Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/3b5f4e-93ff-4dfb-b02d-dc2301fbbb7c/1/Hix749q65sYikumyIiO2w3pF6Ac.roa
File:                     Hix749q65sYikumyIiO2w3pF6Ac.roa (raw, json)
Hash identifier:          N0R4AArriY/KzHOEs+CuI34MlSMnkBHaO9k0W7jdIBQ=
Subject key identifier:   1E:2C:7B:E3:DA:BA:E6:C6:22:92:E9:B2:22:23:B6:C3:7A:45:E8:07
Certificate issuer:       /CN=229a038176c796ea4f2769f6be3cace1a3597634
Certificate serial:       0194266C1B0F0854E96C27DBC52FCCAABA33
Authority key identifier: 22:9A:03:81:76:C7:96:EA:4F:27:69:F6:BE:3C:AC:E1:A3:59:76:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IpoDgXbHlupPJ2n2vjys4aNZdjQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/3b5f4e-93ff-4dfb-b02d-dc2301fbbb7c/1/Hix749q65sYikumyIiO2w3pF6Ac.roa
Signing time:             Thu 02 Jan 2025 09:50:06 +0000
ROA not before:           Thu 02 Jan 2025 09:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34722
IP address blocks:        94.125.208.0/21 maxlen: 21
                          94.125.208.0/24 maxlen: 24
                          94.125.209.0/24 maxlen: 24
                          94.125.210.0/24 maxlen: 24
                          94.125.211.0/24 maxlen: 24
                          94.125.212.0/24 maxlen: 24
                          94.125.213.0/24 maxlen: 24
                          94.125.214.0/24 maxlen: 24
                          94.125.215.0/24 maxlen: 24
                          185.160.16.0/22 maxlen: 22
                          185.160.16.0/24 maxlen: 24
                          185.160.17.0/24 maxlen: 24
                          185.160.18.0/24 maxlen: 24
                          185.160.19.0/24 maxlen: 24
                          194.30.162.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:1b:0f:08:54:e9:6c:27:db:c5:2f:cc:aa:ba:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=229a038176c796ea4f2769f6be3cace1a3597634
        Validity
            Not Before: Jan  2 09:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e2c7be3dabae6c62292e9b22223b6c37a45e807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:5e:3e:a2:da:51:53:9a:d5:ba:ee:f2:03:b4:
                    01:b8:73:3e:66:f9:6f:73:7b:66:be:19:4d:85:61:
                    69:40:d5:dc:8d:e7:1d:d6:ca:38:c7:f6:0d:f8:35:
                    6a:30:50:ad:1e:d6:f0:b3:37:4f:ff:a7:b6:5a:91:
                    95:ed:7d:28:60:3a:e1:4a:f1:bf:71:29:ad:98:ba:
                    ca:33:44:aa:e1:2e:02:4d:44:eb:95:5c:c8:aa:98:
                    0f:d0:ce:3a:ef:cd:d5:43:da:b8:22:81:05:ce:20:
                    21:31:8f:92:77:d4:72:9e:48:b8:bb:9a:d5:a9:c4:
                    2e:9d:e1:82:53:1e:08:14:80:56:b5:f9:1d:3f:0e:
                    b2:d3:91:60:43:b8:5d:fe:c8:76:71:f2:04:64:18:
                    d8:d2:eb:92:1a:9c:f2:49:51:5f:56:b5:2a:cd:21:
                    76:47:77:12:e2:37:77:2c:72:c0:96:de:14:10:74:
                    ff:9a:df:04:ec:7b:0f:b4:16:29:95:b9:82:31:c6:
                    c7:92:a6:cf:99:6e:2d:d3:2a:1d:e3:d4:f4:7c:ab:
                    35:a5:ef:98:97:f5:f6:0b:ac:78:11:36:af:d7:dc:
                    42:88:54:21:31:54:4e:82:c1:61:b5:c7:59:59:f3:
                    25:23:42:d4:b5:00:f2:69:8e:e4:40:32:7a:25:d9:
                    9e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:2C:7B:E3:DA:BA:E6:C6:22:92:E9:B2:22:23:B6:C3:7A:45:E8:07
            X509v3 Authority Key Identifier:
                keyid:22:9A:03:81:76:C7:96:EA:4F:27:69:F6:BE:3C:AC:E1:A3:59:76:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IpoDgXbHlupPJ2n2vjys4aNZdjQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/3b5f4e-93ff-4dfb-b02d-dc2301fbbb7c/1/Hix749q65sYikumyIiO2w3pF6Ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/3b5f4e-93ff-4dfb-b02d-dc2301fbbb7c/1/IpoDgXbHlupPJ2n2vjys4aNZdjQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.125.208.0/21
                  185.160.16.0/22
                  194.30.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:6b:5a:7b:87:4c:19:70:8a:f5:e0:77:f2:54:73:22:50:ab:
         fb:a3:18:90:e4:ec:06:01:84:eb:56:3a:27:4e:ec:c1:d5:7f:
         4e:01:f4:87:e3:89:77:4a:72:78:d5:82:ca:4a:a3:34:16:64:
         c2:07:a6:a6:0d:a3:db:ff:ca:0b:d5:3b:ef:37:ad:32:18:72:
         e3:65:e4:19:7e:e3:ef:16:29:97:09:39:84:3e:f2:ba:3a:cb:
         03:a9:13:8a:80:4f:4f:70:6a:00:6b:2d:d2:5f:be:b7:6f:78:
         5a:fc:46:f2:b9:a3:8e:22:22:6c:34:ce:67:a3:62:d7:87:01:
         f9:fe:fa:9d:47:d1:a8:e3:24:38:8c:6a:b2:d6:02:16:9f:e8:
         f9:f4:60:af:f6:8d:a6:45:24:0e:74:d5:a9:57:3a:d2:d2:07:
         20:62:2d:f8:4b:5b:9e:ee:3b:b8:97:75:99:c6:18:95:02:5e:
         28:b3:70:06:ff:77:a2:51:9a:3a:91:ac:3f:59:23:2a:24:ad:
         6b:7d:e2:3a:4d:fa:0b:04:d9:94:0f:dd:5e:73:72:e4:e3:0f:
         e9:6b:82:65:0f:20:af:47:54:77:8b:f3:27:60:18:ec:f9:1c:
         f4:74:96:d8:bd:b6:14:4f:c1:fd:5d:9d:dc:01:a9:9f:01:91:
         87:d5:4f:28
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQmbBsPCFTpbCfbxS/MqrozMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyOWEwMzgxNzZjNzk2ZWE0ZjI3NjlmNmJlM2NhY2UxYTM1
OTc2MzQwHhcNMjUwMTAyMDk1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTJjN2JlM2RhYmFlNmM2MjI5MmU5YjIyMjIzYjZjMzdhNDVlODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvl4+otpRU5rVuu7yA7QBuHM+Zvlv
c3tmvhlNhWFpQNXcjecd1so4x/YN+DVqMFCtHtbwszdP/6e2WpGV7X0oYDrhSvG/
cSmtmLrKM0Sq4S4CTUTrlVzIqpgP0M46783VQ9q4IoEFziAhMY+Sd9Rynki4u5rV
qcQuneGCUx4IFIBWtfkdPw6y05FgQ7hd/sh2cfIEZBjY0uuSGpzySVFfVrUqzSF2
R3cS4jd3LHLAlt4UEHT/mt8E7HsPtBYplbmCMcbHkqbPmW4t0yod49T0fKs1pe+Y
l/X2C6x4ETav19xCiFQhMVROgsFhtcdZWfMlI0LUtQDyaY7kQDJ6JdmeHQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB4se+PauubGIpLpsiIjtsN6RegHMB8GA1UdIwQY
MBaAFCKaA4F2x5bqTydp9r48rOGjWXY0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXBvRGdYYkhsdXBQSjJuMnZqeXM0YU5aZGpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS8zYjVmNGUtOTNmZi00ZGZiLWIwMmQt
ZGMyMzAxZmJiYjdjLzEvSGl4NzQ5cTY1c1lpa3VteUlpTzJ3M3BGNkFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS8zYjVmNGUtOTNmZi00ZGZiLWIwMmQtZGMyMzAxZmJiYjdj
LzEvSXBvRGdYYkhsdXBQSjJuMnZqeXM0YU5aZGpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDXn3QAwQC
uaAQAwQAwh6iMA0GCSqGSIb3DQEBCwUAA4IBAQBla1p7h0wZcIr14HfyVHMiUKv7
oxiQ5OwGAYTrVjonTuzB1X9OAfSH44l3SnJ41YLKSqM0FmTCB6amDaPb/8oL1Tvv
N60yGHLjZeQZfuPvFimXCTmEPvK6OssDqROKgE9PcGoAay3SX763b3ha/EbyuaOO
IiJsNM5no2LXhwH5/vqdR9Go4yQ4jGqy1gIWn+j59GCv9o2mRSQOdNWpVzrS0gcg
Yi34S1ue7ju4l3WZxhiVAl4os3AG/3eiUZo6kaw/WSMqJK1rfeI6TfoLBNmUD91e
c3Lk4w/pa4JlDyCvR1R3i/MnYBjs+Rz0dJbYvbYUT8H9XZ3cAamfAZGH1U8o
-----END CERTIFICATE-----