Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/QkRxqh8Onc3RvxbAilETPMkqPUQ.roa
File:                     QkRxqh8Onc3RvxbAilETPMkqPUQ.roa (raw, json)
Hash identifier:          ioarFAZrwsC4PHp1V2liyJ/IYjne8RcMscv4n+W6Inc=
Subject key identifier:   42:44:71:AA:1F:0E:9D:CD:D1:BF:16:C0:8A:51:13:3C:C9:2A:3D:44
Certificate issuer:       /CN=f4b769a53dd86352d3440f222bdf907cf09c2dba
Certificate serial:       01953787351D41DCF3D81D6709875169C782
Authority key identifier: F4:B7:69:A5:3D:D8:63:52:D3:44:0F:22:2B:DF:90:7C:F0:9C:2D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/QkRxqh8Onc3RvxbAilETPMkqPUQ.roa
Signing time:             Mon 24 Feb 2025 10:36:02 +0000
ROA not before:           Mon 24 Feb 2025 10:36:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50436
IP address blocks:        5.28.64.0/18 maxlen: 19
                          5.28.64.0/19 maxlen: 19
                          5.28.96.0/19 maxlen: 19
                          37.120.0.0/17 maxlen: 18
                          77.64.183.0/24 maxlen: 24
                          77.64.220.0/23 maxlen: 24
                          92.206.8.0/21 maxlen: 24
                          92.206.32.0/20 maxlen: 24
                          92.206.48.0/20 maxlen: 24
                          92.206.209.0/24 maxlen: 24
                          92.206.254.0/23 maxlen: 24
                          94.139.0.0/19 maxlen: 20
                          217.68.167.0/24 maxlen: 24
                          2a02:2455:8000::/36 maxlen: 36
                          2a02:2455:9000::/36 maxlen: 40

Validation:               Failed, unable to get certificate CRL

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:37:87:35:1d:41:dc:f3:d8:1d:67:09:87:51:69:c7:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b769a53dd86352d3440f222bdf907cf09c2dba
        Validity
            Not Before: Feb 24 10:36:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=424471aa1f0e9dcdd1bf16c08a51133cc92a3d44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:06:e0:bb:3c:d3:97:d2:bb:cd:54:d0:6f:15:
                    5d:3a:07:d7:8e:94:d9:cc:80:1f:2d:37:e3:e6:76:
                    49:fe:4d:b2:f6:b0:2f:71:78:6c:2c:a6:74:72:34:
                    38:be:e2:30:37:0c:3f:bd:c0:52:4f:c1:83:f5:db:
                    77:b3:13:a2:f2:9f:a6:30:d4:16:22:37:7a:92:73:
                    26:eb:c5:d0:7a:48:18:50:ed:96:01:e1:fc:5d:29:
                    9c:99:7d:12:b0:8e:c3:10:42:f2:d9:a1:14:6e:c0:
                    9d:9d:f0:2d:02:52:ba:44:12:e0:38:59:06:26:56:
                    8a:c5:34:c0:9a:4b:37:03:70:a6:0b:a0:6f:60:24:
                    68:08:4a:7d:4f:9e:c8:39:ff:7d:9a:77:7b:59:f5:
                    50:9a:e7:94:c4:9e:c7:c5:2b:d9:ce:a2:8f:18:77:
                    6d:b3:ac:dd:c7:d3:6c:3f:cf:df:7f:23:d4:6b:70:
                    5d:8e:7d:d7:0a:a9:9a:80:73:63:97:d1:9a:2a:b8:
                    ec:5f:d2:a6:ff:47:3d:a0:cd:ee:76:fc:5f:36:1a:
                    2a:42:31:c9:c4:ed:37:a5:a2:7e:0e:2c:c6:7d:1f:
                    7c:c4:8e:5c:a0:ff:8e:e3:a8:3f:35:eb:ad:75:c1:
                    92:65:52:bd:23:0d:82:86:b4:4b:9e:77:aa:8b:04:
                    35:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:44:71:AA:1F:0E:9D:CD:D1:BF:16:C0:8A:51:13:3C:C9:2A:3D:44
            X509v3 Authority Key Identifier:
                keyid:F4:B7:69:A5:3D:D8:63:52:D3:44:0F:22:2B:DF:90:7C:F0:9C:2D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/QkRxqh8Onc3RvxbAilETPMkqPUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/9LdppT3YY1LTRA8iK9-QfPCcLbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.28.64.0/18
                  37.120.0.0/17
                  77.64.183.0/24
                  77.64.220.0/23
                  92.206.8.0/21
                  92.206.32.0/19
                  92.206.209.0/24
                  92.206.254.0/23
                  94.139.0.0/19
                  217.68.167.0/24
                IPv6:
                  2a02:2455:8000::/35

    Signature Algorithm: sha256WithRSAEncryption
         70:f8:97:b7:17:9a:f1:80:70:e6:97:0a:d2:e2:e6:32:88:d3:
         da:54:8c:8d:16:f4:ce:02:66:4e:0f:78:2b:f2:bd:fd:2d:44:
         c2:5e:4b:fe:9a:1d:8d:4e:23:88:4e:8f:8b:70:6b:02:97:a4:
         0d:63:55:1d:7d:95:c9:f4:e8:b4:af:8b:33:e7:f2:6d:f3:25:
         4a:5c:7e:e0:b9:30:63:60:fc:87:ad:b7:72:00:c7:dd:2b:40:
         5b:10:2f:de:f6:d1:a0:0d:d1:04:0c:8c:61:1b:bd:d9:50:e3:
         a0:37:18:43:3f:69:da:f7:da:69:27:be:88:b0:02:99:19:27:
         0e:d3:06:8c:53:4f:3c:72:e4:67:1f:81:42:4a:55:80:6f:c5:
         4c:a6:09:fc:94:ce:32:f9:5d:cb:70:01:f0:5d:41:df:e1:5c:
         c7:c8:5c:a8:ce:fb:07:d9:dd:78:55:e6:f1:e6:56:af:86:cc:
         cb:02:cd:03:3b:4a:69:5c:0b:a7:f2:51:fa:f9:53:92:31:6b:
         ff:8c:a6:b8:c9:2a:5a:1f:62:7c:41:31:9b:09:95:02:85:d1:
         ae:81:84:a6:1d:ab:0d:64:e4:27:28:9e:e0:c8:5e:7c:93:cc:
         6e:b0:66:ec:4f:fe:cf:d6:b0:7b:e0:4d:51:fd:af:e6:d3:d8:
         eb:ee:47:34
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZU3hzUdQdzz2B1nCYdRaceCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2OWE1M2RkODYzNTJkMzQ0MGYyMjJiZGY5MDdjZjA5
YzJkYmEwHhcNMjUwMjI0MTAzNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjQ0NzFhYTFmMGU5ZGNkZDFiZjE2YzA4YTUxMTMzY2M5MmEzZDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwbguzzTl9K7zVTQbxVdOgfXjpTZ
zIAfLTfj5nZJ/k2y9rAvcXhsLKZ0cjQ4vuIwNww/vcBST8GD9dt3sxOi8p+mMNQW
Ijd6knMm68XQekgYUO2WAeH8XSmcmX0SsI7DEELy2aEUbsCdnfAtAlK6RBLgOFkG
JlaKxTTAmks3A3CmC6BvYCRoCEp9T57IOf99mnd7WfVQmueUxJ7HxSvZzqKPGHdt
s6zdx9NsP8/ffyPUa3Bdjn3XCqmagHNjl9GaKrjsX9Km/0c9oM3udvxfNhoqQjHJ
xO03paJ+DizGfR98xI5coP+O46g/NeutdcGSZVK9Iw2ChrRLnneqiwQ1nQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFEJEcaofDp3N0b8WwIpREzzJKj1EMB8GA1UdIwQY
MBaAFPS3aaU92GNS00QPIivfkHzwnC26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkcHBUM1lZMUxUUkE4aUs5LVFmUENjTGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83MGQ1MGYtZmYzYy00ZjYzLThkZWMt
ZDdjMzZjMjdjMDg3LzEvUWtSeHFoOE9uYzNSdnhiQWlsRVRQTWtxUFVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83MGQ1MGYtZmYzYy00ZjYzLThkZWMtZDdjMzZjMjdjMDg3
LzEvOUxkcHBUM1lZMUxUUkE4aUs5LVFmUENjTGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBCBAIAATA8AwQGBRxAAwQH
JXgAAwQATUC3AwQBTUDcAwQDXM4IAwQFXM4gAwQAXM7RAwQBXM7+AwQFXosAAwQA
2USnMA4EAgACMAgDBgUqAiRVgDANBgkqhkiG9w0BAQsFAAOCAQEAcPiXtxea8YBw
5pcK0uLmMojT2lSMjRb0zgJmTg94K/K9/S1Ewl5L/podjU4jiE6Pi3BrApekDWNV
HX2VyfTotK+LM+fybfMlSlx+4LkwY2D8h623cgDH3StAWxAv3vbRoA3RBAyMYRu9
2VDjoDcYQz9p2vfaaSe+iLACmRknDtMGjFNPPHLkZx+BQkpVgG/FTKYJ/JTOMvld
y3AB8F1B3+Fcx8hcqM77B9ndeFXm8eZWr4bMywLNAztKaVwLp/JR+vlTkjFr/4ym
uMkqWh9ifEExmwmVAoXRroGEph2rDWTkJyie4MhefJPMbrBm7E/+z9awe+BNUf2v
5tPY6+5HNA==
-----END CERTIFICATE-----