Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/4f05ce-a382-49a0-9999-e52f70c06c29/1/ZsqRMpcA5rVpeghbKlpto90ibM8.roa
File:                     ZsqRMpcA5rVpeghbKlpto90ibM8.roa (raw, json)
Hash identifier:          nVYdBvobjkBIWWz9Jd+uPsYyriFcHyHbwpsRZ8kZ4Ek=
Subject key identifier:   66:CA:91:32:97:00:E6:B5:69:7A:08:5B:2A:5A:6D:A3:DD:22:6C:CF
Certificate issuer:       /CN=9de783e9acd56992f5835fb4882183500ca03c83
Certificate serial:       019423D6E6ED4F6E8279232247ADCB739932
Authority key identifier: 9D:E7:83:E9:AC:D5:69:92:F5:83:5F:B4:88:21:83:50:0C:A0:3C:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/neeD6azVaZL1g1-0iCGDUAygPIM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/4f05ce-a382-49a0-9999-e52f70c06c29/1/ZsqRMpcA5rVpeghbKlpto90ibM8.roa
Signing time:             Wed 01 Jan 2025 21:47:53 +0000
ROA not before:           Wed 01 Jan 2025 21:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        62.182.168.0/21 maxlen: 21
                          62.182.168.0/24 maxlen: 24
                          62.182.169.0/24 maxlen: 24
                          62.182.170.0/24 maxlen: 24
                          62.182.171.0/24 maxlen: 24
                          62.182.172.0/24 maxlen: 24
                          62.182.173.0/24 maxlen: 24
                          62.182.174.0/24 maxlen: 24
                          62.182.175.0/24 maxlen: 24
                          83.97.96.0/21 maxlen: 21
                          83.97.96.0/24 maxlen: 24
                          83.97.97.0/24 maxlen: 24
                          83.97.98.0/24 maxlen: 24
                          83.97.99.0/24 maxlen: 24
                          83.97.100.0/24 maxlen: 24
                          83.97.101.0/24 maxlen: 24
                          83.97.102.0/24 maxlen: 24
                          83.97.103.0/24 maxlen: 24
                          89.47.52.0/24 maxlen: 24
                          89.47.252.0/24 maxlen: 24
                          91.202.211.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:e6:ed:4f:6e:82:79:23:22:47:ad:cb:73:99:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9de783e9acd56992f5835fb4882183500ca03c83
        Validity
            Not Before: Jan  1 21:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66ca91329700e6b5697a085b2a5a6da3dd226ccf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:09:ae:be:f6:a4:67:ee:91:fc:30:84:91:4b:
                    c1:f7:4b:50:fb:43:fb:74:fe:49:1f:9f:fc:9f:43:
                    a1:28:cb:ca:5f:e7:d8:51:d9:de:c8:29:81:f7:91:
                    6b:a5:58:54:25:4f:91:72:2e:c2:8a:03:a2:1b:84:
                    6b:cb:a8:46:e6:36:24:14:af:81:68:81:24:9d:d2:
                    5d:8f:ae:fe:32:22:c4:7f:a9:20:fc:64:32:4b:05:
                    c0:2f:76:10:16:e4:4d:fd:0d:e1:5b:77:56:3c:3e:
                    e9:e1:96:3f:c8:26:92:71:f4:fc:26:20:ba:58:80:
                    a5:df:7a:47:50:56:0d:6c:27:7b:e6:48:e6:bc:a1:
                    fb:b6:04:dc:7b:a7:5a:9c:6d:a9:25:44:95:da:1f:
                    22:95:7a:28:54:f2:c4:f2:74:46:a3:7b:70:1c:b2:
                    49:5e:e8:61:d7:5a:e2:91:cf:f9:14:f7:c5:1d:89:
                    b7:cc:35:2a:b7:a6:3f:6e:85:97:52:29:1f:b2:e7:
                    29:93:10:b9:0c:64:2f:9d:b9:94:61:20:77:fe:f6:
                    24:57:3e:dd:61:6c:9a:5d:37:a6:5b:0d:7b:7c:6f:
                    3f:8a:4f:b8:cb:20:da:b9:a0:ac:0a:4f:06:a8:da:
                    e2:1c:d9:98:cb:a4:27:b0:03:87:66:a0:0e:8a:53:
                    11:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:CA:91:32:97:00:E6:B5:69:7A:08:5B:2A:5A:6D:A3:DD:22:6C:CF
            X509v3 Authority Key Identifier:
                keyid:9D:E7:83:E9:AC:D5:69:92:F5:83:5F:B4:88:21:83:50:0C:A0:3C:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/neeD6azVaZL1g1-0iCGDUAygPIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/4f05ce-a382-49a0-9999-e52f70c06c29/1/ZsqRMpcA5rVpeghbKlpto90ibM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/4f05ce-a382-49a0-9999-e52f70c06c29/1/neeD6azVaZL1g1-0iCGDUAygPIM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.182.168.0/21
                  83.97.96.0/21
                  89.47.52.0/24
                  89.47.252.0/24
                  91.202.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         dc:b1:c3:08:8b:6e:c5:24:3e:3c:c0:ff:09:0b:2a:38:12:53:
         f6:73:38:ca:09:11:2a:1e:52:65:c7:10:85:14:15:ce:af:af:
         2e:1e:4a:a9:ff:89:98:f5:e1:bd:9f:b5:53:91:1c:a3:37:0c:
         a8:6d:4a:85:66:f4:6c:0c:ea:ba:2d:f8:da:ed:8c:19:cc:92:
         bd:cf:b8:6d:79:6d:73:26:ff:54:be:51:fd:1f:e8:bd:8a:28:
         6e:37:8d:f8:02:ef:89:dc:f8:ed:29:76:c1:de:d9:3c:84:ba:
         22:73:b6:31:62:8a:68:78:84:ac:47:55:01:29:fb:92:6e:d0:
         85:91:3b:ec:f0:22:0c:95:5c:0a:80:7d:0b:a7:ff:40:eb:ad:
         59:a5:07:66:0b:40:b2:96:e9:4d:b1:fa:aa:08:45:9b:29:ed:
         d5:dd:fc:9d:e2:4a:c6:54:50:4d:e3:01:53:83:08:b2:77:ee:
         6a:bf:bc:fe:85:73:41:28:d8:d0:7e:67:63:6c:d9:86:3b:e8:
         0d:10:7c:af:15:db:7b:0a:b4:63:49:51:c4:4a:e0:f0:d3:83:
         31:cf:9d:63:84:56:10:9c:33:29:d0:09:88:d6:8e:a5:2e:ad:
         0a:60:7f:2d:cf:c2:7d:ca:6c:e9:6f:88:6c:75:cc:5d:06:b5:
         69:49:be:f4
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQj1ubtT26CeSMiR63Lc5kyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkZTc4M2U5YWNkNTY5OTJmNTgzNWZiNDg4MjE4MzUwMGNh
MDNjODMwHhcNMjUwMTAxMjE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmNhOTEzMjk3MDBlNmI1Njk3YTA4NWIyYTVhNmRhM2RkMjI2Y2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngmuvvakZ+6R/DCEkUvB90tQ+0P7
dP5JH5/8n0OhKMvKX+fYUdneyCmB95FrpVhUJU+Rci7CigOiG4Rry6hG5jYkFK+B
aIEkndJdj67+MiLEf6kg/GQySwXAL3YQFuRN/Q3hW3dWPD7p4ZY/yCaScfT8JiC6
WICl33pHUFYNbCd75kjmvKH7tgTce6danG2pJUSV2h8ilXooVPLE8nRGo3twHLJJ
Xuhh11rikc/5FPfFHYm3zDUqt6Y/boWXUikfsucpkxC5DGQvnbmUYSB3/vYkVz7d
YWyaXTemWw17fG8/ik+4yyDauaCsCk8GqNriHNmYy6QnsAOHZqAOilMRgQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFGbKkTKXAOa1aXoIWypabaPdImzPMB8GA1UdIwQY
MBaAFJ3ng+ms1WmS9YNftIghg1AMoDyDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmVlRDZhelZhWkwxZzEtMGlDR0RVQXlnUElNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi80ZjA1Y2UtYTM4Mi00OWEwLTk5OTkt
ZTUyZjcwYzA2YzI5LzEvWnNxUk1wY0E1clZwZWdoYktscHRvOTBpYk04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi80ZjA1Y2UtYTM4Mi00OWEwLTk5OTktZTUyZjcwYzA2YzI5
LzEvbmVlRDZhelZhWkwxZzEtMGlDR0RVQXlnUElNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDPraoAwQD
U2FgAwQAWS80AwQAWS/8AwQAW8rTMA0GCSqGSIb3DQEBCwUAA4IBAQDcscMIi27F
JD48wP8JCyo4ElP2czjKCREqHlJlxxCFFBXOr68uHkqp/4mY9eG9n7VTkRyjNwyo
bUqFZvRsDOq6Lfja7YwZzJK9z7hteW1zJv9UvlH9H+i9iihuN434Au+J3PjtKXbB
3tk8hLoic7YxYopoeISsR1UBKfuSbtCFkTvs8CIMlVwKgH0Lp/9A661ZpQdmC0Cy
lulNsfqqCEWbKe3V3fyd4krGVFBN4wFTgwiyd+5qv7z+hXNBKNjQfmdjbNmGO+gN
EHyvFdt7CrRjSVHESuDw04Mxz51jhFYQnDMp0AmI1o6lLq0KYH8tz8J9ymzpb4hs
dcxdBrVpSb70
-----END CERTIFICATE-----