Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/itJrIiDbZUHX0hMzNvHagOk0kkQ.roa
File:                     itJrIiDbZUHX0hMzNvHagOk0kkQ.roa (raw, json)
Hash identifier:          93vrSgc7l73uP0vt9qb0d56TAGfuxzEHnQxV4M3Vt/w=
Subject key identifier:   8A:D2:6B:22:20:DB:65:41:D7:D2:13:33:36:F1:DA:80:E9:34:92:44
Certificate issuer:       /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial:       019426D8E6876249B73E18B22C35B347747B
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/itJrIiDbZUHX0hMzNvHagOk0kkQ.roa
Signing time:             Thu 02 Jan 2025 11:48:56 +0000
ROA not before:           Thu 02 Jan 2025 11:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8220
IP address blocks:        153.96.140.0/24 maxlen: 24
                          153.96.141.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:e6:87:62:49:b7:3e:18:b2:2c:35:b3:47:74:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
        Validity
            Not Before: Jan  2 11:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ad26b2220db6541d7d2133336f1da80e9349244
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:9b:90:d0:f5:49:80:83:88:b2:e7:a3:bc:3a:
                    96:55:3d:dc:d5:39:e0:49:4e:d4:f8:2d:1f:84:e6:
                    94:ef:61:13:8b:38:21:2b:6c:ef:27:c9:0c:f5:fd:
                    b3:bb:95:94:91:67:68:eb:7b:1f:8b:65:c4:46:c8:
                    cf:05:1f:36:fb:9a:af:f4:0f:a3:4e:32:63:78:f2:
                    3b:15:1e:0c:3a:23:4c:35:b8:46:91:7a:ea:77:75:
                    53:28:40:72:88:c5:fc:2b:93:76:55:7e:c8:7c:42:
                    1a:ab:10:0c:39:2e:c3:6d:f6:76:3c:54:3d:13:94:
                    f4:10:c2:a0:84:d5:a4:15:5f:16:be:ad:b2:90:6f:
                    f9:8c:ca:c9:ae:3f:c5:82:7f:8d:e1:2c:1e:dc:3d:
                    97:72:b5:6c:83:ad:16:b0:c9:b5:0a:3d:5b:cd:20:
                    45:b5:7b:11:c9:53:07:93:21:16:a8:a4:d6:41:23:
                    a8:4a:92:ad:d5:23:b6:70:95:d2:e5:f4:29:61:e3:
                    7a:e9:27:a4:59:fc:fd:67:50:24:19:96:37:16:96:
                    cd:70:aa:3f:65:7b:5e:f7:96:d7:09:70:c3:bb:48:
                    3d:08:4a:24:01:0f:0d:0e:ca:24:73:76:13:39:c5:
                    85:9b:77:b0:77:e4:0d:37:05:d9:27:af:c0:74:57:
                    73:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:D2:6B:22:20:DB:65:41:D7:D2:13:33:36:F1:DA:80:E9:34:92:44
            X509v3 Authority Key Identifier:
                keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/itJrIiDbZUHX0hMzNvHagOk0kkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.96.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b1:44:46:d5:ea:ef:cd:dd:10:e8:f1:0f:f8:7f:c0:f4:ab:d7:
         3c:5b:29:05:80:e1:b4:38:ad:dc:da:a9:48:9f:4f:7b:ae:34:
         1c:a6:0a:5d:64:66:a8:24:13:06:ad:d3:8e:08:42:4e:45:31:
         d2:33:a3:38:23:ae:38:34:7a:02:7f:66:df:31:df:5f:72:6e:
         d8:4a:48:b4:b1:d3:7c:06:e3:46:8c:09:c5:64:63:3c:67:16:
         57:db:c3:3b:d7:97:86:41:fa:b9:65:b5:f8:dd:19:71:c2:ba:
         56:3a:8c:34:ff:2e:23:3f:0a:89:40:3d:62:e8:7d:dc:3d:0c:
         8b:79:ed:8e:be:19:ed:e8:4e:04:d1:3d:b7:38:26:48:22:d4:
         72:4f:a1:34:50:63:50:08:09:07:68:bc:af:14:46:d2:d9:59:
         5f:bb:36:3f:00:74:52:68:08:23:56:bd:2d:ee:2e:fc:22:dc:
         d7:d0:dc:cd:4f:0c:ae:29:13:02:72:21:3e:7a:15:0f:69:95:
         ca:ff:60:5a:97:ee:1c:e4:28:d9:f0:58:b2:55:1b:8b:3e:fb:
         7e:34:cc:82:4b:38:90:66:9d:df:b4:44:55:6e:25:9a:0c:7a:
         d0:63:0a:48:8a:8b:ca:e3:c2:0c:04:5b:ff:ca:78:fa:a5:1f:
         a5:49:e6:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2OaHYkm3PhiyLDWzR3R7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjUwMTAyMTE0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWQyNmIyMjIwZGI2NTQxZDdkMjEzMzMzNmYxZGE4MGU5MzQ5MjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA15uQ0PVJgIOIsuejvDqWVT3c1Tng
SU7U+C0fhOaU72ETizghK2zvJ8kM9f2zu5WUkWdo63sfi2XERsjPBR82+5qv9A+j
TjJjePI7FR4MOiNMNbhGkXrqd3VTKEByiMX8K5N2VX7IfEIaqxAMOS7DbfZ2PFQ9
E5T0EMKghNWkFV8Wvq2ykG/5jMrJrj/Fgn+N4Swe3D2XcrVsg60WsMm1Cj1bzSBF
tXsRyVMHkyEWqKTWQSOoSpKt1SO2cJXS5fQpYeN66SekWfz9Z1AkGZY3FpbNcKo/
ZXte95bXCXDDu0g9CEokAQ8NDsokc3YTOcWFm3ewd+QNNwXZJ6/AdFdzDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIrSayIg22VB19ITMzbx2oDpNJJEMB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEvaXRKcklpRGJaVUhYMGhNek52SGFnT2swa2tRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmWCMMA0G
CSqGSIb3DQEBCwUAA4IBAQCxREbV6u/N3RDo8Q/4f8D0q9c8WykFgOG0OK3c2qlI
n097rjQcpgpdZGaoJBMGrdOOCEJORTHSM6M4I644NHoCf2bfMd9fcm7YSki0sdN8
BuNGjAnFZGM8ZxZX28M715eGQfq5ZbX43RlxwrpWOow0/y4jPwqJQD1i6H3cPQyL
ee2Ovhnt6E4E0T23OCZIItRyT6E0UGNQCAkHaLyvFEbS2VlfuzY/AHRSaAgjVr0t
7i78ItzX0NzNTwyuKRMCciE+ehUPaZXK/2Bal+4c5CjZ8FiyVRuLPvt+NMyCSziQ
Zp3ftERVbiWaDHrQYwpIiovK48IMBFv/ynj6pR+lSeaD
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:42:13 2025 by rpki-client