Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/d6461f-17e3-4986-a5f6-72a4b3a9bb44/1/dO0iAzf59ELGy5YFAfLCImx6CoY.roa
File:                     dO0iAzf59ELGy5YFAfLCImx6CoY.roa (raw, json)
Hash identifier:          khd3I95oYPZ7Oe9vWseJ5vBlqZ90z8OH3SOmldjOK5o=
Subject key identifier:   74:ED:22:03:37:F9:F4:42:C6:CB:96:05:01:F2:C2:22:6C:7A:0A:86
Certificate issuer:       /CN=b9df156ee18b6958d4306b6311b4a086763eff62
Certificate serial:       0194B41E37B3CA7396951FF6EF63FE62D417
Authority key identifier: B9:DF:15:6E:E1:8B:69:58:D4:30:6B:63:11:B4:A0:86:76:3E:FF:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ud8VbuGLaVjUMGtjEbSghnY-_2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/d6461f-17e3-4986-a5f6-72a4b3a9bb44/1/dO0iAzf59ELGy5YFAfLCImx6CoY.roa
Signing time:             Wed 29 Jan 2025 22:11:06 +0000
ROA not before:           Wed 29 Jan 2025 22:11:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60798
IP address blocks:        37.156.244.0/24 maxlen: 24
                          89.45.228.0/24 maxlen: 24
                          185.116.60.0/24 maxlen: 24
                          193.164.143.0/24 maxlen: 24
                          195.64.116.0/24 maxlen: 24
                          2a0c:79c0:1::/48 maxlen: 48
                          2a0c:79c0:3::/48 maxlen: 48
                          2a0c:79c0:5::/48 maxlen: 48
                          2a0c:79c0:6::/48 maxlen: 48
                          2a0c:79c0:8::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b4:1e:37:b3:ca:73:96:95:1f:f6:ef:63:fe:62:d4:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9df156ee18b6958d4306b6311b4a086763eff62
        Validity
            Not Before: Jan 29 22:11:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74ed220337f9f442c6cb960501f2c2226c7a0a86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:81:53:40:ab:01:85:af:03:9b:a4:7e:db:9c:
                    9c:a2:e9:b5:74:96:ea:c5:e1:77:23:ed:49:c5:a4:
                    92:dc:b7:07:81:fa:d9:13:35:3f:a2:48:3d:93:6f:
                    27:22:27:a9:a9:5c:30:d3:9c:5e:f1:3d:24:63:f5:
                    3b:8f:eb:c9:4c:84:93:28:80:b6:ba:80:33:fd:86:
                    d8:99:d9:92:87:91:7d:ab:9f:54:0b:41:1b:31:ad:
                    e0:1b:c6:17:77:b8:3c:1c:b9:c6:d1:e4:b6:06:ae:
                    3f:93:f4:86:89:25:69:c7:7b:21:02:62:65:30:e6:
                    b9:d2:06:78:4c:5e:52:5c:1d:28:2f:c4:74:97:0b:
                    72:bc:7c:86:bb:51:7e:8a:e0:1f:0c:a3:73:dd:39:
                    52:63:12:20:90:97:24:6e:bc:a2:e1:dd:77:3f:40:
                    54:80:e2:a1:29:e6:66:68:07:fb:2f:ce:c0:3d:bc:
                    fc:0b:2c:77:49:7b:39:a9:d4:dd:cc:fa:02:bf:cf:
                    84:3e:7f:9b:45:ae:81:f6:fb:42:2b:39:eb:fb:d0:
                    9c:4a:9a:09:44:36:4b:50:d6:73:b1:51:a9:30:82:
                    c6:68:94:b2:aa:cf:66:69:40:2d:47:de:46:b5:fb:
                    47:a2:13:38:4a:12:90:fb:da:c0:5b:bc:5e:9a:87:
                    76:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:ED:22:03:37:F9:F4:42:C6:CB:96:05:01:F2:C2:22:6C:7A:0A:86
            X509v3 Authority Key Identifier:
                keyid:B9:DF:15:6E:E1:8B:69:58:D4:30:6B:63:11:B4:A0:86:76:3E:FF:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ud8VbuGLaVjUMGtjEbSghnY-_2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/d6461f-17e3-4986-a5f6-72a4b3a9bb44/1/dO0iAzf59ELGy5YFAfLCImx6CoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/d6461f-17e3-4986-a5f6-72a4b3a9bb44/1/ud8VbuGLaVjUMGtjEbSghnY-_2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.156.244.0/24
                  89.45.228.0/24
                  185.116.60.0/24
                  193.164.143.0/24
                  195.64.116.0/24
                IPv6:
                  2a0c:79c0:1::/48
                  2a0c:79c0:3::/48
                  2a0c:79c0:5::-2a0c:79c0:6:ffff:ffff:ffff:ffff:ffff
                  2a0c:79c0:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:e0:88:ea:61:c0:e5:3a:a5:77:5e:d6:eb:13:a7:12:e8:dc:
         5d:38:12:08:1d:9e:57:cd:aa:2b:9d:b5:5f:66:7e:dd:a5:c4:
         bd:06:13:68:cd:a9:4b:f6:dd:88:8b:24:08:57:d2:25:d0:1a:
         10:51:86:d0:01:17:8b:2b:d2:9e:1d:d4:a8:16:a4:9e:f6:f4:
         8b:8e:2a:ea:6e:c4:1a:02:15:cc:d5:68:79:92:7a:ad:60:61:
         f6:5f:64:7f:48:7a:86:8b:0b:2a:26:2b:cc:b4:f2:ab:eb:42:
         b7:b6:04:50:69:88:40:c8:bf:76:56:a8:cf:b5:36:b7:63:f4:
         bd:17:68:49:ee:d7:26:64:ce:27:16:3e:7c:98:41:3e:db:6a:
         99:6a:86:bb:29:9d:f5:df:90:c1:51:1d:3a:88:53:87:25:06:
         43:82:da:1e:f4:74:2c:73:82:85:64:c6:58:bc:ca:fb:60:9d:
         72:ab:99:e2:00:b4:d5:b9:df:35:0e:d6:54:73:c5:8b:cc:f5:
         20:b8:76:60:bc:c2:63:bf:e4:28:0b:59:43:84:b7:f6:c2:44:
         e4:22:a6:3a:a7:e6:9e:6c:5d:eb:85:bd:28:76:c3:e8:60:7a:
         bb:69:d6:3f:e5:23:bd:6a:4e:4f:69:79:41:ac:58:a9:a2:b6:
         6c:40:fc:56
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAZS0HjezynOWlR/272P+YtQXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZGYxNTZlZTE4YjY5NThkNDMwNmI2MzExYjRhMDg2NzYz
ZWZmNjIwHhcNMjUwMTI5MjIxMTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGVkMjIwMzM3ZjlmNDQyYzZjYjk2MDUwMWYyYzIyMjZjN2EwYTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54FTQKsBha8Dm6R+25ycoum1dJbq
xeF3I+1JxaSS3LcHgfrZEzU/okg9k28nIiepqVww05xe8T0kY/U7j+vJTISTKIC2
uoAz/YbYmdmSh5F9q59UC0EbMa3gG8YXd7g8HLnG0eS2Bq4/k/SGiSVpx3shAmJl
MOa50gZ4TF5SXB0oL8R0lwtyvHyGu1F+iuAfDKNz3TlSYxIgkJckbryi4d13P0BU
gOKhKeZmaAf7L87APbz8Cyx3SXs5qdTdzPoCv8+EPn+bRa6B9vtCKznr+9CcSpoJ
RDZLUNZzsVGpMILGaJSyqs9maUAtR95GtftHohM4ShKQ+9rAW7xemod2uQIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFHTtIgM3+fRCxsuWBQHywiJsegqGMB8GA1UdIwQY
MBaAFLnfFW7hi2lY1DBrYxG0oIZ2Pv9iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWQ4VmJ1R0xhVmpVTUd0akViU2doblktXzJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9kNjQ2MWYtMTdlMy00OTg2LWE1ZjYt
NzJhNGIzYTliYjQ0LzEvZE8waUF6ZjU5RUxHeTVZRkFmTENJbXg2Q29ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9kNjQ2MWYtMTdlMy00OTg2LWE1ZjYtNzJhNGIzYTliYjQ0
LzEvdWQ4VmJ1R0xhVmpVTUd0akViU2doblktXzJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTAkBAIAATAeAwQAJZz0AwQA
WS3kAwQAuXQ8AwQAwaSPAwQAw0B0MDUEAgACMC8DBwAqDHnAAAEDBwAqDHnAAAMw
EgMHACoMecAABQMHACoMecAABgMHACoMecAACDANBgkqhkiG9w0BAQsFAAOCAQEA
QeCI6mHA5Tqld17W6xOnEujcXTgSCB2eV82qK521X2Z+3aXEvQYTaM2pS/bdiIsk
CFfSJdAaEFGG0AEXiyvSnh3UqBaknvb0i44q6m7EGgIVzNVoeZJ6rWBh9l9kf0h6
hosLKiYrzLTyq+tCt7YEUGmIQMi/dlaoz7U2t2P0vRdoSe7XJmTOJxY+fJhBPttq
mWqGuymd9d+QwVEdOohThyUGQ4LaHvR0LHOChWTGWLzK+2CdcquZ4gC01bnfNQ7W
VHPFi8z1ILh2YLzCY7/kKAtZQ4S39sJE5CKmOqfmnmxd64W9KHbD6GB6u2nWP+Uj
vWpOT2l5QaxYqaK2bED8Vg==
-----END CERTIFICATE-----