Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/IHsRgHPBwDwToyZ9xdqhs0SHL1s.roa
File:                     IHsRgHPBwDwToyZ9xdqhs0SHL1s.roa (raw, json)
Hash identifier:          RcA+AX4/Ylj7MrWqPsHJt7vcoJ5Z5MW7TEAjRz/Gn8I=
Subject key identifier:   20:7B:11:80:73:C1:C0:3C:13:A3:26:7D:C5:DA:A1:B3:44:87:2F:5B
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019425FD324768BCBCEB8716AA541DDAC42E
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/IHsRgHPBwDwToyZ9xdqhs0SHL1s.roa
Signing time:             Thu 02 Jan 2025 07:48:57 +0000
ROA not before:           Thu 02 Jan 2025 07:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397373
IP address blocks:        45.43.128.0/21 maxlen: 21
                          45.43.128.0/22 maxlen: 24
                          104.143.228.0/24 maxlen: 24
                          104.143.253.0/24 maxlen: 24
                          104.249.24.0/24 maxlen: 24
                          104.249.26.0/24 maxlen: 24
                          104.249.27.0/24 maxlen: 24
                          104.249.28.0/24 maxlen: 24
                          104.249.56.0/22 maxlen: 22
                          104.249.57.0/24 maxlen: 24
                          104.249.59.0/24 maxlen: 24
                          216.173.83.0/24 maxlen: 24
                          216.173.101.0/24 maxlen: 24
                          216.173.118.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:32:47:68:bc:bc:eb:87:16:aa:54:1d:da:c4:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  2 07:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=207b118073c1c03c13a3267dc5daa1b344872f5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:0e:0f:0b:de:ff:46:15:ad:00:30:5c:31:3a:
                    6b:a4:b5:c3:34:b1:6f:f8:94:65:c1:f8:22:5e:92:
                    8f:d0:5d:ea:a0:c9:20:08:3f:8a:bf:80:2a:27:a0:
                    3c:d0:16:ed:2f:0e:a3:2e:d0:f8:ae:80:37:0d:dd:
                    3d:1e:e1:9c:31:3e:8e:a8:62:4a:a8:2c:dc:98:7b:
                    e0:28:9e:79:4e:57:11:04:a9:83:42:40:03:17:e2:
                    06:ee:07:3c:cc:41:34:bb:bd:03:1a:c5:17:83:44:
                    1d:76:e6:f1:c5:a5:41:98:8c:c5:72:fb:00:6d:2a:
                    f7:02:00:49:58:09:52:d0:dc:9f:59:0c:c8:20:7e:
                    9f:66:75:dc:10:a0:86:f1:5b:c1:0b:22:5e:4d:45:
                    02:fe:cb:58:f7:bf:2b:04:f0:25:52:10:56:cb:f7:
                    83:2f:e5:4a:33:58:a6:75:44:39:4d:b3:28:51:a8:
                    5f:31:5b:ae:cf:d9:8d:36:72:9d:96:f1:dd:5e:33:
                    e9:31:8c:61:fd:90:53:c9:0f:bf:a9:bb:0f:7e:89:
                    2f:b3:01:fa:ea:c6:e2:79:a3:58:1f:f0:fe:73:fb:
                    fa:d5:0e:91:ee:71:09:bc:f9:34:f5:02:55:3d:2b:
                    de:6b:ba:c9:9a:e6:94:7e:e5:57:c5:60:62:c2:6a:
                    5b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:7B:11:80:73:C1:C0:3C:13:A3:26:7D:C5:DA:A1:B3:44:87:2F:5B
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/IHsRgHPBwDwToyZ9xdqhs0SHL1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.128.0/21
                  104.143.228.0/24
                  104.143.253.0/24
                  104.249.24.0/24
                  104.249.26.0-104.249.28.255
                  104.249.56.0/22
                  216.173.83.0/24
                  216.173.101.0/24
                  216.173.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:b6:0c:7b:10:3d:3d:47:a3:b6:90:30:81:d4:8d:a4:ad:e2:
         1e:b5:f3:23:9f:5e:54:b3:a8:a7:7f:c1:47:cb:26:83:a9:bc:
         ad:e5:c8:3b:9b:f1:12:77:9a:40:c7:76:31:5a:49:c2:a4:f4:
         37:a0:1a:49:51:cd:91:75:08:d8:d8:5b:92:8a:6f:69:32:86:
         99:82:30:79:4d:f0:79:51:a0:e7:b9:d2:fb:64:61:a2:77:d1:
         48:c2:6c:1d:cd:97:1e:79:d8:04:b4:0e:42:05:86:fd:43:d9:
         4f:1e:a8:5f:08:73:9c:99:ce:35:2b:c5:ee:8a:24:ae:22:21:
         a0:4d:6e:3f:a9:75:f8:e9:32:1b:e4:49:96:ee:ab:4f:90:59:
         1b:88:f6:b1:0c:6b:13:07:fa:bd:a1:f9:73:af:0a:81:f7:3d:
         52:51:76:ec:f9:76:af:5c:8e:49:7e:a3:df:38:cf:99:33:bb:
         21:0d:06:41:2b:1d:f9:31:26:dc:95:6e:70:18:00:32:88:b1:
         36:26:32:01:6e:15:0e:12:8f:ed:db:34:af:d3:23:1f:21:cf:
         50:a5:9a:24:9b:34:84:1b:24:9c:04:08:95:e1:a9:6d:9e:8e:
         c9:f9:ac:33:60:e7:74:9f:a4:98:f9:9c:03:31:67:91:50:9f:
         9a:88:ae:4e
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZQl/TJHaLy864cWqlQd2sQuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwMTAyMDc0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDdiMTE4MDczYzFjMDNjMTNhMzI2N2RjNWRhYTFiMzQ0ODcyZjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQ4PC97/RhWtADBcMTprpLXDNLFv
+JRlwfgiXpKP0F3qoMkgCD+Kv4AqJ6A80BbtLw6jLtD4roA3Dd09HuGcMT6OqGJK
qCzcmHvgKJ55TlcRBKmDQkADF+IG7gc8zEE0u70DGsUXg0QddubxxaVBmIzFcvsA
bSr3AgBJWAlS0NyfWQzIIH6fZnXcEKCG8VvBCyJeTUUC/stY978rBPAlUhBWy/eD
L+VKM1imdUQ5TbMoUahfMVuuz9mNNnKdlvHdXjPpMYxh/ZBTyQ+/qbsPfokvswH6
6sbieaNYH/D+c/v61Q6R7nEJvPk09QJVPSvea7rJmuaUfuVXxWBiwmpbVwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFCB7EYBzwcA8E6MmfcXaobNEhy9bMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvSUhzUmdIUEJ3RHdUb3laOXhkcWhzMFNITDFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQDLSuAAwQA
aI/kAwQAaI/9AwQAaPkYMAwDBAFo+RoDBABo+RwDBAJo+TgDBADYrVMDBADYrWUD
BADYrXYwDQYJKoZIhvcNAQELBQADggEBACC2DHsQPT1Ho7aQMIHUjaSt4h618yOf
XlSzqKd/wUfLJoOpvK3lyDub8RJ3mkDHdjFaScKk9DegGklRzZF1CNjYW5KKb2ky
hpmCMHlN8HlRoOe50vtkYaJ30UjCbB3Nlx552AS0DkIFhv1D2U8eqF8Ic5yZzjUr
xe6KJK4iIaBNbj+pdfjpMhvkSZbuq0+QWRuI9rEMaxMH+r2h+XOvCoH3PVJRduz5
dq9cjkl+o984z5kzuyENBkErHfkxJtyVbnAYADKIsTYmMgFuFQ4Sj+3bNK/TIx8h
z1ClmiSbNIQbJJwECJXhqW2ejsn5rDNg53SfpJj5nAMxZ5FQn5qIrk4=
-----END CERTIFICATE-----