Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/Ogjl1IwxcY0INT0hoc3V-UZ1sHo.roa
File:                     Ogjl1IwxcY0INT0hoc3V-UZ1sHo.roa (raw, json)
Hash identifier:          w0QqL1VQBTrf30Omc7SiLZ4gKL+da0byGUFGvs9DV9w=
Subject key identifier:   3A:08:E5:D4:8C:31:71:8D:08:35:3D:21:A1:CD:D5:F9:46:75:B0:7A
Certificate issuer:       /CN=808e238e30dcb759759fb8a394d9e211a28b9d87
Certificate serial:       019425FC03CE19BDDBA508FF771FBE8B0B1B
Authority key identifier: 80:8E:23:8E:30:DC:B7:59:75:9F:B8:A3:94:D9:E2:11:A2:8B:9D:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gI4jjjDct1l1n7ijlNniEaKLnYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/Ogjl1IwxcY0INT0hoc3V-UZ1sHo.roa
Signing time:             Thu 02 Jan 2025 07:47:40 +0000
ROA not before:           Thu 02 Jan 2025 07:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6789
IP address blocks:        45.149.244.0/22 maxlen: 22
                          80.245.112.0/20 maxlen: 20
                          80.245.112.0/24 maxlen: 24
                          83.222.0.0/24 maxlen: 24
                          83.222.1.0/24 maxlen: 24
                          83.222.2.0/24 maxlen: 24
                          83.222.3.0/24 maxlen: 24
                          85.91.192.0/19 maxlen: 19
                          91.235.12.0/24 maxlen: 24
                          91.235.13.0/24 maxlen: 24
                          91.235.14.0/24 maxlen: 24
                          91.247.96.0/19 maxlen: 19
                          109.200.128.0/19 maxlen: 19
                          185.100.103.0/24 maxlen: 24
                          185.104.92.0/22 maxlen: 22
                          185.186.232.0/22 maxlen: 22
                          2a00:1d80::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:03:ce:19:bd:db:a5:08:ff:77:1f:be:8b:0b:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=808e238e30dcb759759fb8a394d9e211a28b9d87
        Validity
            Not Before: Jan  2 07:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a08e5d48c31718d08353d21a1cdd5f94675b07a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:1e:91:0f:11:f3:fe:50:50:42:2e:c6:2a:bc:
                    8f:61:d0:66:37:98:4d:44:20:32:24:61:aa:72:e2:
                    46:95:39:02:a6:9d:33:4f:84:fe:8a:12:e8:8b:d6:
                    d9:a1:b9:69:db:a1:dc:55:1b:6c:17:b3:ec:2d:1b:
                    e6:b3:cb:e5:20:35:2a:c4:d6:ef:b2:50:8e:b9:3a:
                    34:ed:bb:1d:59:ef:34:65:8f:cc:c3:14:d4:3d:99:
                    1a:eb:c0:e8:bf:16:4a:ee:fd:33:60:b8:dc:02:83:
                    7a:51:ce:8e:49:2b:9c:b1:dd:2d:02:eb:72:83:b7:
                    2a:0c:5a:bd:df:75:af:ed:f4:3e:29:2f:d6:3d:40:
                    77:9c:09:29:27:31:72:1e:63:ca:f1:ea:58:b4:a2:
                    0c:22:2a:1e:19:7c:a7:c8:6e:df:da:0d:d5:19:1e:
                    ba:54:c9:43:2d:b3:48:d2:e7:4b:c3:a1:87:d1:e4:
                    ae:43:de:ca:73:b4:b3:9f:16:f4:36:51:40:88:e2:
                    bf:df:a6:71:1a:c5:01:96:e1:19:6e:19:e7:76:3b:
                    66:91:97:eb:2b:c5:a8:b4:c4:2b:2c:cd:20:d5:58:
                    29:f0:ab:24:85:5d:72:ee:70:ce:f8:b2:9a:81:1c:
                    44:16:2e:a9:8e:df:e2:d9:eb:47:4a:f5:a3:e3:31:
                    a7:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:08:E5:D4:8C:31:71:8D:08:35:3D:21:A1:CD:D5:F9:46:75:B0:7A
            X509v3 Authority Key Identifier:
                keyid:80:8E:23:8E:30:DC:B7:59:75:9F:B8:A3:94:D9:E2:11:A2:8B:9D:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gI4jjjDct1l1n7ijlNniEaKLnYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/Ogjl1IwxcY0INT0hoc3V-UZ1sHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/gI4jjjDct1l1n7ijlNniEaKLnYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.244.0/22
                  80.245.112.0/20
                  83.222.0.0/22
                  85.91.192.0/19
                  91.235.12.0-91.235.14.255
                  91.247.96.0/19
                  109.200.128.0/19
                  185.100.103.0/24
                  185.104.92.0/22
                  185.186.232.0/22
                IPv6:
                  2a00:1d80::/32

    Signature Algorithm: sha256WithRSAEncryption
         b0:76:b2:c7:13:63:e0:1d:eb:50:71:72:6a:64:9f:43:ab:a7:
         f6:51:fc:c7:72:02:d5:9f:20:58:08:55:c3:42:79:66:7a:f0:
         a5:f9:1b:c8:84:cc:a2:64:0e:52:b3:3a:15:64:1a:eb:36:f2:
         c3:d1:f7:d5:79:fa:b4:a6:89:d9:dc:ed:c2:97:a8:17:ea:09:
         66:7c:3b:23:6d:5f:e5:ee:fe:a3:0b:ee:bf:74:a7:04:87:ef:
         e4:24:87:ec:4d:91:42:8d:86:40:6a:7e:a6:10:1b:cf:5f:2e:
         2a:68:15:a8:45:2d:bf:c5:fb:fd:94:70:10:8f:45:9d:48:a0:
         9e:f3:c5:ed:b5:73:7e:5e:40:5e:fd:de:d2:e3:af:ba:f8:32:
         ca:66:45:5e:b6:90:e2:6e:e5:b7:3c:09:a3:77:5a:27:c4:b0:
         60:25:d1:c5:41:3e:15:07:2c:2e:45:36:c6:aa:2e:0c:fd:d1:
         9d:33:21:08:ec:b6:40:bb:f7:93:a4:8c:75:2b:d6:15:57:43:
         78:10:9c:51:0d:9c:79:f4:31:7f:fa:c3:a7:d6:85:bf:0d:77:
         e9:ae:53:c6:2e:98:16:0d:89:d0:54:ef:cc:d2:96:c5:e1:a0:
         00:03:ce:19:bb:a0:6e:47:7c:cf:93:fb:8c:ca:95:21:4a:fe:
         2a:ed:a5:d1
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAZQl/APOGb3bpQj/dx++iwsbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwOGUyMzhlMzBkY2I3NTk3NTlmYjhhMzk0ZDllMjExYTI4
YjlkODcwHhcNMjUwMTAyMDc0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTA4ZTVkNDhjMzE3MThkMDgzNTNkMjFhMWNkZDVmOTQ2NzViMDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwR6RDxHz/lBQQi7GKryPYdBmN5hN
RCAyJGGqcuJGlTkCpp0zT4T+ihLoi9bZoblp26HcVRtsF7PsLRvms8vlIDUqxNbv
slCOuTo07bsdWe80ZY/MwxTUPZka68DovxZK7v0zYLjcAoN6Uc6OSSucsd0tAuty
g7cqDFq933Wv7fQ+KS/WPUB3nAkpJzFyHmPK8epYtKIMIioeGXynyG7f2g3VGR66
VMlDLbNI0udLw6GH0eSuQ97Kc7Sznxb0NlFAiOK/36ZxGsUBluEZbhnndjtmkZfr
K8WotMQrLM0g1Vgp8KskhV1y7nDO+LKagRxEFi6pjt/i2etHSvWj4zGnkwIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFDoI5dSMMXGNCDU9IaHN1flGdbB6MB8GA1UdIwQY
MBaAFICOI44w3LdZdZ+4o5TZ4hGii52HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0k0ampqRGN0MWwxbjdpamxObmlFYUtMblljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi83YjJjZDYtYjFmMy00M2ZjLTlmMDkt
Y2Q5NzQwNDI2NDlmLzEvT2dqbDFJd3hjWTBJTlQwaG9jM1YtVVoxc0hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi83YjJjZDYtYjFmMy00M2ZjLTlmMDktY2Q5NzQwNDI2NDlm
LzEvZ0k0ampqRGN0MWwxbjdpamxObmlFYUtMblljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBKBAIAATBEAwQCLZX0AwQE
UPVwAwQCU94AAwQFVVvAMAwDBAJb6wwDBABb6w4DBAVb92ADBAVtyIADBAC5ZGcD
BAK5aFwDBAK5uugwDQQCAAIwBwMFACoAHYAwDQYJKoZIhvcNAQELBQADggEBALB2
sscTY+Ad61Bxcmpkn0Orp/ZR/MdyAtWfIFgIVcNCeWZ68KX5G8iEzKJkDlKzOhVk
Gus28sPR99V5+rSmidnc7cKXqBfqCWZ8OyNtX+Xu/qML7r90pwSH7+Qkh+xNkUKN
hkBqfqYQG89fLipoFahFLb/F+/2UcBCPRZ1IoJ7zxe21c35eQF793tLjr7r4Mspm
RV62kOJu5bc8CaN3WifEsGAl0cVBPhUHLC5FNsaqLgz90Z0zIQjstkC795OkjHUr
1hVXQ3gQnFENnHn0MX/6w6fWhb8Nd+muU8YumBYNidBU78zSlsXhoAADzhm7oG5H
fM+T+4zKlSFK/irtpdE=
-----END CERTIFICATE-----