Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/bSljDynY08oJWYTcxxF50SKqGKg.roa
File:                     bSljDynY08oJWYTcxxF50SKqGKg.roa (raw, json)
Hash identifier:          umWZgxuXLSAs9Z5pccdO8QENPSLt8BXgUDd/pT/AuZ0=
Subject key identifier:   6D:29:63:0F:29:D8:D3:CA:09:59:84:DC:C7:11:79:D1:22:AA:18:A8
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019423D7A8B0E5027A67340C5FFCC733FCB7
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/bSljDynY08oJWYTcxxF50SKqGKg.roa
Signing time:             Wed 01 Jan 2025 21:48:43 +0000
ROA not before:           Wed 01 Jan 2025 21:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4637
IP address blocks:        151.242.1.0/24 maxlen: 24
                          151.242.4.0/24 maxlen: 24
                          151.242.7.0/24 maxlen: 24
                          151.242.10.0/24 maxlen: 24
                          151.242.12.0/24 maxlen: 24
                          151.242.15.0/24 maxlen: 24
                          151.242.17.0/24 maxlen: 24
                          151.242.20.0/24 maxlen: 24
                          151.242.23.0/24 maxlen: 24
                          151.242.26.0/24 maxlen: 24
                          151.242.29.0/24 maxlen: 24
                          151.242.32.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:a8:b0:e5:02:7a:67:34:0c:5f:fc:c7:33:fc:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan  1 21:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d29630f29d8d3ca095984dcc71179d122aa18a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:0d:74:d4:28:84:a7:c6:5a:68:e3:a0:ca:dc:
                    cf:27:a1:6d:1a:92:d8:d0:80:9d:df:77:d6:75:cd:
                    e5:5a:43:5f:d8:13:b7:56:40:49:d1:17:8a:4e:72:
                    89:57:f0:13:07:c1:c6:11:b3:32:6c:a4:95:02:95:
                    d0:22:4d:62:55:ed:7b:4d:c1:ad:95:8a:21:38:bd:
                    55:70:87:91:44:68:17:4a:1e:39:b8:76:99:f6:49:
                    df:87:ff:be:17:57:75:28:23:5c:e6:12:13:d2:ef:
                    d5:b8:47:40:f1:1f:ec:03:93:a4:34:d6:25:e0:5c:
                    b4:65:6f:80:ce:06:f7:8c:dc:c6:d9:78:7e:94:e5:
                    36:eb:69:99:60:52:c1:64:a7:2f:f2:b7:9d:65:13:
                    34:15:aa:08:91:c8:48:30:24:af:ba:2e:41:f2:68:
                    e6:fd:a5:f8:bd:e6:25:58:e9:ee:9e:b0:ee:23:81:
                    10:e8:96:85:1c:b4:03:d9:bf:dc:14:3e:57:6c:60:
                    9e:c9:62:d6:27:e9:fc:c8:b9:93:9d:c6:63:e2:83:
                    f2:e3:52:2e:5e:36:81:8a:d2:ed:22:fb:00:ee:de:
                    d4:74:63:fa:74:1f:2e:ef:c0:c7:ff:e8:9f:82:41:
                    72:e9:b4:18:74:73:d4:b4:ef:31:bc:d2:84:5d:e7:
                    9d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:29:63:0F:29:D8:D3:CA:09:59:84:DC:C7:11:79:D1:22:AA:18:A8
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/bSljDynY08oJWYTcxxF50SKqGKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.1.0/24
                  151.242.4.0/24
                  151.242.7.0/24
                  151.242.10.0/24
                  151.242.12.0/24
                  151.242.15.0/24
                  151.242.17.0/24
                  151.242.20.0/24
                  151.242.23.0/24
                  151.242.26.0/24
                  151.242.29.0/24
                  151.242.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:cf:9c:13:69:b9:58:ca:7e:51:f4:64:bc:18:0c:08:19:77:
         1a:75:c0:20:f1:ea:b1:84:70:0b:93:ac:03:cd:f1:f6:e9:a7:
         24:fc:64:4c:d2:de:51:82:a1:10:1f:df:1d:d0:8a:8a:61:df:
         0f:3d:62:c1:c0:6b:1f:5d:36:34:1b:2e:a4:be:d6:83:2d:7a:
         28:da:aa:79:e2:cf:96:9c:13:61:84:72:17:24:c6:28:4f:a2:
         f0:f4:cf:af:8b:48:44:72:57:24:3e:65:0b:ae:74:53:7b:1a:
         f6:18:52:5a:8f:7e:45:bd:16:74:38:df:62:ba:4b:35:8d:50:
         a8:aa:6f:2b:b5:1d:f7:35:69:11:d2:52:54:f6:96:37:d4:a9:
         ec:9b:e5:a0:a6:a8:ea:c0:c3:57:ab:5b:c8:0d:c0:9d:ad:25:
         a9:4f:10:ce:d1:78:d1:f6:f5:be:1f:af:dd:52:a5:21:ea:9b:
         a2:3e:59:30:7c:88:24:de:7c:d1:c5:a5:90:55:c0:23:22:60:
         e4:91:e3:83:6a:75:17:bd:87:65:80:59:8b:2e:70:80:10:05:
         eb:01:29:5e:c3:b4:f0:ff:f9:ad:6c:25:b2:9a:7a:00:ef:48:
         99:7c:8b:3f:b6:0c:08:b6:d2:70:1e:b7:39:92:a7:2c:b5:57:
         b7:87:c5:ef
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZQj16iw5QJ6ZzQMX/zHM/y3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMTAxMjE0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDI5NjMwZjI5ZDhkM2NhMDk1OTg0ZGNjNzExNzlkMTIyYWExOGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Q101CiEp8ZaaOOgytzPJ6FtGpLY
0ICd33fWdc3lWkNf2BO3VkBJ0ReKTnKJV/ATB8HGEbMybKSVApXQIk1iVe17TcGt
lYohOL1VcIeRRGgXSh45uHaZ9knfh/++F1d1KCNc5hIT0u/VuEdA8R/sA5OkNNYl
4Fy0ZW+Azgb3jNzG2Xh+lOU262mZYFLBZKcv8redZRM0FaoIkchIMCSvui5B8mjm
/aX4veYlWOnunrDuI4EQ6JaFHLQD2b/cFD5XbGCeyWLWJ+n8yLmTncZj4oPy41Iu
XjaBitLtIvsA7t7UdGP6dB8u78DH/+ifgkFy6bQYdHPUtO8xvNKEXeedgwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFG0pYw8p2NPKCVmE3McRedEiqhioMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvYlNsakR5blkwOG9KV1lUY3h4RjUwU0txR0tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAl/IBAwQA
l/IEAwQAl/IHAwQAl/IKAwQAl/IMAwQAl/IPAwQAl/IRAwQAl/IUAwQAl/IXAwQA
l/IaAwQAl/IdAwQAl/IgMA0GCSqGSIb3DQEBCwUAA4IBAQAkz5wTablYyn5R9GS8
GAwIGXcadcAg8eqxhHALk6wDzfH26ack/GRM0t5RgqEQH98d0IqKYd8PPWLBwGsf
XTY0Gy6kvtaDLXoo2qp54s+WnBNhhHIXJMYoT6Lw9M+vi0hEclckPmULrnRTexr2
GFJaj35FvRZ0ON9iuks1jVCoqm8rtR33NWkR0lJU9pY31Knsm+WgpqjqwMNXq1vI
DcCdrSWpTxDO0XjR9vW+H6/dUqUh6puiPlkwfIgk3nzRxaWQVcAjImDkkeODanUX
vYdlgFmLLnCAEAXrASlew7Tw//mtbCWymnoA70iZfIs/tgwIttJwHrc5kqcstVe3
h8Xv
-----END CERTIFICATE-----