Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/8e_FDS7lPjDAGN77UHqMdC3mzEg.roa
File:                     8e_FDS7lPjDAGN77UHqMdC3mzEg.roa (raw, json)
Hash identifier:          YJNDEAJGGV4cRwTQXHEEa0CaV187Zt2CcPd6xWrcL44=
Subject key identifier:   F1:EF:C5:0D:2E:E5:3E:30:C0:18:DE:FB:50:7A:8C:74:2D:E6:CC:48
Certificate issuer:       /CN=70bf553042f1a43827dc034500bbd1068a7297ca
Certificate serial:       019564E5D9CF0C957DAF47A9B7F66529E496
Authority key identifier: 70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/8e_FDS7lPjDAGN77UHqMdC3mzEg.roa
Signing time:             Wed 05 Mar 2025 06:02:19 +0000
ROA not before:           Wed 05 Mar 2025 06:02:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207137
IP address blocks:        2a13:240::/48 maxlen: 48
                          2a13:240:1::/48 maxlen: 48
                          2a13:240:2::/48 maxlen: 48
                          2a13:240:3::/48 maxlen: 48
                          2a13:240:4::/48 maxlen: 48
                          2a13:240:5::/48 maxlen: 48
                          2a13:240:6::/48 maxlen: 48
                          2a13:240:7::/48 maxlen: 48
                          2a13:240:8::/48 maxlen: 48
                          2a13:240:9::/48 maxlen: 48
                          2a13:240:a::/48 maxlen: 48
                          2a13:240:b::/48 maxlen: 48
                          2a13:240:4200::/40 maxlen: 40
                          2a13:240:4300::/40 maxlen: 40
                          2a13:240:4400::/40 maxlen: 40
                          2a13:240:4500::/40 maxlen: 40
                          2a13:240:4600::/40 maxlen: 40
                          2a13:240:4700::/40 maxlen: 40
                          2a13:240:4800::/40 maxlen: 40
                          2a13:240:4900::/40 maxlen: 40
                          2a13:240:4a00::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:64:e5:d9:cf:0c:95:7d:af:47:a9:b7:f6:65:29:e4:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70bf553042f1a43827dc034500bbd1068a7297ca
        Validity
            Not Before: Mar  5 06:02:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1efc50d2ee53e30c018defb507a8c742de6cc48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:24:4f:e2:7f:c2:ec:1f:cc:f6:fd:a1:a1:8d:
                    46:15:b6:0d:7c:6e:5e:53:7d:97:8d:9d:5d:fa:d3:
                    d3:fd:96:cd:ba:72:e7:43:74:24:bd:b6:67:37:f7:
                    eb:a5:07:75:37:f6:70:c1:64:25:b0:98:7e:80:5e:
                    14:c9:eb:d6:8f:eb:f6:d0:da:3b:0d:75:64:1b:9b:
                    dc:d9:44:fa:14:13:12:95:f5:0d:74:55:01:38:83:
                    d7:11:e8:6e:f5:e7:73:3f:49:31:7e:be:6b:f4:f1:
                    3a:1c:64:dc:1f:16:c5:61:e4:47:b3:c0:34:c4:c2:
                    5c:74:32:6a:dc:5d:0d:43:f4:c2:29:fb:e9:e9:38:
                    39:db:c5:ae:c1:92:36:ef:b3:73:90:3e:7b:18:ff:
                    8a:63:a7:1d:9e:42:f1:82:80:5c:2a:6f:09:a9:a9:
                    dc:88:86:6c:4e:e2:fc:e6:49:c6:fa:5e:77:95:94:
                    ce:2b:1a:99:49:ca:24:ec:a8:f7:35:09:06:9c:19:
                    bc:b9:e3:04:4b:1b:90:4f:ea:8e:f1:1a:86:99:ea:
                    30:57:1f:6d:c3:dd:dc:3f:c5:a7:72:bc:99:a2:da:
                    85:f1:b8:9a:62:46:98:32:16:55:8a:d0:c0:4f:89:
                    b0:98:8e:f8:d2:57:5f:e7:8e:d3:3c:e8:7e:07:09:
                    30:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:EF:C5:0D:2E:E5:3E:30:C0:18:DE:FB:50:7A:8C:74:2D:E6:CC:48
            X509v3 Authority Key Identifier:
                keyid:70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/8e_FDS7lPjDAGN77UHqMdC3mzEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:240::-2a13:240:b:ffff:ffff:ffff:ffff:ffff
                  2a13:240:4200::-2a13:240:4aff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         bc:61:28:b3:8e:ad:95:6d:36:eb:5c:67:b1:18:9e:1e:82:7d:
         11:c1:28:74:38:6e:83:85:22:15:1b:a9:c0:93:f5:c9:21:e6:
         c9:70:4b:a8:c3:77:cd:57:78:2a:d3:6b:bc:71:66:75:84:da:
         3f:e6:0a:34:bd:66:bf:ba:72:c0:ba:f8:26:47:74:55:6c:b0:
         b4:d6:45:5f:b1:34:19:6b:b4:e6:e2:c6:62:6f:5a:c9:95:68:
         c4:65:fd:46:24:81:23:63:5e:d1:9b:84:f3:dd:29:f8:79:f4:
         5e:86:26:38:32:78:50:54:51:0c:95:bc:a2:b1:9a:ff:c8:c4:
         23:b6:4a:f5:08:d8:7c:a1:a0:c8:d0:06:92:3b:8e:e8:52:82:
         93:4c:b9:d5:6d:14:1c:6d:d7:6e:80:47:49:d8:a7:f1:24:8a:
         6c:15:5b:b9:9d:95:a8:36:ae:20:72:21:fe:09:3d:3d:ac:5b:
         40:34:95:85:95:28:27:8f:6b:58:91:ef:38:1c:c8:9e:06:92:
         4f:7f:37:ec:a3:67:85:8f:cd:b9:b7:59:3b:48:3c:a1:43:93:
         18:c4:7f:c9:2f:e6:29:4e:35:4f:5a:ce:94:c7:d5:9b:fe:8f:
         9e:4e:1b:d5:bb:1b:ae:d6:0a:fb:cf:3e:d4:51:c1:2f:87:0f:
         41:49:23:2d
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZVk5dnPDJV9r0ept/ZlKeSWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYmY1NTMwNDJmMWE0MzgyN2RjMDM0NTAwYmJkMTA2OGE3
Mjk3Y2EwHhcNMjUwMzA1MDYwMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWVmYzUwZDJlZTUzZTMwYzAxOGRlZmI1MDdhOGM3NDJkZTZjYzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSRP4n/C7B/M9v2hoY1GFbYNfG5e
U32XjZ1d+tPT/ZbNunLnQ3QkvbZnN/frpQd1N/ZwwWQlsJh+gF4UyevWj+v20No7
DXVkG5vc2UT6FBMSlfUNdFUBOIPXEehu9edzP0kxfr5r9PE6HGTcHxbFYeRHs8A0
xMJcdDJq3F0NQ/TCKfvp6Tg528WuwZI277NzkD57GP+KY6cdnkLxgoBcKm8Jqanc
iIZsTuL85knG+l53lZTOKxqZScok7Kj3NQkGnBm8ueMESxuQT+qO8RqGmeowVx9t
w93cP8WncryZotqF8biaYkaYMhZVitDAT4mwmI740ldf547TPOh+BwkwlQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFPHvxQ0u5T4wwBje+1B6jHQt5sxIMB8GA1UdIwQY
MBaAFHC/VTBC8aQ4J9wDRQC70QaKcpfKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYt
NTM1ODQwMWZiNzk2LzEvOGVfRkRTN2xQakRBR043N1VIcU1kQzNtekVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYtNTM1ODQwMWZiNzk2
LzEvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAAjAkMBADBQYqEwJA
AwcCKhMCQAAIMBADBgEqEwJAQgMGACoTAkBKMA0GCSqGSIb3DQEBCwUAA4IBAQC8
YSizjq2VbTbrXGexGJ4egn0RwSh0OG6DhSIVG6nAk/XJIebJcEuow3fNV3gq02u8
cWZ1hNo/5go0vWa/unLAuvgmR3RVbLC01kVfsTQZa7Tm4sZib1rJlWjEZf1GJIEj
Y17Rm4Tz3Sn4efRehiY4MnhQVFEMlbyisZr/yMQjtkr1CNh8oaDI0AaSO47oUoKT
TLnVbRQcbddugEdJ2KfxJIpsFVu5nZWoNq4gciH+CT09rFtANJWFlSgnj2tYke84
HMieBpJPfzfso2eFj825t1k7SDyhQ5MYxH/JL+YpTjVPWs6Ux9Wb/o+eThvVuxuu
1gr7zz7UUcEvhw9BSSMt
-----END CERTIFICATE-----