Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/a29c67-f24d-4979-b2af-cc41c4a3198d/1/f54g9Idv6PqQc5NMQvmsvFWJIzA.roa
File:                     f54g9Idv6PqQc5NMQvmsvFWJIzA.roa (raw, json)
Hash identifier:          l130lZQGnDRQWTrBtDjmk6wY+7GBZMzcTr0yBlbCoVI=
Subject key identifier:   7F:9E:20:F4:87:6F:E8:FA:90:73:93:4C:42:F9:AC:BC:55:89:23:30
Certificate issuer:       /CN=bcc63f010c540bcd4554344bfb9a59a2edbabc29
Certificate serial:       019629158B018B61664575C05F0F976B15DB
Authority key identifier: BC:C6:3F:01:0C:54:0B:CD:45:54:34:4B:FB:9A:59:A2:ED:BA:BC:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vMY_AQxUC81FVDRL-5pZou26vCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/a29c67-f24d-4979-b2af-cc41c4a3198d/1/f54g9Idv6PqQc5NMQvmsvFWJIzA.roa
Signing time:             Sat 12 Apr 2025 08:19:59 +0000
ROA not before:           Sat 12 Apr 2025 08:19:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60144
IP address blocks:        45.138.36.0/22 maxlen: 32
                          45.150.76.0/22 maxlen: 32
                          91.215.156.0/22 maxlen: 32
                          146.19.105.0/24 maxlen: 32
                          185.27.236.0/24 maxlen: 32
                          185.27.237.0/24 maxlen: 32
                          185.27.238.0/24 maxlen: 32
                          185.27.239.0/24 maxlen: 32
                          185.53.8.0/22 maxlen: 32
                          185.56.28.0/22 maxlen: 32
                          185.234.218.0/24 maxlen: 32
                          192.162.136.0/22 maxlen: 32
                          2a02:5060::/32 maxlen: 128
                          2a07:f9c0::/29 maxlen: 128
                          2a12:1680::/29 maxlen: 128
                          2a12:8f00::/29 maxlen: 128

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:29:15:8b:01:8b:61:66:45:75:c0:5f:0f:97:6b:15:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcc63f010c540bcd4554344bfb9a59a2edbabc29
        Validity
            Not Before: Apr 12 08:19:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f9e20f4876fe8fa9073934c42f9acbc55892330
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:8b:b6:19:1d:0e:dd:c8:d4:cd:00:73:2e:e7:
                    dc:c7:f4:51:71:b1:71:f7:f6:59:11:05:8c:80:73:
                    24:44:c1:b5:93:05:39:b4:20:8a:d2:df:af:16:29:
                    e8:d1:b5:63:45:76:17:df:9b:c8:fe:be:57:49:5d:
                    e1:15:21:39:9b:72:e5:ba:a3:7f:84:fe:7f:89:7f:
                    fa:67:ad:32:5e:da:a7:2a:85:92:08:46:eb:b9:58:
                    87:cb:72:51:38:cb:e4:47:7f:c1:d9:a4:fd:23:4c:
                    e8:92:49:89:07:1a:83:95:63:f1:83:68:3b:34:69:
                    81:76:5b:77:ca:55:40:29:e0:2c:69:69:30:1d:80:
                    ba:68:a0:3a:22:73:27:eb:11:68:1b:8b:77:d1:6d:
                    4b:f6:56:79:38:46:56:64:28:4d:b9:7e:bf:db:60:
                    2e:96:78:3d:4e:16:be:45:13:3e:0c:52:ea:bc:ab:
                    f1:66:0f:49:e7:8e:95:38:a9:d6:32:88:3c:b2:b8:
                    3c:62:eb:85:21:e5:b5:7f:e3:35:f3:09:e3:b3:05:
                    89:69:0d:9a:81:4d:e4:4d:a2:f4:82:6c:13:b9:c7:
                    b6:03:f2:5a:b4:1f:86:95:06:f4:a8:f6:0b:34:ee:
                    9a:54:89:40:03:e5:aa:24:f3:f7:ff:f3:e6:10:dd:
                    ba:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:9E:20:F4:87:6F:E8:FA:90:73:93:4C:42:F9:AC:BC:55:89:23:30
            X509v3 Authority Key Identifier:
                keyid:BC:C6:3F:01:0C:54:0B:CD:45:54:34:4B:FB:9A:59:A2:ED:BA:BC:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vMY_AQxUC81FVDRL-5pZou26vCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a29c67-f24d-4979-b2af-cc41c4a3198d/1/f54g9Idv6PqQc5NMQvmsvFWJIzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a29c67-f24d-4979-b2af-cc41c4a3198d/1/vMY_AQxUC81FVDRL-5pZou26vCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.36.0/22
                  45.150.76.0/22
                  91.215.156.0/22
                  146.19.105.0/24
                  185.27.236.0/22
                  185.53.8.0/22
                  185.56.28.0/22
                  185.234.218.0/24
                  192.162.136.0/22
                IPv6:
                  2a02:5060::/32
                  2a07:f9c0::/29
                  2a12:1680::/29
                  2a12:8f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:18:61:95:25:33:d2:a5:47:d5:23:3c:90:ac:58:30:fd:c7:
         19:5d:b1:70:38:28:30:27:13:5b:4e:72:2e:97:f9:a3:73:24:
         6f:e2:1f:aa:f4:fc:df:f0:3b:cb:0d:97:57:83:51:63:c6:5b:
         19:c3:98:c1:af:ca:7b:ce:65:85:af:a3:ae:8b:17:4f:07:23:
         6f:c1:7a:b7:36:5a:d2:df:09:1a:41:c2:40:fd:48:00:ee:b5:
         40:bf:40:a8:60:80:7d:15:e3:8d:4c:3b:63:e1:39:bd:be:2e:
         37:ce:7f:da:dc:6e:bb:6e:2a:63:ea:b7:ad:99:14:c5:ca:6e:
         c7:d2:d9:8e:6b:4c:d4:dc:7a:2a:9e:aa:af:82:ec:23:3e:c8:
         82:d1:17:91:f9:9c:f0:54:ec:ab:75:f2:8e:df:72:64:2e:14:
         db:fe:21:e7:56:2d:9c:dd:aa:71:b7:6c:8b:85:cb:b6:33:c3:
         ab:95:f7:60:56:08:f0:a3:c7:ae:43:8b:b4:61:fe:55:3b:27:
         b6:5c:65:39:43:00:19:86:94:c3:72:9c:2c:b2:e3:72:91:2b:
         b4:de:bb:e1:fc:68:eb:ce:b2:6d:39:98:8d:c5:06:51:f6:27:
         d6:c0:ea:8d:58:01:f0:6e:ef:66:6f:7b:b4:70:be:6c:2f:cb:
         0e:67:2d:81
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAZYpFYsBi2FmRXXAXw+XaxXbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjYzYzZjAxMGM1NDBiY2Q0NTU0MzQ0YmZiOWE1OWEyZWRi
YWJjMjkwHhcNMjUwNDEyMDgxOTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjllMjBmNDg3NmZlOGZhOTA3MzkzNGM0MmY5YWNiYzU1ODkyMzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsou2GR0O3cjUzQBzLufcx/RRcbFx
9/ZZEQWMgHMkRMG1kwU5tCCK0t+vFino0bVjRXYX35vI/r5XSV3hFSE5m3LluqN/
hP5/iX/6Z60yXtqnKoWSCEbruViHy3JROMvkR3/B2aT9I0zokkmJBxqDlWPxg2g7
NGmBdlt3ylVAKeAsaWkwHYC6aKA6InMn6xFoG4t30W1L9lZ5OEZWZChNuX6/22Au
lng9Tha+RRM+DFLqvKvxZg9J546VOKnWMog8srg8YuuFIeW1f+M18wnjswWJaQ2a
gU3kTaL0gmwTuce2A/JatB+GlQb0qPYLNO6aVIlAA+WqJPP3//PmEN26pQIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFH+eIPSHb+j6kHOTTEL5rLxViSMwMB8GA1UdIwQY
MBaAFLzGPwEMVAvNRVQ0S/uaWaLturwpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk1ZX0FReFVDODFGVkRSTC01cFpvdTI2dkNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy9hMjljNjctZjI0ZC00OTc5LWIyYWYt
Y2M0MWM0YTMxOThkLzEvZjU0ZzlJZHY2UHFRYzVOTVF2bXN2RldKSXpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy9hMjljNjctZjI0ZC00OTc5LWIyYWYtY2M0MWM0YTMxOThk
LzEvdk1ZX0FReFVDODFGVkRSTC01cFpvdTI2dkNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjA8BAIAATA2AwQCLYokAwQC
LZZMAwQCW9ecAwQAkhNpAwQCuRvsAwQCuTUIAwQCuTgcAwQAueraAwQCwKKIMCIE
AgACMBwDBQAqAlBgAwUDKgf5wAMFAyoSFoADBQMqEo8AMA0GCSqGSIb3DQEBCwUA
A4IBAQBsGGGVJTPSpUfVIzyQrFgw/ccZXbFwOCgwJxNbTnIul/mjcyRv4h+q9Pzf
8DvLDZdXg1FjxlsZw5jBr8p7zmWFr6OuixdPByNvwXq3NlrS3wkaQcJA/UgA7rVA
v0CoYIB9FeONTDtj4Tm9vi43zn/a3G67bipj6retmRTFym7H0tmOa0zU3Hoqnqqv
guwjPsiC0ReR+ZzwVOyrdfKO33JkLhTb/iHnVi2c3apxt2yLhcu2M8OrlfdgVgjw
o8euQ4u0Yf5VOye2XGU5QwAZhpTDcpwssuNykSu03rvh/GjrzrJtOZiNxQZR9ifW
wOqNWAHwbu9mb3u0cL5sL8sOZy2B
-----END CERTIFICATE-----