Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/ntrt1qLEp7JFw_l17Dbev4liPcY.roa
File:                     ntrt1qLEp7JFw_l17Dbev4liPcY.roa (raw, json)
Hash identifier:          5lVCUBQu1df/S1FQOKl/MyF/XxoO3ZxscsaY8Q1dPLk=
Subject key identifier:   9E:DA:ED:D6:A2:C4:A7:B2:45:C3:F9:75:EC:36:DE:BF:89:62:3D:C6
Certificate issuer:       /CN=577021dcdf44b6afdd3810547c55a79bd1a9fa3b
Certificate serial:       0194228D7C46737D9B2116EFB0B49C929618
Authority key identifier: 57:70:21:DC:DF:44:B6:AF:DD:38:10:54:7C:55:A7:9B:D1:A9:FA:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/ntrt1qLEp7JFw_l17Dbev4liPcY.roa
Signing time:             Wed 01 Jan 2025 15:48:05 +0000
ROA not before:           Wed 01 Jan 2025 15:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209910
IP address blocks:        5.252.92.0/24 maxlen: 24
                          5.252.93.0/24 maxlen: 24
                          5.252.94.0/23 maxlen: 23
                          45.65.64.0/22 maxlen: 22
                          185.200.76.0/22 maxlen: 22
                          185.200.76.0/24 maxlen: 24
                          185.200.78.0/24 maxlen: 24
                          185.200.79.0/24 maxlen: 24
                          185.236.248.0/22 maxlen: 22
                          185.236.248.0/24 maxlen: 24
                          185.236.249.0/24 maxlen: 24
                          185.236.250.0/24 maxlen: 24
                          185.236.251.0/24 maxlen: 24
                          193.84.48.0/23 maxlen: 23
                          193.84.48.0/24 maxlen: 24
                          193.84.49.0/24 maxlen: 24
                          193.84.92.0/24 maxlen: 24
                          193.84.93.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:7c:46:73:7d:9b:21:16:ef:b0:b4:9c:92:96:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=577021dcdf44b6afdd3810547c55a79bd1a9fa3b
        Validity
            Not Before: Jan  1 15:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9edaedd6a2c4a7b245c3f975ec36debf89623dc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:18:d6:3a:bd:b8:1c:87:ab:b7:fe:db:0a:8b:
                    98:50:fb:43:b5:3e:17:70:a8:95:ca:35:14:ab:d9:
                    eb:78:30:0d:0f:78:bd:7e:84:37:a5:47:bc:4d:95:
                    4f:3b:e2:60:d7:38:b9:8e:2b:58:d2:45:d0:c4:84:
                    15:e0:98:63:bf:f6:94:c0:e9:9e:12:75:cf:b1:fc:
                    7a:e6:fe:1b:0a:03:ae:63:cb:9d:07:9a:ce:0b:fb:
                    fa:38:8f:ed:af:2b:ff:1a:fc:e9:19:00:2d:d9:fb:
                    ef:c9:5f:c8:e0:87:1d:4d:ad:36:5c:ce:03:a8:94:
                    02:50:e5:d0:c9:60:21:62:59:a7:df:ac:8a:40:ed:
                    73:3b:90:06:c9:ce:6b:d7:8c:45:95:ca:5b:77:50:
                    7c:87:e0:a1:d3:f4:04:9f:4e:34:21:17:89:d1:74:
                    b0:21:89:52:5e:8e:52:67:33:7f:2f:40:20:38:42:
                    40:6d:9b:c4:e4:3b:a7:5c:36:6c:b3:97:45:7d:7d:
                    92:9b:a9:d0:f4:a3:b6:06:3c:fa:6d:07:f4:da:27:
                    0b:ee:3d:ed:e2:9b:1f:99:36:c5:67:90:93:60:76:
                    60:74:a0:09:57:f1:e6:a7:fb:a0:1b:37:c9:e0:a3:
                    60:0f:ee:68:ec:ca:28:dc:a6:53:9e:78:18:06:50:
                    df:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:DA:ED:D6:A2:C4:A7:B2:45:C3:F9:75:EC:36:DE:BF:89:62:3D:C6
            X509v3 Authority Key Identifier:
                keyid:57:70:21:DC:DF:44:B6:AF:DD:38:10:54:7C:55:A7:9B:D1:A9:FA:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/ntrt1qLEp7JFw_l17Dbev4liPcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.92.0/22
                  45.65.64.0/22
                  185.200.76.0/22
                  185.236.248.0/22
                  193.84.48.0/23
                  193.84.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:d2:64:f2:5a:1b:af:a1:91:ad:83:59:b1:52:23:a3:f3:41:
         ca:a8:28:3a:1c:e7:0d:5d:78:2d:75:30:e6:7e:4f:eb:fb:f0:
         4d:e2:fe:73:12:cf:30:7b:13:c1:9e:e8:2e:ed:bc:d4:70:16:
         dd:a1:fd:ee:9e:4f:d0:77:e3:30:20:fb:97:a6:8e:04:77:d7:
         62:5f:02:7d:70:3d:55:f9:a6:c3:d7:ed:2f:e0:9f:e6:2b:3d:
         a7:bd:52:b3:b6:10:d4:b2:38:80:b8:53:35:7d:1c:5f:e9:92:
         8d:5c:8a:ca:22:7f:21:35:bf:cb:2c:dd:e9:64:6a:ec:ed:60:
         bf:4c:5e:97:84:86:ce:35:bd:d1:63:4a:c0:b8:25:3a:11:12:
         cc:cb:d2:1d:c3:f7:d2:95:e0:29:c9:13:ce:1c:c0:70:2b:fa:
         e6:1c:8a:9d:60:e4:a2:28:a1:96:fb:d7:e3:b6:ef:4c:3b:7f:
         9e:07:9f:be:09:39:02:e4:8d:89:57:4d:ea:5a:17:77:d5:66:
         2d:6d:ed:6b:50:65:3d:12:d6:af:c9:49:96:60:36:f9:9f:52:
         2b:7d:e6:ca:bf:4a:48:78:ad:ea:53:49:f6:56:00:16:93:d8:
         f4:7a:40:e4:54:e5:3e:d6:23:1a:87:fa:02:14:dd:fc:fa:f0:
         78:7c:d5:c6
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQijXxGc32bIRbvsLSckpYYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NzAyMWRjZGY0NGI2YWZkZDM4MTA1NDdjNTVhNzliZDFh
OWZhM2IwHhcNMjUwMTAxMTU0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWRhZWRkNmEyYzRhN2IyNDVjM2Y5NzVlYzM2ZGViZjg5NjIzZGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxjWOr24HIert/7bCouYUPtDtT4X
cKiVyjUUq9nreDAND3i9foQ3pUe8TZVPO+Jg1zi5jitY0kXQxIQV4Jhjv/aUwOme
EnXPsfx65v4bCgOuY8udB5rOC/v6OI/tryv/GvzpGQAt2fvvyV/I4IcdTa02XM4D
qJQCUOXQyWAhYlmn36yKQO1zO5AGyc5r14xFlcpbd1B8h+Ch0/QEn040IReJ0XSw
IYlSXo5SZzN/L0AgOEJAbZvE5DunXDZss5dFfX2Sm6nQ9KO2Bjz6bQf02icL7j3t
4psfmTbFZ5CTYHZgdKAJV/Hmp/ugGzfJ4KNgD+5o7Moo3KZTnngYBlDf+wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFJ7a7daixKeyRcP5dew23r+JYj3GMB8GA1UdIwQY
MBaAFFdwIdzfRLav3TgQVHxVp5vRqfo7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjNBaDNOOUV0cV9kT0JCVWZGV25tOUdwLWpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8wYWMyN2EtMjE1OS00OGQ3LThiZmQt
YzkwN2FlMWMyMTFlLzEvbnRydDFxTEVwN0pGd19sMTdEYmV2NGxpUGNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8wYWMyN2EtMjE1OS00OGQ3LThiZmQtYzkwN2FlMWMyMTFl
LzEvVjNBaDNOOUV0cV9kT0JCVWZGV25tOUdwLWpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCBfxcAwQC
LUFAAwQCuchMAwQCuez4AwQBwVQwAwQBwVRcMA0GCSqGSIb3DQEBCwUAA4IBAQAD
0mTyWhuvoZGtg1mxUiOj80HKqCg6HOcNXXgtdTDmfk/r+/BN4v5zEs8wexPBnugu
7bzUcBbdof3unk/Qd+MwIPuXpo4Ed9diXwJ9cD1V+abD1+0v4J/mKz2nvVKzthDU
sjiAuFM1fRxf6ZKNXIrKIn8hNb/LLN3pZGrs7WC/TF6XhIbONb3RY0rAuCU6ERLM
y9Idw/fSleApyRPOHMBwK/rmHIqdYOSiKKGW+9fjtu9MO3+eB5++CTkC5I2JV03q
Whd31WYtbe1rUGU9EtavyUmWYDb5n1IrfebKv0pIeK3qU0n2VgAWk9j0ekDkVOU+
1iMah/oCFN38+vB4fNXG
-----END CERTIFICATE-----