Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/gLTw3SxVghFrqUXLXX9aVQWSJyY.roa
File:                     gLTw3SxVghFrqUXLXX9aVQWSJyY.roa (raw, json)
Hash identifier:          X6SiVIHlGA+Slf3SaSpTUzg9Mrw9ENcILtCCgSUB+W0=
Subject key identifier:   80:B4:F0:DD:2C:55:82:11:6B:A9:45:CB:5D:7F:5A:55:05:92:27:26
Certificate issuer:       /CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
Certificate serial:       01942067EA1DC5691F5CF21D316C8640F8AF
Authority key identifier: 91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/gLTw3SxVghFrqUXLXX9aVQWSJyY.roa
Signing time:             Wed 01 Jan 2025 05:47:48 +0000
ROA not before:           Wed 01 Jan 2025 05:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44592
IP address blocks:        45.142.180.0/24 maxlen: 24
                          45.142.181.0/24 maxlen: 24
                          45.142.182.0/24 maxlen: 24
                          45.142.183.0/24 maxlen: 24
                          45.153.32.0/24 maxlen: 24
                          45.153.34.0/24 maxlen: 24
                          45.153.35.0/24 maxlen: 24
                          92.246.84.0/24 maxlen: 24
                          92.246.85.0/24 maxlen: 24
                          92.246.86.0/24 maxlen: 24
                          146.19.169.0/24 maxlen: 24
                          195.62.46.0/24 maxlen: 24
                          2a0d:c2c0::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:ea:1d:c5:69:1f:5c:f2:1d:31:6c:86:40:f8:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
        Validity
            Not Before: Jan  1 05:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80b4f0dd2c5582116ba945cb5d7f5a5505922726
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:28:4d:18:41:5e:d3:a1:0c:50:b8:68:4e:8c:
                    eb:29:d3:06:fa:ad:f9:47:f2:c0:e0:d1:44:6c:bf:
                    36:d2:a9:30:6b:24:1f:8f:b0:a5:5e:97:fc:71:43:
                    4b:e4:3b:6e:46:37:0f:dd:ae:e1:fe:eb:84:fc:0a:
                    3b:b7:21:17:46:7a:14:36:93:1f:80:dc:05:98:84:
                    03:ac:4c:a4:90:5f:09:0e:8b:a9:a4:c6:2d:98:da:
                    ea:39:a5:6c:7d:32:66:73:ff:5f:2d:8b:fc:43:d6:
                    39:c9:6d:c5:46:60:60:7c:0b:32:ab:6b:c7:2f:cf:
                    95:c0:7d:1a:fe:97:ee:7c:20:7b:0a:01:a8:b1:6a:
                    8a:2d:90:09:d4:29:b6:59:61:61:3b:a6:b4:96:59:
                    42:23:e8:0c:5f:93:58:62:83:8e:60:d6:39:f8:7a:
                    66:fb:c6:a8:48:d0:25:17:9c:2d:c1:21:59:b5:b2:
                    9e:67:49:c9:f8:7d:72:fc:b2:99:cf:70:3c:83:44:
                    59:5e:96:ae:83:2b:4e:6e:fb:b8:7c:52:15:ac:4f:
                    e3:69:43:c1:03:6e:e7:c6:65:ef:4c:5c:6d:4b:55:
                    df:ca:09:6b:fa:dc:8a:ff:ec:56:e9:eb:b6:cf:b4:
                    83:a2:2b:8c:5b:26:bd:c5:1e:a1:e6:19:7c:4b:16:
                    55:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:B4:F0:DD:2C:55:82:11:6B:A9:45:CB:5D:7F:5A:55:05:92:27:26
            X509v3 Authority Key Identifier:
                keyid:91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/gLTw3SxVghFrqUXLXX9aVQWSJyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.180.0/22
                  45.153.32.0/24
                  45.153.34.0/23
                  92.246.84.0-92.246.86.255
                  146.19.169.0/24
                  195.62.46.0/24
                IPv6:
                  2a0d:c2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b1:40:c5:11:74:ac:21:77:d9:23:b3:54:0d:b6:65:c5:f9:86:
         10:1e:fa:43:2f:c3:34:5a:3e:11:1f:70:de:b1:25:d4:fb:19:
         64:32:11:58:d2:d4:5f:69:81:b7:15:15:b5:c0:b0:a2:99:c1:
         5a:f8:3e:f2:05:15:2d:3f:03:5e:42:17:09:78:3d:a7:5d:3a:
         5e:3b:5c:72:50:12:1d:24:d7:42:5c:69:5d:db:8d:97:e5:9c:
         a6:c9:c2:6d:5e:16:7d:38:cc:55:28:d2:00:54:cd:53:11:d4:
         ac:7c:4f:2a:b7:f8:a3:30:e4:42:95:23:67:9e:c3:db:08:25:
         5a:e8:35:fe:ff:f7:c1:c7:02:23:e2:c3:e7:b1:a4:ff:e3:20:
         24:84:1a:73:71:0e:db:bc:40:ca:fc:da:e3:52:7c:12:6e:42:
         f8:aa:4e:d9:3c:a8:a5:e6:70:2f:4c:96:ff:3a:15:6f:85:f9:
         c5:a7:bf:35:a9:27:e8:6c:60:20:10:f5:4e:6e:a7:74:0e:6e:
         a1:6a:0b:2f:e2:0c:00:04:8c:23:d5:29:89:d1:50:a2:04:03:
         68:c7:f5:6a:08:37:77:37:d4:36:b0:bb:51:3b:4d:31:51:07:
         88:3d:90:c3:fc:19:1c:63:39:d1:22:4d:5f:b5:e4:ed:a9:1c:
         25:e2:dd:bc
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZQgZ+odxWkfXPIdMWyGQPivMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDBjNzhjMzA5YTNlOTlkYzlhYjc0ZjJjZGMwNDg0ODU5
ZTc1MzAwHhcNMjUwMTAxMDU0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGI0ZjBkZDJjNTU4MjExNmJhOTQ1Y2I1ZDdmNWE1NTA1OTIyNzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtChNGEFe06EMULhoTozrKdMG+q35
R/LA4NFEbL820qkwayQfj7ClXpf8cUNL5DtuRjcP3a7h/uuE/Ao7tyEXRnoUNpMf
gNwFmIQDrEykkF8JDouppMYtmNrqOaVsfTJmc/9fLYv8Q9Y5yW3FRmBgfAsyq2vH
L8+VwH0a/pfufCB7CgGosWqKLZAJ1Cm2WWFhO6a0lllCI+gMX5NYYoOOYNY5+Hpm
+8aoSNAlF5wtwSFZtbKeZ0nJ+H1y/LKZz3A8g0RZXpaugytObvu4fFIVrE/jaUPB
A27nxmXvTFxtS1Xfyglr+tyK/+xW6eu2z7SDoiuMWya9xR6h5hl8SxZVRwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFIC08N0sVYIRa6lFy11/WlUFkicmMB8GA1UdIwQY
MBaAFJHQx4wwmj6Z3Jq3TyzcBISFnnUwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEt
NDg1MmM4ZmY4YWYyLzEvZ0xUdzNTeFZnaEZycVVYTFhYOWFWUVdTSnlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEtNDg1MmM4ZmY4YWYy
LzEva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwQCLY60AwQA
LZkgAwQBLZkiMAwDBAJc9lQDBABc9lYDBACSE6kDBADDPi4wDQQCAAIwBwMFAyoN
wsAwDQYJKoZIhvcNAQELBQADggEBALFAxRF0rCF32SOzVA22ZcX5hhAe+kMvwzRa
PhEfcN6xJdT7GWQyEVjS1F9pgbcVFbXAsKKZwVr4PvIFFS0/A15CFwl4PaddOl47
XHJQEh0k10JcaV3bjZflnKbJwm1eFn04zFUo0gBUzVMR1Kx8Tyq3+KMw5EKVI2ee
w9sIJVroNf7/98HHAiPiw+expP/jICSEGnNxDtu8QMr82uNSfBJuQviqTtk8qKXm
cC9Mlv86FW+F+cWnvzWpJ+hsYCAQ9U5up3QObqFqCy/iDAAEjCPVKYnRUKIEA2jH
9WoIN3c31Dawu1E7TTFRB4g9kMP8GRxjOdEiTV+15O2pHCXi3bw=
-----END CERTIFICATE-----