Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/4dR87DFU1h-_n9gWgjfEcPKRNjQ.roa
File:                     4dR87DFU1h-_n9gWgjfEcPKRNjQ.roa (raw, json)
Hash identifier:          2sOA9bFKi1Li43Qu+cU631T12GoMBvyIUcumh0ZnQK8=
Subject key identifier:   E1:D4:7C:EC:31:54:D6:1F:BF:9F:D8:16:82:37:C4:70:F2:91:36:34
Certificate issuer:       /CN=672f0e42b08aa451fc583a358ec370ffbd2dac68
Certificate serial:       0194221FAAB7E07F066479B9BF356534560F
Authority key identifier: 67:2F:0E:42:B0:8A:A4:51:FC:58:3A:35:8E:C3:70:FF:BD:2D:AC:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zy8OQrCKpFH8WDo1jsNw_70trGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/4dR87DFU1h-_n9gWgjfEcPKRNjQ.roa
Signing time:             Wed 01 Jan 2025 13:48:08 +0000
ROA not before:           Wed 01 Jan 2025 13:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51776
IP address blocks:        87.238.136.0/21 maxlen: 24
                          87.238.137.0/24 maxlen: 24
                          87.238.138.0/24 maxlen: 24
                          87.238.141.0/24 maxlen: 24
                          87.238.142.0/24 maxlen: 24
                          91.201.212.0/23 maxlen: 24
                          91.201.212.0/24 maxlen: 24
                          91.201.213.0/24 maxlen: 24
                          185.132.128.0/22 maxlen: 24
                          185.188.52.0/24 maxlen: 24
                          185.188.53.0/24 maxlen: 24
                          185.188.54.0/24 maxlen: 24
                          185.188.55.0/24 maxlen: 24
                          2001:67c:3fc::/48 maxlen: 48
                          2a06:56c0::/29 maxlen: 48
                          2a06:56c0:11::/48 maxlen: 48
                          2a06:56c0:12::/48 maxlen: 48
                          2a06:56c1:2::/48 maxlen: 48
                          2a06:56c3::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:aa:b7:e0:7f:06:64:79:b9:bf:35:65:34:56:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=672f0e42b08aa451fc583a358ec370ffbd2dac68
        Validity
            Not Before: Jan  1 13:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1d47cec3154d61fbf9fd8168237c470f2913634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:61:bb:ae:7d:1a:ec:03:68:2a:3b:c3:86:74:
                    7b:0f:13:cf:c9:bd:3b:bc:4d:42:3d:ef:a5:4b:e5:
                    29:6c:1f:f5:6b:d5:7b:e8:82:cd:b3:bd:4a:ab:23:
                    2b:cc:49:87:e6:bb:9c:ac:cf:6a:59:ca:f0:8b:95:
                    a9:81:0a:fa:2e:4d:3f:b9:e2:b7:22:91:60:47:c0:
                    5e:51:e7:3c:d3:a2:a0:45:2c:45:21:fd:60:7f:7c:
                    b2:25:7d:67:38:fb:e9:b6:d5:89:8c:cc:35:4e:87:
                    f1:1b:56:0a:62:64:da:08:a4:bb:4f:37:cc:84:f4:
                    aa:57:11:e2:67:b9:37:ba:b4:47:39:54:7d:b7:fb:
                    a6:f9:93:74:8d:05:b3:f0:7c:c3:95:00:8e:ae:89:
                    cd:d5:06:c1:f6:77:e0:aa:8f:1d:23:4c:dd:61:38:
                    b7:74:b7:b5:09:88:b3:b4:a5:e6:c1:54:1e:16:e4:
                    1c:28:16:2b:6d:bb:56:7b:83:ba:83:19:cf:97:da:
                    18:1b:70:06:b8:93:51:92:12:0f:b6:d7:6d:e2:e3:
                    2a:d8:a6:04:77:5e:69:d5:44:97:ed:22:0d:72:eb:
                    ab:cd:59:27:cf:94:93:ad:7c:bb:af:11:18:bb:ad:
                    87:7e:8b:0f:1a:7d:d8:b5:37:42:7b:38:1c:bc:7f:
                    4d:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:D4:7C:EC:31:54:D6:1F:BF:9F:D8:16:82:37:C4:70:F2:91:36:34
            X509v3 Authority Key Identifier:
                keyid:67:2F:0E:42:B0:8A:A4:51:FC:58:3A:35:8E:C3:70:FF:BD:2D:AC:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zy8OQrCKpFH8WDo1jsNw_70trGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/4dR87DFU1h-_n9gWgjfEcPKRNjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/Zy8OQrCKpFH8WDo1jsNw_70trGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.238.136.0/21
                  91.201.212.0/23
                  185.132.128.0/22
                  185.188.52.0/22
                IPv6:
                  2001:67c:3fc::/48
                  2a06:56c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:54:ae:46:f8:af:30:ee:d5:2d:9a:ea:ba:87:a4:b5:70:88:
         01:f7:28:0a:07:45:6f:aa:bb:83:5b:01:cf:42:ab:34:9d:f6:
         8b:6b:6b:25:fc:68:51:1e:11:de:d9:51:a7:64:41:3b:87:ab:
         bd:45:c8:30:4f:4c:0c:d1:97:db:4a:e5:f7:04:9c:39:dc:e2:
         82:e7:20:08:32:c9:f6:98:c7:d6:89:76:d3:cd:b5:f0:e8:42:
         09:51:8d:2a:2e:e3:1f:b4:b7:6e:47:dd:c7:5b:f8:47:23:ee:
         d8:7b:1b:cf:b7:b8:26:b5:95:56:9c:85:36:42:80:62:36:0d:
         46:1e:76:9a:f5:c3:d0:5a:5a:7f:80:13:7e:b9:7f:7c:56:12:
         8d:3e:a8:46:55:1d:1e:d3:86:76:6c:97:0e:c2:08:ee:43:7f:
         52:fc:c7:0a:e7:f7:76:80:c1:50:6f:ee:96:b5:7e:09:55:16:
         77:3b:c0:17:44:81:64:ba:8b:9c:da:d2:27:19:1b:ae:b4:f1:
         e4:57:0d:00:b9:5f:30:4a:5e:4a:2b:17:6e:0f:e1:3c:97:72:
         db:45:7b:84:a0:79:61:cd:ab:b8:20:57:aa:5e:fb:65:8b:a5:
         09:24:68:4a:7f:25:9a:32:55:d3:b3:71:db:83:ac:a7:67:3c:
         16:c8:77:1e
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQiH6q34H8GZHm5vzVlNFYPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3MmYwZTQyYjA4YWE0NTFmYzU4M2EzNThlYzM3MGZmYmQy
ZGFjNjgwHhcNMjUwMTAxMTM0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWQ0N2NlYzMxNTRkNjFmYmY5ZmQ4MTY4MjM3YzQ3MGYyOTEzNjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmG7rn0a7ANoKjvDhnR7DxPPyb07
vE1CPe+lS+UpbB/1a9V76ILNs71KqyMrzEmH5rucrM9qWcrwi5WpgQr6Lk0/ueK3
IpFgR8BeUec806KgRSxFIf1gf3yyJX1nOPvpttWJjMw1TofxG1YKYmTaCKS7TzfM
hPSqVxHiZ7k3urRHOVR9t/um+ZN0jQWz8HzDlQCOronN1QbB9nfgqo8dI0zdYTi3
dLe1CYiztKXmwVQeFuQcKBYrbbtWe4O6gxnPl9oYG3AGuJNRkhIPttdt4uMq2KYE
d15p1USX7SINcuurzVknz5STrXy7rxEYu62HfosPGn3YtTdCezgcvH9NmQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFOHUfOwxVNYfv5/YFoI3xHDykTY0MB8GA1UdIwQY
MBaAFGcvDkKwiqRR/Fg6NY7DcP+9LaxoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnk4T1FyQ0twRkg4V0RvMWpzTndfNzB0ckdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My81OWE2YjktY2QyMC00Y2Q3LWI0YTct
ZjBiOTYyZjUyNDE0LzEvNGRSODdERlUxaC1fbjlnV2dqZkVjUEtSTmpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My81OWE2YjktY2QyMC00Y2Q3LWI0YTctZjBiOTYyZjUyNDE0
LzEvWnk4T1FyQ0twRkg4V0RvMWpzTndfNzB0ckdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAeBAIAATAYAwQDV+6IAwQB
W8nUAwQCuYSAAwQCubw0MBYEAgACMBADBwAgAQZ8A/wDBQMqBlbAMA0GCSqGSIb3
DQEBCwUAA4IBAQBpVK5G+K8w7tUtmuq6h6S1cIgB9ygKB0VvqruDWwHPQqs0nfaL
a2sl/GhRHhHe2VGnZEE7h6u9RcgwT0wM0ZfbSuX3BJw53OKC5yAIMsn2mMfWiXbT
zbXw6EIJUY0qLuMftLduR93HW/hHI+7YexvPt7gmtZVWnIU2QoBiNg1GHnaa9cPQ
Wlp/gBN+uX98VhKNPqhGVR0e04Z2bJcOwgjuQ39S/McK5/d2gMFQb+6WtX4JVRZ3
O8AXRIFkuouc2tInGRuutPHkVw0AuV8wSl5KKxduD+E8l3LbRXuEoHlhzau4IFeq
Xvtli6UJJGhKfyWaMlXTs3Hbg6ynZzwWyHce
-----END CERTIFICATE-----