Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Ud4CJzR9aZlNmDgRuuf5i3M-o3A.roa
File:                     Ud4CJzR9aZlNmDgRuuf5i3M-o3A.roa (raw, json)
Hash identifier:          HNm69n+qqLhlqfsyqPhDScCNxn4DUn+whfvFHbPXZDM=
Subject key identifier:   51:DE:02:27:34:7D:69:99:4D:98:38:11:BA:E7:F9:8B:73:3E:A3:70
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01958F692FFF78329FEF7763F4CE2365F9F7
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Ud4CJzR9aZlNmDgRuuf5i3M-o3A.roa
Signing time:             Thu 13 Mar 2025 12:09:50 +0000
ROA not before:           Thu 13 Mar 2025 12:09:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64267
IP address blocks:        163.5.14.0/24 maxlen: 24
                          163.5.33.0/24 maxlen: 24
                          163.5.61.0/24 maxlen: 24
                          163.5.91.0/24 maxlen: 24
                          163.5.140.0/24 maxlen: 24
                          163.5.211.0/24 maxlen: 24
                          163.5.215.0/24 maxlen: 24
                          163.5.239.0/24 maxlen: 24
                          163.5.245.0/24 maxlen: 24
                          163.5.255.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8f:69:2f:ff:78:32:9f:ef:77:63:f4:ce:23:65:f9:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 13 12:09:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51de0227347d69994d983811bae7f98b733ea370
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:57:fb:da:d6:14:41:fd:9c:36:1a:2b:96:7e:
                    41:b3:76:f7:17:ff:7b:95:9a:98:8d:df:2e:b5:44:
                    b3:b5:8d:d5:92:aa:ba:a6:a7:ef:a7:68:6c:b9:9f:
                    23:35:a1:9f:3f:b7:88:03:74:68:60:fa:d5:dd:f1:
                    d9:b3:fb:54:d5:96:ae:46:c5:d8:8a:c0:02:e4:85:
                    0d:9e:89:08:f8:a5:8d:bb:91:46:10:fc:7f:76:75:
                    28:87:5d:25:aa:57:f2:8e:28:60:d9:61:5d:1a:12:
                    04:00:e3:26:5f:f0:e3:9c:35:d2:85:e8:a7:a2:e9:
                    87:cf:c4:76:b3:0d:1a:21:64:5f:8d:ff:9f:cd:5c:
                    02:f1:98:c1:97:7b:8c:a0:ad:53:2b:09:2a:d9:f2:
                    3a:95:ec:d7:14:a9:03:48:47:98:86:c9:a4:f2:21:
                    2e:6e:b3:f3:52:5d:a0:ec:36:69:65:9b:39:12:b6:
                    92:b0:0e:b0:f1:5f:07:bf:0e:87:29:54:6b:00:25:
                    8e:ac:17:7d:93:7b:46:52:63:1f:2c:c0:37:18:2c:
                    65:27:52:1e:d1:a4:2f:ac:0e:ad:5a:f4:45:62:e5:
                    f9:5d:4c:6c:74:c8:ba:84:4e:4e:de:c5:4d:bb:b5:
                    6a:8b:22:ed:e7:3a:c5:ef:b5:66:76:8e:c6:13:81:
                    78:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:DE:02:27:34:7D:69:99:4D:98:38:11:BA:E7:F9:8B:73:3E:A3:70
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Ud4CJzR9aZlNmDgRuuf5i3M-o3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.14.0/24
                  163.5.33.0/24
                  163.5.61.0/24
                  163.5.91.0/24
                  163.5.140.0/24
                  163.5.211.0/24
                  163.5.215.0/24
                  163.5.239.0/24
                  163.5.245.0/24
                  163.5.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:56:f3:f2:75:8e:2c:e4:80:3a:7f:55:c6:65:2f:49:88:23:
         c3:31:19:71:b0:36:5f:ef:a4:61:99:f9:c1:3d:4a:25:be:7a:
         48:49:58:f8:1a:24:d0:44:e1:54:9c:2d:36:fa:b7:f6:f5:ca:
         02:ad:58:bb:5f:09:87:4e:8f:91:fd:66:26:83:ac:a2:43:e9:
         d7:85:f5:8e:b9:1b:13:f4:3a:a0:88:55:6a:13:73:22:29:21:
         ee:c3:7f:1b:e9:d8:9c:fa:01:b0:16:d4:1f:d5:67:1f:6c:1a:
         6d:4b:bc:2a:c1:5d:6a:46:b5:ec:28:87:58:e0:b6:06:0d:1c:
         d3:e9:c3:5d:e9:9c:68:08:91:ed:e5:72:3e:37:43:ad:3c:17:
         c2:4c:28:19:af:1f:e1:d8:0b:dd:95:b7:05:39:5d:dc:16:36:
         f3:53:b8:9d:4e:a9:d2:d4:cb:b3:43:22:7c:a9:19:a9:c8:68:
         76:30:d5:6c:ad:fe:d6:1e:c9:5e:99:c2:ae:a2:69:e8:ec:e7:
         6c:41:f1:b2:39:51:3e:c4:14:e9:18:33:a2:18:b2:58:c2:d1:
         ff:aa:47:e0:9a:b1:e0:bd:46:f5:e3:ea:12:c0:9a:4c:ee:10:
         75:c8:c2:4a:9c:0d:cf:47:23:2f:04:5e:02:79:65:ad:6a:dc:
         16:5c:e0:68
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZWPaS//eDKf73dj9M4jZfn3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMzEzMTIwOTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWRlMDIyNzM0N2Q2OTk5NGQ5ODM4MTFiYWU3Zjk4YjczM2VhMzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1f72tYUQf2cNhorln5Bs3b3F/97
lZqYjd8utUSztY3Vkqq6pqfvp2hsuZ8jNaGfP7eIA3RoYPrV3fHZs/tU1ZauRsXY
isAC5IUNnokI+KWNu5FGEPx/dnUoh10lqlfyjihg2WFdGhIEAOMmX/DjnDXShein
oumHz8R2sw0aIWRfjf+fzVwC8ZjBl3uMoK1TKwkq2fI6lezXFKkDSEeYhsmk8iEu
brPzUl2g7DZpZZs5EraSsA6w8V8Hvw6HKVRrACWOrBd9k3tGUmMfLMA3GCxlJ1Ie
0aQvrA6tWvRFYuX5XUxsdMi6hE5O3sVNu7VqiyLt5zrF77Vmdo7GE4F4OQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFFHeAic0fWmZTZg4Ebrn+YtzPqNwMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvVWQ0Q0p6UjlhWmxObURnUnV1ZjVpM00tbzNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAowUOAwQA
owUhAwQAowU9AwQAowVbAwQAowWMAwQAowXTAwQAowXXAwQAowXvAwQAowX1AwQA
owX/MA0GCSqGSIb3DQEBCwUAA4IBAQAMVvPydY4s5IA6f1XGZS9JiCPDMRlxsDZf
76RhmfnBPUolvnpISVj4GiTQROFUnC02+rf29coCrVi7XwmHTo+R/WYmg6yiQ+nX
hfWOuRsT9DqgiFVqE3MiKSHuw38b6dic+gGwFtQf1WcfbBptS7wqwV1qRrXsKIdY
4LYGDRzT6cNd6ZxoCJHt5XI+N0OtPBfCTCgZrx/h2AvdlbcFOV3cFjbzU7idTqnS
1MuzQyJ8qRmpyGh2MNVsrf7WHslemcKuomno7OdsQfGyOVE+xBTpGDOiGLJYwtH/
qkfgmrHgvUb14+oSwJpM7hB1yMJKnA3PRyMvBF4CeWWtatwWXOBo
-----END CERTIFICATE-----