Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/759874-e7f2-45fd-819d-a5d1148f25bd/1/GEnuOQleBBUDKJ-4Y-M3IyBH42g.roa
File:                     GEnuOQleBBUDKJ-4Y-M3IyBH42g.roa (raw, json)
Hash identifier:          OrN9ZjjDEjR1Mar15xKYXAUpkqA7O1AMRBJLOwwo76o=
Subject key identifier:   18:49:EE:39:09:5E:04:15:03:28:9F:B8:63:E3:37:23:20:47:E3:68
Certificate issuer:       /CN=caaee579e013218f571386413e2c5b2bc245a836
Certificate serial:       01961ED53766CB78A4B4CFBE00D8942EDE1A
Authority key identifier: CA:AE:E5:79:E0:13:21:8F:57:13:86:41:3E:2C:5B:2B:C2:45:A8:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yq7leeATIY9XE4ZBPixbK8JFqDY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/759874-e7f2-45fd-819d-a5d1148f25bd/1/GEnuOQleBBUDKJ-4Y-M3IyBH42g.roa
Signing time:             Thu 10 Apr 2025 08:33:31 +0000
ROA not before:           Thu 10 Apr 2025 08:33:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208349
IP address blocks:        5.35.120.0/24 maxlen: 24
                          31.10.6.0/24 maxlen: 24
                          31.10.7.0/24 maxlen: 24
                          45.134.124.0/22 maxlen: 22
                          45.134.124.0/24 maxlen: 24
                          45.134.125.0/24 maxlen: 24
                          45.134.126.0/24 maxlen: 24
                          45.134.127.0/24 maxlen: 24
                          77.105.156.0/24 maxlen: 24
                          77.105.157.0/24 maxlen: 24
                          77.105.158.0/24 maxlen: 24
                          77.105.159.0/24 maxlen: 24
                          185.31.133.0/24 maxlen: 24
                          2a0e:7e40::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1e:d5:37:66:cb:78:a4:b4:cf:be:00:d8:94:2e:de:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caaee579e013218f571386413e2c5b2bc245a836
        Validity
            Not Before: Apr 10 08:33:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1849ee39095e041503289fb863e337232047e368
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:cf:93:57:09:50:2d:0f:51:f5:54:c7:a3:6b:
                    a8:65:43:24:73:cc:9c:da:4c:5f:08:3a:88:93:36:
                    64:30:c1:35:94:16:3c:0d:f8:a7:48:b1:7c:0c:0d:
                    43:04:9a:e4:b0:8f:4b:b3:34:5a:9c:4a:dc:df:bb:
                    b2:c3:32:af:b4:58:d2:b5:3d:45:ba:57:3f:b4:ad:
                    d8:b7:43:6a:e6:d7:28:a0:37:11:b6:27:64:cc:af:
                    cb:52:be:48:15:95:1f:3e:64:5b:fb:5b:d6:8c:39:
                    37:ae:b0:c4:67:eb:93:6c:79:17:38:48:7f:f0:28:
                    1b:dc:51:5a:39:a7:dc:c9:93:23:c5:25:f7:9b:45:
                    07:b9:ba:96:da:be:5c:29:82:f5:01:64:ae:75:ea:
                    d2:bf:db:f6:fa:cf:44:9e:08:28:bd:32:59:50:19:
                    ac:64:c4:bb:01:46:62:55:f2:a2:e7:42:4a:9e:38:
                    db:11:92:78:b4:c1:fe:02:96:40:de:51:dc:27:d6:
                    23:1c:1f:af:a6:20:ee:44:4c:ed:78:8f:3b:59:20:
                    96:62:52:ce:09:a6:e5:48:c9:f0:22:90:3a:02:ef:
                    38:7b:6e:6b:68:a1:62:97:a9:cb:2c:15:db:cb:e0:
                    51:00:55:97:99:6c:4c:aa:ca:0d:2e:10:b4:98:03:
                    95:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:49:EE:39:09:5E:04:15:03:28:9F:B8:63:E3:37:23:20:47:E3:68
            X509v3 Authority Key Identifier:
                keyid:CA:AE:E5:79:E0:13:21:8F:57:13:86:41:3E:2C:5B:2B:C2:45:A8:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yq7leeATIY9XE4ZBPixbK8JFqDY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/759874-e7f2-45fd-819d-a5d1148f25bd/1/GEnuOQleBBUDKJ-4Y-M3IyBH42g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/759874-e7f2-45fd-819d-a5d1148f25bd/1/yq7leeATIY9XE4ZBPixbK8JFqDY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.35.120.0/24
                  31.10.6.0/23
                  45.134.124.0/22
                  77.105.156.0/22
                  185.31.133.0/24
                IPv6:
                  2a0e:7e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:ed:da:f6:5e:42:be:97:f9:02:a7:c8:26:0e:a0:a6:75:63:
         06:a4:1d:59:38:8b:93:96:db:59:a9:47:af:a3:11:29:6e:3f:
         9b:c1:1b:c1:c4:fd:15:cc:32:51:5d:95:66:d9:98:46:5c:99:
         69:57:07:de:46:82:e9:37:ef:e6:c5:37:f1:fb:64:e9:e3:0c:
         5c:96:f4:c3:06:ee:2d:51:d3:29:31:ad:ca:8c:3e:4e:8e:29:
         82:5b:ce:06:79:61:27:c0:78:e9:28:8b:b0:67:dc:de:26:dd:
         d7:e6:7c:9b:63:74:5c:22:2f:ec:01:72:24:c5:2a:25:34:cb:
         a8:97:64:3d:92:02:d1:73:54:1a:81:5e:4f:d3:85:e6:c3:e5:
         ae:55:77:f6:38:76:4f:b1:26:5b:be:df:9b:e1:af:d8:d5:a6:
         eb:88:38:4b:2d:35:c5:87:fa:64:58:1a:98:4d:e3:b6:1e:dd:
         29:f2:36:78:5e:9e:63:f5:c7:a2:c5:b6:28:cb:02:e5:cb:4d:
         0e:c4:06:08:32:9a:9a:60:bb:94:05:5b:46:1d:85:d0:42:67:
         1e:3f:f8:0b:38:7f:dd:c3:76:4c:a1:75:df:bc:16:e6:e6:a3:
         68:69:e6:ac:16:4a:f3:4a:b4:f0:f5:e4:79:be:d4:4f:89:37:
         c1:bc:dd:3b
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZYe1Tdmy3iktM++ANiULt4aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhYWVlNTc5ZTAxMzIxOGY1NzEzODY0MTNlMmM1YjJiYzI0
NWE4MzYwHhcNMjUwNDEwMDgzMzMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODQ5ZWUzOTA5NWUwNDE1MDMyODlmYjg2M2UzMzcyMzIwNDdlMzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsc+TVwlQLQ9R9VTHo2uoZUMkc8yc
2kxfCDqIkzZkMME1lBY8DfinSLF8DA1DBJrksI9LszRanErc37uywzKvtFjStT1F
ulc/tK3Yt0Nq5tcooDcRtidkzK/LUr5IFZUfPmRb+1vWjDk3rrDEZ+uTbHkXOEh/
8Cgb3FFaOafcyZMjxSX3m0UHubqW2r5cKYL1AWSuderSv9v2+s9EnggovTJZUBms
ZMS7AUZiVfKi50JKnjjbEZJ4tMH+ApZA3lHcJ9YjHB+vpiDuREzteI87WSCWYlLO
CablSMnwIpA6Au84e25raKFil6nLLBXby+BRAFWXmWxMqsoNLhC0mAOVhwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFBhJ7jkJXgQVAyifuGPjNyMgR+NoMB8GA1UdIwQY
MBaAFMqu5XngEyGPVxOGQT4sWyvCRag2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXE3bGVlQVRJWTlYRTRaQlBpeGJLOEpGcURZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC83NTk4NzQtZTdmMi00NWZkLTgxOWQt
YTVkMTE0OGYyNWJkLzEvR0VudU9RbGVCQlVES0otNFktTTNJeUJINDJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC83NTk4NzQtZTdmMi00NWZkLTgxOWQtYTVkMTE0OGYyNWJk
LzEveXE3bGVlQVRJWTlYRTRaQlBpeGJLOEpGcURZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQABSN4AwQB
HwoGAwQCLYZ8AwQCTWmcAwQAuR+FMA0EAgACMAcDBQMqDn5AMA0GCSqGSIb3DQEB
CwUAA4IBAQB97dr2XkK+l/kCp8gmDqCmdWMGpB1ZOIuTlttZqUevoxEpbj+bwRvB
xP0VzDJRXZVm2ZhGXJlpVwfeRoLpN+/mxTfx+2Tp4wxclvTDBu4tUdMpMa3KjD5O
jimCW84GeWEnwHjpKIuwZ9zeJt3X5nybY3RcIi/sAXIkxSolNMuol2Q9kgLRc1Qa
gV5P04Xmw+WuVXf2OHZPsSZbvt+b4a/Y1abriDhLLTXFh/pkWBqYTeO2Ht0p8jZ4
Xp5j9ceixbYoywLly00OxAYIMpqaYLuUBVtGHYXQQmceP/gLOH/dw3ZMoXXfvBbm
5qNoaeasFkrzSrTw9eR5vtRPiTfBvN07
-----END CERTIFICATE-----