Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/A7fNepQEE5hriEH1MxVs7I9LEVc.roa
File:                     A7fNepQEE5hriEH1MxVs7I9LEVc.roa (raw, json)
Hash identifier:          bDqpKiV3wQKeG7s6LzFFi0Idj9cti+sB7X+a5H5psVQ=
Subject key identifier:   03:B7:CD:7A:94:04:13:98:6B:88:41:F5:33:15:6C:EC:8F:4B:11:57
Certificate issuer:       /CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
Certificate serial:       019427482A0B0CD254C83657D6316A285708
Authority key identifier: 56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/A7fNepQEE5hriEH1MxVs7I9LEVc.roa
Signing time:             Thu 02 Jan 2025 13:50:28 +0000
ROA not before:           Thu 02 Jan 2025 13:50:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57050
IP address blocks:        212.81.56.0/24 maxlen: 24
                          212.81.57.0/24 maxlen: 24
                          212.81.58.0/24 maxlen: 24
                          212.81.59.0/24 maxlen: 24
                          2a10:fa80:10::/48 maxlen: 48
                          2a10:fa80:56::/48 maxlen: 48
                          2a10:fa80:57::/48 maxlen: 48
                          2a10:fa80:58::/48 maxlen: 48
                          2a10:fa80:59::/48 maxlen: 48
                          2a10:fa80:92::/48 maxlen: 48
                          2a10:fa80:212::/48 maxlen: 48
                          2a10:fa80:216::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:2a:0b:0c:d2:54:c8:36:57:d6:31:6a:28:57:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
        Validity
            Not Before: Jan  2 13:50:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03b7cd7a940413986b8841f533156cec8f4b1157
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f5:8e:13:6f:b6:a9:ef:6b:62:19:8b:1a:f9:
                    b0:cc:4b:05:68:51:47:06:aa:4a:13:be:68:83:d8:
                    da:33:6a:7e:15:d5:95:8e:9b:83:69:59:0f:7f:5d:
                    4a:69:4a:a6:d5:8a:05:40:45:1d:ff:98:a0:5a:73:
                    ed:4c:c5:66:20:da:7e:d1:9b:18:cc:4d:19:b8:d7:
                    fa:7a:5d:cf:e2:b8:a4:bf:c8:b7:7f:37:6d:73:17:
                    ec:a9:50:33:f2:7a:ec:b8:89:bd:43:85:5e:db:22:
                    31:7d:75:61:85:db:bd:1b:c9:7a:e3:c5:b0:53:42:
                    82:d3:60:0e:0c:4a:c1:d2:8c:b4:2c:92:1b:05:da:
                    37:b3:40:8e:2f:42:69:f4:28:3f:39:41:42:1a:44:
                    0a:0d:f8:77:25:f4:c1:d8:f1:e9:a6:1a:0d:6e:1e:
                    f4:52:24:0d:8a:aa:f8:4a:f3:7c:9d:cc:fd:79:4d:
                    62:78:24:04:74:6a:eb:2b:7f:f3:ca:a1:5b:08:f2:
                    dc:fd:ac:02:d4:d6:fe:c8:9d:64:47:b3:39:d2:82:
                    1d:52:d1:44:3b:62:3c:85:08:0c:dd:92:1c:39:92:
                    98:71:7f:9b:1f:8a:10:5f:8a:97:e8:8a:cb:42:fc:
                    88:fb:02:92:a1:ff:8d:18:d2:a9:ec:da:f1:09:7c:
                    46:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:B7:CD:7A:94:04:13:98:6B:88:41:F5:33:15:6C:EC:8F:4B:11:57
            X509v3 Authority Key Identifier:
                keyid:56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/A7fNepQEE5hriEH1MxVs7I9LEVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.81.56.0/22
                IPv6:
                  2a10:fa80:10::/48
                  2a10:fa80:56::-2a10:fa80:59:ffff:ffff:ffff:ffff:ffff
                  2a10:fa80:92::/48
                  2a10:fa80:212::/48
                  2a10:fa80:216::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:6f:33:aa:b8:b3:c4:78:b6:a5:12:19:4a:a2:a5:94:72:b7:
         ca:af:0f:2d:10:06:d5:31:0e:ca:b2:27:c8:2e:cc:15:4c:eb:
         79:7d:6c:2d:b3:c5:56:85:58:c7:87:12:b1:62:f8:2f:4d:06:
         81:d3:7d:2c:96:e1:a4:d0:0b:e9:bd:cd:95:e6:fb:3a:05:51:
         c7:40:38:53:ab:be:cd:1e:92:c8:22:be:8b:3e:e8:16:bf:00:
         d1:23:b7:ae:37:8c:85:7c:b9:6e:30:58:72:50:1d:df:b5:6b:
         d4:29:9b:09:3c:5b:19:7d:db:2d:fa:96:a9:d7:65:d6:3f:12:
         5b:86:56:ba:bb:35:7a:9a:d7:03:a5:de:b7:4a:ce:52:ca:f2:
         8b:2f:e5:8c:47:81:8a:2b:a8:a8:d2:30:c8:2a:26:68:c4:5c:
         48:83:69:2f:2e:b0:75:59:c3:ce:87:36:ec:d8:5d:c6:5e:fe:
         13:d6:e2:15:13:40:9a:b9:b0:8d:84:56:4d:9b:39:af:80:26:
         7f:03:fc:7e:2b:b0:68:2e:fd:b1:8e:1b:13:d8:81:8f:66:86:
         b9:0a:91:e2:1b:03:11:aa:81:dd:c1:62:96:9c:2a:4d:0b:ab:
         9f:83:53:54:bc:f1:13:97:6b:34:d2:9d:c1:fb:bf:c3:a2:40:
         55:f5:b7:e7
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZQnSCoLDNJUyDZX1jFqKFcIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NTliMGJhODQwN2JlMTFjZmM5MTFiZDMxZWQxNDBjZDFj
NjA0NmMwHhcNMjUwMTAyMTM1MDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2I3Y2Q3YTk0MDQxMzk4NmI4ODQxZjUzMzE1NmNlYzhmNGIxMTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPWOE2+2qe9rYhmLGvmwzEsFaFFH
BqpKE75og9jaM2p+FdWVjpuDaVkPf11KaUqm1YoFQEUd/5igWnPtTMVmINp+0ZsY
zE0ZuNf6el3P4rikv8i3fzdtcxfsqVAz8nrsuIm9Q4Ve2yIxfXVhhdu9G8l648Ww
U0KC02AODErB0oy0LJIbBdo3s0COL0Jp9Cg/OUFCGkQKDfh3JfTB2PHpphoNbh70
UiQNiqr4SvN8ncz9eU1ieCQEdGrrK3/zyqFbCPLc/awC1Nb+yJ1kR7M50oIdUtFE
O2I8hQgM3ZIcOZKYcX+bH4oQX4qX6IrLQvyI+wKSof+NGNKp7NrxCXxGSQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFAO3zXqUBBOYa4hB9TMVbOyPSxFXMB8GA1UdIwQY
MBaAFFZZsLqEB74Rz8kRvTHtFAzRxgRsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEt
MjM5NGM2NjAwMDIyLzEvQTdmTmVwUUVFNWhyaUVIMU14VnM3STlMRVZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEtMjM5NGM2NjAwMDIy
LzEvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjAMBAIAATAGAwQC1FE4MD4E
AgACMDgDBwAqEPqAABAwEgMHASoQ+oAAVgMHASoQ+oAAWAMHACoQ+oAAkgMHACoQ
+oACEgMHACoQ+oACFjANBgkqhkiG9w0BAQsFAAOCAQEAXm8zqrizxHi2pRIZSqKl
lHK3yq8PLRAG1TEOyrInyC7MFUzreX1sLbPFVoVYx4cSsWL4L00GgdN9LJbhpNAL
6b3Nleb7OgVRx0A4U6u+zR6SyCK+iz7oFr8A0SO3rjeMhXy5bjBYclAd37Vr1Cmb
CTxbGX3bLfqWqddl1j8SW4ZWurs1eprXA6Xet0rOUsryiy/ljEeBiiuoqNIwyCom
aMRcSINpLy6wdVnDzoc27Nhdxl7+E9biFRNAmrmwjYRWTZs5r4AmfwP8fiuwaC79
sY4bE9iBj2aGuQqR4hsDEaqB3cFilpwqTQurn4NTVLzxE5drNNKdwfu/w6JAVfW3
5w==
-----END CERTIFICATE-----