Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/81b188-255d-49c7-9f98-0ac9b4d7eab7/1/VrCXOdxzLdld1tE0j_xLZ92cqsk.roa
File:                     VrCXOdxzLdld1tE0j_xLZ92cqsk.roa (raw, json)
Hash identifier:          QEJHs3sdF5W7Kc4VSrPn7L7Yyup7NDcWYP/rulbrnEw=
Subject key identifier:   56:B0:97:39:DC:73:2D:D9:5D:D6:D1:34:8F:FC:4B:67:DD:9C:AA:C9
Certificate issuer:       /CN=3de49b1844fe4422afbe10cdd2819c7448277e65
Certificate serial:       01941F8C0ABEF920B3E3B5E82BB71FDA6D0C
Authority key identifier: 3D:E4:9B:18:44:FE:44:22:AF:BE:10:CD:D2:81:9C:74:48:27:7E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PeSbGET-RCKvvhDN0oGcdEgnfmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/81b188-255d-49c7-9f98-0ac9b4d7eab7/1/VrCXOdxzLdld1tE0j_xLZ92cqsk.roa
Signing time:             Wed 01 Jan 2025 01:47:38 +0000
ROA not before:           Wed 01 Jan 2025 01:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12859
IP address blocks:        45.153.16.0/23 maxlen: 23
                          45.153.16.0/24 maxlen: 24
                          45.153.17.0/24 maxlen: 24
                          178.22.56.0/21 maxlen: 21
                          178.22.56.0/24 maxlen: 24
                          178.22.57.0/24 maxlen: 24
                          178.22.58.0/24 maxlen: 24
                          178.22.59.0/24 maxlen: 24
                          178.22.60.0/24 maxlen: 24
                          178.22.61.0/24 maxlen: 24
                          178.22.62.0/24 maxlen: 24
                          178.22.63.0/24 maxlen: 24
                          185.31.244.0/22 maxlen: 22
                          185.31.244.0/24 maxlen: 24
                          185.31.245.0/24 maxlen: 24
                          185.31.246.0/24 maxlen: 24
                          185.31.247.0/24 maxlen: 24
                          2a00:1e28::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:0a:be:f9:20:b3:e3:b5:e8:2b:b7:1f:da:6d:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3de49b1844fe4422afbe10cdd2819c7448277e65
        Validity
            Not Before: Jan  1 01:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56b09739dc732dd95dd6d1348ffc4b67dd9caac9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e2:d3:d2:c6:52:34:ef:27:70:da:1e:f5:bd:
                    17:38:8a:0e:c2:5b:73:fb:7e:a0:cd:64:ba:32:d7:
                    80:11:43:50:fb:e0:58:53:ba:92:21:65:8b:5b:66:
                    d9:b6:74:22:c4:9e:0a:0a:83:80:38:b9:69:25:a6:
                    c4:96:53:7c:8b:c8:83:32:c1:dc:fe:4b:e7:ce:6c:
                    da:22:fc:e1:a2:39:d3:d6:f1:53:b4:49:fc:ec:fa:
                    8e:7b:5a:5f:dd:b9:59:16:03:d3:44:13:96:b6:c9:
                    34:50:cd:ab:e5:09:21:3d:94:52:5e:d5:c4:06:a7:
                    22:87:d3:03:66:2d:3d:70:b6:41:7f:1c:69:fa:a2:
                    b3:41:c0:11:b4:77:08:07:a0:35:30:a5:1a:e8:56:
                    fb:25:21:69:34:b3:b2:e8:b9:be:c6:08:80:ef:c0:
                    b5:60:85:25:6d:f6:e2:fd:4b:07:67:f7:ca:d5:47:
                    e8:5f:9d:6d:2b:43:67:78:8f:f3:dc:89:b6:10:f5:
                    c5:53:fd:c1:e4:15:2b:0c:6b:0f:04:0f:b7:b4:ec:
                    1d:0e:0b:fe:d2:b7:66:01:64:a5:3b:62:ea:11:d9:
                    ba:83:34:8e:cf:36:07:61:83:82:55:fc:d2:cb:bc:
                    63:06:2b:3c:40:6d:22:a4:33:75:eb:ae:0b:e0:c9:
                    ea:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:B0:97:39:DC:73:2D:D9:5D:D6:D1:34:8F:FC:4B:67:DD:9C:AA:C9
            X509v3 Authority Key Identifier:
                keyid:3D:E4:9B:18:44:FE:44:22:AF:BE:10:CD:D2:81:9C:74:48:27:7E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PeSbGET-RCKvvhDN0oGcdEgnfmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/81b188-255d-49c7-9f98-0ac9b4d7eab7/1/VrCXOdxzLdld1tE0j_xLZ92cqsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/81b188-255d-49c7-9f98-0ac9b4d7eab7/1/PeSbGET-RCKvvhDN0oGcdEgnfmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.16.0/23
                  178.22.56.0/21
                  185.31.244.0/22
                IPv6:
                  2a00:1e28::/32

    Signature Algorithm: sha256WithRSAEncryption
         c0:db:99:ad:80:8f:86:7e:87:c2:77:75:e6:94:7b:a2:e8:9e:
         d1:38:f9:f0:7d:3a:55:da:fa:0a:41:1e:26:b7:9a:42:f1:51:
         5d:e7:09:9a:12:71:a0:51:bf:44:46:21:38:06:0b:df:6b:d4:
         76:c0:1d:e5:31:ca:e4:4b:b3:45:de:b5:3c:6c:f5:82:f0:7b:
         60:ad:ab:d4:4b:f5:9b:ab:25:74:10:ed:b3:1c:e4:94:a3:96:
         ed:2f:b5:30:f2:41:34:b5:78:b1:c4:a5:7d:6d:11:7b:40:44:
         8a:73:1c:37:55:32:24:5b:40:a6:ac:0b:09:0e:f2:cc:3f:b8:
         e1:93:6b:f4:20:6f:80:72:b5:7a:86:0d:93:93:d8:89:6a:b7:
         98:2c:16:0b:73:a6:8d:81:e4:4d:76:3e:b7:7d:4e:22:e4:e9:
         f4:d0:26:4a:0e:4a:50:65:ba:a9:c0:73:b4:c6:89:aa:60:b0:
         21:c9:19:ac:4e:4c:40:8f:f6:10:37:a6:f9:1e:c2:a6:46:12:
         ad:45:54:bc:55:44:98:a9:0a:d2:b6:13:f8:75:64:76:87:70:
         90:01:f9:f2:4b:ba:9a:9f:dc:7f:d7:f3:d2:ed:ec:90:7a:2c:
         ae:b1:02:73:65:a1:2b:70:79:0d:1e:3a:5f:98:9c:a6:10:a8:
         c5:10:3a:60
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQfjAq++SCz47XoK7cf2m0MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZTQ5YjE4NDRmZTQ0MjJhZmJlMTBjZGQyODE5Yzc0NDgy
NzdlNjUwHhcNMjUwMTAxMDE0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmIwOTczOWRjNzMyZGQ5NWRkNmQxMzQ4ZmZjNGI2N2RkOWNhYWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeLT0sZSNO8ncNoe9b0XOIoOwltz
+36gzWS6MteAEUNQ++BYU7qSIWWLW2bZtnQixJ4KCoOAOLlpJabEllN8i8iDMsHc
/kvnzmzaIvzhojnT1vFTtEn87PqOe1pf3blZFgPTRBOWtsk0UM2r5QkhPZRSXtXE
Bqcih9MDZi09cLZBfxxp+qKzQcARtHcIB6A1MKUa6Fb7JSFpNLOy6Lm+xgiA78C1
YIUlbfbi/UsHZ/fK1UfoX51tK0NneI/z3Im2EPXFU/3B5BUrDGsPBA+3tOwdDgv+
0rdmAWSlO2LqEdm6gzSOzzYHYYOCVfzSy7xjBis8QG0ipDN1664L4MnqhwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFFawlznccy3ZXdbRNI/8S2fdnKrJMB8GA1UdIwQY
MBaAFD3kmxhE/kQir74QzdKBnHRIJ35lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGVTYkdFVC1SQ0t2dmhETjBvR2NkRWduZm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC84MWIxODgtMjU1ZC00OWM3LTlmOTgt
MGFjOWI0ZDdlYWI3LzEvVnJDWE9keHpMZGxkMXRFMGpfeExaOTJjcXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC84MWIxODgtMjU1ZC00OWM3LTlmOTgtMGFjOWI0ZDdlYWI3
LzEvUGVTYkdFVC1SQ0t2dmhETjBvR2NkRWduZm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQBLZkQAwQD
shY4AwQCuR/0MA0EAgACMAcDBQAqAB4oMA0GCSqGSIb3DQEBCwUAA4IBAQDA25mt
gI+GfofCd3XmlHui6J7ROPnwfTpV2voKQR4mt5pC8VFd5wmaEnGgUb9ERiE4Bgvf
a9R2wB3lMcrkS7NF3rU8bPWC8HtgravUS/WbqyV0EO2zHOSUo5btL7Uw8kE0tXix
xKV9bRF7QESKcxw3VTIkW0CmrAsJDvLMP7jhk2v0IG+AcrV6hg2Tk9iJareYLBYL
c6aNgeRNdj63fU4i5On00CZKDkpQZbqpwHO0xomqYLAhyRmsTkxAj/YQN6b5HsKm
RhKtRVS8VUSYqQrSthP4dWR2h3CQAfnyS7qan9x/1/PS7eyQeiyusQJzZaErcHkN
HjpfmJymEKjFEDpg
-----END CERTIFICATE-----