Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/eDQP5E2XlejtahTwQQqzmrHVa1o.roa
File:                     eDQP5E2XlejtahTwQQqzmrHVa1o.roa (raw, json)
Hash identifier:          ZsF4o+uzYyaireLgzJk9zXtuhM6RYig4xQukB1IMpp0=
Subject key identifier:   78:34:0F:E4:4D:97:95:E8:ED:6A:14:F0:41:0A:B3:9A:B1:D5:6B:5A
Certificate issuer:       /CN=2ac943517f5e3b747e7530320789a03444b43912
Certificate serial:       019150DEBA531AD08A6D459D1ECC6448A26A
Authority key identifier: 2A:C9:43:51:7F:5E:3B:74:7E:75:30:32:07:89:A0:34:44:B4:39:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KslDUX9eO3R-dTAyB4mgNES0ORI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/eDQP5E2XlejtahTwQQqzmrHVa1o.roa
Signing time:             Wed 14 Aug 2024 12:30:59 +0000
ROA not before:           Wed 14 Aug 2024 12:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49033
IP address blocks:        94.46.216.0/22 maxlen: 24
                          94.46.218.0/23 maxlen: 23
                          185.91.92.0/22 maxlen: 24
                          185.116.144.0/22 maxlen: 24
                          185.166.88.0/22 maxlen: 22
                          185.166.88.0/24 maxlen: 24
                          185.166.89.0/24 maxlen: 24
                          185.166.90.0/23 maxlen: 24
                          185.166.90.0/24 maxlen: 24
                          185.166.91.0/24 maxlen: 24
                          185.171.48.0/22 maxlen: 24
                          185.232.160.0/22 maxlen: 24
                          185.238.108.0/22 maxlen: 24
                          2a0f:dcc0::/29 maxlen: 48
                          2a0f:ddc0::/29 maxlen: 48

Validation:               Failed, unable to get certificate CRL

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:50:de:ba:53:1a:d0:8a:6d:45:9d:1e:cc:64:48:a2:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac943517f5e3b747e7530320789a03444b43912
        Validity
            Not Before: Aug 14 12:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78340fe44d9795e8ed6a14f0410ab39ab1d56b5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:df:57:a7:44:41:e4:8f:c8:50:f0:b8:32:b5:
                    84:45:24:29:31:04:e8:ab:4b:98:38:6c:af:98:b1:
                    d0:41:07:44:1f:6f:9a:f1:66:28:01:45:f2:19:72:
                    fd:ce:f7:cc:00:15:f8:c2:70:df:41:1b:5a:c6:a6:
                    bc:67:16:0e:fd:e1:7c:d0:20:b4:24:59:30:9b:db:
                    31:b9:e5:14:5b:69:ad:34:55:14:ae:90:26:2c:ee:
                    54:55:aa:e7:a9:62:af:09:73:33:5a:cb:09:e5:d6:
                    ef:e0:e1:e7:95:d7:cc:e3:21:45:fe:0e:d2:7e:f9:
                    c0:86:c5:63:0a:bd:e1:ab:74:5b:2d:80:be:16:74:
                    17:45:86:eb:ca:35:33:65:16:fa:9f:1c:bb:bd:d3:
                    06:1e:26:24:f5:27:d2:c4:4f:58:7c:35:03:bf:95:
                    2f:25:89:45:e6:65:07:61:b8:e1:dc:f2:f4:af:7c:
                    d8:3e:f1:45:02:6d:b9:c8:8c:31:b2:29:e7:9d:19:
                    9d:a5:8b:02:9b:b9:4e:7c:f0:8d:c9:90:d1:23:0a:
                    8d:36:35:08:2b:cd:14:f6:a6:50:f8:1f:4e:a1:13:
                    7b:fa:0a:14:e6:3f:7c:1b:5d:77:cd:4f:6c:19:cb:
                    51:a6:bd:6e:9d:70:2c:df:8f:68:6c:d1:ce:02:95:
                    5e:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:34:0F:E4:4D:97:95:E8:ED:6A:14:F0:41:0A:B3:9A:B1:D5:6B:5A
            X509v3 Authority Key Identifier:
                keyid:2A:C9:43:51:7F:5E:3B:74:7E:75:30:32:07:89:A0:34:44:B4:39:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KslDUX9eO3R-dTAyB4mgNES0ORI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/eDQP5E2XlejtahTwQQqzmrHVa1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/KslDUX9eO3R-dTAyB4mgNES0ORI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.46.216.0/22
                  185.91.92.0/22
                  185.116.144.0/22
                  185.166.88.0/22
                  185.171.48.0/22
                  185.232.160.0/22
                  185.238.108.0/22
                IPv6:
                  2a0f:dcc0::/29
                  2a0f:ddc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:f9:b2:da:9b:c2:5b:b1:d5:2d:f6:53:eb:c6:aa:d3:6f:24:
         3f:9f:c5:b3:39:99:50:1c:21:ad:24:fe:58:e3:a6:64:37:73:
         7a:51:7f:c2:50:7e:87:e7:23:a1:f4:64:cc:08:86:38:67:fa:
         61:ec:14:e7:06:ac:88:e9:35:ae:e1:06:ec:45:23:1b:3c:a0:
         6b:0e:9d:70:2b:45:6e:9f:32:05:47:24:f1:29:d0:41:a1:d4:
         8c:d1:a2:01:04:88:dd:30:c2:68:43:53:a1:0f:42:db:19:85:
         89:0c:7c:b7:f8:4a:9b:89:cc:c5:ae:f4:34:b9:9b:91:53:8d:
         25:10:7c:8e:42:ab:5a:0d:4d:cc:8d:f5:6c:0e:07:25:55:1c:
         68:2c:35:0d:84:8d:82:ca:a0:6f:0d:80:0c:40:3b:d7:3e:0f:
         f1:b9:ba:51:40:58:27:a5:d6:01:0c:af:e0:f6:17:8d:85:03:
         a9:81:a2:8b:08:96:82:e4:95:3c:f2:14:9b:a6:2d:41:1a:91:
         ac:83:57:fe:c9:f0:2a:1d:5c:94:3e:ff:b1:03:91:cb:16:f1:
         31:96:6a:84:3b:e4:66:74:1c:56:2e:e1:69:ed:38:de:ee:97:
         59:35:7e:fb:86:02:71:36:07:92:9a:3e:5b:9f:82:d9:cc:c1:
         88:22:9b:dd
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZFQ3rpTGtCKbUWdHsxkSKJqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzk0MzUxN2Y1ZTNiNzQ3ZTc1MzAzMjA3ODlhMDM0NDRi
NDM5MTIwHhcNMjQwODE0MTIzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODM0MGZlNDRkOTc5NWU4ZWQ2YTE0ZjA0MTBhYjM5YWIxZDU2YjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwt9Xp0RB5I/IUPC4MrWERSQpMQTo
q0uYOGyvmLHQQQdEH2+a8WYoAUXyGXL9zvfMABX4wnDfQRtaxqa8ZxYO/eF80CC0
JFkwm9sxueUUW2mtNFUUrpAmLO5UVarnqWKvCXMzWssJ5dbv4OHnldfM4yFF/g7S
fvnAhsVjCr3hq3RbLYC+FnQXRYbryjUzZRb6nxy7vdMGHiYk9SfSxE9YfDUDv5Uv
JYlF5mUHYbjh3PL0r3zYPvFFAm25yIwxsinnnRmdpYsCm7lOfPCNyZDRIwqNNjUI
K80U9qZQ+B9OoRN7+goU5j98G113zU9sGctRpr1unXAs349obNHOApVemQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFHg0D+RNl5Xo7WoU8EEKs5qx1WtaMB8GA1UdIwQY
MBaAFCrJQ1F/Xjt0fnUwMgeJoDREtDkSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NsRFVYOWVPM1ItZFRBeUI0bWdORVMwT1JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xOTUxMWQtNTM3ZS00MjQxLWEwZDgt
MmQ5MWNmZDdhYWY0LzEvZURRUDVFMlhsZWp0YWhUd1FRcXptckhWYTFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8xOTUxMWQtNTM3ZS00MjQxLWEwZDgtMmQ5MWNmZDdhYWY0
LzEvS3NsRFVYOWVPM1ItZFRBeUI0bWdORVMwT1JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQCXi7YAwQC
uVtcAwQCuXSQAwQCuaZYAwQCuaswAwQCueigAwQCue5sMBQEAgACMA4DBQMqD9zA
AwUDKg/dwDANBgkqhkiG9w0BAQsFAAOCAQEAf/my2pvCW7HVLfZT68aq028kP5/F
szmZUBwhrST+WOOmZDdzelF/wlB+h+cjofRkzAiGOGf6YewU5wasiOk1ruEG7EUj
Gzygaw6dcCtFbp8yBUck8SnQQaHUjNGiAQSI3TDCaENToQ9C2xmFiQx8t/hKm4nM
xa70NLmbkVONJRB8jkKrWg1NzI31bA4HJVUcaCw1DYSNgsqgbw2ADEA71z4P8bm6
UUBYJ6XWAQyv4PYXjYUDqYGiiwiWguSVPPIUm6YtQRqRrINX/snwKh1clD7/sQOR
yxbxMZZqhDvkZnQcVi7hae043u6XWTV++4YCcTYHkpo+W5+C2czBiCKb3Q==
-----END CERTIFICATE-----