Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/z3d8USsn_BdTxdr_lUVdGd0WV9E.roa
File:                     z3d8USsn_BdTxdr_lUVdGd0WV9E.roa (raw, json)
Hash identifier:          l9k2yjOkmwSXj4BvbPppnpdb4qVOixHnNL/0QNcpCWw=
Subject key identifier:   CF:77:7C:51:2B:27:FC:17:53:C5:DA:FF:95:45:5D:19:DD:16:57:D1
Certificate issuer:       /CN=510b419f0c17b4c8be217f64388d268d14dc261e
Certificate serial:       0191E158F48ACAF4ABE9BD3EE0CEEE6F049C
Authority key identifier: 51:0B:41:9F:0C:17:B4:C8:BE:21:7F:64:38:8D:26:8D:14:DC:26:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/z3d8USsn_BdTxdr_lUVdGd0WV9E.roa
Signing time:             Wed 11 Sep 2024 13:49:48 +0000
ROA not before:           Wed 11 Sep 2024 13:49:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        86.105.104.0/22 maxlen: 24
                          89.36.236.0/22 maxlen: 24
                          89.37.128.0/24 maxlen: 24
                          89.37.188.0/22 maxlen: 24
                          89.40.43.0/24 maxlen: 24
                          91.232.136.0/22 maxlen: 24
                          93.114.169.0/24 maxlen: 24
                          93.115.155.0/24 maxlen: 24
                          94.177.65.0/24 maxlen: 24
                          94.190.248.0/22 maxlen: 24
                          176.223.190.0/24 maxlen: 24
                          185.64.100.0/22 maxlen: 24
                          185.172.20.0/22 maxlen: 24
                          188.211.252.0/22 maxlen: 24
                          188.212.104.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e1:58:f4:8a:ca:f4:ab:e9:bd:3e:e0:ce:ee:6f:04:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=510b419f0c17b4c8be217f64388d268d14dc261e
        Validity
            Not Before: Sep 11 13:49:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf777c512b27fc1753c5daff95455d19dd1657d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:b1:c0:b2:90:b8:49:09:8a:af:48:66:87:92:
                    c0:0d:0d:40:ae:6a:01:e5:ee:40:92:65:18:11:6f:
                    b8:67:4d:18:09:23:f3:aa:20:ac:ee:e0:a7:91:84:
                    a5:66:04:72:bf:19:08:07:3b:b5:c4:f6:f8:43:70:
                    66:45:c4:38:ba:4e:3b:47:4f:95:b2:51:b7:f6:9c:
                    a8:67:89:fb:d6:a3:be:55:3f:fb:61:da:7d:0a:61:
                    3b:92:fb:c3:35:69:6b:a6:93:12:2b:fc:d5:68:2e:
                    0d:11:c0:2e:dc:f1:b1:11:23:20:b6:8b:73:b4:82:
                    23:bb:71:88:60:2b:0f:15:de:91:65:e1:8c:21:4a:
                    fb:0b:0e:03:92:79:e2:61:98:55:2d:4a:48:81:c7:
                    ed:85:88:e4:d4:af:f1:4c:be:b3:4e:9a:d7:d3:7a:
                    4f:e5:64:c0:e4:8f:87:72:f9:24:16:7c:d3:63:10:
                    b6:7e:6b:83:45:94:62:ab:93:b3:20:31:af:4f:ca:
                    f9:39:95:ff:2c:0a:41:47:c3:43:2d:31:b1:1c:2d:
                    7a:a6:b5:0b:89:02:99:56:d5:99:05:a4:e2:c0:80:
                    83:68:26:a4:df:86:a6:83:6b:31:56:96:3e:ce:6f:
                    be:37:02:ba:14:56:2b:77:fb:3b:e7:2b:8c:c1:fd:
                    18:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:77:7C:51:2B:27:FC:17:53:C5:DA:FF:95:45:5D:19:DD:16:57:D1
            X509v3 Authority Key Identifier:
                keyid:51:0B:41:9F:0C:17:B4:C8:BE:21:7F:64:38:8D:26:8D:14:DC:26:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/z3d8USsn_BdTxdr_lUVdGd0WV9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.105.104.0/22
                  89.36.236.0/22
                  89.37.128.0/24
                  89.37.188.0/22
                  89.40.43.0/24
                  91.232.136.0/22
                  93.114.169.0/24
                  93.115.155.0/24
                  94.177.65.0/24
                  94.190.248.0/22
                  176.223.190.0/24
                  185.64.100.0/22
                  185.172.20.0/22
                  188.211.252.0/22
                  188.212.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:fc:50:5b:82:88:23:c6:0e:de:05:52:cc:34:2c:b5:ab:5e:
         e8:00:b8:25:cb:56:21:d7:3a:05:93:52:26:85:03:60:13:4c:
         3d:86:dd:96:01:4c:6f:8e:25:27:d5:c0:5f:61:a7:80:bf:24:
         b6:90:d0:12:d9:17:d7:f6:35:98:8c:f4:56:27:46:27:bd:46:
         9c:e2:5c:a2:aa:1a:75:4a:ab:2a:61:93:bd:2b:7b:c0:6c:72:
         46:de:02:2d:08:97:45:2e:c4:f9:a7:db:81:32:bb:93:17:04:
         1e:d3:36:bc:3b:b7:a3:d9:bc:a8:7a:55:da:11:81:a7:f8:80:
         69:17:4e:95:b6:f7:7c:04:e7:37:a6:fa:9b:b3:4c:47:40:8d:
         da:59:6a:ad:6b:e7:27:10:70:37:09:75:ca:a7:0d:c3:a1:77:
         b2:86:f9:b6:a5:7b:e3:53:7b:a7:f1:ed:38:13:90:67:f3:45:
         e9:ef:41:f5:91:82:08:71:0c:15:6c:6a:25:65:de:d3:8e:e8:
         4b:24:90:1b:a1:b5:18:84:74:d0:e3:3d:7b:06:48:2c:83:ff:
         06:e7:ce:79:71:68:3b:2e:18:2b:71:5a:31:80:7b:5f:45:f2:
         52:9a:7e:56:22:cf:a8:b5:bd:83:13:40:0f:2f:92:de:3b:a6:
         d6:18:7a:46
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAZHhWPSKyvSr6b0+4M7ubwScMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMGI0MTlmMGMxN2I0YzhiZTIxN2Y2NDM4OGQyNjhkMTRk
YzI2MWUwHhcNMjQwOTExMTM0OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjc3N2M1MTJiMjdmYzE3NTNjNWRhZmY5NTQ1NWQxOWRkMTY1N2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA57HAspC4SQmKr0hmh5LADQ1ArmoB
5e5AkmUYEW+4Z00YCSPzqiCs7uCnkYSlZgRyvxkIBzu1xPb4Q3BmRcQ4uk47R0+V
slG39pyoZ4n71qO+VT/7Ydp9CmE7kvvDNWlrppMSK/zVaC4NEcAu3PGxESMgtotz
tIIju3GIYCsPFd6RZeGMIUr7Cw4DknniYZhVLUpIgcfthYjk1K/xTL6zTprX03pP
5WTA5I+HcvkkFnzTYxC2fmuDRZRiq5OzIDGvT8r5OZX/LApBR8NDLTGxHC16prUL
iQKZVtWZBaTiwICDaCak34amg2sxVpY+zm++NwK6FFYrd/s75yuMwf0YFwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFM93fFErJ/wXU8Xa/5VFXRndFlfRMB8GA1UdIwQY
MBaAFFELQZ8MF7TIviF/ZDiNJo0U3CYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVF0Qm53d1h0TWktSVg5a09JMG1qUlRjSmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8zMGNkMGEtOTNjZi00NWRjLTkzNTYt
MTRhMDk5OTNkNjcxLzEvejNkOFVTc25fQmRUeGRyX2xVVmRHZDBXVjlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8zMGNkMGEtOTNjZi00NWRjLTkzNTYtMTRhMDk5OTNkNjcx
LzEvVVF0Qm53d1h0TWktSVg5a09JMG1qUlRjSmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQCVmloAwQC
WSTsAwQAWSWAAwQCWSW8AwQAWSgrAwQCW+iIAwQAXXKpAwQAXXObAwQAXrFBAwQC
Xr74AwQAsN++AwQCuUBkAwQCuawUAwQCvNP8AwQCvNRoMA0GCSqGSIb3DQEBCwUA
A4IBAQBS/FBbgogjxg7eBVLMNCy1q17oALgly1Yh1zoFk1ImhQNgE0w9ht2WAUxv
jiUn1cBfYaeAvyS2kNAS2RfX9jWYjPRWJ0YnvUac4lyiqhp1SqsqYZO9K3vAbHJG
3gItCJdFLsT5p9uBMruTFwQe0za8O7ej2byoelXaEYGn+IBpF06Vtvd8BOc3pvqb
s0xHQI3aWWqta+cnEHA3CXXKpw3DoXeyhvm2pXvjU3un8e04E5Bn80Xp70H1kYII
cQwVbGolZd7TjuhLJJAbobUYhHTQ4z17Bkgsg/8G5855cWg7LhgrcVoxgHtfRfJS
mn5WIs+otb2DE0APL5LeO6bWGHpG
-----END CERTIFICATE-----