Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/KuWol2VkJoh5wffJ2DQN16wuwa0.roa
File:                     KuWol2VkJoh5wffJ2DQN16wuwa0.roa (raw, json)
Hash identifier:          /c+Kx/C44/rk9GyoYclvzsvsJu1EYiUyNOEOapiVgW8=
Subject key identifier:   2A:E5:A8:97:65:64:26:88:79:C1:F7:C9:D8:34:0D:D7:AC:2E:C1:AD
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018918110C91F3B3279FC2E463C675501819
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/KuWol2VkJoh5wffJ2DQN16wuwa0.roa
Signing time:             Sun 02 Jul 2023 19:25:17 +0000
ROA not before:           Sun 02 Jul 2023 19:25:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        84.32.63.0/24 maxlen: 24
                          88.216.186.0/24 maxlen: 24
                          88.216.208.0/24 maxlen: 24
                          84.32.217.0/24 maxlen: 24
                          84.32.218.0/24 maxlen: 24
                          84.32.15.0/24 maxlen: 24
                          84.32.24.0/24 maxlen: 24
                          84.32.32.0/24 maxlen: 24
                          84.32.174.0/23 maxlen: 24
                          88.216.34.0/24 maxlen: 24
                          84.32.151.0/24 maxlen: 24
                          84.32.152.0/24 maxlen: 24
                          84.32.149.0/24 maxlen: 24
                          88.216.41.0/24 maxlen: 24
                          84.32.154.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:18:11:0c:91:f3:b3:27:9f:c2:e4:63:c6:75:50:18:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jul  2 19:25:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2ae5a8976564268879c1f7c9d8340dd7ac2ec1ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:68:da:06:62:17:24:25:f7:3e:82:b4:f3:15:
                    c6:2f:f5:77:fa:f3:7b:e0:63:37:8e:97:9d:6f:1a:
                    29:eb:a8:b5:30:24:33:13:b1:57:cf:3b:f3:ab:af:
                    e3:0c:96:ef:f1:03:88:6c:40:e5:59:5e:06:a9:65:
                    cc:d1:06:11:f7:7f:de:67:10:0f:8a:49:ad:87:da:
                    49:93:08:40:3e:ce:b7:53:ca:6e:c6:3a:66:21:3b:
                    49:f7:32:a3:37:30:e3:22:cc:36:20:f9:d2:3d:dc:
                    e7:e2:bf:bb:51:e9:25:53:4a:3a:a4:71:c2:6d:ac:
                    97:78:fd:c6:a2:b3:6d:b0:c4:4b:06:ed:a5:40:46:
                    0e:99:50:3e:8d:e6:5f:32:b3:2b:84:c2:05:1d:f2:
                    68:18:1f:69:37:f1:f9:b5:5f:cc:77:49:78:e8:83:
                    51:51:db:e9:ab:86:35:2b:2e:bd:c8:20:91:dc:f3:
                    e4:66:73:b6:eb:b7:68:94:53:a8:6c:45:65:92:ae:
                    f2:8e:df:75:36:65:b5:66:aa:35:51:79:8c:fe:5c:
                    31:5b:c5:44:5e:bf:e5:bf:84:7e:80:dd:08:d9:15:
                    34:85:f5:2f:75:5d:a2:03:39:1e:09:b2:df:2b:3d:
                    8c:74:56:02:cb:ef:ac:c3:29:2a:95:b6:04:ff:17:
                    b4:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:E5:A8:97:65:64:26:88:79:C1:F7:C9:D8:34:0D:D7:AC:2E:C1:AD
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/KuWol2VkJoh5wffJ2DQN16wuwa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.15.0/24
                  84.32.24.0/24
                  84.32.32.0/24
                  84.32.63.0/24
                  84.32.149.0/24
                  84.32.151.0-84.32.152.255
                  84.32.154.0/24
                  84.32.174.0/23
                  84.32.217.0-84.32.218.255
                  88.216.34.0/24
                  88.216.41.0/24
                  88.216.186.0/24
                  88.216.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:0f:ec:ad:92:b5:9d:f4:1b:c6:ba:d4:f3:d7:26:0e:88:f4:
         bc:5d:b9:a1:26:1b:81:94:7e:6d:8e:d9:4f:78:23:16:39:04:
         b2:f1:2c:8d:a8:62:dd:4b:fd:20:1e:fc:c2:88:cf:36:3e:e1:
         aa:13:9f:cb:f1:57:83:bf:aa:e8:0e:f6:56:8a:cd:4c:fb:09:
         30:30:61:6e:0a:58:bc:97:98:0f:d1:0c:b6:ab:ae:d0:58:af:
         3a:e3:8a:5f:4c:28:27:0a:56:33:56:6c:ce:7d:ba:5d:87:8c:
         98:27:bf:4a:04:7a:f3:75:0e:bb:8d:ce:c2:21:dc:44:5b:6b:
         4d:4a:cc:54:30:46:95:58:48:e7:84:0b:cb:11:40:e6:d4:b5:
         69:21:1e:95:ae:05:dc:da:f8:56:7b:e4:86:34:bf:ff:a9:ab:
         77:e0:6e:b5:a9:d2:8c:4a:5e:bb:48:1a:c9:ad:22:5f:dd:b4:
         b8:e0:f2:7e:48:87:23:a0:0e:94:01:7a:65:5f:27:0c:6e:88:
         aa:e1:c1:6a:85:78:58:f2:72:a7:7a:2b:98:6a:04:30:6f:2e:
         bf:ff:75:d7:95:f1:21:0d:7f:fe:a4:86:8b:f6:16:74:e3:e7:
         41:a5:12:fd:06:da:61:6b:83:fa:27:57:c4:7e:86:18:eb:67:
         c5:08:40:e4
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAYkYEQyR87Mnn8LkY8Z1UBgZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwNzAyMTkyNTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWU1YTg5NzY1NjQyNjg4NzljMWY3YzlkODM0MGRkN2FjMmVjMWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGjaBmIXJCX3PoK08xXGL/V3+vN7
4GM3jpedbxop66i1MCQzE7FXzzvzq6/jDJbv8QOIbEDlWV4GqWXM0QYR93/eZxAP
ikmth9pJkwhAPs63U8puxjpmITtJ9zKjNzDjIsw2IPnSPdzn4r+7UeklU0o6pHHC
bayXeP3GorNtsMRLBu2lQEYOmVA+jeZfMrMrhMIFHfJoGB9pN/H5tV/Md0l46INR
Udvpq4Y1Ky69yCCR3PPkZnO267dolFOobEVlkq7yjt91NmW1Zqo1UXmM/lwxW8VE
Xr/lv4R+gN0I2RU0hfUvdV2iAzkeCbLfKz2MdFYCy++swykqlbYE/xe0OQIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFCrlqJdlZCaIecH3ydg0DdesLsGtMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvS3VXb2wyVmtKb2g1d2ZmSjJEUU4xNnd1d2EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBkBAIAATBeAwQAVCAPAwQA
VCAYAwQAVCAgAwQAVCA/AwQAVCCVMAwDBABUIJcDBABUIJgDBABUIJoDBAFUIK4w
DAMEAFQg2QMEAFQg2gMEAFjYIgMEAFjYKQMEAFjYugMEAFjY0DANBgkqhkiG9w0B
AQsFAAOCAQEAdA/srZK1nfQbxrrU89cmDoj0vF25oSYbgZR+bY7ZT3gjFjkEsvEs
jahi3Uv9IB78wojPNj7hqhOfy/FXg7+q6A72VorNTPsJMDBhbgpYvJeYD9EMtquu
0FivOuOKX0woJwpWM1Zszn26XYeMmCe/SgR683UOu43OwiHcRFtrTUrMVDBGlVhI
54QLyxFA5tS1aSEela4F3Nr4VnvkhjS//6mrd+ButanSjEpeu0gaya0iX920uODy
fkiHI6AOlAF6ZV8nDG6IquHBaoV4WPJyp3ormGoEMG8uv/9115XxIQ1//qSGi/YW
dOPnQaUS/QbaYWuD+idXxH6GGOtnxQhA5A==
-----END CERTIFICATE-----