Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/48c9f6-5b5f-41d4-8e56-08e4b79387c0/1/IJqJkkG32juZ9JC_-n807ugagLE.roa
File:                     IJqJkkG32juZ9JC_-n807ugagLE.roa (raw, json)
Hash identifier:          a5ckR7gAH5+zi6QRTimZRXE/Wgs09xk/gP8A83O6nQM=
Subject key identifier:   20:9A:89:92:41:B7:DA:3B:99:F4:90:BF:FA:7F:34:EE:E8:1A:80:B1
Certificate issuer:       /CN=4ee1713e16b4fd8f3301887de6a111980449b29e
Certificate serial:       019424B3BC5B665FBC2004BD2B2A59EAEC98
Authority key identifier: 4E:E1:71:3E:16:B4:FD:8F:33:01:88:7D:E6:A1:11:98:04:49:B2:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TuFxPha0_Y8zAYh95qERmARJsp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/48c9f6-5b5f-41d4-8e56-08e4b79387c0/1/IJqJkkG32juZ9JC_-n807ugagLE.roa
Signing time:             Thu 02 Jan 2025 01:49:06 +0000
ROA not before:           Thu 02 Jan 2025 01:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196903
IP address blocks:        109.207.48.0/20 maxlen: 20
                          109.207.48.0/24 maxlen: 24
                          109.207.49.0/24 maxlen: 24
                          109.207.50.0/24 maxlen: 24
                          109.207.51.0/24 maxlen: 24
                          109.207.52.0/24 maxlen: 24
                          109.207.53.0/24 maxlen: 24
                          109.207.54.0/24 maxlen: 24
                          109.207.55.0/24 maxlen: 24
                          109.207.56.0/24 maxlen: 24
                          109.207.57.0/24 maxlen: 24
                          109.207.58.0/24 maxlen: 24
                          109.207.59.0/24 maxlen: 24
                          109.207.60.0/24 maxlen: 24
                          109.207.61.0/24 maxlen: 24
                          109.207.62.0/24 maxlen: 24
                          109.207.63.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:bc:5b:66:5f:bc:20:04:bd:2b:2a:59:ea:ec:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ee1713e16b4fd8f3301887de6a111980449b29e
        Validity
            Not Before: Jan  2 01:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=209a899241b7da3b99f490bffa7f34eee81a80b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:6e:2d:8d:6d:dd:a3:a8:39:00:96:ec:51:51:
                    20:49:c1:00:37:bd:d2:63:a8:12:aa:05:5f:17:a8:
                    4b:11:07:b3:df:77:2d:a5:8c:19:ce:aa:d7:72:8f:
                    06:cb:72:6a:e2:06:fb:2a:c5:15:f3:49:cc:f8:ce:
                    67:6e:b8:a9:16:7c:51:e1:c2:54:23:53:8f:c9:8e:
                    bb:fa:6c:c3:b6:b4:4f:21:f8:2d:50:8f:79:96:fc:
                    5a:67:58:ac:ad:dd:0e:bc:08:78:f0:0c:16:7c:31:
                    5d:91:bd:0e:dc:97:0b:5b:c3:89:b5:13:e4:c3:66:
                    e9:d6:88:de:45:62:3f:d7:d8:da:35:f5:7e:8d:78:
                    bb:b2:7c:82:7a:d4:79:77:c1:db:d2:df:d0:4e:ab:
                    fa:f0:c8:fa:e6:1a:da:a9:c6:9d:60:fe:8e:67:5f:
                    54:12:e3:f8:d4:5b:33:57:7b:78:a6:e1:c4:d4:07:
                    b2:e1:77:ce:dc:d2:50:61:4a:d8:a4:e2:c4:29:3b:
                    88:0b:d1:cd:e4:ae:8d:82:8a:68:e3:dc:53:7a:24:
                    25:c0:b5:9f:f3:f3:3d:5d:e3:4d:fc:d9:32:c3:3d:
                    69:68:a1:b5:ec:ea:7f:a8:0a:54:54:89:20:c4:f0:
                    3e:e0:91:0c:19:5e:31:a3:f6:d5:0f:72:73:74:5f:
                    13:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:9A:89:92:41:B7:DA:3B:99:F4:90:BF:FA:7F:34:EE:E8:1A:80:B1
            X509v3 Authority Key Identifier:
                keyid:4E:E1:71:3E:16:B4:FD:8F:33:01:88:7D:E6:A1:11:98:04:49:B2:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TuFxPha0_Y8zAYh95qERmARJsp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/48c9f6-5b5f-41d4-8e56-08e4b79387c0/1/IJqJkkG32juZ9JC_-n807ugagLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/48c9f6-5b5f-41d4-8e56-08e4b79387c0/1/TuFxPha0_Y8zAYh95qERmARJsp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.207.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b4:92:cc:de:f7:a0:ee:c2:3b:aa:3b:b4:63:e7:9c:a7:71:d4:
         f2:13:ac:69:9b:ff:74:58:9d:ca:a4:1c:7c:d1:30:11:f7:b7:
         5f:97:c8:75:e9:3f:3e:3d:bd:e0:76:11:c4:2b:06:96:83:5f:
         e8:57:15:78:a5:d5:7f:9e:4f:a3:27:c4:57:1d:e8:68:4e:18:
         e6:a4:f5:24:de:92:cb:1e:6d:a6:68:d7:54:0e:5a:b0:d7:a1:
         d8:9a:72:1c:4e:e1:d6:09:f4:a1:c6:2d:69:19:b0:bc:0b:ef:
         74:56:e3:1b:82:36:17:c8:05:c8:8b:59:4c:f9:fa:f2:31:37:
         14:b6:8c:1c:80:33:72:a0:3b:01:c9:79:ed:0a:08:76:4e:b1:
         4d:4f:ae:7b:a9:71:01:62:26:54:78:cf:7c:7b:db:33:ff:84:
         55:43:ef:da:d7:d1:af:a4:59:37:c9:c6:51:5a:ea:8f:97:f4:
         2d:46:6d:7c:bf:ad:05:4d:19:6a:a9:66:3a:cb:a6:76:1c:eb:
         f4:30:9c:00:49:ac:a1:b7:ab:2b:39:5c:23:35:f6:8a:06:10:
         ac:da:cf:1b:46:2d:45:27:0e:ab:66:19:be:34:0d:9f:cb:65:
         4b:db:fc:9c:56:6a:6e:0b:6b:37:09:3d:25:b4:a8:69:ed:94:
         79:a0:c7:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks7xbZl+8IAS9KypZ6uyYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZTE3MTNlMTZiNGZkOGYzMzAxODg3ZGU2YTExMTk4MDQ0
OWIyOWUwHhcNMjUwMTAyMDE0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDlhODk5MjQxYjdkYTNiOTlmNDkwYmZmYTdmMzRlZWU4MWE4MGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkW4tjW3do6g5AJbsUVEgScEAN73S
Y6gSqgVfF6hLEQez33ctpYwZzqrXco8Gy3Jq4gb7KsUV80nM+M5nbripFnxR4cJU
I1OPyY67+mzDtrRPIfgtUI95lvxaZ1isrd0OvAh48AwWfDFdkb0O3JcLW8OJtRPk
w2bp1ojeRWI/19jaNfV+jXi7snyCetR5d8Hb0t/QTqv68Mj65hraqcadYP6OZ19U
EuP41FszV3t4puHE1Aey4XfO3NJQYUrYpOLEKTuIC9HN5K6Ngopo49xTeiQlwLWf
8/M9XeNN/Nkywz1paKG17Op/qApUVIkgxPA+4JEMGV4xo/bVD3JzdF8TnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCCaiZJBt9o7mfSQv/p/NO7oGoCxMB8GA1UdIwQY
MBaAFE7hcT4WtP2PMwGIfeahEZgESbKeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHVGeFBoYTBfWTh6QVloOTVxRVJtQVJKc3A0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC80OGM5ZjYtNWI1Zi00MWQ0LThlNTYt
MDhlNGI3OTM4N2MwLzEvSUpxSmtrRzMyanVaOUpDXy1uODA3dWdhZ0xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC80OGM5ZjYtNWI1Zi00MWQ0LThlNTYtMDhlNGI3OTM4N2Mw
LzEvVHVGeFBoYTBfWTh6QVloOTVxRVJtQVJKc3A0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEbc8wMA0G
CSqGSIb3DQEBCwUAA4IBAQC0ksze96DuwjuqO7Rj55yncdTyE6xpm/90WJ3KpBx8
0TAR97dfl8h16T8+Pb3gdhHEKwaWg1/oVxV4pdV/nk+jJ8RXHehoThjmpPUk3pLL
Hm2maNdUDlqw16HYmnIcTuHWCfShxi1pGbC8C+90VuMbgjYXyAXIi1lM+fryMTcU
towcgDNyoDsByXntCgh2TrFNT657qXEBYiZUeM98e9sz/4RVQ+/a19GvpFk3ycZR
WuqPl/QtRm18v60FTRlqqWY6y6Z2HOv0MJwASayht6srOVwjNfaKBhCs2s8bRi1F
Jw6rZhm+NA2fy2VL2/ycVmpuC2s3CT0ltKhp7ZR5oMdV
-----END CERTIFICATE-----