Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/952cd7-3297-4eaf-854f-b0afd45dcd78/1/X40tLgIMCQZAYRAwmZdn2JjY2Sg.roa
File:                     X40tLgIMCQZAYRAwmZdn2JjY2Sg.roa (raw, json)
Hash identifier:          eDaX3dI5fxxRGSOkAJcdOwrelUSaDgM3W7s+OAzNuqk=
Subject key identifier:   5F:8D:2D:2E:02:0C:09:06:40:61:10:30:99:97:67:D8:98:D8:D9:28
Certificate issuer:       /CN=06c746cd7d4df95a6d03ca9554a754760d5e4e06
Certificate serial:       0194244481F515F5D01063B45922AD55C4FF
Authority key identifier: 06:C7:46:CD:7D:4D:F9:5A:6D:03:CA:95:54:A7:54:76:0D:5E:4E:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BsdGzX1N-VptA8qVVKdUdg1eTgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/952cd7-3297-4eaf-854f-b0afd45dcd78/1/X40tLgIMCQZAYRAwmZdn2JjY2Sg.roa
Signing time:             Wed 01 Jan 2025 23:47:37 +0000
ROA not before:           Wed 01 Jan 2025 23:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199544
IP address blocks:        91.239.255.0/24 maxlen: 24
                          185.14.240.0/24 maxlen: 24
                          185.14.241.0/24 maxlen: 24
                          185.14.243.0/24 maxlen: 24
                          2001:67c:3c::/48 maxlen: 48
                          2a03:7ec0:57f::/48 maxlen: 48
                          2a03:7ec0:2424::/48 maxlen: 48
                          2a03:7ec0:3000::/40 maxlen: 48
                          2a03:7ec0:3100::/40 maxlen: 48
                          2a03:7ec0:3100::/48 maxlen: 48
                          2a03:7ec0:3131::/48 maxlen: 48
                          2a03:7ec0:31ff::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:81:f5:15:f5:d0:10:63:b4:59:22:ad:55:c4:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06c746cd7d4df95a6d03ca9554a754760d5e4e06
        Validity
            Not Before: Jan  1 23:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f8d2d2e020c090640611030999767d898d8d928
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:29:16:a4:4a:00:bc:33:e0:24:fd:d2:00:7a:
                    e3:eb:d3:77:72:d4:6d:50:dc:11:79:21:90:17:fd:
                    51:28:47:5b:e5:f4:76:ac:d4:d3:ba:0e:e2:24:27:
                    7b:84:3e:e7:93:42:64:5e:4a:d3:db:76:f8:c9:69:
                    78:13:25:cf:87:a2:a9:e8:f0:33:8b:7d:b8:44:2a:
                    bc:6b:7a:21:25:8d:12:7b:1c:1e:23:85:23:68:d9:
                    ed:06:55:bc:92:f4:23:c0:2d:1b:b5:ca:70:b5:ee:
                    4b:9e:2e:82:d6:0c:19:28:89:1f:e7:cc:96:b1:a6:
                    36:13:ae:af:a5:28:7c:1e:36:49:24:26:ec:17:0e:
                    34:c5:d3:71:84:9c:5b:b4:69:af:f1:cb:29:0f:78:
                    82:ba:4e:fb:b9:3f:c7:b2:19:91:b2:d9:9e:9b:07:
                    41:c8:4b:62:fe:05:a9:4a:36:ff:c2:a4:51:46:ff:
                    03:b0:6f:0f:a6:f5:85:87:d4:84:48:57:70:3a:8d:
                    96:be:68:7c:fe:3d:5b:98:91:77:36:85:64:ae:2b:
                    10:33:dc:0f:ec:91:54:d5:21:73:da:a6:5d:de:d3:
                    7d:d2:d3:e1:c1:3c:73:f7:3d:2a:eb:36:bc:61:c8:
                    7f:fa:76:a1:45:4f:6f:ae:38:79:d2:57:3c:f3:6f:
                    0f:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:8D:2D:2E:02:0C:09:06:40:61:10:30:99:97:67:D8:98:D8:D9:28
            X509v3 Authority Key Identifier:
                keyid:06:C7:46:CD:7D:4D:F9:5A:6D:03:CA:95:54:A7:54:76:0D:5E:4E:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BsdGzX1N-VptA8qVVKdUdg1eTgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/952cd7-3297-4eaf-854f-b0afd45dcd78/1/X40tLgIMCQZAYRAwmZdn2JjY2Sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/952cd7-3297-4eaf-854f-b0afd45dcd78/1/BsdGzX1N-VptA8qVVKdUdg1eTgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.255.0/24
                  185.14.240.0/23
                  185.14.243.0/24
                IPv6:
                  2001:67c:3c::/48
                  2a03:7ec0:57f::/48
                  2a03:7ec0:2424::/48
                  2a03:7ec0:3000::/39

    Signature Algorithm: sha256WithRSAEncryption
         51:ab:0b:37:99:30:f6:50:65:05:1c:29:57:24:7c:8b:23:9a:
         ef:6d:0f:85:8c:e2:b5:d3:dd:e2:65:eb:da:86:17:87:53:21:
         0e:6f:5a:38:69:00:6b:1d:e3:a8:e4:9b:e0:44:5b:a5:72:fc:
         ad:00:45:9f:26:d7:be:e6:ac:90:f5:17:eb:8a:99:9f:16:58:
         f2:75:df:a3:ab:d0:15:43:0c:67:3b:88:48:fa:61:68:75:8e:
         b1:9c:d8:d2:3b:46:22:53:dd:a0:1e:d7:b8:f2:dd:cd:4d:15:
         e0:a5:e7:ad:09:3d:63:38:61:3d:f1:74:36:4b:5a:5c:52:6f:
         8a:d3:27:47:e6:1c:9f:e6:24:35:51:3a:0a:f1:57:d5:7c:d0:
         a1:ed:dd:f6:73:b4:7c:c3:3a:27:db:24:e1:a3:16:10:c8:b5:
         be:d0:c8:6e:f9:de:60:d0:54:19:19:41:e3:91:9d:0d:99:eb:
         fa:80:65:76:2a:3c:6b:b3:f1:8d:2f:08:56:cd:e0:37:1c:0a:
         52:ce:5a:32:d1:3d:e2:6e:79:43:27:5b:c9:a7:82:93:b6:8a:
         a0:59:91:b6:77:02:59:70:bc:2f:12:dc:50:6d:67:8d:e0:cc:
         6e:e5:22:37:17:e7:7b:3e:89:0f:15:82:1f:13:8d:35:87:68:
         ce:2f:80:a4
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAZQkRIH1FfXQEGO0WSKtVcT/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2Yzc0NmNkN2Q0ZGY5NWE2ZDAzY2E5NTU0YTc1NDc2MGQ1
ZTRlMDYwHhcNMjUwMTAxMjM0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjhkMmQyZTAyMGMwOTA2NDA2MTEwMzA5OTk3NjdkODk4ZDhkOTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2CkWpEoAvDPgJP3SAHrj69N3ctRt
UNwReSGQF/1RKEdb5fR2rNTTug7iJCd7hD7nk0JkXkrT23b4yWl4EyXPh6Kp6PAz
i324RCq8a3ohJY0SexweI4UjaNntBlW8kvQjwC0btcpwte5Lni6C1gwZKIkf58yW
saY2E66vpSh8HjZJJCbsFw40xdNxhJxbtGmv8cspD3iCuk77uT/HshmRstmemwdB
yEti/gWpSjb/wqRRRv8DsG8PpvWFh9SESFdwOo2Wvmh8/j1bmJF3NoVkrisQM9wP
7JFU1SFz2qZd3tN90tPhwTxz9z0q6za8Ych/+nahRU9vrjh50lc8828PdQIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFF+NLS4CDAkGQGEQMJmXZ9iY2NkoMB8GA1UdIwQY
MBaAFAbHRs19TflabQPKlVSnVHYNXk4GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnNkR3pYMU4tVnB0QThxVlZLZFVkZzFlVGdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi85NTJjZDctMzI5Ny00ZWFmLTg1NGYt
YjBhZmQ0NWRjZDc4LzEvWDQwdExnSU1DUVpBWVJBd21aZG4ySmpZMlNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi85NTJjZDctMzI5Ny00ZWFmLTg1NGYtYjBhZmQ0NWRjZDc4
LzEvQnNkR3pYMU4tVnB0QThxVlZLZFVkZzFlVGdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTAYBAIAATASAwQAW+//AwQB
uQ7wAwQAuQ7zMCkEAgACMCMDBwAgAQZ8ADwDBwAqA37ABX8DBwAqA37AJCQDBgEq
A37AMDANBgkqhkiG9w0BAQsFAAOCAQEAUasLN5kw9lBlBRwpVyR8iyOa720PhYzi
tdPd4mXr2oYXh1MhDm9aOGkAax3jqOSb4ERbpXL8rQBFnybXvuaskPUX64qZnxZY
8nXfo6vQFUMMZzuISPphaHWOsZzY0jtGIlPdoB7XuPLdzU0V4KXnrQk9YzhhPfF0
NktaXFJvitMnR+Ycn+YkNVE6CvFX1XzQoe3d9nO0fMM6J9sk4aMWEMi1vtDIbvne
YNBUGRlB45GdDZnr+oBldio8a7PxjS8IVs3gNxwKUs5aMtE94m55QydbyaeCk7aK
oFmRtncCWXC8LxLcUG1njeDMbuUiNxfnez6JDxWCHxONNYdozi+ApA==
-----END CERTIFICATE-----