Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/qnQo0_QTbKbFmWo-ZO4W5xQxJJM.roa
File:                     qnQo0_QTbKbFmWo-ZO4W5xQxJJM.roa (raw, json)
Hash identifier:          9545DvR5xzg6Rnd/3wB+ulQ05zlE48esiGPAARwrhXA=
Subject key identifier:   AA:74:28:D3:F4:13:6C:A6:C5:99:6A:3E:64:EE:16:E7:14:31:24:93
Certificate issuer:       /CN=c0e549fdceeb02912c8a8741c816806bbe19c448
Certificate serial:       018BB90818F8A0E0D7FFF5E51ACD1C4C2E96
Authority key identifier: C0:E5:49:FD:CE:EB:02:91:2C:8A:87:41:C8:16:80:6B:BE:19:C4:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/qnQo0_QTbKbFmWo-ZO4W5xQxJJM.roa
Signing time:             Fri 10 Nov 2023 11:39:57 +0000
ROA not before:           Fri 10 Nov 2023 11:39:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200845
IP address blocks:        185.240.166.0/24 maxlen: 24
                          185.240.165.0/24 maxlen: 24
                          185.240.167.0/24 maxlen: 24
                          45.85.180.0/22 maxlen: 22
                          194.31.1.0/24 maxlen: 24
                          194.30.165.0/24 maxlen: 24
                          194.30.161.0/24 maxlen: 24
                          194.30.183.0/24 maxlen: 24
                          185.227.218.0/24 maxlen: 24
                          185.227.217.0/24 maxlen: 24
                          185.227.216.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:b9:08:18:f8:a0:e0:d7:ff:f5:e5:1a:cd:1c:4c:2e:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0e549fdceeb02912c8a8741c816806bbe19c448
        Validity
            Not Before: Nov 10 11:39:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aa7428d3f4136ca6c5996a3e64ee16e714312493
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c0:9f:ed:98:b6:d3:38:7e:2c:a1:17:f8:ce:
                    1f:47:de:2e:fa:90:e8:2a:35:0c:fe:1a:d1:68:16:
                    64:dd:75:71:6d:06:ff:aa:68:3b:8b:8e:cd:8d:33:
                    57:5c:2b:93:b6:ff:fb:1d:ad:df:f3:04:d0:77:8a:
                    6d:79:39:66:1b:96:b2:7f:6e:dd:a9:07:e7:da:e0:
                    4e:74:45:57:93:ee:88:f5:9d:c5:87:d7:c5:26:dc:
                    67:9b:72:31:32:50:60:c3:b8:66:3e:d1:22:67:57:
                    cd:25:9b:d9:95:8a:67:c2:58:26:f0:b0:d9:e9:a5:
                    3b:86:4e:8e:e0:36:b2:14:7a:69:06:57:c5:1f:d2:
                    ec:ef:c3:3d:9d:4d:cc:f0:25:5a:cd:ed:48:35:80:
                    c6:09:19:df:a9:a6:14:2c:b5:11:a9:b8:0c:ef:81:
                    6a:9a:c9:8d:87:07:56:a3:c5:40:24:69:34:a4:60:
                    6b:16:28:11:cf:19:04:da:30:b6:6b:12:1f:09:aa:
                    95:cd:b8:80:07:13:69:5e:e8:97:7a:40:04:1b:05:
                    36:94:ba:49:60:a4:67:4d:4d:33:b2:78:b3:05:c5:
                    b6:8b:27:31:45:0f:65:85:e3:1d:f0:15:aa:3e:92:
                    3b:9e:51:53:1c:d2:78:a3:de:4d:96:fe:b4:de:3b:
                    1b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:74:28:D3:F4:13:6C:A6:C5:99:6A:3E:64:EE:16:E7:14:31:24:93
            X509v3 Authority Key Identifier:
                keyid:C0:E5:49:FD:CE:EB:02:91:2C:8A:87:41:C8:16:80:6B:BE:19:C4:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/qnQo0_QTbKbFmWo-ZO4W5xQxJJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.180.0/22
                  185.227.216.0-185.227.218.255
                  185.240.165.0-185.240.167.255
                  194.30.161.0/24
                  194.30.165.0/24
                  194.30.183.0/24
                  194.31.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:86:45:e0:54:20:9b:75:12:6b:c1:48:95:b9:c4:45:60:40:
         83:80:12:da:f5:21:c6:26:f3:d2:3d:22:b2:a0:c8:db:54:c6:
         03:d9:f2:c2:fc:6d:c3:6b:b8:0f:b7:ba:54:30:3d:66:fe:37:
         ff:13:fe:87:7a:7c:4f:c5:16:ff:b5:0e:8b:fc:7e:7a:d2:16:
         cc:b8:a2:2b:af:f0:c6:6b:a8:10:f3:81:5c:17:fe:43:10:8b:
         41:41:d2:ad:88:83:b8:b8:3e:ed:e3:0d:eb:0e:a3:c0:ae:34:
         1b:39:0a:ed:60:c7:de:f5:7f:e9:51:ed:1b:a3:28:a5:d4:3b:
         08:54:0d:e3:2d:f1:80:72:cf:82:6f:b5:73:77:35:78:9e:0c:
         79:d0:f1:48:9b:09:db:2c:00:5c:8d:8d:44:73:64:2d:9f:e4:
         4f:5c:d8:d0:f9:d7:7b:c3:91:fa:94:9b:c6:2e:0d:19:1a:7d:
         8a:da:90:be:92:b4:a5:80:91:3c:bb:36:65:4f:09:4a:40:9e:
         84:8d:d9:0e:6d:ca:11:7f:63:ea:94:0a:7d:2b:cd:53:03:ac:
         52:e2:3b:da:05:4e:a3:1f:75:72:b3:ae:87:9c:6a:64:7f:2e:
         9e:e7:76:5f:70:f4:3b:80:64:d7:de:ac:55:0a:cd:64:3c:8f:
         8d:c1:75:42
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYu5CBj4oODX//XlGs0cTC6WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZTU0OWZkY2VlYjAyOTEyYzhhODc0MWM4MTY4MDZiYmUx
OWM0NDgwHhcNMjMxMTEwMTEzOTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTc0MjhkM2Y0MTM2Y2E2YzU5OTZhM2U2NGVlMTZlNzE0MzEyNDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcCf7Zi20zh+LKEX+M4fR94u+pDo
KjUM/hrRaBZk3XVxbQb/qmg7i47NjTNXXCuTtv/7Ha3f8wTQd4pteTlmG5ayf27d
qQfn2uBOdEVXk+6I9Z3Fh9fFJtxnm3IxMlBgw7hmPtEiZ1fNJZvZlYpnwlgm8LDZ
6aU7hk6O4DayFHppBlfFH9Ls78M9nU3M8CVaze1INYDGCRnfqaYULLURqbgM74Fq
msmNhwdWo8VAJGk0pGBrFigRzxkE2jC2axIfCaqVzbiABxNpXuiXekAEGwU2lLpJ
YKRnTU0zsnizBcW2iycxRQ9lheMd8BWqPpI7nlFTHNJ4o95Nlv603jsbXQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFKp0KNP0E2ymxZlqPmTuFucUMSSTMB8GA1UdIwQY
MBaAFMDlSf3O6wKRLIqHQcgWgGu+GcRIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd09WSl9jN3JBcEVzaW9kQnlCYUFhNzRaeEVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xNjBmOGYtZGJhYi00ODJkLWIzOWMt
YWQyZmRhNDc5ODhlLzEvcW5RbzBfUVRiS2JGbVdvLVpPNFc1eFF4SkpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xNjBmOGYtZGJhYi00ODJkLWIzOWMtYWQyZmRhNDc5ODhl
LzEvd09WSl9jN3JBcEVzaW9kQnlCYUFhNzRaeEVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQCLVW0MAwD
BAO549gDBAC549owDAMEALnwpQMEA7nwoAMEAMIeoQMEAMIepQMEAMIetwMEAMIf
ATANBgkqhkiG9w0BAQsFAAOCAQEAC4ZF4FQgm3USa8FIlbnERWBAg4AS2vUhxibz
0j0isqDI21TGA9nywvxtw2u4D7e6VDA9Zv43/xP+h3p8T8UW/7UOi/x+etIWzLii
K6/wxmuoEPOBXBf+QxCLQUHSrYiDuLg+7eMN6w6jwK40GzkK7WDH3vV/6VHtG6Mo
pdQ7CFQN4y3xgHLPgm+1c3c1eJ4MedDxSJsJ2ywAXI2NRHNkLZ/kT1zY0PnXe8OR
+pSbxi4NGRp9itqQvpK0pYCRPLs2ZU8JSkCehI3ZDm3KEX9j6pQKfSvNUwOsUuI7
2gVOox91crOuh5xqZH8unud2X3D0O4Bk196sVQrNZDyPjcF1Qg==
-----END CERTIFICATE-----