Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/0ee921-a721-4f09-80f2-7113fc1b865b/1/1B6A9qa7KF81whAgrnv2KejzGGk.roa
File:                     1B6A9qa7KF81whAgrnv2KejzGGk.roa (raw, json)
Hash identifier:          fbDtOi1s8oPbJKd6w9Zwx51Tf1HUbRzTLL7akFEQ9HM=
Subject key identifier:   D4:1E:80:F6:A6:BB:28:5F:35:C2:10:20:AE:7B:F6:29:E8:F3:18:69
Certificate issuer:       /CN=bc8a3bc47d13c83f7d1cf72a137e0066f83d0608
Certificate serial:       0194266A44FDA641ED201E3B6283F0E360CD
Authority key identifier: BC:8A:3B:C4:7D:13:C8:3F:7D:1C:F7:2A:13:7E:00:66:F8:3D:06:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vIo7xH0TyD99HPcqE34AZvg9Bgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/0ee921-a721-4f09-80f2-7113fc1b865b/1/1B6A9qa7KF81whAgrnv2KejzGGk.roa
Signing time:             Thu 02 Jan 2025 09:48:06 +0000
ROA not before:           Thu 02 Jan 2025 09:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28716
IP address blocks:        212.104.0.0/24 maxlen: 24
                          212.104.2.0/23 maxlen: 24
                          212.104.4.0/22 maxlen: 24
                          212.104.8.0/23 maxlen: 24
                          212.104.11.0/24 maxlen: 24
                          212.104.12.0/23 maxlen: 24
                          212.104.16.0/20 maxlen: 24
                          212.104.32.0/21 maxlen: 24
                          212.104.40.0/23 maxlen: 24
                          212.104.44.0/22 maxlen: 24
                          212.104.48.0/21 maxlen: 24
                          212.104.56.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:44:fd:a6:41:ed:20:1e:3b:62:83:f0:e3:60:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc8a3bc47d13c83f7d1cf72a137e0066f83d0608
        Validity
            Not Before: Jan  2 09:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d41e80f6a6bb285f35c21020ae7bf629e8f31869
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:91:05:0a:a6:6a:22:16:5f:73:53:a1:4c:5a:
                    2a:a6:9d:12:89:3f:f4:4b:6b:c3:e6:e7:4c:d5:74:
                    40:8b:0f:30:4c:ab:b0:c2:1b:c8:db:6d:42:42:44:
                    07:5c:f5:3b:bc:e1:e5:e8:02:67:91:14:e4:d6:a5:
                    9c:ef:ae:d0:a3:71:ae:18:1f:c9:9f:42:f8:90:b8:
                    eb:2a:b3:9d:cf:3b:9f:ba:56:72:c6:0e:67:23:81:
                    e5:67:af:c8:ac:7b:91:3f:33:47:3b:fe:a7:6b:94:
                    af:e2:46:14:d8:6c:60:92:c5:ad:72:ed:d0:37:9e:
                    a1:fa:de:c9:28:80:45:81:c7:c7:2c:7c:1a:f5:13:
                    c8:eb:fd:93:cc:85:a0:1e:99:43:5d:c9:95:65:8b:
                    c8:aa:4a:6f:aa:83:9b:35:7e:05:2c:18:19:9f:6d:
                    fc:31:f2:48:47:9b:35:8f:7d:ed:4b:a6:36:14:2e:
                    67:e0:78:f4:26:cd:e7:93:29:7b:85:2b:ab:74:09:
                    d3:2e:af:b3:cd:24:dd:7a:a2:57:3d:cc:3f:4c:dd:
                    40:9d:28:29:f5:8b:7f:a4:ef:c0:1b:e3:e1:0a:60:
                    75:05:d4:ef:7b:a0:3f:e1:66:22:d3:f6:6c:ee:e5:
                    c2:fb:a4:77:ad:a5:c5:10:5e:55:07:8e:fc:b5:f9:
                    8c:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:1E:80:F6:A6:BB:28:5F:35:C2:10:20:AE:7B:F6:29:E8:F3:18:69
            X509v3 Authority Key Identifier:
                keyid:BC:8A:3B:C4:7D:13:C8:3F:7D:1C:F7:2A:13:7E:00:66:F8:3D:06:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vIo7xH0TyD99HPcqE34AZvg9Bgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/0ee921-a721-4f09-80f2-7113fc1b865b/1/1B6A9qa7KF81whAgrnv2KejzGGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/0ee921-a721-4f09-80f2-7113fc1b865b/1/vIo7xH0TyD99HPcqE34AZvg9Bgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.104.0.0/24
                  212.104.2.0-212.104.9.255
                  212.104.11.0-212.104.13.255
                  212.104.16.0-212.104.41.255
                  212.104.44.0-212.104.63.255

    Signature Algorithm: sha256WithRSAEncryption
         aa:18:83:99:36:c0:cd:c6:f8:4d:5b:3d:ea:69:3b:5e:89:ba:
         82:f2:f6:b9:75:a0:98:b7:3a:57:c4:df:f9:72:3d:12:34:3e:
         63:ce:82:b3:84:8c:ec:c4:87:17:73:8c:d0:74:80:cd:94:60:
         49:d3:57:c0:1b:4f:b0:18:b0:1e:d0:98:b1:08:c9:28:50:ff:
         7b:8c:0f:77:84:48:c8:42:55:18:0e:da:37:80:6b:ef:a3:e1:
         f8:c9:f7:6c:de:4f:e0:9c:0d:44:2e:ae:17:a5:5e:eb:df:d1:
         9f:ee:70:ba:a0:5d:48:14:fd:6d:b9:7f:fe:95:79:d0:8e:f6:
         7b:f7:a7:8c:7c:58:24:a2:62:ea:ae:b2:bb:fb:b6:c6:e0:07:
         9d:77:c0:1c:ed:a1:ea:9a:dd:89:79:38:e0:a7:16:ad:34:25:
         4a:50:9c:10:a4:81:50:e6:da:9f:dc:aa:6f:9b:28:97:3a:bc:
         9e:ad:00:b5:c0:7b:4d:40:fe:bd:c9:fe:ed:de:32:87:c8:5c:
         cb:7a:ab:dc:d1:32:8a:b5:a6:bc:c4:d8:65:14:29:99:90:38:
         12:b9:e6:9b:65:30:76:09:5b:b5:e8:68:1a:a8:28:df:49:ff:
         97:47:45:1e:d7:78:4a:8f:ec:6b:89:8d:28:06:6a:42:2d:c1:
         6f:3f:7d:aa
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZQmakT9pkHtIB47YoPw42DNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjOGEzYmM0N2QxM2M4M2Y3ZDFjZjcyYTEzN2UwMDY2Zjgz
ZDA2MDgwHhcNMjUwMTAyMDk0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDFlODBmNmE2YmIyODVmMzVjMjEwMjBhZTdiZjYyOWU4ZjMxODY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJEFCqZqIhZfc1OhTFoqpp0SiT/0
S2vD5udM1XRAiw8wTKuwwhvI221CQkQHXPU7vOHl6AJnkRTk1qWc767Qo3GuGB/J
n0L4kLjrKrOdzzufulZyxg5nI4HlZ6/IrHuRPzNHO/6na5Sv4kYU2GxgksWtcu3Q
N56h+t7JKIBFgcfHLHwa9RPI6/2TzIWgHplDXcmVZYvIqkpvqoObNX4FLBgZn238
MfJIR5s1j33tS6Y2FC5n4Hj0Js3nkyl7hSurdAnTLq+zzSTdeqJXPcw/TN1AnSgp
9Yt/pO/AG+PhCmB1BdTve6A/4WYi0/Zs7uXC+6R3raXFEF5VB478tfmMDwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFNQegPamuyhfNcIQIK579ino8xhpMB8GA1UdIwQY
MBaAFLyKO8R9E8g/fRz3KhN+AGb4PQYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdklvN3hIMFR5RDk5SFBjcUUzNEFadmc5QmdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy8wZWU5MjEtYTcyMS00ZjA5LTgwZjIt
NzExM2ZjMWI4NjViLzEvMUI2QTlxYTdLRjgxd2hBZ3JudjJLZWp6R0drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy8wZWU5MjEtYTcyMS00ZjA5LTgwZjItNzExM2ZjMWI4NjVi
LzEvdklvN3hIMFR5RDk5SFBjcUUzNEFadmc5QmdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQA1GgAMAwD
BAHUaAIDBAHUaAgwDAMEANRoCwMEAdRoDDAMAwQE1GgQAwQB1GgoMAwDBALUaCwD
BAbUaAAwDQYJKoZIhvcNAQELBQADggEBAKoYg5k2wM3G+E1bPeppO16JuoLy9rl1
oJi3OlfE3/lyPRI0PmPOgrOEjOzEhxdzjNB0gM2UYEnTV8AbT7AYsB7QmLEIyShQ
/3uMD3eESMhCVRgO2jeAa++j4fjJ92zeT+CcDUQurhelXuvf0Z/ucLqgXUgU/W25
f/6VedCO9nv3p4x8WCSiYuqusrv7tsbgB513wBztoeqa3Yl5OOCnFq00JUpQnBCk
gVDm2p/cqm+bKJc6vJ6tALXAe01A/r3J/u3eMofIXMt6q9zRMoq1przE2GUUKZmQ
OBK55ptlMHYJW7XoaBqoKN9J/5dHRR7XeEqP7GuJjSgGakItwW8/fao=
-----END CERTIFICATE-----