Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/uPQq9dTzu9l6nGa6q2Wm0y0rIjQ.roa
File:                     uPQq9dTzu9l6nGa6q2Wm0y0rIjQ.roa (raw, json)
Hash identifier:          byS0oQxRe2Kgt+L+PTsfZAD5r+SpQNn+kwHvhdwslDg=
Subject key identifier:   B8:F4:2A:F5:D4:F3:BB:D9:7A:9C:66:BA:AB:65:A6:D3:2D:2B:22:34
Certificate issuer:       /CN=002647c801fb58fcfaac135bb48f5e61fea7e566
Certificate serial:       0194258F0CE2536CB55B8B91B5A2F8EAFB01
Authority key identifier: 00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/uPQq9dTzu9l6nGa6q2Wm0y0rIjQ.roa
Signing time:             Thu 02 Jan 2025 05:48:39 +0000
ROA not before:           Thu 02 Jan 2025 05:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30962
IP address blocks:        62.108.32.0/20 maxlen: 20
                          62.108.48.0/20 maxlen: 20
                          84.19.0.0/19 maxlen: 19
                          89.107.64.0/21 maxlen: 21
                          91.190.144.0/21 maxlen: 21
                          93.190.88.0/21 maxlen: 21
                          93.190.95.0/24 maxlen: 24
                          185.147.216.0/22 maxlen: 22
                          194.113.216.0/23 maxlen: 23
                          195.62.20.0/23 maxlen: 23
                          195.191.114.0/23 maxlen: 23
                          195.225.240.0/22 maxlen: 22
                          2a00:f70::/32 maxlen: 32
                          2a03:f200::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:0c:e2:53:6c:b5:5b:8b:91:b5:a2:f8:ea:fb:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=002647c801fb58fcfaac135bb48f5e61fea7e566
        Validity
            Not Before: Jan  2 05:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b8f42af5d4f3bbd97a9c66baab65a6d32d2b2234
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:af:91:53:dc:03:ec:b4:e2:91:1b:17:57:ea:
                    14:58:32:3f:48:c0:64:3a:34:8d:fa:e3:23:80:52:
                    06:4d:6e:ca:08:2c:03:14:ab:f1:a2:ad:52:de:72:
                    a5:84:06:bb:66:e8:86:6b:8c:f3:ac:9f:7e:28:27:
                    53:f1:a4:7e:43:b5:ac:95:69:6c:8e:e0:c8:08:9c:
                    61:81:d2:eb:58:9f:d1:75:25:fc:e2:ae:ea:e2:13:
                    09:76:4f:00:0e:2c:2b:7a:ca:bd:5f:fe:bc:dd:bf:
                    37:80:51:19:21:0b:d5:f0:11:2b:93:93:29:04:92:
                    94:6a:f4:db:db:b8:74:7d:49:ba:b5:1c:87:67:b2:
                    e4:84:27:ea:43:c6:65:4f:27:ab:bf:c5:07:a9:6a:
                    57:d7:4c:7e:7f:7d:8e:b5:82:d2:01:6f:50:11:0a:
                    cd:38:78:d1:3c:5c:62:8d:93:d9:06:a0:a6:40:ee:
                    9f:97:f0:db:9c:0f:65:d9:63:be:c1:bf:62:05:f4:
                    5a:8d:0c:22:1e:1c:14:f7:bc:ee:d5:57:ee:c3:6b:
                    3d:3c:20:16:02:b8:a0:45:92:32:21:01:88:79:83:
                    51:5a:28:9e:0b:d3:21:21:a3:f8:e0:f7:ea:f2:c2:
                    24:aa:5e:57:29:7a:50:8b:59:ec:5e:c9:1e:f3:fb:
                    bf:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:F4:2A:F5:D4:F3:BB:D9:7A:9C:66:BA:AB:65:A6:D3:2D:2B:22:34
            X509v3 Authority Key Identifier:
                keyid:00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/uPQq9dTzu9l6nGa6q2Wm0y0rIjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.32.0/19
                  84.19.0.0/19
                  89.107.64.0/21
                  91.190.144.0/21
                  93.190.88.0/21
                  185.147.216.0/22
                  194.113.216.0/23
                  195.62.20.0/23
                  195.191.114.0/23
                  195.225.240.0/22
                IPv6:
                  2a00:f70::/32
                  2a03:f200::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:f8:9e:81:be:06:33:c2:ba:1f:a4:14:98:3c:95:31:1a:46:
         34:31:7f:7d:ba:51:57:54:95:8f:61:42:97:22:8a:f4:39:91:
         2f:a2:e2:6e:ad:62:b3:01:8d:24:81:d9:b6:46:27:64:43:cb:
         c8:6b:21:3c:52:6b:de:91:34:a0:93:3f:df:c0:cc:d1:93:70:
         ae:94:6b:df:87:aa:8b:6d:19:02:65:3c:5d:30:85:7c:06:c5:
         3d:69:88:21:f3:73:78:ea:c8:1b:47:24:63:b4:91:7e:4d:78:
         bd:22:91:c5:d9:f4:79:8f:78:21:0e:d1:e5:04:ef:1c:4a:cb:
         da:04:06:88:8e:aa:66:a3:32:63:c9:29:88:4f:32:1b:08:7c:
         e3:60:98:85:74:62:c8:45:a4:ca:19:b8:86:de:f5:05:73:8a:
         0c:e2:c9:9d:f7:a5:95:79:73:16:aa:fe:20:1d:7b:76:c8:1e:
         c9:21:d2:3a:d2:ca:14:8d:44:3f:85:2d:32:97:5b:bc:4f:8b:
         f0:44:cc:00:9b:c5:0c:b8:0a:39:8c:38:f9:46:52:67:89:ac:
         3e:31:84:b1:44:88:9a:5e:95:f2:ea:37:20:d9:ca:08:55:6c:
         fa:59:40:58:ff:b3:07:58:a3:9b:e7:fd:9f:a8:fe:e2:c3:0e:
         25:ff:1d:a6
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAZQljwziU2y1W4uRtaL46vsBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMjY0N2M4MDFmYjU4ZmNmYWFjMTM1YmI0OGY1ZTYxZmVh
N2U1NjYwHhcNMjUwMTAyMDU0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGY0MmFmNWQ0ZjNiYmQ5N2E5YzY2YmFhYjY1YTZkMzJkMmIyMjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16+RU9wD7LTikRsXV+oUWDI/SMBk
OjSN+uMjgFIGTW7KCCwDFKvxoq1S3nKlhAa7ZuiGa4zzrJ9+KCdT8aR+Q7WslWls
juDICJxhgdLrWJ/RdSX84q7q4hMJdk8ADiwresq9X/683b83gFEZIQvV8BErk5Mp
BJKUavTb27h0fUm6tRyHZ7LkhCfqQ8ZlTyerv8UHqWpX10x+f32OtYLSAW9QEQrN
OHjRPFxijZPZBqCmQO6fl/DbnA9l2WO+wb9iBfRajQwiHhwU97zu1Vfuw2s9PCAW
ArigRZIyIQGIeYNRWiieC9MhIaP44Pfq8sIkql5XKXpQi1nsXske8/u/WwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFLj0KvXU87vZepxmuqtlptMtKyI0MB8GA1UdIwQY
MBaAFAAmR8gB+1j8+qwTW7SPXmH+p+VmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODIt
OTRlZmJmNWNlY2Q0LzEvdVBRcTlkVHp1OWw2bkdhNnEyV20weTBySWpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODItOTRlZmJmNWNlY2Q0
LzEvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQFPmwgAwQF
VBMAAwQDWWtAAwQDW76QAwQDXb5YAwQCuZPYAwQBwnHYAwQBwz4UAwQBw79yAwQC
w+HwMBQEAgACMA4DBQAqAA9wAwUAKgPyADANBgkqhkiG9w0BAQsFAAOCAQEAUvie
gb4GM8K6H6QUmDyVMRpGNDF/fbpRV1SVj2FClyKK9DmRL6Libq1iswGNJIHZtkYn
ZEPLyGshPFJr3pE0oJM/38DM0ZNwrpRr34eqi20ZAmU8XTCFfAbFPWmIIfNzeOrI
G0ckY7SRfk14vSKRxdn0eY94IQ7R5QTvHErL2gQGiI6qZqMyY8kpiE8yGwh842CY
hXRiyEWkyhm4ht71BXOKDOLJnfellXlzFqr+IB17dsgeySHSOtLKFI1EP4UtMpdb
vE+L8ETMAJvFDLgKOYw4+UZSZ4msPjGEsUSIml6V8uo3INnKCFVs+llAWP+zB1ij
m+f9n6j+4sMOJf8dpg==
-----END CERTIFICATE-----