgD8zsq92oJDhXIXtyB1ta37GI9iUSZndY=
Subject key identifier:   31:41:1A:6D:74:C7:EC:9D:01:C2:C2:28:83:B2:3A:39:FC:EE:CE:42
Certificate issuer:       /CN=6aa8fa75c5020cd6218cf7f109de420265204bac
Certificate serial:       0194C75BC086F307DDE0DACDFE715152661E
Authority key identifier: 6A:A8:FA:75:C5:02:0C:D6:21:8C:F7:F1:09:DE:42:02:65:20:4B:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/MUEabXTH7J0BwsIog7I6OfzuzkI.roa
Signing time:             Sun 02 Feb 2025 15:51:06 +0000
ROA not before:           Sun 02 Feb 2025 15:51:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202525
IP address blocks:        46.29.36.0/24 maxlen: 24
                          2a13:d040::/48 maxlen: 48
                          2a13:d040:2::/48 maxlen: 48
                          2a13:d040:3::/48 maxlen: 48
                          2a13:d040:5::/48 maxlen: 48
                          2a13:d040:6::/48 maxlen: 48
                          2a13:d040:7::/48 maxlen: 48
                          2a13:d046:fffc::/48 maxlen: 48
                          2a13:d046:fffd::/48 maxlen: 48
                          2a13:d046:fffe::/48 maxlen: 48
                          2a13:d046:ffff::/48 maxlen: 48
                          2a13:d047::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:c7:5b:c0:86:f3:07:dd:e0:da:cd:fe:71:51:52:66:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6aa8fa75c5020cd6218cf7f109de420265204bac
        Validity
            Not Before: Feb  2 15:51:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31411a6d74c7ec9d01c2c22883b23a39fceece42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:89:92:12:4b:b4:87:f2:ae:e8:8f:7b:ee:42:
                    0c:84:8a:c2:4d:39:24:d7:db:c9:13:6e:65:1b:b9:
                    43:88:0b:03:44:15:ce:71:bb:ab:d4:3f:89:de:51:
                    c5:ef:fe:c7:a9:ac:c8:d0:85:3e:b4:bd:d7:92:90:
                    eb:46:0f:05:f6:fc:78:50:6b:ea:86:73:53:6c:12:
                    dd:b9:be:4b:aa:95:3a:4c:5e:44:9c:a1:c4:c4:75:
                    6f:3e:07:fd:78:0e:2f:c7:8d:f1:03:29:36:21:33:
                    78:e1:b7:31:90:52:83:47:29:a8:d5:9b:95:a1:4b:
                    a8:ee:c3:75:72:51:f1:98:35:03:15:ef:57:7a:a3:
                    e6:15:5d:97:fa:25:50:d3:bd:64:3b:23:74:64:da:
                    ac:b6:e5:6d:96:72:46:19:d9:05:76:c4:c8:30:67:
                    de:67:f4:55:39:6a:6e:4a:df:b5:f9:7b:e8:43:f6:
                    40:a6:38:b8:5b:ba:c9:b2:0a:4e:ab:b6:8a:65:99:
                    1d:0c:2d:b3:65:f2:99:80:09:51:a3:91:bf:9f:1d:
                    6d:97:b8:0c:f1:a4:71:5d:7a:5e:8e:d0:ca:7d:01:
                    d2:98:fe:bf:fe:21:e6:c4:cc:ed:b2:05:4a:7d:15:
                    d8:8d:61:ce:5f:8b:b7:2d:e7:d3:cf:1e:20:dc:4d:
                    3e:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:41:1A:6D:74:C7:EC:9D:01:C2:C2:28:83:B2:3A:39:FC:EE:CE:42
            X509v3 Authority Key Identifier:
                keyid:6A:A8:FA:75:C5:02:0C:D6:21:8C:F7:F1:09:DE:42:02:65:20:4B:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/MUEabXTH7J0BwsIog7I6OfzuzkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/aqj6dcUCDNYhjPfxCd5CAmUgS6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.36.0/24
                IPv6:
                  2a13:d040::/48
                  2a13:d040:2::/47
                  2a13:d040:5::-2a13:d040:7:ffff:ffff:ffff:ffff:ffff
                  2a13:d046:fffc::-2a13:d047:0:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         0f:6d:23:57:36:c1:d8:a9:8f:b9:06:18:aa:a0:62:c6:c9:b7:
         18:3b:7b:79:05:3c:6f:00:6c:12:1b:f1:e9:55:60:b1:80:b2:
         19:bf:ce:95:d3:f3:11:02:cd:09:93:ad:01:de:af:20:94:da:
         99:cd:ed:46:56:cf:4a:c5:d3:2a:2d:e0:9d:87:7b:dc:f2:e0:
         de:02:b4:ec:b5:9b:75:83:10:14:07:52:27:7e:e4:cc:bf:41:
         45:62:15:08:22:4d:bd:1a:c3:fe:29:f3:49:e4:ab:2f:0e:0e:
         73:99:40:c3:1e:d9:a8:29:9d:7f:7f:64:bb:b8:3d:aa:e3:c4:
         e0:8e:54:80:56:43:14:06:0e:86:de:b0:5b:b8:bc:ae:3a:ee:
         a4:f7:59:60:f8:ed:bf:b6:f6:78:b5:b9:d5:ef:28:35:a1:56:
         82:b1:88:6b:c5:3f:d1:5a:c8:87:bc:ef:b7:b6:63:72:bc:7f:
         12:33:a4:13:3e:2b:8c:1d:80:c2:37:65:c3:f8:40:7f:db:51:
         1b:3a:cb:42:60:d6:d2:97:dc:03:a0:eb:f4:4a:fa:bc:49:aa:
         79:aa:3e:b0:7c:f2:e3:11:8a:f9:2e:6a:48:e8:ad:14:20:fe:
         dd:f3:f1:e9:1d:cd:02:a7:87:7d:b4:4a:db:c4:41:a1:ff:17:
         18:01:b4:e0
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZTHW8CG8wfd4NrN/nFRUmYeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYThmYTc1YzUwMjBjZDYyMThjZjdmMTA5ZGU0MjAyNjUy
MDRiYWMwHhcNMjUwMjAyMTU1MTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTQxMWE2ZDc0YzdlYzlkMDFjMmMyMjg4M2IyM2EzOWZjZWVjZTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmImSEku0h/Ku6I977kIMhIrCTTkk
19vJE25lG7lDiAsDRBXOcbur1D+J3lHF7/7HqazI0IU+tL3XkpDrRg8F9vx4UGvq
hnNTbBLdub5LqpU6TF5EnKHExHVvPgf9eA4vx43xAyk2ITN44bcxkFKDRymo1ZuV
oUuo7sN1clHxmDUDFe9XeqPmFV2X+iVQ071kOyN0ZNqstuVtlnJGGdkFdsTIMGfe
Z/RVOWpuSt+1+XvoQ/ZApji4W7rJsgpOq7aKZZkdDC2zZfKZgAlRo5G/nx1tl7gM
8aRxXXpejtDKfQHSmP6//iHmxMztsgVKfRXYjWHOX4u3LefTzx4g3E0+ZQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFDFBGm10x+ydAcLCKIOyOjn87s5CMB8GA1UdIwQY
MBaAFGqo+nXFAgzWIYz38QneQgJlIEusMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXFqNmRjVUNETlloalBmeENkNUNBbVVnUzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy83MDEyZDgtYWZhMS00MTliLThiNjAt
MzVjNjNmYTc2NWEyLzEvTVVFYWJYVEg3SjBCd3NJb2c3STZPZnp1emtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy83MDEyZDgtYWZhMS00MTliLThiNjAtMzVjNjNmYTc2NWEy
LzEvYXFqNmRjVUNETlloalBmeENkNUNBbVVnUzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDAMBAIAATAGAwQALh0kMEAE
AgACMDoDBwAqE9BAAAADBwEqE9BAAAIwEgMHACoT0EAABQMHAyoT0EAAADASAwcC
KhPQRv/8AwcAKhPQRwAAMA0GCSqGSIb3DQEBCwUAA4IBAQAPbSNXNsHYqY+5Bhiq
oGLGybcYO3t5BTxvAGwSG/HpVWCxgLIZv86V0/MRAs0Jk60B3q8glNqZze1GVs9K
xdMqLeCdh3vc8uDeArTstZt1gxAUB1InfuTMv0FFYhUIIk29GsP+KfNJ5KsvDg5z
mUDDHtmoKZ1/f2S7uD2q48TgjlSAVkMUBg6G3rBbuLyuOu6k91lg+O2/tvZ4tbnV
7yg1oVaCsYhrxT/RWsiHvO+3tmNyvH8SM6QTPiuMHYDCN2XD+EB/21EbOstCYNbS
l9wDoOv0Svq8Sap5qj6wfPLjEYr5LmpI6K0UIP7d8/HpHc0Cp4d9tErbxEGh/xcY
AbTg
-----END CERTIFICATE-----