Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/HRV4PB1eld0aKOMXe-mbGVxZMnQ.roa
File:                     HRV4PB1eld0aKOMXe-mbGVxZMnQ.roa (raw, json)
Hash identifier:          w1X+vY2roUoXWvdOVg6d1ygVdNzmflQjjewJ3ZoD7fU=
Subject key identifier:   1D:15:78:3C:1D:5E:95:DD:1A:28:E3:17:7B:E9:9B:19:5C:59:32:74
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       0194258F04A908F68031F779F756342C8351
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/HRV4PB1eld0aKOMXe-mbGVxZMnQ.roa
Signing time:             Thu 02 Jan 2025 05:48:37 +0000
ROA not before:           Thu 02 Jan 2025 05:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199173
IP address blocks:        77.78.157.0/24 maxlen: 24
                          77.78.158.0/24 maxlen: 24
                          85.187.184.0/23 maxlen: 23
                          85.187.184.0/24 maxlen: 24
                          85.187.185.0/24 maxlen: 24
                          85.187.186.0/24 maxlen: 24
                          85.187.218.0/23 maxlen: 23
                          85.187.218.0/24 maxlen: 24
                          85.187.219.0/24 maxlen: 24
                          85.187.224.0/21 maxlen: 21
                          85.187.224.0/24 maxlen: 24
                          85.187.225.0/24 maxlen: 24
                          85.187.226.0/24 maxlen: 24
                          85.187.227.0/24 maxlen: 24
                          85.187.228.0/24 maxlen: 24
                          85.187.229.0/24 maxlen: 24
                          85.187.230.0/24 maxlen: 24
                          85.187.231.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:04:a9:08:f6:80:31:f7:79:f7:56:34:2c:83:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  2 05:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d15783c1d5e95dd1a28e3177be99b195c593274
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:de:01:ee:64:82:d7:43:7f:3b:13:9d:15:c6:
                    46:ac:d3:b6:04:f2:04:28:46:bb:93:7b:c8:53:8c:
                    9c:20:a7:e6:48:7f:98:97:ae:91:1f:a4:80:67:ba:
                    78:51:0f:0e:7b:02:aa:a0:6e:72:de:da:26:83:c4:
                    cd:48:40:e0:c4:3b:11:b0:eb:c1:d1:74:84:f3:d6:
                    56:e9:21:6f:6d:ed:34:6a:ad:26:87:e5:b7:4b:ca:
                    89:d7:a8:43:c1:30:b4:b4:3b:d2:e3:42:8e:4d:e8:
                    a4:ec:16:ef:e5:b0:f7:10:04:de:8b:97:96:c3:9d:
                    4b:dc:3c:77:80:f4:e1:3d:37:5e:58:a8:3f:dc:91:
                    d1:8f:39:c3:4b:33:d1:fe:26:25:4b:68:80:7b:3d:
                    9d:52:aa:65:0e:6f:23:c4:85:00:82:9a:fe:62:6d:
                    a6:7d:6d:1d:f7:34:e5:6c:29:ee:1e:4b:88:64:d1:
                    65:f9:1d:2f:94:0e:49:89:b2:c8:c4:79:d0:8f:24:
                    a2:f0:52:31:03:85:4b:21:42:0d:79:b5:21:47:21:
                    3e:1f:b3:81:fc:11:a9:04:5a:a5:c7:b4:8b:aa:b1:
                    18:5a:a9:0c:5e:8f:b0:7e:60:43:36:69:8c:66:db:
                    ab:a4:41:55:6d:1c:73:65:27:a1:ef:db:fc:19:2a:
                    14:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:15:78:3C:1D:5E:95:DD:1A:28:E3:17:7B:E9:9B:19:5C:59:32:74
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/HRV4PB1eld0aKOMXe-mbGVxZMnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.78.157.0-77.78.158.255
                  85.187.184.0-85.187.186.255
                  85.187.218.0/23
                  85.187.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b9:6d:a7:34:12:f7:28:84:80:bb:2f:fe:2c:33:25:fa:8b:13:
         fc:e5:0c:0e:9e:e0:60:22:a4:14:14:d5:16:69:02:82:07:5d:
         a8:63:9a:ad:9d:62:1d:87:ef:5e:16:3a:08:9f:42:a6:e7:5f:
         3b:c6:d9:f7:cf:ac:03:e9:c7:c7:2c:68:ff:93:de:36:2d:46:
         22:9d:39:f6:71:0a:c4:0e:88:dc:d9:ff:a0:5a:f2:65:36:c6:
         65:85:c4:f6:c4:79:f6:5b:6f:8d:d1:d3:ad:0b:4c:31:38:6d:
         b7:5c:d2:77:86:f9:59:3d:a6:c0:65:ae:37:9c:8b:ed:ef:01:
         c4:ff:95:52:4f:cb:1b:47:16:56:3b:c1:43:df:68:74:8a:44:
         1a:fb:f4:eb:3d:9b:3d:07:a6:9f:32:85:e1:76:ee:ec:21:bf:
         82:03:1e:d4:c5:eb:1f:09:d2:c3:4a:36:e6:7e:24:6f:35:3d:
         d2:58:29:1b:7c:96:27:ac:50:d4:35:27:10:28:17:35:6c:61:
         a9:ee:80:90:9f:9c:cc:00:63:23:5b:b3:8a:7f:f7:34:70:a9:
         cc:20:31:bc:b4:73:f3:08:10:01:bc:dd:34:1c:d3:9d:9c:dd:
         0a:04:95:30:c3:6a:09:5d:38:a4:4f:a0:ba:18:ba:70:10:5b:
         13:57:70:b0
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZQljwSpCPaAMfd591Y0LINRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjUwMTAyMDU0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDE1NzgzYzFkNWU5NWRkMWEyOGUzMTc3YmU5OWIxOTVjNTkzMjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz94B7mSC10N/OxOdFcZGrNO2BPIE
KEa7k3vIU4ycIKfmSH+Yl66RH6SAZ7p4UQ8OewKqoG5y3tomg8TNSEDgxDsRsOvB
0XSE89ZW6SFvbe00aq0mh+W3S8qJ16hDwTC0tDvS40KOTeik7Bbv5bD3EATei5eW
w51L3Dx3gPThPTdeWKg/3JHRjznDSzPR/iYlS2iAez2dUqplDm8jxIUAgpr+Ym2m
fW0d9zTlbCnuHkuIZNFl+R0vlA5JibLIxHnQjySi8FIxA4VLIUINebUhRyE+H7OB
/BGpBFqlx7SLqrEYWqkMXo+wfmBDNmmMZturpEFVbRxzZSeh79v8GSoURwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFB0VeDwdXpXdGijjF3vpmxlcWTJ0MB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvSFJWNFBCMWVsZDBhS09NWGUtbWJHVnhaTW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBABNTp0D
BABNTp4wDAMEA1W7uAMEAFW7ugMEAVW72gMEA1W74DANBgkqhkiG9w0BAQsFAAOC
AQEAuW2nNBL3KISAuy/+LDMl+osT/OUMDp7gYCKkFBTVFmkCggddqGOarZ1iHYfv
XhY6CJ9CpudfO8bZ98+sA+nHxyxo/5PeNi1GIp059nEKxA6I3Nn/oFryZTbGZYXE
9sR59ltvjdHTrQtMMThtt1zSd4b5WT2mwGWuN5yL7e8BxP+VUk/LG0cWVjvBQ99o
dIpEGvv06z2bPQemnzKF4Xbu7CG/ggMe1MXrHwnSw0o25n4kbzU90lgpG3yWJ6xQ
1DUnECgXNWxhqe6AkJ+czABjI1uzin/3NHCpzCAxvLRz8wgQAbzdNBzTnZzdCgSV
MMNqCV04pE+guhi6cBBbE1dwsA==
-----END CERTIFICATE-----