Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fOofQ2bUHlqd4K575P56V_J82M8.roa
File:                     fOofQ2bUHlqd4K575P56V_J82M8.roa (raw, json)
Hash identifier:          difE+jQMKwlVPLAivnVuYowtgoaNBlFKwRnB1IjV/cY=
Subject key identifier:   7C:EA:1F:43:66:D4:1E:5A:9D:E0:AE:7B:E4:FE:7A:57:F2:7C:D8:CF
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0195511FE70358D6F2E79DC53EF66A445B4A
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fOofQ2bUHlqd4K575P56V_J82M8.roa
Signing time:             Sat 01 Mar 2025 09:53:20 +0000
ROA not before:           Sat 01 Mar 2025 09:53:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        37.202.193.0/24 maxlen: 24
                          37.202.195.0/24 maxlen: 24
                          37.202.196.0/24 maxlen: 24
                          37.202.197.0/24 maxlen: 24
                          37.202.198.0/24 maxlen: 24
                          37.202.199.0/24 maxlen: 24
                          37.202.200.0/24 maxlen: 24
                          37.202.201.0/24 maxlen: 24
                          151.243.16.0/20 maxlen: 20
                          151.243.97.0/24 maxlen: 24
                          151.243.246.0/24 maxlen: 24
                          151.243.247.0/24 maxlen: 24
                          151.243.248.0/24 maxlen: 24
                          151.243.249.0/24 maxlen: 24
                          151.243.250.0/24 maxlen: 24
                          151.243.251.0/24 maxlen: 24
                          151.243.252.0/24 maxlen: 24
                          151.243.253.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:51:1f:e7:03:58:d6:f2:e7:9d:c5:3e:f6:6a:44:5b:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar  1 09:53:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7cea1f4366d41e5a9de0ae7be4fe7a57f27cd8cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:aa:16:74:34:4f:b1:3c:b4:39:ee:ae:a3:92:
                    29:57:72:79:83:4b:02:3b:65:40:27:92:b0:94:63:
                    1f:5c:34:d8:60:b7:56:10:94:dd:27:e7:6c:52:bc:
                    6b:ae:e3:51:26:5f:18:f6:89:a5:38:cd:08:99:64:
                    9f:83:35:f4:a4:28:79:e6:e1:f9:9a:50:55:c0:7e:
                    70:ce:b2:13:9f:d2:7f:ce:d3:0a:a0:be:e4:5f:1f:
                    0d:a1:4d:e8:d1:25:51:45:c1:8a:84:9f:a1:11:d5:
                    98:78:ef:58:1e:0c:f3:3d:fd:64:61:7b:23:90:cc:
                    71:1e:c1:80:77:49:84:a8:05:59:6e:f7:81:82:97:
                    f4:90:b4:1a:ae:35:26:d0:b4:7d:45:f5:63:cb:0e:
                    c7:b9:cd:02:43:f6:0a:60:07:fc:44:43:ac:e4:aa:
                    1b:c2:90:b5:1b:98:09:84:4d:b5:80:61:aa:46:ff:
                    bb:a2:27:5d:3d:3a:4b:a5:94:09:98:f8:86:bb:12:
                    09:f6:0d:2e:81:ba:d6:c4:b1:39:dd:1c:84:4b:34:
                    a2:b0:f3:08:ff:64:4d:dd:35:3e:10:8a:1c:a1:1a:
                    d2:3b:ff:15:0b:52:9f:27:66:0a:2b:1b:54:87:7e:
                    80:96:e1:a9:90:cf:b3:71:b5:b6:70:6f:68:44:66:
                    a2:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:EA:1F:43:66:D4:1E:5A:9D:E0:AE:7B:E4:FE:7A:57:F2:7C:D8:CF
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fOofQ2bUHlqd4K575P56V_J82M8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.193.0/24
                  37.202.195.0-37.202.201.255
                  151.243.16.0/20
                  151.243.97.0/24
                  151.243.246.0-151.243.253.255

    Signature Algorithm: sha256WithRSAEncryption
         76:a9:7a:e5:68:74:7a:dc:f4:3d:67:13:dd:2a:6d:17:6b:84:
         14:3c:a7:77:1c:fe:eb:ce:ed:46:55:be:db:e6:8a:06:a1:de:
         9a:db:d6:10:4f:6b:ce:c1:ac:94:f2:01:10:bd:ac:35:bc:99:
         da:26:c4:a0:ca:01:ce:8b:75:cc:db:e2:ee:f1:bd:86:98:30:
         46:3a:02:5f:aa:1a:06:68:a8:78:b1:89:c4:a2:d8:ca:b6:b5:
         8a:81:2e:74:ac:20:8a:7f:ad:be:61:22:8f:85:6e:78:c7:79:
         41:af:66:a8:b5:ac:8d:50:b4:10:cd:01:1b:fb:e9:76:5f:f5:
         9d:9b:d2:3d:25:0c:8e:33:b2:82:bc:3c:4e:67:b3:e0:56:21:
         02:02:c1:d3:e9:93:c3:bd:d8:40:a9:5b:96:09:ba:3c:8a:67:
         3f:7c:50:d1:95:2c:4d:dc:d3:90:15:95:3b:a9:d2:c6:e0:9b:
         2f:11:64:8f:a4:3e:29:a9:ab:fd:3e:ef:33:d9:b5:84:57:86:
         72:ac:33:d2:60:88:f7:00:1c:b9:91:b0:42:ba:18:73:b0:da:
         95:c3:b0:19:62:78:56:81:0d:a0:77:bc:a7:28:cb:ba:7d:cc:
         cd:e6:e8:90:66:c8:3b:5d:da:de:6c:7d:3f:19:d2:20:34:7c:
         4d:61:36:1a
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZVRH+cDWNby553FPvZqRFtKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMzAxMDk1MzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2VhMWY0MzY2ZDQxZTVhOWRlMGFlN2JlNGZlN2E1N2YyN2NkOGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6oWdDRPsTy0Oe6uo5IpV3J5g0sC
O2VAJ5KwlGMfXDTYYLdWEJTdJ+dsUrxrruNRJl8Y9omlOM0ImWSfgzX0pCh55uH5
mlBVwH5wzrITn9J/ztMKoL7kXx8NoU3o0SVRRcGKhJ+hEdWYeO9YHgzzPf1kYXsj
kMxxHsGAd0mEqAVZbveBgpf0kLQarjUm0LR9RfVjyw7Huc0CQ/YKYAf8REOs5Kob
wpC1G5gJhE21gGGqRv+7oiddPTpLpZQJmPiGuxIJ9g0ugbrWxLE53RyESzSisPMI
/2RN3TU+EIocoRrSO/8VC1KfJ2YKKxtUh36AluGpkM+zcbW2cG9oRGaiuQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFHzqH0Nm1B5aneCue+T+elfyfNjPMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvZk9vZlEyYlVIbHFkNEs1NzVQNTZWX0o4Mk04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQAJcrBMAwD
BAAlysMDBAElysgDBASX8xADBACX82EwDAMEAZfz9gMEAZfz/DANBgkqhkiG9w0B
AQsFAAOCAQEAdql65Wh0etz0PWcT3SptF2uEFDyndxz+687tRlW+2+aKBqHemtvW
EE9rzsGslPIBEL2sNbyZ2ibEoMoBzot1zNvi7vG9hpgwRjoCX6oaBmioeLGJxKLY
yra1ioEudKwgin+tvmEij4VueMd5Qa9mqLWsjVC0EM0BG/vpdl/1nZvSPSUMjjOy
grw8Tmez4FYhAgLB0+mTw73YQKlblgm6PIpnP3xQ0ZUsTdzTkBWVO6nSxuCbLxFk
j6Q+Kamr/T7vM9m1hFeGcqwz0mCI9wAcuZGwQroYc7DalcOwGWJ4VoENoHe8pyjL
un3MzebokGbIO13a3mx9PxnSIDR8TWE2Gg==
-----END CERTIFICATE-----