Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/76aee1-e220-4e22-9cb5-8fe3a0f61437/1/FdKXUHxOoOkkbBAVDyOCZ6mAqcU.roa
File:                     FdKXUHxOoOkkbBAVDyOCZ6mAqcU.roa (raw, json)
Hash identifier:          dicBLrDvRp7ILwdxDqa2eBSoAyMLvtDdFZ5+Hdt6MAI=
Subject key identifier:   15:D2:97:50:7C:4E:A0:E9:24:6C:10:15:0F:23:82:67:A9:80:A9:C5
Certificate issuer:       /CN=dde36e98021264f5a8070106780be29d48a16c67
Certificate serial:       0195EBB34741051CF6A789A9E39AB5617E10
Authority key identifier: DD:E3:6E:98:02:12:64:F5:A8:07:01:06:78:0B:E2:9D:48:A1:6C:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3eNumAISZPWoBwEGeAvinUihbGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/76aee1-e220-4e22-9cb5-8fe3a0f61437/1/FdKXUHxOoOkkbBAVDyOCZ6mAqcU.roa
Signing time:             Mon 31 Mar 2025 10:15:49 +0000
ROA not before:           Mon 31 Mar 2025 10:15:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200484
IP address blocks:        1.179.120.0/21 maxlen: 24
                          77.32.128.0/18 maxlen: 24
                          77.32.192.0/19 maxlen: 24
                          94.143.16.0/21 maxlen: 24
                          153.92.224.0/19 maxlen: 24
                          172.246.0.0/18 maxlen: 24
                          185.24.144.0/22 maxlen: 24
                          185.41.28.0/22 maxlen: 24
                          185.107.232.0/22 maxlen: 24
                          212.146.192.0/18 maxlen: 24
                          213.32.128.0/18 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:eb:b3:47:41:05:1c:f6:a7:89:a9:e3:9a:b5:61:7e:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dde36e98021264f5a8070106780be29d48a16c67
        Validity
            Not Before: Mar 31 10:15:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15d297507c4ea0e9246c10150f238267a980a9c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f1:5a:12:29:f1:b9:c2:06:bd:ed:b9:44:1e:
                    03:22:a9:74:43:9c:37:0e:f1:a3:66:e8:ed:62:9d:
                    10:16:b1:11:17:7a:ae:7c:f4:1e:3e:e4:37:b3:cd:
                    69:e9:93:04:09:6e:0e:55:5e:a1:81:59:0c:16:3b:
                    4c:f8:97:ba:6b:40:0f:4f:38:06:91:91:f7:40:12:
                    3e:09:98:31:1f:40:2c:fc:5c:79:4d:75:fe:f7:58:
                    3d:b9:7b:ef:b9:f0:f3:ad:ef:60:6b:9b:c7:ed:db:
                    09:d9:8f:81:08:49:61:de:3b:9b:f6:6c:3b:16:de:
                    6c:4a:a6:44:95:1e:e5:16:4e:4a:4b:4d:c9:f1:28:
                    5e:e1:90:58:c1:c6:e2:80:09:2c:95:4f:95:91:e5:
                    07:2c:5d:db:20:cf:57:90:ee:fc:1e:f8:d3:1d:19:
                    7f:1e:a3:17:0e:7e:b3:53:69:51:22:b4:51:dc:a2:
                    4d:5d:ba:fe:6b:45:44:85:26:53:59:b5:1b:45:0a:
                    7d:f2:d3:06:67:70:3a:1c:c1:60:4e:1b:58:02:b3:
                    64:91:c1:b7:92:10:c5:65:90:f6:31:c3:d1:a3:a3:
                    32:dc:13:4d:9d:68:d1:0b:5d:1a:0c:2f:49:fc:4b:
                    3a:ba:06:12:57:c6:36:71:11:c2:e1:a1:96:6b:ff:
                    a0:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:D2:97:50:7C:4E:A0:E9:24:6C:10:15:0F:23:82:67:A9:80:A9:C5
            X509v3 Authority Key Identifier:
                keyid:DD:E3:6E:98:02:12:64:F5:A8:07:01:06:78:0B:E2:9D:48:A1:6C:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3eNumAISZPWoBwEGeAvinUihbGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/76aee1-e220-4e22-9cb5-8fe3a0f61437/1/FdKXUHxOoOkkbBAVDyOCZ6mAqcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/76aee1-e220-4e22-9cb5-8fe3a0f61437/1/3eNumAISZPWoBwEGeAvinUihbGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  1.179.120.0/21
                  77.32.128.0-77.32.223.255
                  94.143.16.0/21
                  153.92.224.0/19
                  172.246.0.0/18
                  185.24.144.0/22
                  185.41.28.0/22
                  185.107.232.0/22
                  212.146.192.0/18
                  213.32.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         86:e3:b3:77:25:52:f2:01:8e:25:9c:e3:6e:d3:9c:5e:d6:1c:
         b3:73:55:a0:5d:d8:66:e0:3c:4e:74:6f:63:db:24:6e:e1:9b:
         7b:f3:7f:aa:87:7b:9d:69:00:e0:a9:6d:fa:71:10:34:6e:16:
         7c:2e:37:e3:f1:c5:a3:0b:89:3c:81:96:14:53:4f:68:f0:93:
         71:1e:37:1b:fc:0b:64:fa:ad:f2:a9:0d:44:ed:32:2d:1b:ef:
         30:92:c9:7c:37:14:b2:47:0e:42:13:2f:4e:83:14:cd:20:65:
         f6:9d:5d:cb:cd:70:6a:16:14:a0:91:8c:fd:43:87:a1:f4:aa:
         f3:dc:b5:02:fc:4b:3c:e6:e8:11:b5:3b:67:56:57:f4:7d:f6:
         3d:30:cf:67:30:09:ba:8d:e7:d9:bd:f5:f3:d9:1a:a0:b4:60:
         e4:5d:f0:21:42:f7:b0:52:6e:7f:1a:7b:06:08:f3:e3:3e:c7:
         c3:8e:65:66:d0:c0:f3:bb:96:34:ef:e6:13:00:e5:15:c9:74:
         d2:c4:44:70:79:ec:62:47:31:28:fb:15:89:36:5d:91:48:dc:
         1f:51:36:50:39:1c:b0:d3:19:59:69:fb:f2:ff:15:f7:c8:7d:
         36:b2:af:ed:4e:79:cf:c1:0d:96:ff:13:bf:44:79:e4:b3:cd:
         e7:82:92:2e
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZXrs0dBBRz2p4mp45q1YX4QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZTM2ZTk4MDIxMjY0ZjVhODA3MDEwNjc4MGJlMjlkNDhh
MTZjNjcwHhcNMjUwMzMxMTAxNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWQyOTc1MDdjNGVhMGU5MjQ2YzEwMTUwZjIzODI2N2E5ODBhOWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvFaEinxucIGve25RB4DIql0Q5w3
DvGjZujtYp0QFrERF3qufPQePuQ3s81p6ZMECW4OVV6hgVkMFjtM+Je6a0APTzgG
kZH3QBI+CZgxH0As/Fx5TXX+91g9uXvvufDzre9ga5vH7dsJ2Y+BCElh3jub9mw7
Ft5sSqZElR7lFk5KS03J8She4ZBYwcbigAkslU+VkeUHLF3bIM9XkO78HvjTHRl/
HqMXDn6zU2lRIrRR3KJNXbr+a0VEhSZTWbUbRQp98tMGZ3A6HMFgThtYArNkkcG3
khDFZZD2McPRo6My3BNNnWjRC10aDC9J/Es6ugYSV8Y2cRHC4aGWa/+gTQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFBXSl1B8TqDpJGwQFQ8jgmepgKnFMB8GA1UdIwQY
MBaAFN3jbpgCEmT1qAcBBngL4p1IoWxnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2VOdW1BSVNaUFdvQndFR2VBdmluVWloYkdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi83NmFlZTEtZTIyMC00ZTIyLTljYjUt
OGZlM2EwZjYxNDM3LzEvRmRLWFVIeE9vT2trYkJBVkR5T0NaNm1BcWNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi83NmFlZTEtZTIyMC00ZTIyLTljYjUtOGZlM2EwZjYxNDM3
LzEvM2VOdW1BSVNaUFdvQndFR2VBdmluVWloYkdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQDAbN4MAwD
BAdNIIADBAVNIMADBANejxADBAWZXOADBAas9gADBAK5GJADBAK5KRwDBAK5a+gD
BAbUksADBAbVIIAwDQYJKoZIhvcNAQELBQADggEBAIbjs3clUvIBjiWc427TnF7W
HLNzVaBd2GbgPE50b2PbJG7hm3vzf6qHe51pAOCpbfpxEDRuFnwuN+PxxaMLiTyB
lhRTT2jwk3EeNxv8C2T6rfKpDUTtMi0b7zCSyXw3FLJHDkITL06DFM0gZfadXcvN
cGoWFKCRjP1Dh6H0qvPctQL8Szzm6BG1O2dWV/R99j0wz2cwCbqN59m99fPZGqC0
YORd8CFC97BSbn8aewYI8+M+x8OOZWbQwPO7ljTv5hMA5RXJdNLERHB57GJHMSj7
FYk2XZFI3B9RNlA5HLDTGVlp+/L/FffIfTayr+1Oec/BDZb/E79EeeSzzeeCki4=
-----END CERTIFICATE-----