Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/c1b5ec-52ff-4ecb-b3fd-da95808ba2c1/1/iag8Q_wzIXDPEMimULoiZhZCdC8.roa
File:                     iag8Q_wzIXDPEMimULoiZhZCdC8.roa (raw, json)
Hash identifier:          dNNmoo0WBN3smkvawEJl5/GTwREkOuStIa4ixH6hrrI=
Subject key identifier:   89:A8:3C:43:FC:33:21:70:CF:10:C8:A6:50:BA:22:66:16:42:74:2F
Certificate issuer:       /CN=86e99134171b5863f62f22b7d7abf740349528ec
Certificate serial:       0193DAD3A5A127AF26C5F1A9E05116ECB4CE
Authority key identifier: 86:E9:91:34:17:1B:58:63:F6:2F:22:B7:D7:AB:F7:40:34:95:28:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/humRNBcbWGP2LyK316v3QDSVKOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/c1b5ec-52ff-4ecb-b3fd-da95808ba2c1/1/iag8Q_wzIXDPEMimULoiZhZCdC8.roa
Signing time:             Wed 18 Dec 2024 17:32:03 +0000
ROA not before:           Wed 18 Dec 2024 17:32:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60439
IP address blocks:        45.151.80.0/24 maxlen: 24
                          45.151.81.0/24 maxlen: 24
                          45.151.82.0/24 maxlen: 24
                          45.151.83.0/24 maxlen: 24
                          85.208.196.0/24 maxlen: 24
                          85.208.197.0/24 maxlen: 24
                          85.208.198.0/24 maxlen: 24
                          85.208.199.0/24 maxlen: 24
                          139.28.16.0/22 maxlen: 24
                          193.160.22.0/24 maxlen: 24
                          193.160.23.0/24 maxlen: 24
                          193.160.30.0/24 maxlen: 24
                          193.160.31.0/24 maxlen: 24
                          2a13:8240::/40 maxlen: 48
                          2a13:8240:100::/40 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:da:d3:a5:a1:27:af:26:c5:f1:a9:e0:51:16:ec:b4:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86e99134171b5863f62f22b7d7abf740349528ec
        Validity
            Not Before: Dec 18 17:32:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89a83c43fc332170cf10c8a650ba22661642742f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b4:f6:45:dc:9e:dc:88:a7:c5:33:54:73:9c:
                    87:d3:f7:9f:39:43:eb:a0:4b:8e:b2:01:bd:d4:31:
                    15:ad:73:25:d0:41:ea:e4:a0:74:cc:8e:b4:d6:58:
                    17:c0:da:bc:e2:b7:3c:3e:d0:63:7d:ba:c4:a3:e1:
                    aa:9c:f5:80:16:02:d4:52:ee:19:4f:d1:73:bb:c7:
                    61:f6:03:d2:21:e6:d8:8a:a1:b0:8b:94:cc:fc:fa:
                    b4:13:45:08:74:08:d3:76:99:61:e8:ce:a5:ad:40:
                    96:1b:ef:f9:08:16:4e:87:d9:ac:1f:17:90:ea:6b:
                    dd:0e:4d:a6:9d:ae:f4:17:26:ac:c4:64:d4:da:2f:
                    c6:ed:d9:e1:08:23:aa:d5:1c:be:05:01:e7:e8:7c:
                    3f:c9:c4:f0:32:d4:d8:a9:2f:1e:5c:d0:aa:b0:2e:
                    2f:27:28:27:fb:63:de:08:06:76:19:2f:45:5c:db:
                    bc:a5:1f:f4:86:af:77:7f:56:bc:70:2d:e4:f2:cc:
                    19:ad:5a:af:3b:47:d4:42:d9:3d:d9:9a:d9:40:f8:
                    d9:84:21:55:1e:3d:6f:be:5b:47:e9:e4:ae:f6:6e:
                    4e:6e:f0:78:d5:f1:37:bd:d3:6d:6a:ba:1a:b0:34:
                    60:54:63:71:ea:b0:90:41:5f:8f:0c:82:65:f6:69:
                    55:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:A8:3C:43:FC:33:21:70:CF:10:C8:A6:50:BA:22:66:16:42:74:2F
            X509v3 Authority Key Identifier:
                keyid:86:E9:91:34:17:1B:58:63:F6:2F:22:B7:D7:AB:F7:40:34:95:28:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/humRNBcbWGP2LyK316v3QDSVKOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c1b5ec-52ff-4ecb-b3fd-da95808ba2c1/1/iag8Q_wzIXDPEMimULoiZhZCdC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c1b5ec-52ff-4ecb-b3fd-da95808ba2c1/1/humRNBcbWGP2LyK316v3QDSVKOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.80.0/22
                  85.208.196.0/22
                  139.28.16.0/22
                  193.160.22.0/23
                  193.160.30.0/23
                IPv6:
                  2a13:8240::/39

    Signature Algorithm: sha256WithRSAEncryption
         ab:05:e8:b8:91:11:09:37:d8:e3:23:1d:d2:9f:20:39:07:c5:
         d6:3c:ae:d7:72:53:0f:5a:64:9f:e2:88:59:03:5f:61:c0:9b:
         59:ee:93:53:79:10:1e:fa:9f:e2:68:d7:65:2e:55:f4:02:4b:
         9a:5d:a4:6e:79:96:e7:90:ee:ce:88:a2:22:b8:00:08:17:e6:
         71:34:b8:4c:99:b2:97:10:f1:5a:bd:95:7b:81:9f:f8:02:46:
         bc:63:ac:dd:7d:1e:b4:e6:07:5b:2e:24:de:3d:3a:0d:74:88:
         02:a3:2d:00:01:0f:f3:50:f7:69:92:34:29:ac:7c:79:d3:7f:
         9f:57:ef:7f:c9:c7:83:bc:c6:84:4b:a1:a3:00:b1:b1:d4:2b:
         9a:8f:c9:7a:a3:d0:55:8c:d2:11:6e:48:d3:2b:b0:bf:55:bc:
         59:49:31:50:94:08:f7:57:43:e9:c3:81:fb:85:e7:b2:60:80:
         24:57:0e:25:c2:1e:ed:92:b7:09:06:dc:f3:3d:de:c2:a3:e8:
         fa:05:43:90:ef:77:f2:c1:58:35:ad:48:89:89:f3:b1:57:97:
         5d:3e:90:08:83:1c:22:5c:d9:19:b3:92:32:f0:b3:36:19:ac:
         d8:fd:c4:f6:7a:42:81:1e:22:c2:6f:7f:9a:c8:74:67:80:51:
         a2:c6:0e:96
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZPa06WhJ68mxfGp4FEW7LTOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZTk5MTM0MTcxYjU4NjNmNjJmMjJiN2Q3YWJmNzQwMzQ5
NTI4ZWMwHhcNMjQxMjE4MTczMjAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWE4M2M0M2ZjMzMyMTcwY2YxMGM4YTY1MGJhMjI2NjE2NDI3NDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrT2Rdye3IinxTNUc5yH0/efOUPr
oEuOsgG91DEVrXMl0EHq5KB0zI601lgXwNq84rc8PtBjfbrEo+GqnPWAFgLUUu4Z
T9Fzu8dh9gPSIebYiqGwi5TM/Pq0E0UIdAjTdplh6M6lrUCWG+/5CBZOh9msHxeQ
6mvdDk2mna70FyasxGTU2i/G7dnhCCOq1Ry+BQHn6Hw/ycTwMtTYqS8eXNCqsC4v
Jygn+2PeCAZ2GS9FXNu8pR/0hq93f1a8cC3k8swZrVqvO0fUQtk92ZrZQPjZhCFV
Hj1vvltH6eSu9m5ObvB41fE3vdNtaroasDRgVGNx6rCQQV+PDIJl9mlVnwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFImoPEP8MyFwzxDIplC6ImYWQnQvMB8GA1UdIwQY
MBaAFIbpkTQXG1hj9i8it9er90A0lSjsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHVtUk5CY2JXR1AyTHlLMzE2djNRRFNWS093LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jMWI1ZWMtNTJmZi00ZWNiLWIzZmQt
ZGE5NTgwOGJhMmMxLzEvaWFnOFFfd3pJWERQRU1pbVVMb2laaFpDZEM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jMWI1ZWMtNTJmZi00ZWNiLWIzZmQtZGE5NTgwOGJhMmMx
LzEvaHVtUk5CY2JXR1AyTHlLMzE2djNRRFNWS093LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAkBAIAATAeAwQCLZdQAwQC
VdDEAwQCixwQAwQBwaAWAwQBwaAeMA4EAgACMAgDBgEqE4JAADANBgkqhkiG9w0B
AQsFAAOCAQEAqwXouJERCTfY4yMd0p8gOQfF1jyu13JTD1pkn+KIWQNfYcCbWe6T
U3kQHvqf4mjXZS5V9AJLml2kbnmW55DuzoiiIrgACBfmcTS4TJmylxDxWr2Ve4Gf
+AJGvGOs3X0etOYHWy4k3j06DXSIAqMtAAEP81D3aZI0Kax8edN/n1fvf8nHg7zG
hEuhowCxsdQrmo/JeqPQVYzSEW5I0yuwv1W8WUkxUJQI91dD6cOB+4XnsmCAJFcO
JcIe7ZK3CQbc8z3ewqPo+gVDkO938sFYNa1IiYnzsVeXXT6QCIMcIlzZGbOSMvCz
Nhms2P3E9npCgR4iwm9/msh0Z4BRosYOlg==
-----END CERTIFICATE-----