Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/c1b5ec-52ff-4ecb-b3fd-da95808ba2c1/1/kufXPEBBY4F3GtWTn9BkPD8wSxE.roa
File:                     kufXPEBBY4F3GtWTn9BkPD8wSxE.roa (raw, json)
Hash identifier:          UarHb2gOFhZ20RNJlK0SIL7Fko6NvrD899Ffsd5s1AU=
Subject key identifier:   92:E7:D7:3C:40:41:63:81:77:1A:D5:93:9F:D0:64:3C:3F:30:4B:11
Certificate issuer:       /CN=86e99134171b5863f62f22b7d7abf740349528ec
Certificate serial:       01950000BA9C5A1364092B9ED20FCC4D6FCF
Authority key identifier: 86:E9:91:34:17:1B:58:63:F6:2F:22:B7:D7:AB:F7:40:34:95:28:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/humRNBcbWGP2LyK316v3QDSVKOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/c1b5ec-52ff-4ecb-b3fd-da95808ba2c1/1/kufXPEBBY4F3GtWTn9BkPD8wSxE.roa
Signing time:             Thu 13 Feb 2025 15:50:02 +0000
ROA not before:           Thu 13 Feb 2025 15:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60439
IP address blocks:        45.141.224.0/22 maxlen: 24
                          45.151.80.0/24 maxlen: 24
                          45.151.81.0/24 maxlen: 24
                          45.151.82.0/24 maxlen: 24
                          45.151.83.0/24 maxlen: 24
                          85.208.196.0/24 maxlen: 24
                          85.208.197.0/24 maxlen: 24
                          85.208.198.0/24 maxlen: 24
                          85.208.199.0/24 maxlen: 24
                          139.28.16.0/22 maxlen: 24
                          193.160.22.0/24 maxlen: 24
                          193.160.23.0/24 maxlen: 24
                          193.160.30.0/24 maxlen: 24
                          193.160.31.0/24 maxlen: 24
                          2a13:8240::/40 maxlen: 48
                          2a13:8240:100::/40 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:00:00:ba:9c:5a:13:64:09:2b:9e:d2:0f:cc:4d:6f:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86e99134171b5863f62f22b7d7abf740349528ec
        Validity
            Not Before: Feb 13 15:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92e7d73c40416381771ad5939fd0643c3f304b11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:85:f1:10:be:5b:a1:be:b8:71:26:8d:16:7b:
                    e3:40:1a:25:14:78:76:e0:cb:b3:68:ce:b3:13:f9:
                    3b:f2:5f:10:3c:2a:59:39:69:5d:07:a7:89:dc:9a:
                    08:cb:14:59:77:aa:8f:ef:36:82:63:fc:a1:ea:11:
                    a6:d8:19:86:bd:36:37:eb:17:8a:3d:d2:f4:f6:e7:
                    42:51:35:20:2f:e6:ea:05:54:48:50:70:89:ed:ac:
                    50:f4:b1:32:9e:62:da:a9:84:39:be:ea:4a:ab:5a:
                    58:53:ce:6c:12:bc:e8:60:a8:de:c7:df:5a:4e:5e:
                    cc:e1:c8:ca:da:a2:6f:2e:88:bb:93:45:49:cb:cd:
                    36:e1:d4:3a:a4:f0:4c:4a:36:4a:bf:73:b9:31:98:
                    80:50:b8:27:cd:c0:eb:b1:d6:c7:4c:93:21:7b:65:
                    f9:31:ac:7e:5f:ba:b4:1c:2f:c8:4b:64:5a:af:aa:
                    b8:cc:b1:23:71:b8:fc:2b:bf:16:9e:bd:96:61:f1:
                    f8:0a:49:11:a4:ba:e7:db:72:6b:45:db:fc:37:c7:
                    c7:8c:b0:3a:ef:95:23:0e:6e:91:67:94:26:04:79:
                    66:c8:85:69:01:64:d0:d9:5c:37:fe:63:87:9d:06:
                    bb:15:81:e6:5b:fc:f1:0d:5d:1d:0f:04:38:98:ca:
                    76:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:E7:D7:3C:40:41:63:81:77:1A:D5:93:9F:D0:64:3C:3F:30:4B:11
            X509v3 Authority Key Identifier:
                keyid:86:E9:91:34:17:1B:58:63:F6:2F:22:B7:D7:AB:F7:40:34:95:28:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/humRNBcbWGP2LyK316v3QDSVKOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c1b5ec-52ff-4ecb-b3fd-da95808ba2c1/1/kufXPEBBY4F3GtWTn9BkPD8wSxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c1b5ec-52ff-4ecb-b3fd-da95808ba2c1/1/humRNBcbWGP2LyK316v3QDSVKOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.224.0/22
                  45.151.80.0/22
                  85.208.196.0/22
                  139.28.16.0/22
                  193.160.22.0/23
                  193.160.30.0/23
                IPv6:
                  2a13:8240::/39

    Signature Algorithm: sha256WithRSAEncryption
         6b:2d:c4:ed:be:bb:3a:ed:d6:f1:b5:cf:42:44:33:b3:58:72:
         bd:bb:40:56:a3:85:f0:dc:6e:d7:68:e6:d7:d1:67:af:e4:f3:
         ba:bc:b3:b8:60:7d:c5:d4:b0:c4:d9:7f:90:c8:ec:b8:99:49:
         d5:60:69:37:83:75:0b:62:18:ae:92:ff:f9:79:68:b2:14:f7:
         5b:64:f2:7d:32:8a:e9:76:9f:b6:14:de:f8:53:24:5a:6c:01:
         ce:37:f1:9a:14:3e:73:da:f8:0b:99:b7:ea:b4:75:df:d6:a0:
         8c:23:ac:00:55:90:66:66:26:e2:4a:87:a7:b2:4d:58:1b:d2:
         88:61:1b:8b:58:4b:8c:dd:c1:c1:10:8d:f6:37:ef:f3:34:ee:
         38:78:13:cb:6b:77:5a:97:ab:70:4e:98:7c:b2:1f:a2:96:7e:
         13:02:b7:42:c0:a0:46:fe:57:e1:63:54:c0:ba:54:1d:f8:ff:
         30:04:48:bb:5a:80:73:cf:99:32:9e:96:3f:d1:17:94:98:a4:
         21:59:6c:ea:37:6a:31:fc:54:1a:f0:88:fb:ca:b2:42:ca:f4:
         6e:b0:dd:93:2e:b4:a8:16:53:64:ad:8f:cc:a0:47:63:a1:ed:
         07:87:c9:48:99:f0:43:38:4b:37:16:a4:2d:96:2a:fe:15:56:
         9a:2e:2a:d8
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZUAALqcWhNkCSue0g/MTW/PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZTk5MTM0MTcxYjU4NjNmNjJmMjJiN2Q3YWJmNzQwMzQ5
NTI4ZWMwHhcNMjUwMjEzMTU1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmU3ZDczYzQwNDE2MzgxNzcxYWQ1OTM5ZmQwNjQzYzNmMzA0YjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1IXxEL5bob64cSaNFnvjQBolFHh2
4MuzaM6zE/k78l8QPCpZOWldB6eJ3JoIyxRZd6qP7zaCY/yh6hGm2BmGvTY36xeK
PdL09udCUTUgL+bqBVRIUHCJ7axQ9LEynmLaqYQ5vupKq1pYU85sErzoYKjex99a
Tl7M4cjK2qJvLoi7k0VJy8024dQ6pPBMSjZKv3O5MZiAULgnzcDrsdbHTJMhe2X5
Max+X7q0HC/IS2Rar6q4zLEjcbj8K78Wnr2WYfH4CkkRpLrn23JrRdv8N8fHjLA6
75UjDm6RZ5QmBHlmyIVpAWTQ2Vw3/mOHnQa7FYHmW/zxDV0dDwQ4mMp2uwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFJLn1zxAQWOBdxrVk5/QZDw/MEsRMB8GA1UdIwQY
MBaAFIbpkTQXG1hj9i8it9er90A0lSjsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHVtUk5CY2JXR1AyTHlLMzE2djNRRFNWS093LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jMWI1ZWMtNTJmZi00ZWNiLWIzZmQt
ZGE5NTgwOGJhMmMxLzEva3VmWFBFQkJZNEYzR3RXVG45QmtQRDh3U3hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jMWI1ZWMtNTJmZi00ZWNiLWIzZmQtZGE5NTgwOGJhMmMx
LzEvaHVtUk5CY2JXR1AyTHlLMzE2djNRRFNWS093LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAqBAIAATAkAwQCLY3gAwQC
LZdQAwQCVdDEAwQCixwQAwQBwaAWAwQBwaAeMA4EAgACMAgDBgEqE4JAADANBgkq
hkiG9w0BAQsFAAOCAQEAay3E7b67Ou3W8bXPQkQzs1hyvbtAVqOF8Nxu12jm19Fn
r+TzuryzuGB9xdSwxNl/kMjsuJlJ1WBpN4N1C2IYrpL/+XloshT3W2TyfTKK6Xaf
thTe+FMkWmwBzjfxmhQ+c9r4C5m36rR139agjCOsAFWQZmYm4kqHp7JNWBvSiGEb
i1hLjN3BwRCN9jfv8zTuOHgTy2t3WpercE6YfLIfopZ+EwK3QsCgRv5X4WNUwLpU
Hfj/MARIu1qAc8+ZMp6WP9EXlJikIVls6jdqMfxUGvCI+8qyQsr0brDdky60qBZT
ZK2PzKBHY6HtB4fJSJnwQzhLNxakLZYq/hVWmi4q2A==
-----END CERTIFICATE-----