Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/5kFciYy08Hon6gtEvIp9w0VQcsE.roa
File:                     5kFciYy08Hon6gtEvIp9w0VQcsE.roa (raw, json)
Hash identifier:          qij/JTrynROZgaqB/UA+Gudp117pni1+rZf6VyQOfzQ=
Subject key identifier:   E6:41:5C:89:8C:B4:F0:7A:27:EA:0B:44:BC:8A:7D:C3:45:50:72:C1
Certificate issuer:       /CN=66feef09c450990af34779ce701be6cd54b3d924
Certificate serial:       019425222DC81ACB245CAD9FB7166C0FE103
Authority key identifier: 66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/5kFciYy08Hon6gtEvIp9w0VQcsE.roa
Signing time:             Thu 02 Jan 2025 03:49:44 +0000
ROA not before:           Thu 02 Jan 2025 03:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35179
IP address blocks:        79.110.192.0/20 maxlen: 24
                          83.168.71.0/24 maxlen: 24
                          83.168.72.0/21 maxlen: 24
                          83.168.80.0/21 maxlen: 21
                          83.168.88.0/22 maxlen: 22
                          83.168.100.0/22 maxlen: 24
                          83.168.108.0/23 maxlen: 23
                          83.168.114.0/23 maxlen: 23
                          83.168.116.0/23 maxlen: 23
                          83.168.120.0/23 maxlen: 23
                          83.168.126.0/23 maxlen: 23
                          185.49.29.0/24 maxlen: 24
                          185.49.30.0/23 maxlen: 23
                          193.239.56.0/22 maxlen: 24
                          2a01:96e0::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:2d:c8:1a:cb:24:5c:ad:9f:b7:16:6c:0f:e1:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66feef09c450990af34779ce701be6cd54b3d924
        Validity
            Not Before: Jan  2 03:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6415c898cb4f07a27ea0b44bc8a7dc3455072c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:b7:8f:6b:b3:6f:37:ce:33:68:b7:c1:3b:b5:
                    a7:29:aa:64:14:62:58:8e:7c:1c:e1:97:90:0a:45:
                    88:a6:67:d3:a8:cb:f1:82:68:f6:c1:62:70:f3:e7:
                    a9:b4:6a:34:72:f1:68:63:67:cd:d2:f7:d8:0b:e9:
                    58:f6:0d:98:13:a3:2b:e5:4a:61:e5:50:ce:49:a5:
                    52:28:94:38:68:ec:b1:a4:4f:ca:f8:44:67:b4:e5:
                    47:5d:4f:65:08:1d:1b:2a:68:92:93:6a:0a:2f:b3:
                    d4:e0:26:d4:ac:81:93:b1:2e:32:66:68:87:6a:49:
                    61:04:3a:89:d1:63:f7:2e:f1:c9:e6:3e:9c:64:7a:
                    16:b3:c1:7a:1a:14:c2:85:7a:aa:e1:2a:5b:99:7e:
                    fc:c9:c1:6d:f7:b7:9c:12:50:f7:33:11:13:83:a3:
                    06:ce:e6:d4:4c:2c:8e:e1:c8:6f:b0:27:2d:63:18:
                    a2:41:b9:be:79:3f:e5:93:3e:cc:ae:63:3c:4c:9f:
                    98:1c:64:90:99:3d:c1:ca:88:fc:51:27:db:0e:99:
                    6a:4b:09:a3:47:e6:01:91:09:98:20:41:a9:19:a0:
                    57:2c:64:91:4c:ae:40:95:fc:cf:6e:26:ec:75:08:
                    4e:ce:2f:1c:dc:a1:e2:ab:ba:d9:d2:a0:e0:e6:c5:
                    12:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:41:5C:89:8C:B4:F0:7A:27:EA:0B:44:BC:8A:7D:C3:45:50:72:C1
            X509v3 Authority Key Identifier:
                keyid:66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/5kFciYy08Hon6gtEvIp9w0VQcsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.192.0/20
                  83.168.71.0-83.168.91.255
                  83.168.100.0/22
                  83.168.108.0/23
                  83.168.114.0-83.168.117.255
                  83.168.120.0/23
                  83.168.126.0/23
                  185.49.29.0-185.49.31.255
                  193.239.56.0/22
                IPv6:
                  2a01:96e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         23:e1:b4:6c:a3:6d:26:12:e9:29:f3:83:de:47:cf:d0:e4:bf:
         2f:da:00:af:28:bc:3e:d5:93:9a:80:7c:b7:83:c8:ab:d6:de:
         7b:6a:f6:b3:18:75:f5:ac:3a:b4:1c:98:bf:c1:62:63:27:01:
         40:44:11:99:7c:0d:0a:2b:3e:31:c8:79:d1:17:15:0d:d8:39:
         4a:75:99:d2:5f:08:bb:eb:3d:71:57:51:45:5e:37:80:54:25:
         ea:63:f3:30:80:81:78:f3:2d:83:e0:9f:ac:b7:49:24:b8:95:
         53:cb:4f:f0:54:b3:da:2c:c9:79:d9:5e:72:45:3f:6e:30:12:
         ea:ab:10:d2:5a:d4:f5:9c:3d:fa:95:fe:4c:68:7e:86:d3:4a:
         36:f0:10:37:42:a8:91:58:81:4b:0f:d7:cd:65:d0:dc:06:f2:
         37:07:b8:68:75:e2:fc:8b:30:4a:a9:51:aa:3c:68:ee:fd:30:
         45:3d:4a:69:4f:8e:45:d8:1a:c4:93:5f:f8:af:07:4d:75:52:
         49:b9:65:85:c9:71:3a:f2:03:c9:14:86:a3:68:a5:d4:0c:2d:
         72:4e:95:bb:a0:fe:2a:36:31:6c:99:ae:90:f5:d9:a4:00:07:
         b6:92:fb:b9:76:2a:41:aa:da:a6:01:73:1d:42:ba:ec:94:c5:
         62:ed:77:1f
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAZQlIi3IGsskXK2ftxZsD+EDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZmVlZjA5YzQ1MDk5MGFmMzQ3NzljZTcwMWJlNmNkNTRi
M2Q5MjQwHhcNMjUwMTAyMDM0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjQxNWM4OThjYjRmMDdhMjdlYTBiNDRiYzhhN2RjMzQ1NTA3MmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA97ePa7NvN84zaLfBO7WnKapkFGJY
jnwc4ZeQCkWIpmfTqMvxgmj2wWJw8+eptGo0cvFoY2fN0vfYC+lY9g2YE6Mr5Uph
5VDOSaVSKJQ4aOyxpE/K+ERntOVHXU9lCB0bKmiSk2oKL7PU4CbUrIGTsS4yZmiH
aklhBDqJ0WP3LvHJ5j6cZHoWs8F6GhTChXqq4SpbmX78ycFt97ecElD3MxETg6MG
zubUTCyO4chvsCctYxiiQbm+eT/lkz7MrmM8TJ+YHGSQmT3Byoj8USfbDplqSwmj
R+YBkQmYIEGpGaBXLGSRTK5AlfzPbibsdQhOzi8c3KHiq7rZ0qDg5sUS6wIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFOZBXImMtPB6J+oLRLyKfcNFUHLBMB8GA1UdIwQY
MBaAFGb+7wnEUJkK80d5znAb5s1Us9kkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYt
ODI0NTFmMzNmNGNhLzEvNWtGY2lZeTA4SG9uNmd0RXZJcDl3MFZRY3NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYtODI0NTFmMzNmNGNh
LzEvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOAwQET27AMAwD
BABTqEcDBAJTqFgDBAJTqGQDBAFTqGwwDAMEAVOocgMEAVOodAMEAVOoeAMEAVOo
fjAMAwQAuTEdAwQFuTEAAwQCwe84MA0EAgACMAcDBQAqAZbgMA0GCSqGSIb3DQEB
CwUAA4IBAQAj4bRso20mEukp84PeR8/Q5L8v2gCvKLw+1ZOagHy3g8ir1t57avaz
GHX1rDq0HJi/wWJjJwFARBGZfA0KKz4xyHnRFxUN2DlKdZnSXwi76z1xV1FFXjeA
VCXqY/MwgIF48y2D4J+st0kkuJVTy0/wVLPaLMl52V5yRT9uMBLqqxDSWtT1nD36
lf5MaH6G00o28BA3QqiRWIFLD9fNZdDcBvI3B7hodeL8izBKqVGqPGju/TBFPUpp
T45F2BrEk1/4rwdNdVJJuWWFyXE68gPJFIajaKXUDC1yTpW7oP4qNjFsma6Q9dmk
AAe2kvu5dipBqtqmAXMdQrrslMVi7Xcf
-----END CERTIFICATE-----