Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/GBH94I9dnJeJP-cDtrZrjQV60Xo.roa
File:                     GBH94I9dnJeJP-cDtrZrjQV60Xo.roa (raw, json)
Hash identifier:          y6nZi/uewPtAISPvzpzs2QyOXFXhWR2PVFDixGJRcS4=
Subject key identifier:   18:11:FD:E0:8F:5D:9C:97:89:3F:E7:03:B6:B6:6B:8D:05:7A:D1:7A
Certificate issuer:       /CN=691242c33bc2e2e9e45850a0fc64ab2c7506a4b8
Certificate serial:       01951E0ED3309F715475346B38B2F34745BE
Authority key identifier: 69:12:42:C3:3B:C2:E2:E9:E4:58:50:A0:FC:64:AB:2C:75:06:A4:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aRJCwzvC4unkWFCg_GSrLHUGpLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/GBH94I9dnJeJP-cDtrZrjQV60Xo.roa
Signing time:             Wed 19 Feb 2025 11:54:02 +0000
ROA not before:           Wed 19 Feb 2025 11:54:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61046
IP address blocks:        5.149.250.0/23 maxlen: 23
                          79.141.170.0/23 maxlen: 23
                          91.193.16.0/23 maxlen: 23
                          185.81.112.0/23 maxlen: 23
                          188.119.148.0/23 maxlen: 23
                          193.42.37.0/24 maxlen: 24
                          2a01:8640:1::/48 maxlen: 48
                          2a01:8640:7::/48 maxlen: 48
                          2a01:8640:16::/48 maxlen: 48
                          2a01:8640:20::/48 maxlen: 48
                          2a01:8640:21::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1e:0e:d3:30:9f:71:54:75:34:6b:38:b2:f3:47:45:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=691242c33bc2e2e9e45850a0fc64ab2c7506a4b8
        Validity
            Not Before: Feb 19 11:54:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1811fde08f5d9c97893fe703b6b66b8d057ad17a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:cf:21:ca:50:a4:10:1c:c4:10:58:83:bb:0b:
                    91:ca:da:24:f6:d1:1f:3c:bf:6f:51:60:47:3e:54:
                    18:4f:6d:b8:2c:69:29:b4:85:bf:7f:8d:4e:c6:be:
                    7f:a5:c8:46:0b:b2:4d:e1:fd:ee:0e:d4:72:e7:a3:
                    91:33:05:ef:e8:ce:fa:1a:67:c5:49:d5:30:08:b4:
                    b7:71:84:49:2c:e2:bc:59:46:8b:8b:ec:b3:b7:49:
                    68:9b:8e:02:d8:a2:6e:8d:b2:3b:24:53:b7:40:59:
                    53:88:f9:8e:ea:76:72:fd:38:ff:47:49:ca:0e:d7:
                    da:52:6e:f3:7f:e9:8d:9e:1a:ef:5b:4d:00:8b:c7:
                    8b:22:fe:92:dd:f5:53:c5:9d:1a:41:72:5a:84:05:
                    da:19:6b:23:02:e5:97:df:bf:f2:24:c1:ee:fc:b7:
                    cf:05:40:46:b3:be:ae:b2:53:86:2b:b2:48:af:e8:
                    88:f1:cd:80:1c:53:e4:a9:bb:42:b0:31:57:ad:9f:
                    6e:ef:ec:e5:19:5d:3d:75:27:22:61:ee:51:19:a4:
                    96:b5:17:53:d7:2f:71:65:ff:02:56:10:b0:91:97:
                    b0:6b:5b:49:a5:d1:96:b8:7e:61:c0:85:f5:ba:58:
                    08:47:17:4b:cf:d4:36:b2:03:0e:d4:81:b3:29:3c:
                    b3:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:11:FD:E0:8F:5D:9C:97:89:3F:E7:03:B6:B6:6B:8D:05:7A:D1:7A
            X509v3 Authority Key Identifier:
                keyid:69:12:42:C3:3B:C2:E2:E9:E4:58:50:A0:FC:64:AB:2C:75:06:A4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aRJCwzvC4unkWFCg_GSrLHUGpLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/GBH94I9dnJeJP-cDtrZrjQV60Xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/aRJCwzvC4unkWFCg_GSrLHUGpLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.250.0/23
                  79.141.170.0/23
                  91.193.16.0/23
                  185.81.112.0/23
                  188.119.148.0/23
                  193.42.37.0/24
                IPv6:
                  2a01:8640:1::/48
                  2a01:8640:7::/48
                  2a01:8640:16::/48
                  2a01:8640:20::/47

    Signature Algorithm: sha256WithRSAEncryption
         92:3f:a3:58:7f:1c:b8:6e:b8:23:e2:36:1d:bc:5b:c4:79:9b:
         a7:d9:65:63:ef:98:13:f1:7e:f4:6b:3f:f4:8c:1a:17:94:de:
         c3:53:87:0c:16:e5:6d:57:d8:ba:6a:5d:28:4c:3b:46:8a:6d:
         1d:29:0d:7a:a8:eb:46:97:8a:1a:9f:8f:07:b5:fb:06:51:3c:
         6c:a3:c6:a5:52:c3:ee:0e:56:63:c9:01:4a:dd:67:af:0c:a4:
         6e:1e:e1:1d:f0:cf:df:72:86:a0:fa:3c:79:83:f6:4d:e7:3a:
         0c:c8:4a:4c:e2:e8:79:38:1f:f8:a7:e3:de:c7:81:f2:56:e7:
         24:0b:0f:25:46:4b:5f:a2:b9:c7:64:4c:dc:5d:4f:c1:0d:6a:
         35:35:98:53:7b:27:d1:70:01:9f:e7:8a:d4:08:d6:42:67:1b:
         e1:93:e7:9b:6e:2a:20:66:bf:ad:13:63:a2:fd:3d:5f:61:d0:
         56:d6:9f:14:fc:ee:51:95:c1:e6:bf:84:85:c2:8e:5a:ea:23:
         92:29:01:63:d0:76:84:d6:a2:60:5e:c8:60:17:d8:d8:38:b4:
         a1:ef:b0:2c:be:7e:45:5f:46:eb:9b:a9:88:7b:ab:ab:03:a9:
         9f:ce:18:b1:a0:71:b7:0c:f4:17:e0:2b:1a:2e:ea:d4:a3:b5:
         0a:68:87:81
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAZUeDtMwn3FUdTRrOLLzR0W+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MTI0MmMzM2JjMmUyZTllNDU4NTBhMGZjNjRhYjJjNzUw
NmE0YjgwHhcNMjUwMjE5MTE1NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODExZmRlMDhmNWQ5Yzk3ODkzZmU3MDNiNmI2NmI4ZDA1N2FkMTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8M8hylCkEBzEEFiDuwuRytok9tEf
PL9vUWBHPlQYT224LGkptIW/f41Oxr5/pchGC7JN4f3uDtRy56ORMwXv6M76GmfF
SdUwCLS3cYRJLOK8WUaLi+yzt0lom44C2KJujbI7JFO3QFlTiPmO6nZy/Tj/R0nK
DtfaUm7zf+mNnhrvW00Ai8eLIv6S3fVTxZ0aQXJahAXaGWsjAuWX37/yJMHu/LfP
BUBGs76uslOGK7JIr+iI8c2AHFPkqbtCsDFXrZ9u7+zlGV09dSciYe5RGaSWtRdT
1y9xZf8CVhCwkZewa1tJpdGWuH5hwIX1ulgIRxdLz9Q2sgMO1IGzKTyzIQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFBgR/eCPXZyXiT/nA7a2a40FetF6MB8GA1UdIwQY
MBaAFGkSQsM7wuLp5FhQoPxkqyx1BqS4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVJKQ3d6dkM0dW5rV0ZDZ19HU3JMSFVHcExnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy82MzU2YjktYzQ5Zi00YjRkLThlMjkt
MzYyZmZlOGVlMjcwLzEvR0JIOTRJOWRuSmVKUC1jRHRyWnJqUVY2MFhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy82MzU2YjktYzQ5Zi00YjRkLThlMjktMzYyZmZlOGVlMjcw
LzEvYVJKQ3d6dkM0dW5rV0ZDZ19HU3JMSFVHcExnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDAqBAIAATAkAwQBBZX6AwQB
T42qAwQBW8EQAwQBuVFwAwQBvHeUAwQAwSolMCoEAgACMCQDBwAqAYZAAAEDBwAq
AYZAAAcDBwAqAYZAABYDBwEqAYZAACAwDQYJKoZIhvcNAQELBQADggEBAJI/o1h/
HLhuuCPiNh28W8R5m6fZZWPvmBPxfvRrP/SMGheU3sNThwwW5W1X2LpqXShMO0aK
bR0pDXqo60aXihqfjwe1+wZRPGyjxqVSw+4OVmPJAUrdZ68MpG4e4R3wz99yhqD6
PHmD9k3nOgzISkzi6Hk4H/in497HgfJW5yQLDyVGS1+iucdkTNxdT8ENajU1mFN7
J9FwAZ/nitQI1kJnG+GT55tuKiBmv60TY6L9PV9h0FbWnxT87lGVwea/hIXCjlrq
I5IpAWPQdoTWomBeyGAX2Ng4tKHvsCy+fkVfRuubqYh7q6sDqZ/OGLGgcbcM9Bfg
Kxou6tSjtQpoh4E=
-----END CERTIFICATE-----