Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/VVGAKlexZnslyaxsj979p9-1tLc.roa
File:                     VVGAKlexZnslyaxsj979p9-1tLc.roa (raw, json)
Hash identifier:          zSg/YLF7G2TzXt0TnTqPgj/B+dgWPQfBczFUSMDRTig=
Subject key identifier:   55:51:80:2A:57:B1:66:7B:25:C9:AC:6C:8F:DE:FD:A7:DF:B5:B4:B7
Certificate issuer:       /CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Certificate serial:       0194266C18E4BAD2A85F48956B6E032BA36F
Authority key identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/VVGAKlexZnslyaxsj979p9-1tLc.roa
Signing time:             Thu 02 Jan 2025 09:50:05 +0000
ROA not before:           Thu 02 Jan 2025 09:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15589
IP address blocks:        62.94.0.0/16 maxlen: 24
                          81.92.32.0/20 maxlen: 24
                          83.211.0.0/16 maxlen: 24
                          194.153.192.0/20 maxlen: 24
                          194.153.208.0/22 maxlen: 24
                          212.90.0.0/19 maxlen: 24
                          212.110.0.0/19 maxlen: 24
                          213.136.128.0/18 maxlen: 24
                          213.183.128.0/19 maxlen: 24
                          213.198.128.0/18 maxlen: 24
                          217.15.208.0/20 maxlen: 24
                          2001:750::/29 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:18:e4:ba:d2:a8:5f:48:95:6b:6e:03:2b:a3:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7539b7a123417aa719325946aa89e0f30ab0ca09
        Validity
            Not Before: Jan  2 09:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5551802a57b1667b25c9ac6c8fdefda7dfb5b4b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:19:3a:69:6f:a1:26:f0:b1:88:61:9f:4a:db:
                    b0:cc:1d:8d:3d:f6:4f:0e:9d:eb:b0:5b:f2:fd:01:
                    b6:28:6a:e8:c7:60:b6:7f:d7:4d:a4:7e:01:e2:dc:
                    5b:c3:53:d7:00:78:72:e7:9e:30:2f:12:c6:ec:9d:
                    ed:fe:0a:5b:16:b2:1f:0a:95:ba:60:c0:fb:79:cc:
                    88:ba:08:11:86:6c:f8:aa:53:05:7e:9f:40:f9:f9:
                    0b:98:66:43:f1:89:a1:73:02:b3:07:9c:4c:cf:2b:
                    fa:b4:bb:ba:48:47:15:a3:2c:d3:cc:ff:51:17:03:
                    44:42:af:f2:5e:8e:3c:76:fa:6e:a9:1c:23:56:75:
                    f5:7a:a4:2c:0a:20:51:72:85:7d:ca:f0:a0:a4:6c:
                    15:27:79:ec:c2:87:d9:ca:9d:8f:ba:37:15:63:b6:
                    85:ad:d7:16:8b:fa:70:26:dd:87:00:7f:78:43:16:
                    0f:68:e1:b9:eb:ce:77:68:a7:55:5f:c8:1f:d0:b0:
                    66:4d:a4:a2:25:8d:5e:b1:ee:0c:32:f9:ac:53:33:
                    40:3a:92:9f:d9:cc:05:83:84:26:dc:90:63:66:e5:
                    7b:4e:98:7b:9f:e1:9a:2c:83:da:32:12:9f:16:ff:
                    73:13:d1:fc:74:41:fb:42:46:ad:c4:a5:5a:9d:47:
                    dd:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:51:80:2A:57:B1:66:7B:25:C9:AC:6C:8F:DE:FD:A7:DF:B5:B4:B7
            X509v3 Authority Key Identifier:
                keyid:75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/VVGAKlexZnslyaxsj979p9-1tLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.94.0.0/16
                  81.92.32.0/20
                  83.211.0.0/16
                  194.153.192.0-194.153.211.255
                  212.90.0.0/19
                  212.110.0.0/19
                  213.136.128.0/18
                  213.183.128.0/19
                  213.198.128.0/18
                  217.15.208.0/20
                IPv6:
                  2001:750::/29

    Signature Algorithm: sha256WithRSAEncryption
         99:34:79:f9:25:cb:33:bd:b5:19:81:91:6f:2f:75:9b:c6:8c:
         49:f2:ee:7f:4c:85:74:77:c1:2c:9e:d1:e5:d7:a7:15:fa:36:
         d1:72:2e:06:fc:b5:80:63:13:e6:0b:d8:e4:09:02:e4:c2:f7:
         1f:ce:b9:50:bb:24:ff:37:fc:8b:5d:34:e8:42:5a:ca:d1:2e:
         ee:fa:ff:ef:6b:5b:1b:61:29:07:bf:fa:56:f2:13:4f:6d:c7:
         4f:ef:22:aa:d9:b2:14:c4:5e:87:18:55:d5:1d:e8:e9:9c:48:
         58:d2:1b:8b:84:a6:3f:45:b1:bb:d3:ab:1f:3e:9e:93:e4:9b:
         d9:49:89:de:a1:98:67:84:3d:e2:b5:0d:ff:d8:c9:d5:88:21:
         8f:3c:3b:a6:e9:ae:61:45:0e:c6:d9:55:d3:9b:4c:d4:b2:23:
         51:66:d9:62:b9:95:34:d8:11:2a:28:59:b7:d9:0f:ff:e5:55:
         90:0e:a6:01:f9:cb:dd:40:db:a6:14:d4:69:2e:a3:94:3c:0c:
         46:77:75:3e:68:1c:a3:77:a7:3c:b8:6c:f9:e4:33:50:42:77:
         e8:b9:10:c3:17:09:83:13:29:d2:37:33:70:bd:18:0e:71:4b:
         cc:a7:7c:85:ab:20:9a:1f:ac:2f:67:ed:4f:8a:1f:cd:8b:60:
         d7:b0:c8:d5
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAZQmbBjkutKoX0iVa24DK6NvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MzliN2ExMjM0MTdhYTcxOTMyNTk0NmFhODllMGYzMGFi
MGNhMDkwHhcNMjUwMTAyMDk1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTUxODAyYTU3YjE2NjdiMjVjOWFjNmM4ZmRlZmRhN2RmYjViNGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Rk6aW+hJvCxiGGfStuwzB2NPfZP
Dp3rsFvy/QG2KGrox2C2f9dNpH4B4txbw1PXAHhy554wLxLG7J3t/gpbFrIfCpW6
YMD7ecyIuggRhmz4qlMFfp9A+fkLmGZD8YmhcwKzB5xMzyv6tLu6SEcVoyzTzP9R
FwNEQq/yXo48dvpuqRwjVnX1eqQsCiBRcoV9yvCgpGwVJ3nswofZyp2PujcVY7aF
rdcWi/pwJt2HAH94QxYPaOG56853aKdVX8gf0LBmTaSiJY1ese4MMvmsUzNAOpKf
2cwFg4Qm3JBjZuV7Tph7n+GaLIPaMhKfFv9zE9H8dEH7QkatxKVanUfdDQIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFFVRgCpXsWZ7JcmsbI/e/afftbS3MB8GA1UdIwQY
MBaAFHU5t6EjQXqnGTJZRqqJ4PMKsMoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjct
NWI1ZTMzY2U3MGFkLzEvVlZHQUtsZXhabnNseWF4c2o5NzlwOS0xdExjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjctNWI1ZTMzY2U3MGFk
LzEvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwMAPl4DBARR
XCADAwBT0zAMAwQGwpnAAwQCwpnQAwQF1FoAAwQF1G4AAwQG1YiAAwQF1beAAwQG
1caAAwQE2Q/QMA0EAgACMAcDBQMgAQdQMA0GCSqGSIb3DQEBCwUAA4IBAQCZNHn5
JcszvbUZgZFvL3WbxoxJ8u5/TIV0d8EsntHl16cV+jbRci4G/LWAYxPmC9jkCQLk
wvcfzrlQuyT/N/yLXTToQlrK0S7u+v/va1sbYSkHv/pW8hNPbcdP7yKq2bIUxF6H
GFXVHejpnEhY0huLhKY/RbG706sfPp6T5JvZSYneoZhnhD3itQ3/2MnViCGPPDum
6a5hRQ7G2VXTm0zUsiNRZtliuZU02BEqKFm32Q//5VWQDqYB+cvdQNumFNRpLqOU
PAxGd3U+aByjd6c8uGz55DNQQnfouRDDFwmDEynSNzNwvRgOcUvMp3yFqyCaH6wv
Z+1Pih/Ni2DXsMjV
-----END CERTIFICATE-----