Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/cEr3HBvl_HqHMLjdpPlCeK4dWLk.roa
File:                     cEr3HBvl_HqHMLjdpPlCeK4dWLk.roa (raw, json)
Hash identifier:          YzJnPOOHTa7nX7EJ2dAPwt/zUH43NfoqyfPsLZleGd0=
Subject key identifier:   70:4A:F7:1C:1B:E5:FC:7A:87:30:B8:DD:A4:F9:42:78:AE:1D:58:B9
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019425FC7C5ECAEBE5EBFC2BE6AC3E58AB5F
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/cEr3HBvl_HqHMLjdpPlCeK4dWLk.roa
Signing time:             Thu 02 Jan 2025 07:48:11 +0000
ROA not before:           Thu 02 Jan 2025 07:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142019
IP address blocks:        46.249.104.0/24 maxlen: 24
                          46.249.105.0/24 maxlen: 24
                          46.249.106.0/24 maxlen: 24
                          46.249.107.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:7c:5e:ca:eb:e5:eb:fc:2b:e6:ac:3e:58:ab:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 07:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=704af71c1be5fc7a8730b8dda4f94278ae1d58b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:fd:7b:dc:6f:e2:fb:3c:4b:5c:b5:d8:e4:17:
                    cf:97:1a:de:8a:c4:6f:50:cc:09:dd:55:88:4b:08:
                    e5:c6:69:2c:64:3f:64:5d:33:ed:36:5c:ab:ec:8b:
                    41:04:d9:1f:e3:e2:aa:e9:9d:c1:f7:93:db:54:9d:
                    85:01:f6:64:19:61:5e:41:59:a7:b5:80:9d:82:d1:
                    5f:98:ce:68:1f:69:3e:f3:90:27:6a:41:50:a9:da:
                    8a:5b:c3:89:b1:5f:6a:33:80:37:aa:ae:9b:88:fa:
                    53:71:21:82:e1:47:c1:af:ad:7d:9f:6a:6a:94:b0:
                    a1:17:be:08:b4:f8:2c:e4:26:35:f0:a6:9c:57:88:
                    43:59:a5:38:d2:db:e9:ed:22:98:8c:19:46:19:60:
                    66:df:80:9f:33:42:e9:ee:18:4d:f8:69:07:62:b2:
                    86:33:e0:dc:ed:eb:6c:e5:32:29:7b:18:b6:8d:5b:
                    23:fe:de:dc:8a:53:97:85:02:4c:54:50:ca:8c:39:
                    48:5a:a8:c2:9e:12:5a:70:ec:32:c3:1b:18:26:8b:
                    f5:55:74:81:8e:4b:76:c0:04:f8:d9:09:ec:2c:e5:
                    61:b4:97:f2:68:6f:16:80:5f:dd:f4:87:39:0f:c9:
                    99:cb:66:00:2d:e1:d6:5e:01:2a:c1:e2:89:a7:df:
                    52:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:4A:F7:1C:1B:E5:FC:7A:87:30:B8:DD:A4:F9:42:78:AE:1D:58:B9
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/cEr3HBvl_HqHMLjdpPlCeK4dWLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.249.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d2:a1:84:6f:2d:bd:83:1c:36:63:9c:96:f9:b2:63:07:4f:ba:
         62:b2:e1:5c:c3:07:31:01:43:f4:fb:56:26:63:54:ed:e5:e1:
         94:b9:44:d8:59:85:46:d7:5a:86:4d:45:3d:76:17:8c:c4:7a:
         42:a1:13:a8:0f:7f:18:ec:bf:34:e0:35:5a:a3:0a:33:88:9f:
         c7:7f:b5:e1:a8:66:05:db:dc:3e:75:3c:7e:a3:6a:fb:70:5a:
         e9:16:22:4f:2a:64:71:f8:03:77:f3:4d:e5:1d:bd:0c:ed:0d:
         56:61:e9:2d:04:cc:55:b1:5f:d9:b2:57:e9:7d:41:be:8c:2f:
         70:01:03:b6:19:a3:84:aa:60:8d:e0:e4:f6:6e:36:00:cd:db:
         83:3c:1a:86:28:7d:96:ef:a1:5c:07:66:b7:95:b7:01:4d:28:
         ff:7e:f6:77:4e:87:3b:74:21:b1:ff:f7:87:18:80:f3:c3:3f:
         3b:6a:d9:1f:72:28:f2:7b:52:5f:87:e7:91:7c:a8:85:0b:da:
         8b:59:ed:3a:2a:1c:97:12:24:03:66:cf:f7:8b:fb:f1:03:4f:
         7c:18:c6:ad:3f:6a:ff:e4:cd:63:88:88:9c:06:9d:db:f4:15:
         6b:9d:81:8c:1f:44:9c:9c:30:a7:e0:b1:af:f1:27:37:97:c9:
         1f:b4:d3:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/Hxeyuvl6/wr5qw+WKtfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwMTAyMDc0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDRhZjcxYzFiZTVmYzdhODczMGI4ZGRhNGY5NDI3OGFlMWQ1OGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/173G/i+zxLXLXY5BfPlxreisRv
UMwJ3VWISwjlxmksZD9kXTPtNlyr7ItBBNkf4+Kq6Z3B95PbVJ2FAfZkGWFeQVmn
tYCdgtFfmM5oH2k+85AnakFQqdqKW8OJsV9qM4A3qq6biPpTcSGC4UfBr619n2pq
lLChF74ItPgs5CY18KacV4hDWaU40tvp7SKYjBlGGWBm34CfM0Lp7hhN+GkHYrKG
M+Dc7ets5TIpexi2jVsj/t7cilOXhQJMVFDKjDlIWqjCnhJacOwywxsYJov1VXSB
jkt2wAT42QnsLOVhtJfyaG8WgF/d9Ic5D8mZy2YALeHWXgEqweKJp99SNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHBK9xwb5fx6hzC43aT5QniuHVi5MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvY0VyM0hCdmxfSHFITUxqZHBQbENlSzRkV0xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLvloMA0G
CSqGSIb3DQEBCwUAA4IBAQDSoYRvLb2DHDZjnJb5smMHT7pisuFcwwcxAUP0+1Ym
Y1Tt5eGUuUTYWYVG11qGTUU9dheMxHpCoROoD38Y7L804DVaowoziJ/Hf7XhqGYF
29w+dTx+o2r7cFrpFiJPKmRx+AN3803lHb0M7Q1WYektBMxVsV/ZslfpfUG+jC9w
AQO2GaOEqmCN4OT2bjYAzduDPBqGKH2W76FcB2a3lbcBTSj/fvZ3Toc7dCGx//eH
GIDzwz87atkfcijye1Jfh+eRfKiFC9qLWe06KhyXEiQDZs/3i/vxA098GMatP2r/
5M1jiIicBp3b9BVrnYGMH0ScnDCn4LGv8Sc3l8kftNN8
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:42:13 2025 by rpki-client