Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/n5grmYLFusDXskduHNK0u8Uh7_8.roa
File:                     n5grmYLFusDXskduHNK0u8Uh7_8.roa (raw, json)
Hash identifier:          Ot/hVRNHpI3TyJW49c6dgVaMjbZnxiCg+2OWKcBEwPs=
Subject key identifier:   9F:98:2B:99:82:C5:BA:C0:D7:B2:47:6E:1C:D2:B4:BB:C5:21:EF:FF
Certificate issuer:       /CN=c755702467770ed69b367b77bbe640bc6db4153e
Certificate serial:       018CC8DF2158C743399CF6115228BCD35BBE
Authority key identifier: C7:55:70:24:67:77:0E:D6:9B:36:7B:77:BB:E6:40:BC:6D:B4:15:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x1VwJGd3DtabNnt3u-ZAvG20FT4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/n5grmYLFusDXskduHNK0u8Uh7_8.roa
Signing time:             Tue 02 Jan 2024 06:31:55 +0000
ROA not before:           Tue 02 Jan 2024 06:31:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201935
IP address blocks:        84.254.137.0/24 maxlen: 24
                          84.254.144.0/24 maxlen: 24
                          84.254.144.0/23 maxlen: 24
                          84.254.145.0/24 maxlen: 24
                          84.254.146.0/24 maxlen: 24
                          84.254.164.0/24 maxlen: 24
                          95.210.133.0/24 maxlen: 24
                          176.227.131.0/24 maxlen: 24
                          176.227.139.0/24 maxlen: 24
                          176.227.138.0/24 maxlen: 24
                          84.254.130.0/24 maxlen: 24
                          84.254.131.0/24 maxlen: 24
                          95.210.111.0/24 maxlen: 24
                          95.210.132.0/24 maxlen: 24
                          95.210.132.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:21:58:c7:43:39:9c:f6:11:52:28:bc:d3:5b:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c755702467770ed69b367b77bbe640bc6db4153e
        Validity
            Not Before: Jan  2 06:31:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f982b9982c5bac0d7b2476e1cd2b4bbc521efff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ef:ab:8e:9c:7f:d6:84:58:bd:d0:3b:38:06:
                    8b:d9:e4:ff:1d:65:28:0a:6d:50:88:85:8f:3b:98:
                    cd:a6:ef:8c:21:af:bc:1e:5d:a3:51:f5:57:1d:e3:
                    7e:73:ff:d7:ef:19:ec:93:d1:a2:3b:e8:d3:e7:c8:
                    77:29:df:64:b6:e4:61:26:c1:0c:1d:1e:dc:12:58:
                    d0:da:1d:83:01:4d:ad:66:10:fc:3f:6c:63:03:2c:
                    d5:eb:39:02:0d:39:05:8f:62:bc:6c:18:d1:37:18:
                    76:4f:94:6c:93:6e:05:d8:63:59:ec:e8:13:b3:38:
                    83:f3:c3:fa:5f:83:f7:ae:e9:18:a4:5d:99:1b:fd:
                    0c:06:f7:ec:44:8e:d3:d5:ac:e5:4c:73:2a:1e:22:
                    48:ed:aa:39:91:75:8b:b0:d8:ef:bb:49:07:58:69:
                    2f:f7:28:b3:b2:c0:d7:47:d2:fb:c6:aa:0c:0f:e7:
                    8a:0c:e6:9d:52:5a:c4:3e:74:f2:20:45:f6:69:35:
                    d4:ef:49:f2:7d:98:a2:5f:3b:f6:99:62:ff:de:04:
                    ae:8e:98:22:9b:7a:1b:a3:6c:e0:ec:6c:16:c0:b1:
                    d4:46:27:02:fa:9c:3d:b8:c3:02:80:39:29:8c:45:
                    16:8b:5b:46:e0:de:2b:8d:d2:d4:08:b2:84:a8:64:
                    3e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:98:2B:99:82:C5:BA:C0:D7:B2:47:6E:1C:D2:B4:BB:C5:21:EF:FF
            X509v3 Authority Key Identifier:
                keyid:C7:55:70:24:67:77:0E:D6:9B:36:7B:77:BB:E6:40:BC:6D:B4:15:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x1VwJGd3DtabNnt3u-ZAvG20FT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/n5grmYLFusDXskduHNK0u8Uh7_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/x1VwJGd3DtabNnt3u-ZAvG20FT4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.254.130.0/23
                  84.254.137.0/24
                  84.254.144.0-84.254.146.255
                  84.254.164.0/24
                  95.210.111.0/24
                  95.210.132.0/23
                  176.227.131.0/24
                  176.227.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         10:4e:15:6d:c6:71:c7:51:d7:aa:2e:11:d2:f8:16:9b:13:6f:
         71:3a:01:e3:dc:62:03:98:8d:b1:f4:2b:fc:1e:57:97:0f:ab:
         d2:b1:7e:82:28:0e:7c:76:a9:33:a5:1a:8b:ad:e0:45:59:c8:
         52:7f:ec:57:0b:78:b0:2e:29:b5:d3:21:c5:ba:85:aa:79:c5:
         b9:46:b9:b4:b5:ea:89:1f:b8:8e:ed:68:af:b6:c5:9c:1d:90:
         b9:7c:90:80:18:3d:21:ee:7d:ef:18:9a:17:49:ef:2b:04:d7:
         64:27:c4:11:ee:48:e2:9b:d4:4c:63:a7:c8:55:60:02:08:9d:
         69:16:39:d8:3a:9a:3d:c8:ca:d4:b7:6c:dd:fe:19:6b:17:cd:
         51:c6:5f:01:da:28:ec:de:60:b5:53:28:dd:94:94:1c:b6:b1:
         89:76:83:69:97:9f:28:44:cc:cd:bb:c1:ff:e5:9e:3a:9a:1c:
         d6:7b:46:9d:8e:fe:31:22:db:6b:d7:de:d1:1e:3d:12:ca:8d:
         f5:81:4b:73:09:07:4e:ee:5f:5e:09:b3:d3:79:a3:3d:2d:67:
         96:c2:85:03:eb:7b:de:e6:51:90:01:e7:09:76:d0:21:6c:ca:
         de:f3:61:f7:fa:81:7d:bc:2c:06:32:bc:c5:89:31:9b:c9:a4:
         20:c8:3b:c7
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYzI3yFYx0M5nPYRUii801u+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NTU3MDI0Njc3NzBlZDY5YjM2N2I3N2JiZTY0MGJjNmRi
NDE1M2UwHhcNMjQwMTAyMDYzMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjk4MmI5OTgyYzViYWMwZDdiMjQ3NmUxY2QyYjRiYmM1MjFlZmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnu+rjpx/1oRYvdA7OAaL2eT/HWUo
Cm1QiIWPO5jNpu+MIa+8Hl2jUfVXHeN+c//X7xnsk9GiO+jT58h3Kd9ktuRhJsEM
HR7cEljQ2h2DAU2tZhD8P2xjAyzV6zkCDTkFj2K8bBjRNxh2T5Rsk24F2GNZ7OgT
sziD88P6X4P3rukYpF2ZG/0MBvfsRI7T1azlTHMqHiJI7ao5kXWLsNjvu0kHWGkv
9yizssDXR9L7xqoMD+eKDOadUlrEPnTyIEX2aTXU70nyfZiiXzv2mWL/3gSujpgi
m3obo2zg7GwWwLHURicC+pw9uMMCgDkpjEUWi1tG4N4rjdLUCLKEqGQ+PwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFJ+YK5mCxbrA17JHbhzStLvFIe//MB8GA1UdIwQY
MBaAFMdVcCRndw7WmzZ7d7vmQLxttBU+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDFWd0pHZDNEdGFiTm50M3UtWkF2RzIwRlQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yNDNmOTEtODc0Ny00OTgxLTljYmYt
MWQzNzM0OTk5MjRlLzEvbjVncm1ZTEZ1c0RYc2tkdUhOSzB1OFVoN184LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yNDNmOTEtODc0Ny00OTgxLTljYmYtMWQzNzM0OTk5MjRl
LzEveDFWd0pHZDNEdGFiTm50M3UtWkF2RzIwRlQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQBVP6CAwQA
VP6JMAwDBARU/pADBABU/pIDBABU/qQDBABf0m8DBAFf0oQDBACw44MDBAGw44ow
DQYJKoZIhvcNAQELBQADggEBABBOFW3GccdR16ouEdL4FpsTb3E6AePcYgOYjbH0
K/weV5cPq9KxfoIoDnx2qTOlGout4EVZyFJ/7FcLeLAuKbXTIcW6hap5xblGubS1
6okfuI7taK+2xZwdkLl8kIAYPSHufe8YmhdJ7ysE12QnxBHuSOKb1Exjp8hVYAII
nWkWOdg6mj3IytS3bN3+GWsXzVHGXwHaKOzeYLVTKN2UlBy2sYl2g2mXnyhEzM27
wf/lnjqaHNZ7Rp2O/jEi22vX3tEePRLKjfWBS3MJB07uX14Js9N5oz0tZ5bChQPr
e97mUZAB5wl20CFsyt7zYff6gX28LAYyvMWJMZvJpCDIO8c=
-----END CERTIFICATE-----