Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/69984a-29bf-4d76-9561-62ba3a6884c8/1/rF8LhSThEKurgT2thPZRl33--iU.roa
File:                     rF8LhSThEKurgT2thPZRl33--iU.roa (raw, json)
Hash identifier:          OeGLpQD5hssmBuSbOYREJqNSMgk497g29MPKRDcfNuc=
Subject key identifier:   AC:5F:0B:85:24:E1:10:AB:AB:81:3D:AD:84:F6:51:97:7D:FE:FA:25
Certificate issuer:       /CN=e21df6a8aaa7041d725285d0dd0e180a649bc213
Certificate serial:       018CC7932BF9E8EDA68092303E19B41E7604
Authority key identifier: E2:1D:F6:A8:AA:A7:04:1D:72:52:85:D0:DD:0E:18:0A:64:9B:C2:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4h32qKqnBB1yUoXQ3Q4YCmSbwhM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/69984a-29bf-4d76-9561-62ba3a6884c8/1/rF8LhSThEKurgT2thPZRl33--iU.roa
Signing time:             Tue 02 Jan 2024 00:29:20 +0000
ROA not before:           Tue 02 Jan 2024 00:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39087
IP address blocks:        194.39.99.0/24 maxlen: 32
                          194.39.101.0/24 maxlen: 32
                          91.223.28.0/24 maxlen: 32
                          194.37.1.0/24 maxlen: 32
                          91.223.70.0/24 maxlen: 32
                          185.97.200.0/22 maxlen: 32
                          194.37.254.0/24 maxlen: 32
                          91.223.75.0/24 maxlen: 32
                          5.8.36.0/22 maxlen: 32
                          91.223.89.0/24 maxlen: 32
                          2a00:1b78::/29 maxlen: 64
                          2a0f:a3c0::/29 maxlen: 64
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:2b:f9:e8:ed:a6:80:92:30:3e:19:b4:1e:76:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e21df6a8aaa7041d725285d0dd0e180a649bc213
        Validity
            Not Before: Jan  2 00:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac5f0b8524e110abab813dad84f651977dfefa25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ac:8b:4d:66:68:ca:db:b2:d4:31:ac:83:6e:
                    50:62:de:c1:49:10:01:f1:67:8f:c1:20:03:cf:c1:
                    c1:74:f4:b0:fe:38:75:e5:6a:77:9f:80:68:e6:6b:
                    dd:16:01:84:aa:b9:ac:07:f9:ff:8d:c1:b9:a8:cd:
                    8a:fe:35:79:0e:ec:f6:13:75:4d:61:04:19:52:4a:
                    11:80:7f:0f:21:53:98:8e:11:b1:f7:14:f8:a3:80:
                    f9:62:e9:f3:2e:f4:a0:56:37:bd:6b:33:47:d2:82:
                    a1:5d:5b:2f:ab:64:2c:dc:88:0d:c9:27:d5:ab:c5:
                    14:08:83:e1:5b:4f:b7:5c:6a:a4:19:e8:27:a6:a8:
                    b8:02:ae:fd:2e:4e:18:31:be:91:38:e2:d7:28:2f:
                    08:64:c2:cd:5f:a5:b0:79:b7:2e:64:ef:5c:b2:44:
                    fe:a0:43:47:89:ab:65:dd:aa:98:2a:05:05:b5:ff:
                    c4:93:53:6d:58:02:0c:8d:78:99:d1:6c:15:cc:60:
                    fa:4d:23:a8:67:ec:62:56:9d:bb:47:26:bc:ce:5d:
                    bf:b4:af:85:ec:22:ca:31:7d:fc:44:e5:16:de:81:
                    31:07:ad:93:70:0d:9c:c6:5b:83:34:08:7d:26:fc:
                    ca:9f:11:09:ec:42:56:e2:b9:3d:19:a4:58:d7:4f:
                    a4:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:5F:0B:85:24:E1:10:AB:AB:81:3D:AD:84:F6:51:97:7D:FE:FA:25
            X509v3 Authority Key Identifier:
                keyid:E2:1D:F6:A8:AA:A7:04:1D:72:52:85:D0:DD:0E:18:0A:64:9B:C2:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4h32qKqnBB1yUoXQ3Q4YCmSbwhM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/69984a-29bf-4d76-9561-62ba3a6884c8/1/rF8LhSThEKurgT2thPZRl33--iU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/69984a-29bf-4d76-9561-62ba3a6884c8/1/4h32qKqnBB1yUoXQ3Q4YCmSbwhM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.36.0/22
                  91.223.28.0/24
                  91.223.70.0/24
                  91.223.75.0/24
                  91.223.89.0/24
                  185.97.200.0/22
                  194.37.1.0/24
                  194.37.254.0/24
                  194.39.99.0/24
                  194.39.101.0/24
                IPv6:
                  2a00:1b78::/29
                  2a0f:a3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         33:ad:f8:18:99:b4:ee:b3:e1:96:91:a9:08:a0:d0:c4:19:45:
         88:6e:7b:0d:46:b5:6b:d9:96:c6:21:bc:98:f6:12:30:6f:02:
         08:22:64:bb:80:a6:b2:86:d1:8e:ba:ec:6c:e1:0c:4c:44:6f:
         b0:69:02:65:ee:75:1d:02:ec:44:84:5e:74:0e:10:e1:a3:0f:
         17:55:1b:fc:c3:f4:e2:8b:b4:be:da:68:d2:d3:6d:85:fb:9f:
         dc:fd:34:27:82:7d:22:68:50:f7:15:ea:4a:5d:02:0c:89:a3:
         20:3d:7f:8b:6a:47:0c:02:c4:df:3a:be:19:55:ee:45:af:f0:
         8a:90:a8:0a:3d:26:cd:fa:18:ae:b7:a9:96:6e:74:31:d6:4f:
         32:73:c3:c3:8d:77:9f:37:1d:28:b7:7a:b1:a1:17:dd:b7:27:
         b3:35:71:03:95:03:ed:fd:8d:82:d9:36:1b:b7:50:6c:be:d7:
         c9:5e:ee:6c:3f:d0:01:80:03:d4:7e:35:00:b0:f7:88:fb:63:
         36:79:75:aa:6d:20:1e:13:51:83:a3:a3:3e:28:3e:d9:0a:30:
         a5:12:a6:33:cb:eb:83:23:07:ce:b9:46:85:6c:77:e5:99:d2:
         93:1b:d7:b8:7a:39:f6:e3:2a:5b:37:ef:e3:a5:c5:18:15:51:
         1f:38:aa:bb
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYzHkyv56O2mgJIwPhm0HnYEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyMWRmNmE4YWFhNzA0MWQ3MjUyODVkMGRkMGUxODBhNjQ5
YmMyMTMwHhcNMjQwMTAyMDAyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzVmMGI4NTI0ZTExMGFiYWI4MTNkYWQ4NGY2NTE5NzdkZmVmYTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkayLTWZoytuy1DGsg25QYt7BSRAB
8WePwSADz8HBdPSw/jh15Wp3n4Bo5mvdFgGEqrmsB/n/jcG5qM2K/jV5Duz2E3VN
YQQZUkoRgH8PIVOYjhGx9xT4o4D5YunzLvSgVje9azNH0oKhXVsvq2Qs3IgNySfV
q8UUCIPhW0+3XGqkGegnpqi4Aq79Lk4YMb6ROOLXKC8IZMLNX6WwebcuZO9cskT+
oENHiatl3aqYKgUFtf/Ek1NtWAIMjXiZ0WwVzGD6TSOoZ+xiVp27Rya8zl2/tK+F
7CLKMX38ROUW3oExB62TcA2cxluDNAh9JvzKnxEJ7EJW4rk9GaRY10+kkwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFKxfC4Uk4RCrq4E9rYT2UZd9/volMB8GA1UdIwQY
MBaAFOId9qiqpwQdclKF0N0OGApkm8ITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGgzMnFLcW5CQjF5VW9YUTNRNFlDbVNid2hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82OTk4NGEtMjliZi00ZDc2LTk1NjEt
NjJiYTNhNjg4NGM4LzEvckY4TGhTVGhFS3VyZ1QydGhQWlJsMzMtLWlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82OTk4NGEtMjliZi00ZDc2LTk1NjEtNjJiYTNhNjg4NGM4
LzEvNGgzMnFLcW5CQjF5VW9YUTNRNFlDbVNid2hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQCBQgkAwQA
W98cAwQAW99GAwQAW99LAwQAW99ZAwQCuWHIAwQAwiUBAwQAwiX+AwQAwidjAwQA
widlMBQEAgACMA4DBQMqABt4AwUDKg+jwDANBgkqhkiG9w0BAQsFAAOCAQEAM634
GJm07rPhlpGpCKDQxBlFiG57DUa1a9mWxiG8mPYSMG8CCCJku4CmsobRjrrsbOEM
TERvsGkCZe51HQLsRIRedA4Q4aMPF1Ub/MP04ou0vtpo0tNthfuf3P00J4J9ImhQ
9xXqSl0CDImjID1/i2pHDALE3zq+GVXuRa/wipCoCj0mzfoYrreplm50MdZPMnPD
w413nzcdKLd6saEX3bcnszVxA5UD7f2Ngtk2G7dQbL7XyV7ubD/QAYAD1H41ALD3
iPtjNnl1qm0gHhNRg6OjPig+2QowpRKmM8vrgyMHzrlGhWx35ZnSkxvXuHo59uMq
Wzfv46XFGBVRHziquw==
-----END CERTIFICATE-----