Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/Ep-3jBGiCSjbfZmDyjrtZ9Nng1I.roa
File:                     Ep-3jBGiCSjbfZmDyjrtZ9Nng1I.roa (raw, json)
Hash identifier:          NajPxoAcjesnTcDv1zpn6hZ+gPmYV6LMmmyjTY+zm1Y=
Subject key identifier:   12:9F:B7:8C:11:A2:09:28:DB:7D:99:83:CA:3A:ED:67:D3:67:83:52
Certificate issuer:       /CN=01626ffd800eafa336bdf343141f03f7c393c364
Certificate serial:       019427477CC7A883253166575001CA04317F
Authority key identifier: 01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/Ep-3jBGiCSjbfZmDyjrtZ9Nng1I.roa
Signing time:             Thu 02 Jan 2025 13:49:43 +0000
ROA not before:           Thu 02 Jan 2025 13:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21433
IP address blocks:        2a02:ee80:40d4::/47 maxlen: 47
                          2a02:ee80:40d4::/48 maxlen: 48
                          2a02:ee80:40d5::/48 maxlen: 48
                          2a02:ee80:40d6::/47 maxlen: 47
                          2a02:ee80:40d6::/48 maxlen: 48
                          2a02:ee80:40d7::/48 maxlen: 48
                          2a02:ee80:4248::/47 maxlen: 47
                          2a02:ee80:4248::/48 maxlen: 48
                          2a02:ee80:4249::/48 maxlen: 48
                          2a02:ee80:4250::/47 maxlen: 47
                          2a02:ee80:4250::/48 maxlen: 48
                          2a02:ee80:4251::/48 maxlen: 48
                          2a02:ee80:436e::/47 maxlen: 47
                          2a02:ee80:436e::/48 maxlen: 48
                          2a02:ee80:436f::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:7c:c7:a8:83:25:31:66:57:50:01:ca:04:31:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01626ffd800eafa336bdf343141f03f7c393c364
        Validity
            Not Before: Jan  2 13:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=129fb78c11a20928db7d9983ca3aed67d3678352
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:35:ca:78:8c:45:a1:0e:1d:f3:44:50:b8:8c:
                    fa:a0:47:29:c6:ce:fd:10:53:53:9b:36:15:14:05:
                    02:61:99:a0:e3:03:13:04:8b:bd:f5:fb:d9:47:85:
                    cb:59:d3:bf:84:6a:15:2a:2e:2e:98:75:5b:e9:83:
                    96:0a:0d:9d:49:7c:e1:6e:a3:ba:53:cc:96:5f:2a:
                    10:99:88:49:83:96:f2:2d:d4:6d:14:2c:f1:99:00:
                    68:f3:cb:55:19:b5:99:ff:3b:de:b3:2c:15:70:c3:
                    cb:3c:42:ca:ec:5d:c9:86:93:d5:5c:00:42:d3:c9:
                    05:ce:e0:dd:7a:39:cb:23:8c:a3:10:1a:82:d1:27:
                    2c:f2:a5:c1:e9:c9:d6:74:6a:bd:0e:e6:ce:59:db:
                    09:87:21:64:80:5f:0e:ee:5f:c0:ae:23:47:0f:77:
                    1d:a8:7f:8c:e0:ce:28:80:98:83:7b:8a:0b:8d:a1:
                    58:8a:00:9b:cf:e1:da:ad:90:88:9a:5d:04:47:05:
                    88:ce:52:37:d6:c1:d2:9b:70:8b:11:0a:e4:a3:4a:
                    0f:9c:aa:a8:0c:f9:e6:0e:40:2f:fd:e9:59:f7:df:
                    4a:e1:1d:06:f8:a4:ee:30:81:6f:1f:c7:20:aa:4e:
                    05:8e:43:4c:bc:e7:e9:f8:4e:24:df:fa:68:19:ca:
                    9d:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:9F:B7:8C:11:A2:09:28:DB:7D:99:83:CA:3A:ED:67:D3:67:83:52
            X509v3 Authority Key Identifier:
                keyid:01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/Ep-3jBGiCSjbfZmDyjrtZ9Nng1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:ee80:40d4::/46
                  2a02:ee80:4248::/47
                  2a02:ee80:4250::/47
                  2a02:ee80:436e::/47

    Signature Algorithm: sha256WithRSAEncryption
         b7:bc:3e:95:8c:59:4f:93:60:4f:1c:e5:98:1c:66:41:f0:f2:
         f0:08:9a:2e:10:ce:c4:d3:0d:40:e0:d0:ad:6e:66:50:d3:f0:
         80:94:91:bb:29:7b:8c:86:fe:4b:f5:46:62:ac:6e:52:02:5f:
         c6:89:b2:fb:e7:ba:b6:cb:97:6f:ed:68:fe:6f:cb:50:83:e3:
         fc:df:c9:7f:54:31:f4:7c:48:e2:84:87:66:0f:36:1a:52:3c:
         6d:df:38:b8:64:82:23:58:49:54:7b:c1:67:34:a8:44:4b:f5:
         a4:45:b2:68:a3:c9:af:ec:a1:85:bb:b7:44:d2:e7:ff:40:14:
         56:92:74:8e:d8:87:7d:92:d6:45:61:96:b1:80:1a:b8:05:f8:
         bb:76:14:1f:d6:13:32:d3:30:0d:7e:c0:9e:53:82:7c:49:31:
         0f:eb:9f:cf:4f:5c:f3:65:8c:ac:bc:7f:ab:1e:f4:3e:c2:fa:
         b3:72:2a:e4:02:b6:94:88:00:d0:d7:38:ea:7e:c5:cc:f3:99:
         9f:a2:4d:b1:30:cf:aa:92:74:99:f6:93:0f:09:08:c9:1d:e1:
         80:51:40:9d:24:a3:88:9b:e9:a4:f0:9c:a0:4a:ee:af:01:6a:
         8b:3c:8a:be:2d:73:35:68:1d:19:2b:84:6f:9a:f2:d0:0a:4c:
         fe:9d:01:50
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQnR3zHqIMlMWZXUAHKBDF/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNjI2ZmZkODAwZWFmYTMzNmJkZjM0MzE0MWYwM2Y3YzM5
M2MzNjQwHhcNMjUwMTAyMTM0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjlmYjc4YzExYTIwOTI4ZGI3ZDk5ODNjYTNhZWQ2N2QzNjc4MzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDXKeIxFoQ4d80RQuIz6oEcpxs79
EFNTmzYVFAUCYZmg4wMTBIu99fvZR4XLWdO/hGoVKi4umHVb6YOWCg2dSXzhbqO6
U8yWXyoQmYhJg5byLdRtFCzxmQBo88tVGbWZ/zvesywVcMPLPELK7F3JhpPVXABC
08kFzuDdejnLI4yjEBqC0Scs8qXB6cnWdGq9DubOWdsJhyFkgF8O7l/AriNHD3cd
qH+M4M4ogJiDe4oLjaFYigCbz+HarZCIml0ERwWIzlI31sHSm3CLEQrko0oPnKqo
DPnmDkAv/elZ999K4R0G+KTuMIFvH8cgqk4FjkNMvOfp+E4k3/poGcqdRQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFBKft4wRogko232Zg8o67WfTZ4NSMB8GA1UdIwQY
MBaAFAFib/2ADq+jNr3zQxQfA/fDk8NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODct
MWY0YmVhMjNlNGM3LzEvRXAtM2pCR2lDU2piZlptRHlqcnRaOU5uZzFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODctMWY0YmVhMjNlNGM3
LzEvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAAjAkAwcCKgLugEDU
AwcBKgLugEJIAwcBKgLugEJQAwcBKgLugENuMA0GCSqGSIb3DQEBCwUAA4IBAQC3
vD6VjFlPk2BPHOWYHGZB8PLwCJouEM7E0w1A4NCtbmZQ0/CAlJG7KXuMhv5L9UZi
rG5SAl/GibL757q2y5dv7Wj+b8tQg+P838l/VDH0fEjihIdmDzYaUjxt3zi4ZIIj
WElUe8FnNKhES/WkRbJoo8mv7KGFu7dE0uf/QBRWknSO2Id9ktZFYZaxgBq4Bfi7
dhQf1hMy0zANfsCeU4J8STEP65/PT1zzZYysvH+rHvQ+wvqzcirkAraUiADQ1zjq
fsXM85mfok2xMM+qknSZ9pMPCQjJHeGAUUCdJKOIm+mk8JygSu6vAWqLPIq+LXM1
aB0ZK4RvmvLQCkz+nQFQ
-----END CERTIFICATE-----