Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/8QLNAinC7SuGQs0u2JoJgweE3hw.roa
File:                     8QLNAinC7SuGQs0u2JoJgweE3hw.roa (raw, json)
Hash identifier:          dAi1joyO2k4RmtvcFPPdlgEIFrn1dcDWPA6bCC8U2+I=
Subject key identifier:   F1:02:CD:02:29:C2:ED:2B:86:42:CD:2E:D8:9A:09:83:07:84:DE:1C
Certificate issuer:       /CN=70bf553042f1a43827dc034500bbd1068a7297ca
Certificate serial:       019426D9DC237F9371411E55719F223E0B70
Authority key identifier: 70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/8QLNAinC7SuGQs0u2JoJgweE3hw.roa
Signing time:             Thu 02 Jan 2025 11:49:59 +0000
ROA not before:           Thu 02 Jan 2025 11:49:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207137
IP address blocks:        2a13:240::/48 maxlen: 48
                          2a13:240:1::/48 maxlen: 48
                          2a13:240:2::/48 maxlen: 48
                          2a13:240:3::/48 maxlen: 48
                          2a13:240:4::/48 maxlen: 48
                          2a13:240:5::/48 maxlen: 48
                          2a13:240:6::/48 maxlen: 48
                          2a13:240:7::/48 maxlen: 48
                          2a13:240:8::/48 maxlen: 48
                          2a13:240:9::/48 maxlen: 48
                          2a13:240:4200::/40 maxlen: 40
                          2a13:240:4300::/40 maxlen: 40
                          2a13:240:4400::/40 maxlen: 40
                          2a13:240:4500::/40 maxlen: 40
                          2a13:240:4600::/40 maxlen: 40
                          2a13:240:4700::/40 maxlen: 40
                          2a13:240:4800::/40 maxlen: 40
                          2a13:240:4900::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:dc:23:7f:93:71:41:1e:55:71:9f:22:3e:0b:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70bf553042f1a43827dc034500bbd1068a7297ca
        Validity
            Not Before: Jan  2 11:49:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f102cd0229c2ed2b8642cd2ed89a09830784de1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:bb:a4:5b:b8:7c:02:98:ce:cd:94:e8:89:be:
                    a0:3f:6b:24:9d:d8:f7:1c:17:9f:53:10:90:b9:48:
                    d3:97:65:57:28:84:72:e5:ad:77:4e:b9:66:09:fd:
                    1f:aa:5b:3c:f1:5c:42:0b:d8:fe:05:d5:f6:9b:7c:
                    d7:aa:12:8d:b5:77:de:98:4a:97:b6:61:95:17:0d:
                    5f:50:43:a3:2f:3e:b8:f4:b6:c9:f9:e7:0b:86:b7:
                    43:d7:09:5d:f8:e0:f2:56:cd:d6:c6:79:db:c5:fb:
                    1e:f2:41:fb:69:be:f7:22:ff:76:e6:95:24:2a:7a:
                    11:61:59:71:68:e1:ee:08:e9:3e:b4:86:d4:22:50:
                    a1:7a:9c:e6:1e:2e:ef:74:d2:fa:2e:6e:ed:fe:f6:
                    22:8d:18:11:53:7c:ab:1d:ec:e1:76:cd:c2:5a:f9:
                    b6:82:f9:e6:21:8b:f3:ff:68:54:ee:dc:c8:10:b2:
                    14:1d:a3:16:e3:20:73:74:e0:d7:bd:37:26:1d:d2:
                    2a:dc:01:c8:46:d8:5c:8f:48:29:74:ec:70:51:28:
                    9e:83:65:74:c3:9f:73:05:fa:41:cb:93:74:93:fb:
                    d2:78:98:a3:75:92:ce:9a:9f:09:63:ba:12:3d:de:
                    65:6f:16:14:76:31:b0:ea:cb:4c:7a:61:5f:88:89:
                    95:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:02:CD:02:29:C2:ED:2B:86:42:CD:2E:D8:9A:09:83:07:84:DE:1C
            X509v3 Authority Key Identifier:
                keyid:70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/8QLNAinC7SuGQs0u2JoJgweE3hw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:240::-2a13:240:9:ffff:ffff:ffff:ffff:ffff
                  2a13:240:4200::-2a13:240:49ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         b5:34:c7:15:01:81:90:6a:65:ef:2d:35:71:a2:ea:1f:33:85:
         b4:af:98:5c:e8:d2:f2:0c:9e:87:e8:16:79:6c:c4:54:82:51:
         59:c7:a6:9f:43:d6:cc:2b:8a:40:30:22:48:54:c5:d3:6b:e5:
         bf:31:f9:bf:e9:95:13:b5:08:a0:a0:48:c4:a5:4c:09:ec:93:
         f1:29:b3:ce:3b:e0:eb:06:72:80:5b:68:a7:22:46:80:db:46:
         f2:07:fe:fe:a4:24:67:9d:8f:0b:6b:82:95:37:0a:80:68:72:
         f2:81:c8:ed:ec:65:57:93:ed:57:a0:e6:22:4e:91:94:b5:76:
         2d:a0:28:f6:12:eb:16:93:24:e0:f0:0f:6d:6d:87:29:2c:4a:
         1a:69:c2:a4:d7:dc:99:76:d5:d4:a5:ec:67:6e:3f:a5:95:99:
         70:b0:13:db:23:9d:1c:fc:fe:a8:ab:f0:aa:f0:f3:58:1b:e0:
         23:1f:8c:a0:81:1f:67:9d:a9:fe:ac:8b:6c:a6:cb:b2:92:af:
         66:02:d5:2f:42:0a:52:fb:da:1c:bc:57:62:af:c4:03:0f:5e:
         ef:93:ed:86:ed:ef:2e:43:7e:cd:83:4a:a2:07:af:ea:a2:f2:
         e6:24:13:ae:18:37:45:ad:da:94:37:a5:2b:34:fa:16:5e:48:
         ef:b1:eb:1a
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQm2dwjf5NxQR5VcZ8iPgtwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYmY1NTMwNDJmMWE0MzgyN2RjMDM0NTAwYmJkMTA2OGE3
Mjk3Y2EwHhcNMjUwMTAyMTE0OTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTAyY2QwMjI5YzJlZDJiODY0MmNkMmVkODlhMDk4MzA3ODRkZTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLukW7h8ApjOzZToib6gP2skndj3
HBefUxCQuUjTl2VXKIRy5a13TrlmCf0fqls88VxCC9j+BdX2m3zXqhKNtXfemEqX
tmGVFw1fUEOjLz649LbJ+ecLhrdD1wld+ODyVs3Wxnnbxfse8kH7ab73Iv925pUk
KnoRYVlxaOHuCOk+tIbUIlChepzmHi7vdNL6Lm7t/vYijRgRU3yrHezhds3CWvm2
gvnmIYvz/2hU7tzIELIUHaMW4yBzdODXvTcmHdIq3AHIRthcj0gpdOxwUSieg2V0
w59zBfpBy5N0k/vSeJijdZLOmp8JY7oSPd5lbxYUdjGw6stMemFfiImV8QIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFPECzQIpwu0rhkLNLtiaCYMHhN4cMB8GA1UdIwQY
MBaAFHC/VTBC8aQ4J9wDRQC70QaKcpfKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYt
NTM1ODQwMWZiNzk2LzEvOFFMTkFpbkM3U3VHUXMwdTJKb0pnd2VFM2h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYtNTM1ODQwMWZiNzk2
LzEvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAAjAkMBADBQYqEwJA
AwcBKhMCQAAIMBADBgEqEwJAQgMGASoTAkBIMA0GCSqGSIb3DQEBCwUAA4IBAQC1
NMcVAYGQamXvLTVxouofM4W0r5hc6NLyDJ6H6BZ5bMRUglFZx6afQ9bMK4pAMCJI
VMXTa+W/Mfm/6ZUTtQigoEjEpUwJ7JPxKbPOO+DrBnKAW2inIkaA20byB/7+pCRn
nY8La4KVNwqAaHLygcjt7GVXk+1XoOYiTpGUtXYtoCj2EusWkyTg8A9tbYcpLEoa
acKk19yZdtXUpexnbj+llZlwsBPbI50c/P6oq/Cq8PNYG+AjH4yggR9nnan+rIts
psuykq9mAtUvQgpS+9ocvFdir8QDD17vk+2G7e8uQ37Ng0qiB6/qovLmJBOuGDdF
rdqUN6UrNPoWXkjvsesa
-----END CERTIFICATE-----