Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/8ec8e0-9b93-48fc-962a-6f836f35f594/1/FkfRw3W5o9Q1hKL9_PjFqCq05Ws.roa
File:                     FkfRw3W5o9Q1hKL9_PjFqCq05Ws.roa (raw, json)
Hash identifier:          4MwvD7fZGQpgep7jIHcd6bM5rp3atmrIP2OsHiljfxI=
Subject key identifier:   16:47:D1:C3:75:B9:A3:D4:35:84:A2:FD:FC:F8:C5:A8:2A:B4:E5:6B
Certificate issuer:       /CN=7c696782ff121ae5a6d9d5cfa38479768b6bf0bd
Certificate serial:       0194F52E58266DFB3673B53842F24C693EE5
Authority key identifier: 7C:69:67:82:FF:12:1A:E5:A6:D9:D5:CF:A3:84:79:76:8B:6B:F0:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fGlngv8SGuWm2dXPo4R5dotr8L0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/8ec8e0-9b93-48fc-962a-6f836f35f594/1/FkfRw3W5o9Q1hKL9_PjFqCq05Ws.roa
Signing time:             Tue 11 Feb 2025 13:24:02 +0000
ROA not before:           Tue 11 Feb 2025 13:24:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9123
IP address blocks:        109.73.192.0/24 maxlen: 24
                          109.73.193.0/24 maxlen: 24
                          109.73.194.0/24 maxlen: 24
                          109.73.195.0/24 maxlen: 24
                          109.73.196.0/24 maxlen: 24
                          109.73.197.0/24 maxlen: 24
                          109.73.198.0/24 maxlen: 24
                          109.73.199.0/24 maxlen: 24
                          109.73.201.0/24 maxlen: 24
                          109.73.202.0/24 maxlen: 24
                          109.73.203.0/24 maxlen: 24
                          109.73.204.0/24 maxlen: 24
                          109.73.205.0/24 maxlen: 24
                          109.73.206.0/24 maxlen: 24
                          109.73.207.0/24 maxlen: 24
                          217.198.5.0/24 maxlen: 24
                          217.198.6.0/24 maxlen: 24
                          217.198.9.0/24 maxlen: 24
                          217.198.12.0/24 maxlen: 24
                          217.198.13.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f5:2e:58:26:6d:fb:36:73:b5:38:42:f2:4c:69:3e:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c696782ff121ae5a6d9d5cfa38479768b6bf0bd
        Validity
            Not Before: Feb 11 13:24:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1647d1c375b9a3d43584a2fdfcf8c5a82ab4e56b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c7:0e:d4:0a:a6:e9:27:03:dd:24:d1:6e:09:
                    55:f4:d0:67:84:61:33:e3:49:d4:12:e8:14:f4:4b:
                    b3:0f:78:71:7f:0b:06:5c:4e:36:22:e1:cc:07:ed:
                    f9:61:99:af:70:7d:04:41:cc:4c:3a:56:cc:fd:1e:
                    f6:f8:16:4b:78:d2:6a:ce:2e:e7:d4:87:a0:1d:cc:
                    ea:be:e3:cc:3b:56:78:5f:8b:a9:ea:07:ab:21:2d:
                    cb:8b:f0:f5:41:88:e1:b5:a6:e2:20:a5:ab:69:44:
                    2f:4e:56:51:3b:c8:b1:27:e1:a2:31:67:fb:69:b5:
                    6f:33:78:15:3e:fc:15:5d:58:04:7e:f2:96:aa:b5:
                    26:36:eb:88:0e:a2:5c:9c:07:b4:54:c5:b1:2c:c5:
                    44:00:82:ff:d5:0f:ab:68:87:de:ae:9d:e5:e1:19:
                    3b:56:0e:74:b3:60:6e:05:9e:a4:22:5d:ed:5b:9d:
                    b9:35:8f:cf:b1:6f:67:75:2f:5f:ce:a0:f9:01:3a:
                    cd:7c:c1:c8:26:ad:db:28:48:e6:60:8b:9f:0c:01:
                    a0:05:e0:82:a7:29:72:a9:c3:9b:34:ac:00:c0:54:
                    f9:14:07:24:41:27:58:af:3c:b9:f7:a8:d2:cb:aa:
                    35:79:91:41:24:f3:e2:2b:3d:47:c7:a5:2b:e5:c5:
                    c1:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:47:D1:C3:75:B9:A3:D4:35:84:A2:FD:FC:F8:C5:A8:2A:B4:E5:6B
            X509v3 Authority Key Identifier:
                keyid:7C:69:67:82:FF:12:1A:E5:A6:D9:D5:CF:A3:84:79:76:8B:6B:F0:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fGlngv8SGuWm2dXPo4R5dotr8L0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/8ec8e0-9b93-48fc-962a-6f836f35f594/1/FkfRw3W5o9Q1hKL9_PjFqCq05Ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/8ec8e0-9b93-48fc-962a-6f836f35f594/1/fGlngv8SGuWm2dXPo4R5dotr8L0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.73.192.0/21
                  109.73.201.0-109.73.207.255
                  217.198.5.0-217.198.6.255
                  217.198.9.0/24
                  217.198.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:cf:9f:a0:42:43:ce:16:7e:a9:39:68:3a:42:fe:75:75:d3:
         58:bc:e9:21:c9:21:77:21:c9:19:4f:d4:e6:97:91:cf:f4:32:
         5a:cf:f9:2e:6a:d7:6e:ba:60:00:8f:42:2a:3c:e3:62:2f:2c:
         bd:2f:5c:79:8e:bc:7c:4a:a5:14:c7:2b:b6:8e:5e:4f:b9:59:
         b4:83:4e:50:44:82:68:7f:f6:79:36:6c:97:bf:70:a2:d1:96:
         39:09:ff:c2:3c:dc:8e:ce:bb:1d:91:17:0d:bd:d0:72:93:31:
         a6:13:0f:11:13:15:c0:49:c1:60:b1:3d:dd:68:7a:52:46:ee:
         b5:88:0b:83:5d:d6:07:00:17:93:4a:fa:7d:ea:ea:15:d8:29:
         78:97:4f:70:21:e1:3b:ad:59:c4:6e:b0:94:05:39:96:b0:de:
         c5:f0:36:f9:4c:89:de:6c:62:c6:67:84:bb:17:7f:a8:23:59:
         e1:17:b9:31:dc:5a:fb:20:fd:63:37:b7:a7:bb:7c:26:ae:13:
         81:9e:34:78:dd:ba:89:c7:2e:5d:93:aa:5c:22:c4:6b:73:92:
         c0:0b:a5:30:2d:17:51:2d:d5:5a:2e:da:0c:5b:9c:56:6b:35:
         c8:42:e9:e1:df:57:88:5b:f0:fb:63:c3:10:e7:b6:b1:67:f1:
         d7:87:a6:c0
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZT1Llgmbfs2c7U4QvJMaT7lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNjk2NzgyZmYxMjFhZTVhNmQ5ZDVjZmEzODQ3OTc2OGI2
YmYwYmQwHhcNMjUwMjExMTMyNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjQ3ZDFjMzc1YjlhM2Q0MzU4NGEyZmRmY2Y4YzVhODJhYjRlNTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8cO1Aqm6ScD3STRbglV9NBnhGEz
40nUEugU9EuzD3hxfwsGXE42IuHMB+35YZmvcH0EQcxMOlbM/R72+BZLeNJqzi7n
1IegHczqvuPMO1Z4X4up6gerIS3Li/D1QYjhtabiIKWraUQvTlZRO8ixJ+GiMWf7
abVvM3gVPvwVXVgEfvKWqrUmNuuIDqJcnAe0VMWxLMVEAIL/1Q+raIferp3l4Rk7
Vg50s2BuBZ6kIl3tW525NY/PsW9ndS9fzqD5ATrNfMHIJq3bKEjmYIufDAGgBeCC
pylyqcObNKwAwFT5FAckQSdYrzy596jSy6o1eZFBJPPiKz1Hx6Ur5cXB+QIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFBZH0cN1uaPUNYSi/fz4xagqtOVrMB8GA1UdIwQY
MBaAFHxpZ4L/EhrlptnVz6OEeXaLa/C9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkdsbmd2OFNHdVdtMmRYUG80UjVkb3RyOEwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC84ZWM4ZTAtOWI5My00OGZjLTk2MmEt
NmY4MzZmMzVmNTk0LzEvRmtmUnczVzVvOVExaEtMOV9QakZxQ3EwNVdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC84ZWM4ZTAtOWI5My00OGZjLTk2MmEtNmY4MzZmMzVmNTk0
LzEvZkdsbmd2OFNHdVdtMmRYUG80UjVkb3RyOEwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQDbUnAMAwD
BABtSckDBARtScAwDAMEANnGBQMEANnGBgMEANnGCQMEAdnGDDANBgkqhkiG9w0B
AQsFAAOCAQEAD8+foEJDzhZ+qTloOkL+dXXTWLzpIckhdyHJGU/U5peRz/QyWs/5
LmrXbrpgAI9CKjzjYi8svS9ceY68fEqlFMcrto5eT7lZtINOUESCaH/2eTZsl79w
otGWOQn/wjzcjs67HZEXDb3QcpMxphMPERMVwEnBYLE93Wh6UkbutYgLg13WBwAX
k0r6ferqFdgpeJdPcCHhO61ZxG6wlAU5lrDexfA2+UyJ3mxixmeEuxd/qCNZ4Re5
Mdxa+yD9Yze3p7t8Jq4TgZ40eN26iccuXZOqXCLEa3OSwAulMC0XUS3VWi7aDFuc
Vms1yELp4d9XiFvw+2PDEOe2sWfx14emwA==
-----END CERTIFICATE-----