Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/S1ui4XpVCTm1Vm2OpLHGmY_ZuN0.roa
File:                     S1ui4XpVCTm1Vm2OpLHGmY_ZuN0.roa (raw, json)
Hash identifier:          3qwiok+pffK8+ko0f890CJV54WEIRSPAcVGZFhekYsc=
Subject key identifier:   4B:5B:A2:E1:7A:55:09:39:B5:56:6D:8E:A4:B1:C6:99:8F:D9:B8:DD
Certificate issuer:       /CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
Certificate serial:       01942669F40F357D63E492E467FD2E00119C
Authority key identifier: 50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/S1ui4XpVCTm1Vm2OpLHGmY_ZuN0.roa
Signing time:             Thu 02 Jan 2025 09:47:45 +0000
ROA not before:           Thu 02 Jan 2025 09:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50611
IP address blocks:        185.119.136.0/22 maxlen: 24
                          195.253.64.0/24 maxlen: 24
                          195.253.65.0/24 maxlen: 24
                          195.253.66.0/24 maxlen: 24
                          195.253.88.0/23 maxlen: 23
                          195.253.90.0/23 maxlen: 23
                          195.253.96.0/19 maxlen: 24
                          195.253.126.0/24 maxlen: 24
                          2a01:5b0:4::/48 maxlen: 48
                          2a01:5b0:5::/48 maxlen: 48
                          2a01:5b0:6::/48 maxlen: 48
                          2a01:5b0:8::/46 maxlen: 48
                          2a01:5b0:10::/45 maxlen: 48
                          2a01:5b0:12::/47 maxlen: 47
                          2a01:5b0:20::/43 maxlen: 48
                          2a01:5b0:2a::/48 maxlen: 48
                          2a01:5b0:2b::/48 maxlen: 48
                          2a01:5b0:2e::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:69:f4:0f:35:7d:63:e4:92:e4:67:fd:2e:00:11:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
        Validity
            Not Before: Jan  2 09:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b5ba2e17a550939b5566d8ea4b1c6998fd9b8dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:2c:57:b8:2b:26:0f:1b:68:92:6b:00:49:25:
                    69:46:95:19:1b:06:6e:23:62:c3:76:94:33:66:e5:
                    74:c6:52:89:f1:f5:c1:46:88:cc:df:80:f0:1b:16:
                    86:dc:00:70:e4:ba:07:4c:7d:51:d0:b8:04:d1:b9:
                    e7:e2:0d:8d:f5:df:45:ad:07:82:00:ab:ac:c2:45:
                    68:c9:3e:5b:0e:a8:18:59:07:4b:4e:b6:96:96:8e:
                    b8:df:78:e0:e5:7c:a3:5c:d4:c6:a7:4d:57:a3:18:
                    88:fb:05:f1:5c:26:91:0c:78:4d:76:02:0e:ce:37:
                    b6:4e:d0:a9:29:53:bd:33:1a:c8:f8:9b:72:21:98:
                    3f:72:95:71:62:9f:22:34:13:2f:9e:32:e1:1a:ae:
                    1f:1a:34:95:2d:50:ef:49:46:3c:19:e6:78:4e:5a:
                    bb:34:dd:a8:28:c1:f0:63:bf:cf:7c:f8:08:fa:76:
                    f7:43:fa:33:99:6e:31:5b:dd:94:b8:9b:bb:f6:a7:
                    71:f0:d2:d6:97:dc:91:8f:62:2e:00:d0:ba:82:44:
                    d9:d5:9e:8d:d5:9b:90:4b:b6:86:48:f1:db:db:5d:
                    9d:92:fe:2c:8f:6a:b5:4f:b9:0f:d3:78:91:10:48:
                    73:8a:b4:f7:73:60:a5:65:82:39:a7:36:32:b4:84:
                    ec:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:5B:A2:E1:7A:55:09:39:B5:56:6D:8E:A4:B1:C6:99:8F:D9:B8:DD
            X509v3 Authority Key Identifier:
                keyid:50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/S1ui4XpVCTm1Vm2OpLHGmY_ZuN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.136.0/22
                  195.253.64.0-195.253.66.255
                  195.253.88.0/22
                  195.253.96.0/19
                IPv6:
                  2a01:5b0:4::-2a01:5b0:6:ffff:ffff:ffff:ffff:ffff
                  2a01:5b0:8::/46
                  2a01:5b0:10::/45
                  2a01:5b0:20::/43

    Signature Algorithm: sha256WithRSAEncryption
         0b:12:cf:80:de:68:0f:2d:97:2a:ac:1a:3e:6c:14:d0:db:09:
         12:78:e0:88:23:f4:5d:0f:66:6d:de:54:0c:71:19:44:9b:13:
         25:19:53:f3:b0:2f:47:2e:ac:8b:c0:5b:a6:8d:16:14:79:2a:
         5d:2e:f8:b1:49:ba:80:d6:68:92:7c:e9:34:ff:15:36:bc:39:
         24:17:7d:c8:64:26:0b:19:58:fb:d1:bf:6c:47:6b:62:c9:8f:
         7d:36:e2:01:55:8e:40:59:c1:cd:ff:8e:54:5b:ee:58:72:1c:
         c9:07:ed:52:8c:bb:4d:bd:22:9d:df:87:23:80:52:b6:1a:84:
         f8:f2:19:64:ee:6b:59:88:c1:05:40:ff:fc:d5:67:f8:24:88:
         ee:a0:d9:a5:67:69:91:fc:8d:da:89:ad:b1:8f:f2:be:30:99:
         73:b5:b4:c8:fd:26:eb:d7:ea:b6:f0:c8:48:a9:a0:0e:5b:f9:
         83:71:21:e9:89:34:a9:25:c1:11:43:3d:9a:3f:1d:23:68:77:
         d8:34:73:99:5e:47:50:bd:e0:67:59:67:a5:d1:c9:ff:9b:40:
         34:9d:c5:7e:8a:be:c7:c3:1d:32:ae:a3:f7:8d:80:a8:12:88:
         88:84:15:bf:8b:cf:6e:16:e5:a3:25:a1:20:b4:d9:ea:d6:15:
         b1:61:a5:2c
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAZQmafQPNX1j5JLkZ/0uABGcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwYzFlNDI2ZjU4ZTQyYWUzMGU1NmNkYjdmZjRkOGY5ZGRk
ODViMzAwHhcNMjUwMTAyMDk0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjViYTJlMTdhNTUwOTM5YjU1NjZkOGVhNGIxYzY5OThmZDliOGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8CxXuCsmDxtokmsASSVpRpUZGwZu
I2LDdpQzZuV0xlKJ8fXBRojM34DwGxaG3ABw5LoHTH1R0LgE0bnn4g2N9d9FrQeC
AKuswkVoyT5bDqgYWQdLTraWlo6433jg5XyjXNTGp01XoxiI+wXxXCaRDHhNdgIO
zje2TtCpKVO9MxrI+JtyIZg/cpVxYp8iNBMvnjLhGq4fGjSVLVDvSUY8GeZ4Tlq7
NN2oKMHwY7/PfPgI+nb3Q/ozmW4xW92UuJu79qdx8NLWl9yRj2IuANC6gkTZ1Z6N
1ZuQS7aGSPHb212dkv4sj2q1T7kP03iREEhzirT3c2ClZYI5pzYytITsYwIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFEtbouF6VQk5tVZtjqSxxpmP2bjdMB8GA1UdIwQY
MBaAFFDB5Cb1jkKuMOVs23/02Pnd2FswMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVU1Ia0p2V09RcTR3NVd6YmZfVFktZDNZV3pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi85YzZkYWQtMzc3YS00NDRlLWIwZGMt
MDYzY2U2Y2Y0NjBkLzEvUzF1aTRYcFZDVG0xVm0yT3BMSEdtWV9adU4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi85YzZkYWQtMzc3YS00NDRlLWIwZGMtMDYzY2U2Y2Y0NjBk
LzEvVU1Ia0p2V09RcTR3NVd6YmZfVFktZDNZV3pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzAmBAIAATAgAwQCuXeIMAwD
BAbD/UADBADD/UIDBALD/VgDBAXD/WAwNQQCAAIwLzASAwcCKgEFsAAEAwcAKgEF
sAAGAwcCKgEFsAAIAwcDKgEFsAAQAwcFKgEFsAAgMA0GCSqGSIb3DQEBCwUAA4IB
AQALEs+A3mgPLZcqrBo+bBTQ2wkSeOCII/RdD2Zt3lQMcRlEmxMlGVPzsC9HLqyL
wFumjRYUeSpdLvixSbqA1miSfOk0/xU2vDkkF33IZCYLGVj70b9sR2tiyY99NuIB
VY5AWcHN/45UW+5YchzJB+1SjLtNvSKd34cjgFK2GoT48hlk7mtZiMEFQP/81Wf4
JIjuoNmlZ2mR/I3aia2xj/K+MJlztbTI/Sbr1+q28MhIqaAOW/mDcSHpiTSpJcER
Qz2aPx0jaHfYNHOZXkdQveBnWWel0cn/m0A0ncV+ir7Hwx0yrqP3jYCoEoiIhBW/
i89uFuWjJaEgtNnq1hWxYaUs
-----END CERTIFICATE-----