Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/J11nWfJO-imGiFVFP6omeAKt4bk.roa
File:                     J11nWfJO-imGiFVFP6omeAKt4bk.roa (raw, json)
Hash identifier:          9tJ2/L4cDfBn66tXnJNvwXqS957xIDb1FnCQqdvdeXw=
Subject key identifier:   27:5D:67:59:F2:4E:FA:29:86:88:55:45:3F:AA:26:78:02:AD:E1:B9
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       01950C27B1CE07AEF414DF7132532B26D47A
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/J11nWfJO-imGiFVFP6omeAKt4bk.roa
Signing time:             Sun 16 Feb 2025 00:28:02 +0000
ROA not before:           Sun 16 Feb 2025 00:28:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401152
IP address blocks:        64.188.100.0/22 maxlen: 24
                          64.188.120.0/22 maxlen: 24
                          64.188.124.0/24 maxlen: 24
                          64.188.125.0/24 maxlen: 24
                          64.188.126.0/24 maxlen: 24
                          64.188.127.0/24 maxlen: 24
                          185.216.104.0/22 maxlen: 24
                          193.23.192.0/21 maxlen: 24
                          193.23.200.0/22 maxlen: 24
                          193.23.204.0/22 maxlen: 24
                          193.23.208.0/22 maxlen: 24
                          193.23.212.0/22 maxlen: 24
                          193.23.216.0/23 maxlen: 24
                          193.23.218.0/23 maxlen: 24
                          193.23.220.0/24 maxlen: 24
                          193.23.221.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:0c:27:b1:ce:07:ae:f4:14:df:71:32:53:2b:26:d4:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Feb 16 00:28:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=275d6759f24efa29868855453faa267802ade1b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:cb:45:68:6c:19:f3:c0:a1:d6:0f:68:d6:6b:
                    b2:f5:ea:f9:f6:ba:3f:34:e4:35:95:70:90:24:b0:
                    60:0f:dd:6f:99:7b:19:1b:02:5d:ff:74:bb:e2:18:
                    10:cc:b4:81:cf:79:05:31:78:31:88:2d:88:08:02:
                    fd:1e:de:f1:66:8b:89:0e:a0:6f:ac:92:7b:5f:e4:
                    07:22:f0:aa:f6:b3:4d:d7:05:77:b7:7a:ce:f5:12:
                    5a:11:56:4d:02:08:96:ed:3f:62:b0:0c:5a:86:11:
                    8b:0f:13:b9:39:e1:c6:83:08:47:1b:3f:2d:f4:b1:
                    92:cf:a0:e4:5b:2d:3e:dd:09:60:fd:25:8a:c6:15:
                    b6:81:0c:26:e8:cf:55:a5:82:bb:58:72:f1:79:e9:
                    d5:5a:84:3f:f2:8f:89:62:de:da:e5:5b:83:7c:80:
                    c4:c8:09:fa:8d:f2:95:c0:08:da:c6:61:3e:38:4d:
                    0e:94:06:4d:33:4a:49:d4:76:75:0c:f2:c8:a7:8f:
                    bf:20:ff:65:72:c4:fa:de:ca:ea:d7:de:6e:0c:54:
                    38:27:61:a8:ad:26:89:86:d3:92:1a:b8:39:aa:7f:
                    00:ed:0e:db:58:55:2c:8c:2c:0a:64:8e:04:8f:33:
                    0c:51:c0:90:cd:1c:c6:ca:32:f9:f5:8c:1b:b2:4f:
                    89:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:5D:67:59:F2:4E:FA:29:86:88:55:45:3F:AA:26:78:02:AD:E1:B9
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/J11nWfJO-imGiFVFP6omeAKt4bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.188.100.0/22
                  64.188.120.0/21
                  185.216.104.0/22
                  193.23.192.0-193.23.221.255

    Signature Algorithm: sha256WithRSAEncryption
         b9:6f:ea:12:ba:71:b1:c8:2d:4d:3f:ef:fc:45:1e:8a:13:d7:
         b3:c3:d9:f5:fa:1c:d3:99:ff:36:d8:95:2c:fc:c4:ba:9a:62:
         bf:0c:a2:94:3a:55:60:e0:2a:71:7c:67:d8:79:ae:bb:ee:d5:
         9b:9b:1b:e4:27:e1:5f:72:0e:ed:5b:02:d7:bd:fd:50:cd:82:
         01:bc:e3:b5:25:bb:59:a5:56:e3:3d:5f:45:9f:a1:d4:7f:96:
         79:3a:78:5a:db:43:f5:5d:d7:6b:de:ff:ad:c9:c2:00:c0:a8:
         02:bb:e1:b0:ea:84:89:20:51:38:4e:a0:f3:8c:27:93:a1:b9:
         64:2e:fe:90:56:a3:db:ca:bf:83:eb:4e:99:6b:4a:4c:e5:89:
         14:31:43:f5:38:8d:04:3b:5c:d4:dc:98:99:80:07:f0:ce:22:
         e7:b1:bc:e2:c6:13:a2:ba:84:5d:0e:c3:6a:24:7d:a1:f9:1a:
         0c:2e:fd:0c:6a:ef:de:51:a3:ef:3f:f3:0c:37:36:d9:fd:b8:
         20:e9:b4:2b:18:8c:23:22:e6:ba:58:0a:59:9e:37:55:74:fe:
         52:ab:a1:fa:47:6e:bf:8b:c6:16:e4:e8:ed:08:c1:a7:78:5b:
         f2:c7:06:db:be:e3:8a:14:2f:e9:d4:ce:78:d9:05:c1:41:b8:
         2b:92:28:76
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZUMJ7HOB670FN9xMlMrJtR6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwMjE2MDAyODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzVkNjc1OWYyNGVmYTI5ODY4ODU1NDUzZmFhMjY3ODAyYWRlMWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMtFaGwZ88Ch1g9o1muy9er59ro/
NOQ1lXCQJLBgD91vmXsZGwJd/3S74hgQzLSBz3kFMXgxiC2ICAL9Ht7xZouJDqBv
rJJ7X+QHIvCq9rNN1wV3t3rO9RJaEVZNAgiW7T9isAxahhGLDxO5OeHGgwhHGz8t
9LGSz6DkWy0+3Qlg/SWKxhW2gQwm6M9VpYK7WHLxeenVWoQ/8o+JYt7a5VuDfIDE
yAn6jfKVwAjaxmE+OE0OlAZNM0pJ1HZ1DPLIp4+/IP9lcsT63srq195uDFQ4J2Go
rSaJhtOSGrg5qn8A7Q7bWFUsjCwKZI4EjzMMUcCQzRzGyjL59Ywbsk+JMQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFCddZ1nyTvophohVRT+qJngCreG5MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvSjExbldmSk8taW1HaUZWRlA2b21lQUt0NGJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCQLxkAwQD
QLx4AwQCudhoMAwDBAbBF8ADBAHBF9wwDQYJKoZIhvcNAQELBQADggEBALlv6hK6
cbHILU0/7/xFHooT17PD2fX6HNOZ/zbYlSz8xLqaYr8MopQ6VWDgKnF8Z9h5rrvu
1ZubG+Qn4V9yDu1bAte9/VDNggG847Ulu1mlVuM9X0WfodR/lnk6eFrbQ/Vd12ve
/63JwgDAqAK74bDqhIkgUThOoPOMJ5OhuWQu/pBWo9vKv4PrTplrSkzliRQxQ/U4
jQQ7XNTcmJmAB/DOIuexvOLGE6K6hF0Ow2okfaH5Ggwu/Qxq795Ro+8/8ww3Ntn9
uCDptCsYjCMi5rpYClmeN1V0/lKrofpHbr+Lxhbk6O0Iwad4W/LHBtu+44oUL+nU
znjZBcFBuCuSKHY=
-----END CERTIFICATE-----