Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/vDl9BnEZXFsnimAg7uO01gV6Jsg.roa
File:                     vDl9BnEZXFsnimAg7uO01gV6Jsg.roa (raw, json)
Hash identifier:          1pZd8ABKxogMuZNv4qn7ADMA8rOSRIjK9bvlE9ExHZM=
Subject key identifier:   BC:39:7D:06:71:19:5C:5B:27:8A:60:20:EE:E3:B4:D6:05:7A:26:C8
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       01942067BCEBD156BC9F9BE35572036BADE3
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/vDl9BnEZXFsnimAg7uO01gV6Jsg.roa
Signing time:             Wed 01 Jan 2025 05:47:36 +0000
ROA not before:           Wed 01 Jan 2025 05:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8300
IP address blocks:        193.5.20.0/23 maxlen: 23
                          193.5.30.0/24 maxlen: 24
                          193.5.158.0/23 maxlen: 24
                          193.134.248.0/23 maxlen: 23
                          194.209.74.0/24 maxlen: 24
                          212.243.101.0/24 maxlen: 24
                          2001:918:1ab::/48 maxlen: 48
                          2001:918:f00::/40 maxlen: 40
                          2001:918:ff70::/44 maxlen: 48
                          2001:918:ffb7::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:bc:eb:d1:56:bc:9f:9b:e3:55:72:03:6b:ad:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 05:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc397d0671195c5b278a6020eee3b4d6057a26c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:22:8a:f1:70:f8:88:78:dd:22:a0:b9:80:e5:
                    c4:aa:cc:f0:49:c7:32:e9:ac:24:bb:94:00:6f:35:
                    e8:3d:78:68:5e:f0:26:0f:4d:21:72:5b:a0:5a:0d:
                    0a:95:a7:1b:c7:09:01:f1:1a:6d:ae:66:b7:12:10:
                    c4:fa:9f:1c:18:7d:9b:4d:6c:67:50:1d:25:6c:c0:
                    fb:f4:3d:0b:79:ae:35:1b:d9:40:b7:74:53:8b:e9:
                    b4:d0:7d:9b:e3:ac:f2:65:9c:b7:97:b7:76:23:f8:
                    bb:95:c2:ba:2c:0f:af:08:57:37:6b:f6:c7:cd:be:
                    e3:6b:00:a2:04:a5:c4:ef:24:1d:01:26:bc:72:e8:
                    0a:d2:bd:d4:48:7d:5a:bd:6f:58:7a:8f:72:d2:58:
                    10:34:7a:bc:29:95:8a:84:0c:b8:40:30:1c:84:32:
                    bd:e1:60:15:d7:1c:3a:22:70:d9:ba:3a:95:4d:a3:
                    65:b8:b8:24:2c:b4:6c:47:1d:6e:ec:01:95:2c:70:
                    bb:87:36:97:78:dd:56:1d:87:a9:7c:72:e9:4e:2e:
                    69:23:c8:57:51:21:29:e4:32:4e:86:0c:ce:98:b2:
                    9a:76:dc:29:e7:70:cb:ce:55:a3:6e:ec:c0:65:6a:
                    c5:20:43:85:47:bc:a7:c6:3a:5e:b6:13:fa:f2:ab:
                    59:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:39:7D:06:71:19:5C:5B:27:8A:60:20:EE:E3:B4:D6:05:7A:26:C8
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/vDl9BnEZXFsnimAg7uO01gV6Jsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.20.0/23
                  193.5.30.0/24
                  193.5.158.0/23
                  193.134.248.0/23
                  194.209.74.0/24
                  212.243.101.0/24
                IPv6:
                  2001:918:1ab::/48
                  2001:918:f00::/40
                  2001:918:ff70::/44
                  2001:918:ffb7::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:8a:d0:b3:4a:26:f7:dd:d7:ba:d8:f0:b4:51:97:c3:b9:16:
         69:d1:68:cc:5e:b2:8e:2b:8b:62:f4:1d:e9:5e:2c:73:e9:24:
         dd:68:8a:45:a7:30:07:06:03:34:f5:64:f4:32:d9:0f:50:5c:
         c0:dd:77:f0:ad:12:67:f3:db:2e:b2:3f:be:ef:bf:88:c4:ab:
         fb:47:63:58:74:33:89:84:4f:29:32:ec:bb:bf:de:f4:11:cc:
         94:99:97:05:4d:2b:68:ec:2a:43:ad:16:ee:0a:cd:06:53:d5:
         48:01:fb:91:68:a5:b6:f7:08:31:f2:63:18:c2:b0:8c:14:70:
         03:76:1a:84:51:4c:19:5b:bc:54:e0:22:53:1a:dc:b7:d6:1e:
         d0:26:74:fe:cd:85:a9:ad:07:bb:3a:b0:65:49:bd:d4:b4:ad:
         09:5b:24:b2:67:20:15:e8:9a:2f:04:3a:ff:eb:84:1c:28:6f:
         a2:19:61:0f:bf:56:26:66:df:08:59:ed:96:91:10:84:14:53:
         46:6f:58:3e:3c:e2:e6:a7:ca:bb:bc:89:4a:d1:e8:1e:69:e1:
         51:f5:7c:50:00:59:38:43:c8:5c:45:7c:24:92:b8:9e:9b:bb:
         54:40:11:9e:75:5b:a0:5d:f2:99:e2:8b:93:50:87:bd:06:76:
         41:c8:54:7a
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAZQgZ7zr0Va8n5vjVXIDa63jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjUwMTAxMDU0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzM5N2QwNjcxMTk1YzViMjc4YTYwMjBlZWUzYjRkNjA1N2EyNmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviKK8XD4iHjdIqC5gOXEqszwSccy
6awku5QAbzXoPXhoXvAmD00hclugWg0KlacbxwkB8Rptrma3EhDE+p8cGH2bTWxn
UB0lbMD79D0Lea41G9lAt3RTi+m00H2b46zyZZy3l7d2I/i7lcK6LA+vCFc3a/bH
zb7jawCiBKXE7yQdASa8cugK0r3USH1avW9Yeo9y0lgQNHq8KZWKhAy4QDAchDK9
4WAV1xw6InDZujqVTaNluLgkLLRsRx1u7AGVLHC7hzaXeN1WHYepfHLpTi5pI8hX
USEp5DJOhgzOmLKadtwp53DLzlWjbuzAZWrFIEOFR7ynxjpethP68qtZ6wIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFLw5fQZxGVxbJ4pgIO7jtNYFeibIMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvdkRsOUJuRVpYRnNuaW1BZzd1TzAxZ1Y2SnNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzAqBAIAATAkAwQBwQUUAwQA
wQUeAwQBwQWeAwQBwYb4AwQAwtFKAwQA1PNlMCkEAgACMCMDBwAgAQkYAasDBgAg
AQkYDwMHBCABCRj/cAMHACABCRj/tzANBgkqhkiG9w0BAQsFAAOCAQEAqYrQs0om
993XutjwtFGXw7kWadFozF6yjiuLYvQd6V4sc+kk3WiKRacwBwYDNPVk9DLZD1Bc
wN138K0SZ/PbLrI/vu+/iMSr+0djWHQziYRPKTLsu7/e9BHMlJmXBU0raOwqQ60W
7grNBlPVSAH7kWiltvcIMfJjGMKwjBRwA3YahFFMGVu8VOAiUxrct9Ye0CZ0/s2F
qa0HuzqwZUm91LStCVsksmcgFeiaLwQ6/+uEHChvohlhD79WJmbfCFntlpEQhBRT
Rm9YPjzi5qfKu7yJStHoHmnhUfV8UABZOEPIXEV8JJK4npu7VEARnnVboF3ymeKL
k1CHvQZ2QchUeg==
-----END CERTIFICATE-----