Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f2b87b-95e9-4cf8-abeb-6dfbba4edd59/1/erD0_om35A6G_uqyp6XGZDGLdVI.roa
File:                     erD0_om35A6G_uqyp6XGZDGLdVI.roa (raw, json)
Hash identifier:          saEDfeKCqtK6Zf8P00Hi6vY1lHaYntZiHK+rvPRIHjc=
Subject key identifier:   7A:B0:F4:FE:89:B7:E4:0E:86:FE:EA:B2:A7:A5:C6:64:31:8B:75:52
Certificate issuer:       /CN=678cebf7eec3d5e0121e401170ce01ff3888d4ec
Certificate serial:       01941F8C1148628420B533A43E80F87E3D7A
Authority key identifier: 67:8C:EB:F7:EE:C3:D5:E0:12:1E:40:11:70:CE:01:FF:38:88:D4:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z4zr9-7D1eASHkARcM4B_ziI1Ow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f2b87b-95e9-4cf8-abeb-6dfbba4edd59/1/erD0_om35A6G_uqyp6XGZDGLdVI.roa
Signing time:             Wed 01 Jan 2025 01:47:40 +0000
ROA not before:           Wed 01 Jan 2025 01:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43588
IP address blocks:        31.131.0.0/22 maxlen: 22
                          31.131.1.0/24 maxlen: 24
                          31.131.2.0/24 maxlen: 24
                          31.131.3.0/24 maxlen: 24
                          31.131.4.0/23 maxlen: 23
                          31.131.4.0/24 maxlen: 24
                          31.131.5.0/24 maxlen: 24
                          31.131.6.0/24 maxlen: 24
                          31.131.7.0/24 maxlen: 24
                          91.216.47.0/24 maxlen: 24
                          91.228.108.0/22 maxlen: 22
                          91.228.108.0/24 maxlen: 24
                          91.228.110.0/24 maxlen: 24
                          91.228.111.0/24 maxlen: 24
                          2a0a:6480::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:11:48:62:84:20:b5:33:a4:3e:80:f8:7e:3d:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=678cebf7eec3d5e0121e401170ce01ff3888d4ec
        Validity
            Not Before: Jan  1 01:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ab0f4fe89b7e40e86feeab2a7a5c664318b7552
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:e6:37:fa:60:0c:9a:c4:ee:1a:18:6b:3e:49:
                    2c:d5:e3:28:3d:7d:c5:bd:6f:ba:e9:6f:13:94:6d:
                    3b:49:26:c6:e4:19:51:a8:37:07:15:77:70:71:b3:
                    70:2f:0e:8e:f3:c8:b1:02:b5:a1:d7:25:99:e1:e1:
                    34:b9:98:d1:65:e7:84:4c:83:37:61:3b:6e:7d:78:
                    63:98:bc:6f:17:d1:c2:14:bf:bb:39:e2:5e:d2:70:
                    df:40:24:e8:76:96:27:e7:63:fa:a6:d2:12:7b:67:
                    0f:1f:c0:93:fd:de:56:d8:19:f4:7a:76:37:0a:4c:
                    da:da:53:2f:b9:9f:39:d5:bf:d5:04:a0:6a:66:b6:
                    10:77:1d:02:3d:24:c8:16:67:3a:32:f1:a2:ca:88:
                    8a:e5:55:d6:e0:34:8a:e7:52:89:3a:52:01:7c:97:
                    ab:4b:2b:36:48:77:95:b7:77:59:14:e8:c2:ce:47:
                    42:e8:11:86:78:43:0b:ae:93:eb:49:80:29:9e:74:
                    8a:b8:c2:5f:b3:93:99:69:22:d6:43:16:0d:e7:47:
                    d2:74:0d:0c:8c:76:79:70:37:b4:46:37:2f:20:81:
                    7f:9f:4b:e8:bd:ba:5d:e3:48:c1:ec:86:65:6e:c4:
                    42:6d:7d:d8:9c:29:38:ac:7a:cd:e0:9b:74:9e:d6:
                    bc:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:B0:F4:FE:89:B7:E4:0E:86:FE:EA:B2:A7:A5:C6:64:31:8B:75:52
            X509v3 Authority Key Identifier:
                keyid:67:8C:EB:F7:EE:C3:D5:E0:12:1E:40:11:70:CE:01:FF:38:88:D4:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z4zr9-7D1eASHkARcM4B_ziI1Ow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f2b87b-95e9-4cf8-abeb-6dfbba4edd59/1/erD0_om35A6G_uqyp6XGZDGLdVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f2b87b-95e9-4cf8-abeb-6dfbba4edd59/1/Z4zr9-7D1eASHkARcM4B_ziI1Ow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.131.0.0/21
                  91.216.47.0/24
                  91.228.108.0/22
                IPv6:
                  2a0a:6480::/29

    Signature Algorithm: sha256WithRSAEncryption
         9c:9a:66:af:69:e9:a3:ff:64:ec:f5:c1:f9:1d:70:d0:64:37:
         d4:19:9e:5f:00:93:57:6b:ab:12:f1:39:ee:2f:7b:77:69:3a:
         3f:0e:b3:b0:89:02:1a:14:4d:03:6a:0e:ae:b2:0e:84:3c:7d:
         3e:c5:55:c0:09:c2:fe:68:7c:bc:33:84:05:28:33:37:4e:46:
         2c:08:9f:0f:01:ab:4c:8e:8d:bb:0f:1d:6d:7c:00:72:8f:5f:
         4e:f3:a5:c4:1e:25:b8:be:8b:02:50:2d:ea:e0:5a:04:3c:35:
         36:2f:b0:12:48:18:79:fa:ba:0f:45:41:7a:75:55:6d:ee:62:
         a5:4b:e0:9b:14:3c:59:b5:dd:50:8b:f5:6e:30:e3:a0:f0:d5:
         80:54:d9:b0:95:11:d4:c5:99:02:7a:d1:b1:8d:da:b8:7c:04:
         9b:3b:a6:3c:fe:a4:c3:59:a8:08:20:2f:20:3d:47:06:a2:30:
         37:84:30:a0:6c:b8:fa:c9:d5:40:5d:52:e1:32:5b:48:a1:53:
         09:b8:75:c8:a9:5f:e5:93:d7:33:97:bf:9d:8e:97:f3:56:85:
         f5:3c:02:e4:25:17:38:6b:06:43:2e:ce:09:e5:7c:be:b2:9b:
         4f:21:82:52:b1:f6:6e:7a:01:84:eb:ec:54:a9:90:6a:c0:7c:
         d2:55:33:a6
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQfjBFIYoQgtTOkPoD4fj16MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OGNlYmY3ZWVjM2Q1ZTAxMjFlNDAxMTcwY2UwMWZmMzg4
OGQ0ZWMwHhcNMjUwMTAxMDE0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWIwZjRmZTg5YjdlNDBlODZmZWVhYjJhN2E1YzY2NDMxOGI3NTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjuY3+mAMmsTuGhhrPkks1eMoPX3F
vW+66W8TlG07SSbG5BlRqDcHFXdwcbNwLw6O88ixArWh1yWZ4eE0uZjRZeeETIM3
YTtufXhjmLxvF9HCFL+7OeJe0nDfQCTodpYn52P6ptISe2cPH8CT/d5W2Bn0enY3
Ckza2lMvuZ851b/VBKBqZrYQdx0CPSTIFmc6MvGiyoiK5VXW4DSK51KJOlIBfJer
Sys2SHeVt3dZFOjCzkdC6BGGeEMLrpPrSYApnnSKuMJfs5OZaSLWQxYN50fSdA0M
jHZ5cDe0RjcvIIF/n0vovbpd40jB7IZlbsRCbX3YnCk4rHrN4Jt0nta8GwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFHqw9P6Jt+QOhv7qsqelxmQxi3VSMB8GA1UdIwQY
MBaAFGeM6/fuw9XgEh5AEXDOAf84iNTsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjR6cjktN0QxZUFTSGtBUmNNNEJfemlJMU93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mMmI4N2ItOTVlOS00Y2Y4LWFiZWIt
NmRmYmJhNGVkZDU5LzEvZXJEMF9vbTM1QTZHX3VxeXA2WEdaREdMZFZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mMmI4N2ItOTVlOS00Y2Y4LWFiZWItNmRmYmJhNGVkZDU5
LzEvWjR6cjktN0QxZUFTSGtBUmNNNEJfemlJMU93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDH4MAAwQA
W9gvAwQCW+RsMA0EAgACMAcDBQMqCmSAMA0GCSqGSIb3DQEBCwUAA4IBAQCcmmav
aemj/2Ts9cH5HXDQZDfUGZ5fAJNXa6sS8TnuL3t3aTo/DrOwiQIaFE0Dag6usg6E
PH0+xVXACcL+aHy8M4QFKDM3TkYsCJ8PAatMjo27Dx1tfAByj19O86XEHiW4vosC
UC3q4FoEPDU2L7ASSBh5+roPRUF6dVVt7mKlS+CbFDxZtd1Qi/VuMOOg8NWAVNmw
lRHUxZkCetGxjdq4fASbO6Y8/qTDWagIIC8gPUcGojA3hDCgbLj6ydVAXVLhMltI
oVMJuHXIqV/lk9czl7+djpfzVoX1PALkJRc4awZDLs4J5Xy+sptPIYJSsfZuegGE
6+xUqZBqwHzSVTOm
-----END CERTIFICATE-----