Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS42831.roa
File:                     AS42831.roa (raw, json)
Hash identifier:          vUeed+XksOx0f7PQ19p9Jx95udpGVWHoK3wtt8YUfrc=
Subject key identifier:   BD:22:23:D7:FF:D5:12:D1:F8:5E:76:23:17:66:9E:50:62:D8:05:B5
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       270BB6E9808207A6BEB2CB09C576781189F3BC60
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS42831.roa
Signing time:             Fri 07 Mar 2025 03:35:34 +0000
ROA not before:           Fri 07 Mar 2025 03:30:34 +0000
ROA not after:            Fri 06 Mar 2026 03:35:34 +0000
asID:                     42831
IP address blocks:        5.181.124.0/24 maxlen: 24
                          5.252.78.0/24 maxlen: 24
                          37.143.61.0/24 maxlen: 24
                          179.61.181.0/24 maxlen: 24
                          181.215.25.0/24 maxlen: 24
                          181.215.140.0/24 maxlen: 24
                          181.215.226.0/24 maxlen: 24
                          181.215.229.0/24 maxlen: 24
                          191.96.110.0/24 maxlen: 24
                          191.96.209.0/24 maxlen: 24
                          191.101.59.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:0b:b6:e9:80:82:07:a6:be:b2:cb:09:c5:76:78:11:89:f3:bc:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar  7 03:30:34 2025 GMT
            Not After : Mar  6 03:35:34 2026 GMT
        Subject: CN=BD2223D7FFD512D1F85E762317669E5062D805B5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:8a:68:af:4c:a1:2c:73:dd:09:19:02:ca:b8:
                    d0:f5:0e:ed:7d:4b:71:49:d0:b8:ec:47:5d:f1:ad:
                    75:79:91:27:00:9f:4e:bf:b1:54:a2:54:55:61:5e:
                    97:f6:2d:1f:3f:82:31:32:d4:d3:e0:79:0c:2c:04:
                    44:51:0a:3e:9a:5b:ff:30:a6:7a:99:9a:bd:6d:c0:
                    50:e0:a8:6b:ce:24:b8:a6:16:88:77:c2:ef:0b:03:
                    f4:fa:e3:60:fc:02:6d:68:5c:58:97:2a:93:14:96:
                    fc:6b:f3:97:5b:5d:b9:ef:20:3c:44:ab:7b:95:5e:
                    39:a8:3a:7a:91:7d:b6:af:21:16:a4:01:42:b5:cb:
                    f1:d9:b1:5d:93:d8:71:00:ef:df:4e:0c:3d:fa:59:
                    0f:0f:60:a9:11:b9:0c:81:84:eb:a1:af:5a:27:aa:
                    e0:24:35:4c:4f:57:34:7d:7d:13:24:c0:1f:43:55:
                    0d:c5:e8:b7:d2:c4:89:70:af:fa:7b:33:0f:6f:04:
                    e5:62:43:1b:58:15:b8:43:e3:f1:e1:f6:ed:14:61:
                    4e:3e:e3:1b:67:f4:b1:32:9d:bb:4a:dd:a5:e8:e2:
                    55:34:82:3f:1a:23:24:7a:5f:34:2e:8c:0b:a2:93:
                    97:55:96:ea:43:6e:a6:b0:9c:5a:a0:46:59:e0:81:
                    d6:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:22:23:D7:FF:D5:12:D1:F8:5E:76:23:17:66:9E:50:62:D8:05:B5
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS42831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.124.0/24
                  5.252.78.0/24
                  37.143.61.0/24
                  179.61.181.0/24
                  181.215.25.0/24
                  181.215.140.0/24
                  181.215.226.0/24
                  181.215.229.0/24
                  191.96.110.0/24
                  191.96.209.0/24
                  191.101.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:a6:55:db:d4:10:1f:c4:f9:c6:d7:3f:4d:e1:ad:cf:0c:2a:
         20:06:f8:90:a5:c1:26:0b:bf:89:0f:41:80:22:27:a0:01:8b:
         30:8e:53:d7:10:38:36:de:36:45:72:e7:1f:e4:a9:14:d9:7a:
         42:4a:7e:50:fd:8f:f6:5b:56:4e:a6:ad:85:6f:d5:46:53:86:
         46:d9:e0:61:77:33:7a:d0:a8:6d:2e:e7:42:fc:59:c3:6c:e3:
         f7:b7:71:0e:f7:7c:5e:44:ec:58:1e:43:a8:77:31:83:e3:a2:
         a4:35:5f:5a:2f:a9:22:0f:21:2c:e0:2c:60:2a:37:17:88:ed:
         a4:77:b6:a7:95:67:5c:d1:a7:01:2d:11:5f:b4:f8:6b:b5:e3:
         af:7d:2a:df:35:fe:6f:c5:39:96:61:9e:ea:81:74:41:a7:07:
         cb:74:ff:c7:6a:89:24:6f:25:12:6b:af:40:70:e7:40:a5:0d:
         f5:64:d6:76:12:68:7e:c4:fe:30:a4:26:5b:49:b0:1e:58:a9:
         a2:e7:0a:6b:01:ff:aa:cb:0f:f7:d0:16:c0:60:d3:67:9e:07:
         f0:53:01:7e:2b:2a:f0:b9:e4:07:f5:e7:17:8c:e5:b4:d3:fc:
         dc:27:eb:df:8b:30:5d:19:5e:20:09:30:5c:cf:c3:0a:0c:74:
         df:44:6a:f6
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgIUJwu26YCCB6a+sssJxXZ4EYnzvGAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAzMDcwMzMwMzRaFw0yNjAzMDYwMzM1MzRaMDMxMTAvBgNV
BAMTKEJEMjIyM0Q3RkZENTEyRDFGODVFNzYyMzE3NjY5RTUwNjJEODA1QjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHimivTKEsc90JGQLKuND1Du19
S3FJ0LjsR13xrXV5kScAn06/sVSiVFVhXpf2LR8/gjEy1NPgeQwsBERRCj6aW/8w
pnqZmr1twFDgqGvOJLimFoh3wu8LA/T642D8Am1oXFiXKpMUlvxr85dbXbnvIDxE
q3uVXjmoOnqRfbavIRakAUK1y/HZsV2T2HEA799ODD36WQ8PYKkRuQyBhOuhr1on
quAkNUxPVzR9fRMkwB9DVQ3F6LfSxIlwr/p7Mw9vBOViQxtYFbhD4/Hh9u0UYU4+
4xtn9LEynbtK3aXo4lU0gj8aIyR6XzQujAuik5dVlupDbqawnFqgRlnggdZ7AgMB
AAGjggJFMIICQTAdBgNVHQ4EFgQUvSIj1//VEtH4XnYjF2aeUGLYBbUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDI4MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwWwYIKwYBBQUHAQcBAf8ETDBKMEgEAgABMEIDBAAFtXwD
BAAF/E4DBAAljz0DBACzPbUDBAC11xkDBAC114wDBAC11+IDBAC11+UDBAC/YG4D
BAC/YNEDBAC/ZTswDQYJKoZIhvcNAQELBQADggEBAJimVdvUEB/E+cbXP03hrc8M
KiAG+JClwSYLv4kPQYAiJ6ABizCOU9cQODbeNkVy5x/kqRTZekJKflD9j/ZbVk6m
rYVv1UZThkbZ4GF3M3rQqG0u50L8WcNs4/e3cQ73fF5E7FgeQ6h3MYPjoqQ1X1ov
qSIPISzgLGAqNxeI7aR3tqeVZ1zRpwEtEV+0+Gu14699Kt81/m/FOZZhnuqBdEGn
B8t0/8dqiSRvJRJrr0Bw50ClDfVk1nYSaH7E/jCkJltJsB5YqaLnCmsB/6rLD/fQ
FsBg02eeB/BTAX4rKvC55Af15xeM5bTT/Nwn69+LMF0ZXiAJMFzPwwoMdN9EavY=
-----END CERTIFICATE-----