Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/F5BIyeQq1LhmSVsPRgAyZPkYkLQ.roa
File:                     F5BIyeQq1LhmSVsPRgAyZPkYkLQ.roa (raw, json)
Hash identifier:          Ttlco/TvEsoGLPzdKdaZrlpOOinp4i5KP47j58H5QsY=
Subject key identifier:   17:90:48:C9:E4:2A:D4:B8:66:49:5B:0F:46:00:32:64:F9:18:90:B4
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01933958F06D91F2EE7C78B0CE3C8B8F99FE
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/F5BIyeQq1LhmSVsPRgAyZPkYkLQ.roa
Signing time:             Sun 17 Nov 2024 08:59:10 +0000
ROA not before:           Sun 17 Nov 2024 08:59:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34872
IP address blocks:        45.154.97.0/24 maxlen: 24
                          62.3.50.0/24 maxlen: 24
                          194.28.98.0/23 maxlen: 24
                          2a0c:b640::/32 maxlen: 48
                          2a0c:b641::/44 maxlen: 48
                          2a0c:b641:10::/44 maxlen: 48
                          2a0c:b641:50::/44 maxlen: 48
                          2a0c:b641:60::/44 maxlen: 48
                          2a0c:b641:160::/44 maxlen: 48
                          2a0c:b641:530::/44 maxlen: 48
                          2a0c:b641:540::/44 maxlen: 48
                          2a0c:b641:70f::/48 maxlen: 48
                          2a0c:b641:820::/44 maxlen: 48
                          2a0c:b641:cb0::/44 maxlen: 48
                          2a0f:8400::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:39:58:f0:6d:91:f2:ee:7c:78:b0:ce:3c:8b:8f:99:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Nov 17 08:59:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=179048c9e42ad4b866495b0f46003264f91890b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:3b:6a:48:dc:e6:0f:26:3d:38:61:cb:04:e0:
                    d2:13:68:43:e9:ab:5f:01:f5:1e:11:a8:ca:a5:03:
                    5b:3e:2f:1b:de:f7:ab:5b:55:52:8c:d4:aa:0a:e4:
                    50:ad:54:a2:46:6b:8c:7a:0b:20:a7:0c:6f:13:2b:
                    60:a5:48:95:8c:af:b3:08:8c:6e:b6:c2:c0:86:71:
                    e2:29:5c:e9:fd:8a:de:a2:87:07:1a:ae:ec:cc:72:
                    36:da:b3:de:13:95:9c:ce:89:73:db:84:5b:ed:7a:
                    6f:20:5e:86:28:a9:35:98:68:0c:da:85:c8:c2:18:
                    c7:e4:5b:02:f6:b4:d2:a4:d7:7a:81:50:2d:c4:4d:
                    67:32:84:40:a1:77:a7:38:e5:2d:65:f1:16:6d:5d:
                    93:b2:21:70:a9:15:24:d4:c5:00:d4:55:7c:14:16:
                    cc:63:54:ac:65:e0:7d:bc:c2:3c:8f:ef:42:31:b3:
                    d9:58:d1:98:ac:e0:d1:ff:22:da:77:f4:d5:0f:bc:
                    28:ea:a5:90:a2:09:8a:3a:7c:f9:5a:24:2a:c3:19:
                    21:56:0a:9f:5e:cb:8f:e7:66:c6:c7:ac:51:40:43:
                    55:7c:fd:d1:50:17:56:c9:1d:ed:8c:ea:86:8c:30:
                    d8:06:c0:3f:62:ab:6c:c8:61:78:29:ab:74:30:08:
                    6e:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:90:48:C9:E4:2A:D4:B8:66:49:5B:0F:46:00:32:64:F9:18:90:B4
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/F5BIyeQq1LhmSVsPRgAyZPkYkLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.97.0/24
                  62.3.50.0/24
                  194.28.98.0/23
                IPv6:
                  2a0c:b640::-2a0c:b641:1f:ffff:ffff:ffff:ffff:ffff
                  2a0c:b641:50::-2a0c:b641:6f:ffff:ffff:ffff:ffff:ffff
                  2a0c:b641:160::/44
                  2a0c:b641:530::-2a0c:b641:54f:ffff:ffff:ffff:ffff:ffff
                  2a0c:b641:70f::/48
                  2a0c:b641:820::/44
                  2a0c:b641:cb0::/44
                  2a0f:8400::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:40:ee:fa:be:26:af:a3:db:df:70:a7:ab:a8:3b:6b:05:d3:
         99:92:3a:1e:31:48:ee:26:d0:55:5a:e3:95:dc:e7:90:58:06:
         fc:7d:29:2e:be:3a:f7:fa:88:42:23:08:9e:7d:d8:a1:48:87:
         a5:75:74:78:3d:ac:8c:3b:37:dc:71:51:fe:b0:1e:c6:c5:44:
         e7:35:c7:18:26:52:dd:6c:35:e8:fe:3e:c3:6e:5c:3e:93:90:
         5b:bd:62:25:9f:31:d1:b1:7d:fb:38:00:59:4d:0c:32:16:ca:
         70:ce:42:7f:d4:eb:2c:ac:80:2f:b6:4d:28:a9:2e:19:02:bb:
         fa:4d:0e:90:d2:27:f6:c4:a7:4c:73:67:c2:67:ad:33:36:0d:
         56:10:11:16:11:bf:bd:db:05:80:b1:d7:e8:62:69:99:30:11:
         89:ad:48:1a:8b:f4:63:39:48:b6:78:39:ff:93:92:20:9f:6e:
         00:56:8b:0c:25:ff:ce:69:d2:a5:bf:ef:d1:23:e7:15:1b:80:
         b6:03:a5:40:fb:62:01:54:9e:c6:46:ca:78:10:ec:30:11:02:
         09:df:eb:93:da:f8:35:b1:5e:a0:67:c5:01:59:1a:b5:ea:34:
         98:20:b0:91:6e:24:d2:40:77:cf:6d:e9:9d:45:35:96:1f:fd:
         9d:7a:7b:45
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAZM5WPBtkfLufHiwzjyLj5n+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQxMTE3MDg1OTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzkwNDhjOWU0MmFkNGI4NjY0OTViMGY0NjAwMzI2NGY5MTg5MGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ztqSNzmDyY9OGHLBODSE2hD6atf
AfUeEajKpQNbPi8b3verW1VSjNSqCuRQrVSiRmuMegsgpwxvEytgpUiVjK+zCIxu
tsLAhnHiKVzp/YreoocHGq7szHI22rPeE5Wczolz24Rb7XpvIF6GKKk1mGgM2oXI
whjH5FsC9rTSpNd6gVAtxE1nMoRAoXenOOUtZfEWbV2TsiFwqRUk1MUA1FV8FBbM
Y1SsZeB9vMI8j+9CMbPZWNGYrODR/yLad/TVD7wo6qWQogmKOnz5WiQqwxkhVgqf
XsuP52bGx6xRQENVfP3RUBdWyR3tjOqGjDDYBsA/YqtsyGF4Kat0MAhuwQIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFBeQSMnkKtS4ZklbD0YAMmT5GJC0MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvRjVCSXllUXExTGhtU1ZzUFJnQXlaUGtZa0xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzAYBAIAATASAwQALZph
AwQAPgMyAwQBwhxiMGsEAgACMGUwEAMFBioMtkADBwUqDLZBAAAwEgMHBCoMtkEA
UAMHBCoMtkEAYAMHBCoMtkEBYDASAwcEKgy2QQUwAwcEKgy2QQVAAwcAKgy2QQcP
AwcEKgy2QQggAwcEKgy2QQywAwUAKg+EADANBgkqhkiG9w0BAQsFAAOCAQEAfUDu
+r4mr6Pb33Cnq6g7awXTmZI6HjFI7ibQVVrjldznkFgG/H0pLr469/qIQiMInn3Y
oUiHpXV0eD2sjDs33HFR/rAexsVE5zXHGCZS3Ww16P4+w25cPpOQW71iJZ8x0bF9
+zgAWU0MMhbKcM5Cf9TrLKyAL7ZNKKkuGQK7+k0OkNIn9sSnTHNnwmetMzYNVhAR
FhG/vdsFgLHX6GJpmTARia1IGov0YzlItng5/5OSIJ9uAFaLDCX/zmnSpb/v0SPn
FRuAtgOlQPtiAVSexkbKeBDsMBECCd/rk9r4NbFeoGfFAVkateo0mCCwkW4k0kB3
z23pnUU1lh/9nXp7RQ==
-----END CERTIFICATE-----