Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/cFpdWHLq3lP0RJHOPJepcBJ9Ggg.roa
File:                     cFpdWHLq3lP0RJHOPJepcBJ9Ggg.roa (raw, json)
Hash identifier:          ltQQNx+MhImdFHzsN0xBMmGcJ3gft+hIjyXYXWnxCN4=
Subject key identifier:   70:5A:5D:58:72:EA:DE:53:F4:44:91:CE:3C:97:A9:70:12:7D:1A:08
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019546223966D219CFADD31A4F7C433FDBF5
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/cFpdWHLq3lP0RJHOPJepcBJ9Ggg.roa
Signing time:             Thu 27 Feb 2025 06:40:02 +0000
ROA not before:           Thu 27 Feb 2025 06:40:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8342
IP address blocks:        147.45.38.0/24 maxlen: 24
                          147.45.39.0/24 maxlen: 24
                          147.45.61.0/24 maxlen: 24
                          147.45.62.0/24 maxlen: 24
                          147.45.63.0/24 maxlen: 24
                          147.45.88.0/21 maxlen: 21
                          147.45.120.0/22 maxlen: 22
                          147.45.127.0/24 maxlen: 24
                          147.45.205.0/24 maxlen: 24
                          193.233.60.0/24 maxlen: 24
                          193.233.62.0/24 maxlen: 24
                          193.233.124.0/22 maxlen: 24
                          193.233.170.0/24 maxlen: 24
                          193.233.236.0/24 maxlen: 24
                          193.233.239.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:46:22:39:66:d2:19:cf:ad:d3:1a:4f:7c:43:3f:db:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Feb 27 06:40:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=705a5d5872eade53f44491ce3c97a970127d1a08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:9f:45:71:35:9e:42:31:76:63:b6:1f:8a:7c:
                    30:40:a7:8b:7c:f4:25:4e:63:26:f2:ee:ab:f8:eb:
                    a8:3d:5a:6d:68:e1:c5:5f:04:14:c8:fe:9a:e3:3c:
                    35:77:13:73:c0:b3:0f:96:6b:b0:15:2c:b1:41:57:
                    2b:a7:79:3f:d8:02:86:0f:09:8c:7e:d6:c3:7e:06:
                    19:be:aa:4f:8b:54:ed:41:3d:49:75:a8:53:a1:02:
                    22:a6:82:09:ab:69:5a:b3:2b:3b:3e:0a:38:f5:da:
                    d5:d1:db:b3:0b:74:48:91:0f:e6:dd:5c:80:47:65:
                    5c:60:30:3a:94:dc:ac:20:6e:a5:7f:0a:ac:8f:97:
                    76:1b:e5:87:e6:8e:10:dc:3b:65:b5:eb:bf:6b:46:
                    02:80:8f:8e:ca:ec:a8:24:d3:91:53:82:61:b5:f1:
                    72:75:3d:4c:9a:8a:1e:4d:d6:f2:53:ed:33:3a:62:
                    78:19:89:f5:f4:76:44:e9:6a:ff:e6:19:80:ba:ca:
                    d5:e8:61:e1:57:3f:55:0e:23:c5:83:4c:86:cb:d5:
                    b1:ef:6e:7d:7c:4c:43:03:67:9c:3c:27:1f:13:5c:
                    ce:95:15:2b:7a:51:85:46:09:ef:08:85:8d:60:a7:
                    58:f9:9f:8c:34:9d:96:f7:6e:42:e0:57:55:eb:bf:
                    48:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:5A:5D:58:72:EA:DE:53:F4:44:91:CE:3C:97:A9:70:12:7D:1A:08
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/cFpdWHLq3lP0RJHOPJepcBJ9Ggg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.38.0/23
                  147.45.61.0-147.45.63.255
                  147.45.88.0/21
                  147.45.120.0/22
                  147.45.127.0/24
                  147.45.205.0/24
                  193.233.60.0/24
                  193.233.62.0/24
                  193.233.124.0/22
                  193.233.170.0/24
                  193.233.236.0/24
                  193.233.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:59:89:c7:34:93:65:40:63:6f:f8:3d:d0:14:f1:06:11:4f:
         d3:95:51:2d:06:bd:ea:77:04:e5:40:c0:26:04:df:0b:cb:ef:
         d8:ba:9c:16:d3:4f:dd:e9:77:41:2a:1f:86:52:af:17:a9:9d:
         fd:b8:e9:c5:a5:67:40:4f:43:84:ed:3f:7f:fa:d9:17:0d:9e:
         3f:e6:cd:8c:22:e2:a4:e0:91:f6:bc:90:63:a9:8d:1d:39:79:
         d2:6c:7c:aa:9c:9d:c3:f3:34:91:ab:26:db:d5:ca:0f:1d:82:
         89:e6:74:a2:60:6d:9b:eb:36:dd:2a:41:cc:38:c1:ab:8c:2b:
         da:fb:9d:81:52:2c:05:c5:35:a8:67:43:df:84:ce:95:a3:a1:
         c7:f4:50:29:41:d8:d2:5e:83:ad:24:2f:ae:22:10:a9:17:1e:
         86:ca:3d:2f:5e:9e:5f:68:fe:bd:26:81:b2:1c:e7:f1:2e:05:
         49:4d:d2:38:60:b9:b1:6c:a2:23:c3:f3:fa:7e:1d:e0:f6:8e:
         16:01:1b:73:85:58:a3:4f:b5:1b:58:41:50:06:74:de:7b:59:
         0b:44:28:df:c4:af:ae:b0:f8:43:d7:21:f8:ca:51:42:4d:4f:
         2e:02:f0:ad:7a:f6:39:35:10:de:5a:bf:d3:96:fc:8c:d8:ab:
         f2:a9:df:b3
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAZVGIjlm0hnPrdMaT3xDP9v1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMjI3MDY0MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDVhNWQ1ODcyZWFkZTUzZjQ0NDkxY2UzYzk3YTk3MDEyN2QxYTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj59FcTWeQjF2Y7YfinwwQKeLfPQl
TmMm8u6r+OuoPVptaOHFXwQUyP6a4zw1dxNzwLMPlmuwFSyxQVcrp3k/2AKGDwmM
ftbDfgYZvqpPi1TtQT1JdahToQIipoIJq2lasys7Pgo49drV0duzC3RIkQ/m3VyA
R2VcYDA6lNysIG6lfwqsj5d2G+WH5o4Q3Dtlteu/a0YCgI+OyuyoJNORU4JhtfFy
dT1MmooeTdbyU+0zOmJ4GYn19HZE6Wr/5hmAusrV6GHhVz9VDiPFg0yGy9Wx7259
fExDA2ecPCcfE1zOlRUrelGFRgnvCIWNYKdY+Z+MNJ2W925C4FdV679I/wIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFHBaXVhy6t5T9ESRzjyXqXASfRoIMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvY0ZwZFdITHEzbFAwUkpIT1BKZXBjQko5R2dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQBky0mMAwD
BACTLT0DBAaTLQADBAOTLVgDBAKTLXgDBACTLX8DBACTLc0DBADB6TwDBADB6T4D
BALB6XwDBADB6aoDBADB6ewDBADB6e8wDQYJKoZIhvcNAQELBQADggEBAH9Zicc0
k2VAY2/4PdAU8QYRT9OVUS0Gvep3BOVAwCYE3wvL79i6nBbTT93pd0EqH4ZSrxep
nf246cWlZ0BPQ4TtP3/62RcNnj/mzYwi4qTgkfa8kGOpjR05edJsfKqcncPzNJGr
JtvVyg8dgonmdKJgbZvrNt0qQcw4wauMK9r7nYFSLAXFNahnQ9+EzpWjocf0UClB
2NJeg60kL64iEKkXHobKPS9enl9o/r0mgbIc5/EuBUlN0jhgubFsoiPD8/p+HeD2
jhYBG3OFWKNPtRtYQVAGdN57WQtEKN/Er66w+EPXIfjKUUJNTy4C8K169jk1EN5a
v9OW/IzYq/Kp37M=
-----END CERTIFICATE-----