Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/293d36-9da2-4405-8de3-4afd8254ae43/1/z1ERBgPc796EUpstpTm_KKosGxs.roa
File:                     z1ERBgPc796EUpstpTm_KKosGxs.roa (raw, json)
Hash identifier:          1uUH+Aes6TW/J4OIjEYgjpDXA6d37PjKx+xzTglktTE=
Subject key identifier:   CF:51:11:06:03:DC:EF:DE:84:52:9B:2D:A5:39:BF:28:AA:2C:1B:1B
Certificate issuer:       /CN=fae16b493d2a12897caf4757bb18a02eec2cde17
Certificate serial:       019426D9462F6E4BAEA3031CCA9C4652A50F
Authority key identifier: FA:E1:6B:49:3D:2A:12:89:7C:AF:47:57:BB:18:A0:2E:EC:2C:DE:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-uFrST0qEol8r0dXuxigLuws3hc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/293d36-9da2-4405-8de3-4afd8254ae43/1/z1ERBgPc796EUpstpTm_KKosGxs.roa
Signing time:             Thu 02 Jan 2025 11:49:20 +0000
ROA not before:           Thu 02 Jan 2025 11:49:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12876
IP address blocks:        62.4.0.0/19 maxlen: 19
                          62.210.0.0/16 maxlen: 24
                          195.154.0.0/16 maxlen: 24
                          212.47.224.0/19 maxlen: 19
                          212.83.128.0/19 maxlen: 19
                          212.83.160.0/19 maxlen: 19
                          212.129.0.0/18 maxlen: 18
                          2001:bc8::/32 maxlen: 38
                          2001:bc8:1200::/39 maxlen: 48
                          2001:bc8:1201::/48 maxlen: 48
                          2001:bc8:1400::/38 maxlen: 38
                          2001:bc8:1800::/38 maxlen: 38
                          2001:bc8:1c00::/38 maxlen: 38
                          2001:bc8:2000::/35 maxlen: 48
                          2001:bc8:5400::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:46:2f:6e:4b:ae:a3:03:1c:ca:9c:46:52:a5:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fae16b493d2a12897caf4757bb18a02eec2cde17
        Validity
            Not Before: Jan  2 11:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf51110603dcefde84529b2da539bf28aa2c1b1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:72:f7:55:49:b6:ec:ae:97:e9:54:11:9b:20:
                    b8:a6:9f:52:f8:76:f5:75:0d:10:e2:2a:78:49:3d:
                    05:32:48:31:27:5e:9d:55:c6:bb:66:a1:17:e5:7b:
                    6a:32:7a:8e:ae:36:f5:df:cc:cd:af:4e:af:34:35:
                    42:dd:c1:7f:43:5f:4c:d7:c1:37:60:a6:de:c5:e6:
                    28:99:a6:00:2f:b8:43:fb:3c:d4:3c:87:de:fc:2f:
                    ed:d6:77:98:5d:00:27:6a:49:37:8f:4a:ca:d2:d7:
                    2c:9f:a5:5e:b2:86:fd:f1:99:ee:29:bd:27:0a:ef:
                    02:e2:4d:0d:c1:cd:fc:bc:76:ea:4c:58:8c:cf:4b:
                    48:f7:ab:89:e8:a2:13:10:5a:90:25:f1:2f:9c:8a:
                    0a:17:54:47:c7:e3:21:2b:a2:06:e6:fb:87:e8:45:
                    bd:62:a2:10:7e:04:79:fe:ae:80:50:01:61:a5:f9:
                    41:e6:db:7d:4e:87:b6:bb:2f:1e:77:1e:38:9f:71:
                    ef:fa:05:63:61:43:5b:23:7f:6e:a2:8f:9b:cf:96:
                    d4:fd:37:6a:33:b1:bf:c9:92:5a:90:bd:b6:96:4c:
                    4e:a0:7d:46:fb:c0:20:57:f3:6e:7f:fa:55:72:ea:
                    d6:38:15:c7:8f:99:89:90:a0:3e:b1:7c:f6:97:5b:
                    a5:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:51:11:06:03:DC:EF:DE:84:52:9B:2D:A5:39:BF:28:AA:2C:1B:1B
            X509v3 Authority Key Identifier:
                keyid:FA:E1:6B:49:3D:2A:12:89:7C:AF:47:57:BB:18:A0:2E:EC:2C:DE:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-uFrST0qEol8r0dXuxigLuws3hc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/293d36-9da2-4405-8de3-4afd8254ae43/1/z1ERBgPc796EUpstpTm_KKosGxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/293d36-9da2-4405-8de3-4afd8254ae43/1/1-uFrST0qEol8r0dXuxigLuws3hc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.4.0.0/19
                  62.210.0.0/16
                  195.154.0.0/16
                  212.47.224.0/19
                  212.83.128.0/18
                  212.129.0.0/18
                IPv6:
                  2001:bc8::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:8e:60:d6:6a:db:11:b8:f7:cd:69:1a:0b:1a:35:30:6a:0a:
         9a:a7:8a:f9:c9:fa:26:b5:43:44:2d:0d:e1:43:a5:62:0f:36:
         b8:be:e7:6e:0f:65:b1:76:cc:2b:fc:a4:d2:7c:98:b3:0f:18:
         d0:5b:ae:2d:ab:55:62:b0:cf:cb:4e:bc:81:af:85:51:1b:9c:
         04:d2:eb:ab:e6:c4:63:3f:11:bd:51:77:1e:d6:b5:0d:30:9a:
         a8:54:58:63:27:81:25:e3:48:02:0d:00:34:28:e9:d3:1e:78:
         7a:ad:4a:9b:5b:69:b2:f4:db:74:19:3b:36:c0:87:d0:8a:d5:
         bb:51:96:36:6c:3a:35:17:51:a0:c1:8d:e2:76:8a:56:96:67:
         29:80:04:bc:32:77:b5:b2:e2:a8:3c:3d:8d:5f:95:ad:d9:05:
         78:48:a9:71:dd:53:ef:0a:a6:c6:33:3d:b5:49:d1:59:5e:34:
         25:e6:4b:3e:ce:4a:03:18:b3:c0:f5:fb:b4:09:f9:ae:43:90:
         02:8a:df:0b:0d:92:f2:96:d3:6a:42:5d:6c:b5:31:7f:47:f0:
         ac:f6:f2:99:3f:92:f8:36:4e:8d:7a:ff:ae:78:16:e7:8c:cb:
         5e:5e:b6:bc:1e:c1:c4:28:ae:55:ed:cb:af:49:64:7d:75:1d:
         e7:a0:07:40
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZQm2UYvbkuuowMcypxGUqUPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZTE2YjQ5M2QyYTEyODk3Y2FmNDc1N2JiMThhMDJlZWMy
Y2RlMTcwHhcNMjUwMTAyMTE0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjUxMTEwNjAzZGNlZmRlODQ1MjliMmRhNTM5YmYyOGFhMmMxYjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3L3VUm27K6X6VQRmyC4pp9S+Hb1
dQ0Q4ip4ST0FMkgxJ16dVca7ZqEX5XtqMnqOrjb138zNr06vNDVC3cF/Q19M18E3
YKbexeYomaYAL7hD+zzUPIfe/C/t1neYXQAnakk3j0rK0tcsn6Vesob98ZnuKb0n
Cu8C4k0Nwc38vHbqTFiMz0tI96uJ6KITEFqQJfEvnIoKF1RHx+MhK6IG5vuH6EW9
YqIQfgR5/q6AUAFhpflB5tt9Toe2uy8edx44n3Hv+gVjYUNbI39uoo+bz5bU/Tdq
M7G/yZJakL22lkxOoH1G+8AgV/Nuf/pVcurWOBXHj5mJkKA+sXz2l1ul0QIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFM9REQYD3O/ehFKbLaU5vyiqLBsbMB8GA1UdIwQY
MBaAFPrha0k9KhKJfK9HV7sYoC7sLN4XMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS11RnJTVDBxRW9sOHIwZFh1eGlnTHV3czNoYy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTMvMjkzZDM2LTlkYTItNDQwNS04ZGUz
LTRhZmQ4MjU0YWU0My8xL3oxRVJCZ1BjNzk2RVVwc3RwVG1fS0tvc0d4cy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTMvMjkzZDM2LTlkYTItNDQwNS04ZGUzLTRhZmQ4MjU0YWU0
My8xLzEtdUZyU1QwcUVvbDhyMGRYdXhpZ0x1d3MzaGMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwSgYIKwYBBQUHAQcBAf8EOzA5MCgEAgABMCIDBAU+BAAD
AwA+0gMDAMOaAwQF1C/gAwQG1FOAAwQG1IEAMA0EAgACMAcDBQAgAQvIMA0GCSqG
SIb3DQEBCwUAA4IBAQBTjmDWatsRuPfNaRoLGjUwagqap4r5yfomtUNELQ3hQ6Vi
Dza4vuduD2Wxdswr/KTSfJizDxjQW64tq1VisM/LTryBr4VRG5wE0uur5sRjPxG9
UXce1rUNMJqoVFhjJ4El40gCDQA0KOnTHnh6rUqbW2my9Nt0GTs2wIfQitW7UZY2
bDo1F1GgwY3idopWlmcpgAS8Mne1suKoPD2NX5Wt2QV4SKlx3VPvCqbGMz21SdFZ
XjQl5ks+zkoDGLPA9fu0CfmuQ5ACit8LDZLyltNqQl1stTF/R/Cs9vKZP5L4Nk6N
ev+ueBbnjMteXra8HsHEKK5V7cuvSWR9dR3noAdA
-----END CERTIFICATE-----