Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/U-DG8bjc7vZvCLchX0xP_QVQ45A.roa
File:                     U-DG8bjc7vZvCLchX0xP_QVQ45A.roa (raw, json)
Hash identifier:          pIR210sN/CfHCn0ih2QiKGMGhX2pid3k8E2u9f2SM6A=
Subject key identifier:   53:E0:C6:F1:B8:DC:EE:F6:6F:08:B7:21:5F:4C:4F:FD:05:50:E3:90
Certificate issuer:       /CN=98c1d03b49504d34465dc40a3d0f9086cacfdb8e
Certificate serial:       01928AF2806240239C23F55DEB3D1B268BFC
Authority key identifier: 98:C1:D0:3B:49:50:4D:34:46:5D:C4:0A:3D:0F:90:86:CA:CF:DB:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/U-DG8bjc7vZvCLchX0xP_QVQ45A.roa
Signing time:             Mon 14 Oct 2024 12:13:21 +0000
ROA not before:           Mon 14 Oct 2024 12:13:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56655
IP address blocks:        45.88.200.0/24 maxlen: 24
                          45.88.201.0/24 maxlen: 24
                          185.14.97.0/24 maxlen: 24
                          185.125.168.0/22 maxlen: 22
                          185.181.60.0/22 maxlen: 22
                          185.243.216.0/24 maxlen: 24
                          185.243.217.0/24 maxlen: 24
                          185.243.218.0/24 maxlen: 24
                          193.243.189.0/24 maxlen: 24
                          194.32.107.0/24 maxlen: 24
                          195.16.73.0/24 maxlen: 24
                          2a03:94e0::/32 maxlen: 32
                          2a03:94e1::/32 maxlen: 32
                          2a03:94e2::/32 maxlen: 32
                          2a03:94e3::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8a:f2:80:62:40:23:9c:23:f5:5d:eb:3d:1b:26:8b:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98c1d03b49504d34465dc40a3d0f9086cacfdb8e
        Validity
            Not Before: Oct 14 12:13:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53e0c6f1b8dceef66f08b7215f4c4ffd0550e390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f7:02:57:5f:e3:25:59:46:0f:0e:0f:7e:6d:
                    7a:6c:05:c2:09:d3:f2:c1:ea:ee:26:32:14:9b:9d:
                    01:58:88:da:3a:04:5a:c3:f6:8d:1d:38:dd:c6:24:
                    ec:46:13:6a:f8:62:16:be:ed:b5:68:53:5c:81:6d:
                    1e:a7:8a:a0:51:48:b5:78:42:f2:65:c3:77:cd:c1:
                    2c:56:31:f0:92:a7:c3:7a:db:cc:7a:80:15:15:fd:
                    f2:a3:ca:9f:9e:9c:a1:b2:a2:e3:36:f4:5f:6d:37:
                    7c:7e:64:75:15:50:87:f8:67:a1:04:c0:b4:0f:d7:
                    83:4a:6d:90:c1:16:e5:0f:8c:d5:36:57:75:ed:2e:
                    26:c7:b9:0f:91:e3:ea:cf:b1:09:33:e0:0c:7f:d4:
                    c4:10:16:45:bf:60:94:89:c1:2c:da:3b:7b:44:8c:
                    a4:20:16:6f:35:6e:cf:e0:04:9d:d6:63:a6:d3:52:
                    09:5d:f2:47:1f:66:ad:dc:ba:e3:df:7d:ed:0d:f6:
                    a2:57:ae:a2:0d:c5:4c:c0:6b:09:ab:65:1c:f6:bf:
                    94:25:48:65:14:6b:06:1f:e6:2e:8e:b6:ff:e3:49:
                    68:c0:e4:20:a4:0b:30:ab:89:9c:ea:3c:f3:9d:82:
                    18:0d:e8:dd:4c:74:3f:f2:2d:b6:56:6e:19:b2:31:
                    51:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:E0:C6:F1:B8:DC:EE:F6:6F:08:B7:21:5F:4C:4F:FD:05:50:E3:90
            X509v3 Authority Key Identifier:
                keyid:98:C1:D0:3B:49:50:4D:34:46:5D:C4:0A:3D:0F:90:86:CA:CF:DB:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/U-DG8bjc7vZvCLchX0xP_QVQ45A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/mMHQO0lQTTRGXcQKPQ-QhsrP244.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.200.0/23
                  185.14.97.0/24
                  185.125.168.0/22
                  185.181.60.0/22
                  185.243.216.0-185.243.218.255
                  193.243.189.0/24
                  194.32.107.0/24
                  195.16.73.0/24
                IPv6:
                  2a03:94e0::/30

    Signature Algorithm: sha256WithRSAEncryption
         3b:b5:8c:c3:4c:8e:66:01:60:5f:b8:41:49:ce:28:e2:f1:9b:
         e6:65:07:7b:d6:cf:49:81:8a:f7:a5:8c:17:78:e8:ee:c6:ac:
         e8:6f:ba:f2:a9:fb:3c:03:e6:5e:f1:1f:24:72:ed:a5:24:76:
         f6:60:b4:36:b0:fd:a5:5a:89:74:d4:78:30:2a:97:d3:f6:bd:
         2c:6d:a7:4c:29:40:e6:82:89:cc:ab:32:a0:42:ac:b0:f9:01:
         1f:df:b2:22:0f:b9:05:43:61:c6:c0:03:8c:a9:12:2e:a3:0f:
         e7:52:c4:5a:fa:40:ba:e8:ff:1a:4a:62:f8:ba:19:ab:92:ef:
         f2:c2:3c:a0:0e:c7:f3:1f:2d:a8:73:6c:eb:a1:77:1a:b4:15:
         a0:eb:74:cb:36:6a:6d:1f:28:d5:98:07:e1:46:ec:f7:4f:b8:
         3d:ae:e6:fc:3f:5c:a4:83:59:1a:aa:0a:6e:eb:a1:0e:aa:f5:
         a1:ee:18:3f:86:30:7f:e7:25:27:16:0f:73:b4:bc:60:df:7f:
         53:83:2c:52:f9:4b:a8:8c:a2:6e:cd:28:b7:68:45:d5:0e:b4:
         b5:e7:ac:ba:ec:82:d0:69:d9:0e:82:bf:37:6f:56:e1:07:54:
         a4:8e:96:06:03:27:ad:63:02:cd:3d:ae:8b:87:ac:eb:2f:dc:
         0b:16:20:86
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZKK8oBiQCOcI/Vd6z0bJov8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4YzFkMDNiNDk1MDRkMzQ0NjVkYzQwYTNkMGY5MDg2Y2Fj
ZmRiOGUwHhcNMjQxMDE0MTIxMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2UwYzZmMWI4ZGNlZWY2NmYwOGI3MjE1ZjRjNGZmZDA1NTBlMzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvcCV1/jJVlGDw4Pfm16bAXCCdPy
weruJjIUm50BWIjaOgRaw/aNHTjdxiTsRhNq+GIWvu21aFNcgW0ep4qgUUi1eELy
ZcN3zcEsVjHwkqfDetvMeoAVFf3yo8qfnpyhsqLjNvRfbTd8fmR1FVCH+GehBMC0
D9eDSm2QwRblD4zVNld17S4mx7kPkePqz7EJM+AMf9TEEBZFv2CUicEs2jt7RIyk
IBZvNW7P4ASd1mOm01IJXfJHH2at3Lrj333tDfaiV66iDcVMwGsJq2Uc9r+UJUhl
FGsGH+Yujrb/40lowOQgpAswq4mc6jzznYIYDejdTHQ/8i22Vm4ZsjFR5QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFPgxvG43O72bwi3IV9MT/0FUOOQMB8GA1UdIwQY
MBaAFJjB0DtJUE00Rl3ECj0PkIbKz9uOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU1IUU8wbFFUVFJHWGNRS1BRLVFoc3JQMjQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kNmMyNTctZjUwMS00Nzk2LWFhNjEt
YzMxYmRlNTEwMDg1LzEvVS1ERzhiamM3dlp2Q0xjaFgweFBfUVZRNDVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kNmMyNTctZjUwMS00Nzk2LWFhNjEtYzMxYmRlNTEwMDg1
LzEvbU1IUU8wbFFUVFJHWGNRS1BRLVFoc3JQMjQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwQBLVjIAwQA
uQ5hAwQCuX2oAwQCubU8MAwDBAO589gDBAC589oDBADB870DBADCIGsDBADDEEkw
DQQCAAIwBwMFAioDlOAwDQYJKoZIhvcNAQELBQADggEBADu1jMNMjmYBYF+4QUnO
KOLxm+ZlB3vWz0mBiveljBd46O7GrOhvuvKp+zwD5l7xHyRy7aUkdvZgtDaw/aVa
iXTUeDAql9P2vSxtp0wpQOaCicyrMqBCrLD5AR/fsiIPuQVDYcbAA4ypEi6jD+dS
xFr6QLro/xpKYvi6GauS7/LCPKAOx/MfLahzbOuhdxq0FaDrdMs2am0fKNWYB+FG
7PdPuD2u5vw/XKSDWRqqCm7roQ6q9aHuGD+GMH/nJScWD3O0vGDff1ODLFL5S6iM
om7NKLdoRdUOtLXnrLrsgtBp2Q6CvzdvVuEHVKSOlgYDJ61jAs09rouHrOsv3AsW
IIY=
-----END CERTIFICATE-----