Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Q4p-qYS2sgvt0GJ7uYJPvsOIkIg.roa
File:                     Q4p-qYS2sgvt0GJ7uYJPvsOIkIg.roa (raw, json)
Hash identifier:          j/H5JWeQ0CkSOjcFdGwjX75ybxoyKIcMgX/vQel3jRk=
Subject key identifier:   43:8A:7E:A9:84:B6:B2:0B:ED:D0:62:7B:B9:82:4F:BE:C3:88:90:88
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       0195B2C32B1091E5414ABDA1FF85279F5316
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Q4p-qYS2sgvt0GJ7uYJPvsOIkIg.roa
Signing time:             Thu 20 Mar 2025 08:54:49 +0000
ROA not before:           Thu 20 Mar 2025 08:54:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        148.253.239.0/24 maxlen: 24
                          148.253.240.0/24 maxlen: 24
                          148.253.241.0/24 maxlen: 24
                          148.253.242.0/24 maxlen: 24
                          148.253.243.0/24 maxlen: 24
                          148.253.249.0/24 maxlen: 24
                          148.253.250.0/24 maxlen: 24
                          151.249.90.0/24 maxlen: 24
                          151.249.91.0/24 maxlen: 24
                          163.171.90.0/24 maxlen: 24
                          163.171.91.0/24 maxlen: 24
                          163.171.246.0/24 maxlen: 24
                          163.171.247.0/24 maxlen: 24
                          163.171.251.0/24 maxlen: 24
                          163.171.253.0/24 maxlen: 24
                          163.171.254.0/24 maxlen: 24
                          185.27.228.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b2:c3:2b:10:91:e5:41:4a:bd:a1:ff:85:27:9f:53:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Mar 20 08:54:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=438a7ea984b6b20bedd0627bb9824fbec3889088
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ff:a3:4a:88:09:67:1e:96:aa:d9:36:bc:f1:
                    b1:f3:af:95:1f:4e:a7:8d:d1:c2:e4:6f:6e:ca:de:
                    3a:65:7e:cc:89:89:26:87:65:82:6c:2b:28:b0:7b:
                    2b:33:c9:6c:97:13:b4:b3:82:40:01:c7:8a:6d:a2:
                    e9:15:d7:c6:2a:3a:a1:91:13:87:a4:b9:cf:7c:e4:
                    b9:59:13:85:19:35:6c:25:60:71:b1:f8:b2:41:eb:
                    71:9a:28:28:71:21:05:54:e6:ef:2f:0d:8c:a0:53:
                    68:19:0a:b3:68:fe:1c:89:60:70:b1:87:0c:38:d5:
                    e1:9d:21:89:55:79:81:26:26:35:a4:5b:60:f0:4d:
                    f7:ed:2a:59:49:50:df:ed:ac:92:0a:10:27:e2:cf:
                    2c:9c:ce:52:c5:8e:4c:f7:5a:f3:59:c5:b3:4d:81:
                    03:43:9c:e3:6a:e0:4e:17:48:ac:7c:2b:a2:8d:a2:
                    a2:95:b3:aa:04:2a:f0:4b:25:a6:13:72:d0:bf:da:
                    f2:fb:9a:ae:ae:50:51:5e:85:63:f9:d5:8d:b9:dd:
                    f7:48:5d:70:ea:7d:e2:de:c6:d3:4b:c5:1a:b4:86:
                    b7:0d:84:7f:a0:41:fa:ed:b4:9a:44:cf:b6:24:be:
                    6d:4a:75:f1:cb:4d:b5:2e:aa:79:ce:84:94:79:08:
                    84:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:8A:7E:A9:84:B6:B2:0B:ED:D0:62:7B:B9:82:4F:BE:C3:88:90:88
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Q4p-qYS2sgvt0GJ7uYJPvsOIkIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.253.239.0-148.253.243.255
                  148.253.249.0-148.253.250.255
                  151.249.90.0/23
                  163.171.90.0/23
                  163.171.246.0/23
                  163.171.251.0/24
                  163.171.253.0-163.171.254.255
                  185.27.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:bb:05:ac:7f:2d:92:df:ca:d5:4d:8f:fa:1a:6c:71:34:de:
         af:a4:62:5a:6c:5a:07:f1:e1:53:12:92:c0:ef:0e:e7:15:95:
         49:7f:25:35:15:b8:07:03:85:06:ff:43:35:10:c1:d1:bd:2a:
         2a:13:bc:cb:fa:a1:21:8c:3a:c7:dc:7d:b2:ab:76:a8:d9:7f:
         20:e3:cb:e0:13:ee:34:ef:01:f1:2c:b8:91:1e:ec:8e:10:e2:
         4a:13:86:a4:6b:7f:f7:3f:e9:3f:49:40:ad:6c:bf:b3:e7:ac:
         f3:74:8e:5c:b0:db:0a:c2:29:80:d4:3f:29:27:9e:02:44:4e:
         0c:ae:be:d5:27:ba:bb:48:9d:ec:f8:6c:03:34:2c:fd:08:8e:
         c3:31:41:3c:8e:ec:d2:e7:99:d5:e9:65:ff:47:75:94:cf:e4:
         84:71:bf:81:20:c9:4d:47:7f:8c:1a:d5:f9:0d:d8:6a:2c:3e:
         87:21:a3:ea:98:c9:e2:72:79:ec:9c:7f:e4:76:18:79:d6:f3:
         d5:6e:f5:be:2b:61:5b:c2:0a:21:bb:5f:45:11:98:c4:b6:a1:
         a8:04:d0:46:17:a6:a1:f4:88:26:b9:10:6b:e0:ba:91:4f:ee:
         f1:cd:b6:51:37:32:22:d8:87:6f:03:3b:2a:dd:44:77:04:a9:
         dc:77:d1:34
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZWywysQkeVBSr2h/4Unn1MWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjUwMzIwMDg1NDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzhhN2VhOTg0YjZiMjBiZWRkMDYyN2JiOTgyNGZiZWMzODg5MDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0v+jSogJZx6Wqtk2vPGx86+VH06n
jdHC5G9uyt46ZX7MiYkmh2WCbCsosHsrM8lslxO0s4JAAceKbaLpFdfGKjqhkROH
pLnPfOS5WROFGTVsJWBxsfiyQetxmigocSEFVObvLw2MoFNoGQqzaP4ciWBwsYcM
ONXhnSGJVXmBJiY1pFtg8E337SpZSVDf7aySChAn4s8snM5SxY5M91rzWcWzTYED
Q5zjauBOF0isfCuijaKilbOqBCrwSyWmE3LQv9ry+5qurlBRXoVj+dWNud33SF1w
6n3i3sbTS8UatIa3DYR/oEH67bSaRM+2JL5tSnXxy021Lqp5zoSUeQiE3QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFEOKfqmEtrIL7dBie7mCT77DiJCIMB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvUTRwLXFZUzJzZ3Z0MEdKN3VZSlB2c09Ja0lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIMAwDBACU/e8D
BAKU/fAwDAMEAJT9+QMEAJT9+gMEAZf5WgMEAaOrWgMEAaOr9gMEAKOr+zAMAwQA
o6v9AwQAo6v+AwQAuRvkMA0GCSqGSIb3DQEBCwUAA4IBAQBKuwWsfy2S38rVTY/6
GmxxNN6vpGJabFoH8eFTEpLA7w7nFZVJfyU1FbgHA4UG/0M1EMHRvSoqE7zL+qEh
jDrH3H2yq3ao2X8g48vgE+407wHxLLiRHuyOEOJKE4aka3/3P+k/SUCtbL+z56zz
dI5csNsKwimA1D8pJ54CRE4Mrr7VJ7q7SJ3s+GwDNCz9CI7DMUE8juzS55nV6WX/
R3WUz+SEcb+BIMlNR3+MGtX5DdhqLD6HIaPqmMnicnnsnH/kdhh51vPVbvW+K2Fb
wgohu19FEZjEtqGoBNBGF6ah9IgmuRBr4LqRT+7xzbZRNzIi2IdvAzsq3UR3BKnc
d9E0
-----END CERTIFICATE-----