Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/3KUq_UtAlAJJlZN5IvjwrjZ47dM.roa
File:                     3KUq_UtAlAJJlZN5IvjwrjZ47dM.roa (raw, json)
Hash identifier:          bj9EPm/Zl9VNqii4xedVhy7HdLZBWsFZ4Eeye1T5m3A=
Subject key identifier:   DC:A5:2A:FD:4B:40:94:02:49:95:93:79:22:F8:F0:AE:36:78:ED:D3
Certificate issuer:       /CN=7e45a9a0353a33c6a4f93608f9d25f27c85948b7
Certificate serial:       01942826286FA39CF5C10725D5CC7A9B12CD
Authority key identifier: 7E:45:A9:A0:35:3A:33:C6:A4:F9:36:08:F9:D2:5F:27:C8:59:48:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/3KUq_UtAlAJJlZN5IvjwrjZ47dM.roa
Signing time:             Thu 02 Jan 2025 17:52:56 +0000
ROA not before:           Thu 02 Jan 2025 17:52:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57099
IP address blocks:        5.133.172.0/22 maxlen: 22
                          46.231.8.0/21 maxlen: 21
                          85.95.32.0/19 maxlen: 19
                          91.209.142.0/24 maxlen: 24
                          91.214.228.0/22 maxlen: 22
                          151.249.64.0/20 maxlen: 20
                          185.44.248.0/22 maxlen: 22
                          185.113.0.0/22 maxlen: 22
                          185.168.144.0/22 maxlen: 22
                          209.35.128.0/20 maxlen: 20

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:28:6f:a3:9c:f5:c1:07:25:d5:cc:7a:9b:12:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e45a9a0353a33c6a4f93608f9d25f27c85948b7
        Validity
            Not Before: Jan  2 17:52:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dca52afd4b4094024995937922f8f0ae3678edd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:2c:38:e2:fa:f7:1a:30:58:dd:ed:38:00:c0:
                    24:7a:f8:25:03:59:ee:1e:6d:9e:e7:4b:a8:20:35:
                    a4:95:6f:b0:77:67:86:37:e1:d6:98:fc:69:ec:6b:
                    72:93:7e:80:fb:1b:f4:9b:62:5e:07:bf:79:a3:84:
                    42:91:97:4c:b4:39:01:e4:55:ce:bd:08:8f:39:c9:
                    a0:1d:27:34:5b:9b:44:45:ef:08:fe:30:9e:79:6c:
                    e0:9d:4d:07:05:f8:94:89:cc:e6:93:9e:28:ff:1d:
                    88:63:d6:72:0b:b9:d9:fc:06:6f:3f:8e:b9:bb:c3:
                    7e:13:98:bc:ab:90:79:55:f5:4d:c2:18:ef:35:93:
                    67:f9:d9:05:af:ac:c1:7a:a4:83:dc:89:4f:5f:22:
                    88:33:f8:b4:0d:7e:29:39:2d:90:6b:2e:1d:41:46:
                    66:91:6a:57:c0:e6:26:cd:f8:ba:c4:15:a8:e7:e1:
                    8c:2f:d7:e5:3d:94:d0:46:f8:00:42:53:3f:00:2e:
                    4e:e3:08:58:36:ad:15:6e:ca:ee:fe:99:7a:60:3e:
                    48:bc:47:bf:6d:5b:41:eb:56:3c:f7:11:8d:82:59:
                    f5:d2:ee:81:92:f3:aa:ac:0c:1a:79:47:66:82:54:
                    40:7b:1c:62:cb:de:84:66:38:21:c4:e5:66:0b:fe:
                    d3:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:A5:2A:FD:4B:40:94:02:49:95:93:79:22:F8:F0:AE:36:78:ED:D3
            X509v3 Authority Key Identifier:
                keyid:7E:45:A9:A0:35:3A:33:C6:A4:F9:36:08:F9:D2:5F:27:C8:59:48:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/3KUq_UtAlAJJlZN5IvjwrjZ47dM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.172.0/22
                  46.231.8.0/21
                  85.95.32.0/19
                  91.209.142.0/24
                  91.214.228.0/22
                  151.249.64.0/20
                  185.44.248.0/22
                  185.113.0.0/22
                  185.168.144.0/22
                  209.35.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         20:62:cf:5b:fc:27:fb:65:65:e7:8a:ea:62:59:de:7a:a5:8f:
         6d:20:de:e8:4c:31:ed:97:7e:e2:ba:f1:09:a5:be:a2:65:7b:
         3a:67:cc:8b:0e:df:96:b3:e3:b7:7d:e2:a8:65:42:e7:c9:81:
         92:c8:f3:af:8f:5b:54:cc:60:65:37:4a:99:40:76:c1:40:f1:
         a7:6c:2c:c3:1d:e9:23:52:12:a1:93:3c:f6:23:a9:23:3e:3d:
         38:4b:3b:37:79:e6:0d:d9:3a:91:1f:57:84:b5:1d:de:a9:dc:
         ae:93:26:3a:09:62:d9:fe:85:40:e5:ff:74:e0:b2:32:39:de:
         39:d7:39:7a:4c:65:6d:b0:7c:c1:7c:bb:b8:d1:f3:74:15:0e:
         90:3e:60:6d:af:6d:a1:c6:c2:e6:fa:06:c1:24:19:40:b7:7e:
         a3:e0:2d:a7:d9:35:39:25:5e:60:8d:ab:b4:a6:ff:e8:79:2b:
         e0:31:3d:45:cf:e2:0e:65:a0:fe:2b:1c:e6:7f:f9:e9:98:e5:
         e5:94:46:c9:35:5d:86:34:03:98:bf:ca:00:f8:ca:0f:c0:bc:
         6c:cf:12:ad:67:b9:92:60:ac:02:15:c7:de:a1:83:d1:de:6e:
         2d:1f:c9:ac:ff:93:45:d3:c5:70:4a:51:90:cd:e3:51:04:60:
         80:f4:76:3f
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZQoJihvo5z1wQcl1cx6mxLNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNDVhOWEwMzUzYTMzYzZhNGY5MzYwOGY5ZDI1ZjI3Yzg1
OTQ4YjcwHhcNMjUwMTAyMTc1MjU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2E1MmFmZDRiNDA5NDAyNDk5NTkzNzkyMmY4ZjBhZTM2NzhlZGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyw44vr3GjBY3e04AMAkevglA1nu
Hm2e50uoIDWklW+wd2eGN+HWmPxp7Gtyk36A+xv0m2JeB795o4RCkZdMtDkB5FXO
vQiPOcmgHSc0W5tERe8I/jCeeWzgnU0HBfiUiczmk54o/x2IY9ZyC7nZ/AZvP465
u8N+E5i8q5B5VfVNwhjvNZNn+dkFr6zBeqSD3IlPXyKIM/i0DX4pOS2Qay4dQUZm
kWpXwOYmzfi6xBWo5+GML9flPZTQRvgAQlM/AC5O4whYNq0Vbsru/pl6YD5IvEe/
bVtB61Y89xGNgln10u6BkvOqrAwaeUdmglRAexxiy96EZjghxOVmC/7THQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFNylKv1LQJQCSZWTeSL48K42eO3TMB8GA1UdIwQY
MBaAFH5FqaA1OjPGpPk2CPnSXyfIWUi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmtXcG9EVTZNOGFrLVRZSS1kSmZKOGhaU0xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9kZDdiZWItNmY3OC00MTliLTk1N2Qt
MzdhNjBjMzM1YTVkLzEvM0tVcV9VdEFsQUpKbFpONUl2andyalo0N2RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9kZDdiZWItNmY3OC00MTliLTk1N2QtMzdhNjBjMzM1YTVk
LzEvZmtXcG9EVTZNOGFrLVRZSS1kSmZKOGhaU0xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCBYWsAwQD
LucIAwQFVV8gAwQAW9GOAwQCW9bkAwQEl/lAAwQCuSz4AwQCuXEAAwQCuaiQAwQE
0SOAMA0GCSqGSIb3DQEBCwUAA4IBAQAgYs9b/Cf7ZWXniupiWd56pY9tIN7oTDHt
l37iuvEJpb6iZXs6Z8yLDt+Ws+O3feKoZULnyYGSyPOvj1tUzGBlN0qZQHbBQPGn
bCzDHekjUhKhkzz2I6kjPj04Szs3eeYN2TqRH1eEtR3eqdyukyY6CWLZ/oVA5f90
4LIyOd451zl6TGVtsHzBfLu40fN0FQ6QPmBtr22hxsLm+gbBJBlAt36j4C2n2TU5
JV5gjau0pv/oeSvgMT1Fz+IOZaD+Kxzmf/npmOXllEbJNV2GNAOYv8oA+MoPwLxs
zxKtZ7mSYKwCFcfeoYPR3m4tH8ms/5NF08VwSlGQzeNRBGCA9HY/
-----END CERTIFICATE-----