Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/q86UqnEtXL58Ig2MeLPrIZC1ct4.roa
File:                     q86UqnEtXL58Ig2MeLPrIZC1ct4.roa (raw, json)
Hash identifier:          NM86Ks5qh6cn8N2PzS7cLmPIGv1JbTXkmoMoJMYEo1Q=
Subject key identifier:   AB:CE:94:AA:71:2D:5C:BE:7C:22:0D:8C:78:B3:EB:21:90:B5:72:DE
Certificate issuer:       /CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
Certificate serial:       01942067BCD805EE57E8C0CD0016A48E4070
Authority key identifier: 8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/q86UqnEtXL58Ig2MeLPrIZC1ct4.roa
Signing time:             Wed 01 Jan 2025 05:47:36 +0000
ROA not before:           Wed 01 Jan 2025 05:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        45.81.129.0/24 maxlen: 24
                          45.81.130.0/23 maxlen: 23
                          45.128.144.0/24 maxlen: 24
                          45.128.145.0/24 maxlen: 24
                          45.131.176.0/24 maxlen: 24
                          45.131.177.0/24 maxlen: 24
                          45.132.236.0/24 maxlen: 24
                          45.132.237.0/24 maxlen: 24
                          45.133.236.0/24 maxlen: 24
                          45.133.237.0/24 maxlen: 24
                          45.134.80.0/24 maxlen: 24
                          45.134.81.0/24 maxlen: 24
                          45.137.8.0/24 maxlen: 24
                          45.137.9.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:bc:d8:05:ee:57:e8:c0:cd:00:16:a4:8e:40:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
        Validity
            Not Before: Jan  1 05:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abce94aa712d5cbe7c220d8c78b3eb2190b572de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:26:8d:ba:03:5b:e5:24:ff:5c:8a:2e:4c:34:
                    83:8e:fc:37:fb:18:13:35:58:94:c3:03:6e:4d:01:
                    56:7d:aa:64:f2:69:8b:03:7c:79:9a:cd:a1:30:41:
                    5f:10:10:0b:24:d1:07:b6:e8:55:2e:c4:0a:d8:fd:
                    87:b6:f2:be:03:43:0f:d6:e1:46:e0:82:3b:71:15:
                    91:12:51:fc:bd:3a:cc:09:f2:46:6e:67:03:28:36:
                    f4:6b:c0:a7:7e:5c:f1:aa:ac:93:db:ad:a2:0c:8d:
                    af:98:27:db:39:84:e9:7c:7d:a9:2f:9b:da:f9:01:
                    65:aa:c9:85:dd:c1:25:d5:0a:5f:d3:b8:73:05:cf:
                    55:29:7c:10:a5:e3:8a:07:db:6c:ce:60:96:86:a7:
                    18:26:3e:0e:24:85:75:5c:0b:b8:1f:b3:74:76:d5:
                    9c:65:c0:28:e2:be:1b:6d:57:87:e1:87:5a:7c:74:
                    dd:a3:17:f9:48:ad:84:09:33:38:20:02:3c:03:6e:
                    12:73:a6:6e:b8:89:45:12:98:0f:43:f0:c8:2d:17:
                    4a:bf:b9:a9:c8:3f:dd:5e:e0:33:6a:84:b9:e6:08:
                    2e:83:9b:ae:57:6c:c6:5d:5f:64:c8:96:08:95:33:
                    f2:62:74:69:2e:f7:a8:60:38:32:bb:a6:56:18:75:
                    b1:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:CE:94:AA:71:2D:5C:BE:7C:22:0D:8C:78:B3:EB:21:90:B5:72:DE
            X509v3 Authority Key Identifier:
                keyid:8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/q86UqnEtXL58Ig2MeLPrIZC1ct4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.129.0-45.81.131.255
                  45.128.144.0/23
                  45.131.176.0/23
                  45.132.236.0/23
                  45.133.236.0/23
                  45.134.80.0/23
                  45.137.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:95:c0:4d:d4:ea:0d:45:17:89:6f:12:98:a8:e3:93:7c:cc:
         e0:e2:f1:b9:42:09:82:bc:62:4d:10:62:8d:22:78:c5:77:c9:
         48:bf:40:68:aa:4e:e8:75:b7:26:aa:84:ad:c3:a0:fe:f4:17:
         7d:88:20:86:cb:b7:df:b4:2b:36:51:a3:cd:19:ac:40:26:ee:
         87:7b:98:a7:f2:d7:8e:3f:1e:9e:bf:41:f3:44:d6:fb:84:39:
         22:bb:eb:33:eb:02:4e:90:29:a1:23:cd:0f:ec:04:bc:f9:79:
         7c:98:c4:90:7e:09:b0:77:f8:e5:c9:ff:e0:9d:67:19:71:a7:
         a5:83:a3:86:eb:bf:2a:eb:7c:b8:55:2c:99:a4:d6:96:fb:cb:
         9a:22:f0:01:08:6a:a2:fc:6a:9d:ee:ac:5e:a1:11:11:17:48:
         9b:27:3c:94:87:97:22:c8:5b:87:78:26:f0:af:ed:ad:31:0b:
         e3:7c:97:cb:29:b7:bd:77:b0:6e:ce:16:fe:d0:97:20:a7:7e:
         8c:25:00:af:e5:31:ef:39:6a:b5:08:87:f2:2f:e7:6d:7c:12:
         ce:14:71:2a:ce:28:3d:17:c8:99:11:f2:5b:3a:d4:ac:64:35:
         a8:6d:ff:62:fe:b1:1b:ce:c7:06:ca:b0:f3:04:23:9e:01:08:
         a2:6d:7d:87
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZQgZ7zYBe5X6MDNABakjkBwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzcxODMzNDFhMmFiNmRmM2M1OWVjODI3ZWQ3MTIwMGI1
YTYyNDQwHhcNMjUwMTAxMDU0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmNlOTRhYTcxMmQ1Y2JlN2MyMjBkOGM3OGIzZWIyMTkwYjU3MmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuiaNugNb5ST/XIouTDSDjvw3+xgT
NViUwwNuTQFWfapk8mmLA3x5ms2hMEFfEBALJNEHtuhVLsQK2P2HtvK+A0MP1uFG
4II7cRWRElH8vTrMCfJGbmcDKDb0a8CnflzxqqyT262iDI2vmCfbOYTpfH2pL5va
+QFlqsmF3cEl1Qpf07hzBc9VKXwQpeOKB9tszmCWhqcYJj4OJIV1XAu4H7N0dtWc
ZcAo4r4bbVeH4YdafHTdoxf5SK2ECTM4IAI8A24Sc6ZuuIlFEpgPQ/DILRdKv7mp
yD/dXuAzaoS55ggug5uuV2zGXV9kyJYIlTPyYnRpLveoYDgyu6ZWGHWx9QIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFKvOlKpxLVy+fCINjHiz6yGQtXLeMB8GA1UdIwQY
MBaAFIs3GDNBoqtt88WeyCftcSALWmJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUt
MDg1MmNiMzUzMjkzLzEvcTg2VXFuRXRYTDU4SWcyTWVMUHJJWkMxY3Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUtMDg1MmNiMzUzMjkz
LzEvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyMAwDBAAtUYED
BAItUYADBAEtgJADBAEtg7ADBAEthOwDBAEthewDBAEthlADBAEtiQgwDQYJKoZI
hvcNAQELBQADggEBAC6VwE3U6g1FF4lvEpio45N8zODi8blCCYK8Yk0QYo0ieMV3
yUi/QGiqTuh1tyaqhK3DoP70F32IIIbLt9+0KzZRo80ZrEAm7od7mKfy144/Hp6/
QfNE1vuEOSK76zPrAk6QKaEjzQ/sBLz5eXyYxJB+CbB3+OXJ/+CdZxlxp6WDo4br
vyrrfLhVLJmk1pb7y5oi8AEIaqL8ap3urF6hEREXSJsnPJSHlyLIW4d4JvCv7a0x
C+N8l8spt713sG7OFv7QlyCnfowlAK/lMe85arUIh/Iv5218Es4UcSrOKD0XyJkR
8ls61KxkNaht/2L+sRvOxwbKsPMEI54BCKJtfYc=
-----END CERTIFICATE-----