Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zjuV_tKDZD52w6zgz0f5W4qlxys.roa
File:                     zjuV_tKDZD52w6zgz0f5W4qlxys.roa (raw, json)
Hash identifier:          yuGq49BYQOHSkAFfH5W2Z80PF4lP4hddX1frZ1OvdpQ=
Subject key identifier:   CE:3B:95:FE:D2:83:64:3E:76:C3:AC:E0:CF:47:F9:5B:8A:A5:C7:2B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01951D9339CA7D6E7FDD3433A4C991D2A58D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zjuV_tKDZD52w6zgz0f5W4qlxys.roa
Signing time:             Wed 19 Feb 2025 09:39:02 +0000
ROA not before:           Wed 19 Feb 2025 09:39:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        37.202.205.0/24 maxlen: 24
                          37.202.208.0/23 maxlen: 24
                          37.202.209.0/24 maxlen: 24
                          37.202.210.0/24 maxlen: 24
                          37.202.212.0/23 maxlen: 24
                          151.240.105.0/24 maxlen: 24
                          151.240.140.0/24 maxlen: 24
                          151.241.110.0/24 maxlen: 24
                          151.242.14.0/24 maxlen: 24
                          151.242.20.0/24 maxlen: 24
                          151.242.110.0/24 maxlen: 24
                          151.243.104.0/24 maxlen: 24
                          151.243.162.0/24 maxlen: 24
                          151.243.212.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1d:93:39:ca:7d:6e:7f:dd:34:33:a4:c9:91:d2:a5:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Feb 19 09:39:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce3b95fed283643e76c3ace0cf47f95b8aa5c72b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b9:6b:cb:bd:d3:39:32:53:ed:bf:23:ed:a5:
                    62:3e:9d:97:2e:5f:84:33:cf:f4:01:3f:ff:b8:fd:
                    c7:8f:2c:1f:27:a9:6a:78:e6:3b:ec:66:89:34:1c:
                    16:5d:c8:50:63:14:df:08:85:f5:8d:fd:4f:b5:a7:
                    66:8a:7f:95:f1:f5:2a:2a:97:9a:a9:4e:92:22:46:
                    d0:74:fb:16:ce:c7:ca:1b:a7:b6:a0:a4:2b:84:87:
                    38:9b:a1:1f:3b:7a:6c:e4:68:de:ae:45:53:54:9c:
                    5c:4f:64:d7:c2:72:47:d6:36:22:52:de:ea:9b:d7:
                    19:fc:0a:4b:56:5f:a0:9a:04:dd:26:4c:17:06:8d:
                    e8:2d:f2:29:58:4e:06:e7:a4:f8:28:db:ae:e5:d9:
                    25:db:5a:bb:ff:fa:ed:e4:dd:ca:69:a4:25:e2:a5:
                    88:f8:68:ef:f4:1f:b7:aa:78:9e:7f:56:70:e8:6d:
                    aa:36:a6:e1:dd:f1:30:d5:01:15:bb:52:87:11:33:
                    5c:0b:ab:b1:ba:98:3f:ae:42:c5:d9:19:82:16:09:
                    45:ff:9a:f4:8d:ee:74:bc:01:e2:c4:f6:cd:56:f7:
                    9a:6d:2d:f4:f4:7e:e4:90:83:19:12:92:15:05:5f:
                    58:0f:6f:f2:50:71:51:c4:f4:ee:51:f3:ca:5e:aa:
                    8a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:3B:95:FE:D2:83:64:3E:76:C3:AC:E0:CF:47:F9:5B:8A:A5:C7:2B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zjuV_tKDZD52w6zgz0f5W4qlxys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.205.0/24
                  37.202.208.0-37.202.210.255
                  37.202.212.0/23
                  151.240.105.0/24
                  151.240.140.0/24
                  151.241.110.0/24
                  151.242.14.0/24
                  151.242.20.0/24
                  151.242.110.0/24
                  151.243.104.0/24
                  151.243.162.0/24
                  151.243.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:69:b0:42:4f:82:51:5e:c8:ca:66:4a:92:a6:72:86:d3:b5:
         74:41:13:21:41:3a:a1:13:e4:6f:66:e3:92:ce:f4:1c:44:21:
         ed:e3:79:5d:33:c9:ad:da:03:21:7e:4b:96:52:26:38:41:73:
         43:34:83:b4:b8:28:25:a1:64:a8:80:8e:28:ee:cb:e1:19:7b:
         52:12:fc:82:d0:a7:e9:ed:09:cc:e2:ec:92:4f:c3:d1:ab:70:
         86:ef:ca:b0:27:74:c2:ad:c7:dd:55:65:3d:8d:eb:7a:bf:d7:
         cf:de:37:58:7a:0f:d8:76:75:12:68:3c:bc:13:92:d2:a6:7a:
         24:cd:0b:25:94:d5:9a:b1:73:f1:03:40:3c:53:a8:03:0e:a6:
         fa:98:90:6b:69:f7:37:68:ed:b6:da:f6:e4:4a:f0:f5:c2:62:
         fb:87:80:f3:35:ad:9f:68:8c:f1:ce:7f:2a:78:2c:15:8d:a9:
         b3:de:ae:cf:d8:26:bc:ce:fb:78:f3:35:87:f7:a2:ee:3c:ee:
         2b:c4:f7:8e:41:a2:38:cc:f2:be:38:2b:4c:fe:b7:a5:8e:b8:
         e1:8d:e5:93:1d:10:46:74:49:26:0c:74:e3:e8:e4:f4:86:47:
         f8:05:d3:17:85:fe:14:b2:3a:0f:da:f5:5b:7b:a7:ce:7a:06:
         1c:9a:d2:37
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAZUdkznKfW5/3TQzpMmR0qWNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMjE5MDkzOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTNiOTVmZWQyODM2NDNlNzZjM2FjZTBjZjQ3Zjk1YjhhYTVjNzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7lry73TOTJT7b8j7aViPp2XLl+E
M8/0AT//uP3HjywfJ6lqeOY77GaJNBwWXchQYxTfCIX1jf1Ptadmin+V8fUqKpea
qU6SIkbQdPsWzsfKG6e2oKQrhIc4m6EfO3ps5GjerkVTVJxcT2TXwnJH1jYiUt7q
m9cZ/ApLVl+gmgTdJkwXBo3oLfIpWE4G56T4KNuu5dkl21q7//rt5N3KaaQl4qWI
+Gjv9B+3qnief1Zw6G2qNqbh3fEw1QEVu1KHETNcC6uxupg/rkLF2RmCFglF/5r0
je50vAHixPbNVveabS309H7kkIMZEpIVBV9YD2/yUHFRxPTuUfPKXqqK+QIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFM47lf7Sg2Q+dsOs4M9H+VuKpccrMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvemp1Vl90S0RaRDUydzZ6Z3owZjVXNHFseHlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQAJcrNMAwD
BAQlytADBAAlytIDBAElytQDBACX8GkDBACX8IwDBACX8W4DBACX8g4DBACX8hQD
BACX8m4DBACX82gDBACX86IDBAGX89QwDQYJKoZIhvcNAQELBQADggEBAKNpsEJP
glFeyMpmSpKmcobTtXRBEyFBOqET5G9m45LO9BxEIe3jeV0zya3aAyF+S5ZSJjhB
c0M0g7S4KCWhZKiAjijuy+EZe1IS/ILQp+ntCczi7JJPw9GrcIbvyrAndMKtx91V
ZT2N63q/18/eN1h6D9h2dRJoPLwTktKmeiTNCyWU1Zqxc/EDQDxTqAMOpvqYkGtp
9zdo7bba9uRK8PXCYvuHgPM1rZ9ojPHOfyp4LBWNqbPers/YJrzO+3jzNYf3ou48
7ivE945BojjM8r44K0z+t6WOuOGN5ZMdEEZ0SSYMdOPo5PSGR/gF0xeF/hSyOg/a
9Vt7p856Bhya0jc=
-----END CERTIFICATE-----