Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/d208a0-e436-4896-bef2-3b9db05d2384/1/PqHbplNO7TvCzyK8jCTMlpUuDgE.roa
File:                     PqHbplNO7TvCzyK8jCTMlpUuDgE.roa (raw, json)
Hash identifier:          ZCBOLO9Ydb+4h8ApAHfbP8OIDjSPikSQfw2HwF7MQbw=
Subject key identifier:   3E:A1:DB:A6:53:4E:ED:3B:C2:CF:22:BC:8C:24:CC:96:95:2E:0E:01
Certificate issuer:       /CN=bb8e2f5ac7cbe62117da478ac0c027ad6d843c56
Certificate serial:       019425FDE688B29DF29800EEC2F76E73A31E
Authority key identifier: BB:8E:2F:5A:C7:CB:E6:21:17:DA:47:8A:C0:C0:27:AD:6D:84:3C:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u44vWsfL5iEX2keKwMAnrW2EPFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/d208a0-e436-4896-bef2-3b9db05d2384/1/PqHbplNO7TvCzyK8jCTMlpUuDgE.roa
Signing time:             Thu 02 Jan 2025 07:49:44 +0000
ROA not before:           Thu 02 Jan 2025 07:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8767
IP address blocks:        46.244.128.0/17 maxlen: 17
                          62.216.192.0/19 maxlen: 19
                          62.245.128.0/17 maxlen: 17
                          80.81.0.0/19 maxlen: 19
                          82.135.0.0/17 maxlen: 17
                          83.171.128.0/18 maxlen: 18
                          88.217.0.0/16 maxlen: 16
                          93.104.0.0/16 maxlen: 16
                          185.17.204.0/22 maxlen: 22
                          188.174.0.0/16 maxlen: 16
                          212.18.0.0/19 maxlen: 19
                          212.114.128.0/17 maxlen: 17
                          212.204.64.0/18 maxlen: 18
                          212.204.75.0/24 maxlen: 24
                          213.179.128.0/19 maxlen: 19
                          2001:a60::/29 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:e6:88:b2:9d:f2:98:00:ee:c2:f7:6e:73:a3:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb8e2f5ac7cbe62117da478ac0c027ad6d843c56
        Validity
            Not Before: Jan  2 07:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ea1dba6534eed3bc2cf22bc8c24cc96952e0e01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a0:45:29:b8:49:fc:9d:62:f4:9b:c5:0d:f6:
                    f3:d8:9f:fb:b7:be:ba:2a:99:43:67:53:1b:4d:1a:
                    21:3b:cc:a1:37:70:d7:c2:22:75:b8:ac:6a:92:f6:
                    1f:16:15:b1:36:24:d1:72:dc:8f:c6:ca:b6:16:b2:
                    4e:74:4c:e4:ab:f0:9f:a4:88:57:05:23:6f:7b:33:
                    16:0f:3a:66:0e:13:cf:2f:4c:6f:43:ac:1c:8d:21:
                    75:fb:d3:f4:91:35:17:30:b1:b6:0f:be:6d:b4:0e:
                    75:dc:f2:1d:40:fc:56:c2:0b:75:54:7c:5a:4d:62:
                    2e:e3:b2:ed:5f:d1:50:20:97:e4:33:f4:1a:3b:ec:
                    3d:dc:bc:46:42:ab:4f:48:85:5f:df:22:ab:a8:d5:
                    fa:94:cb:ce:16:61:51:bf:e0:f8:64:16:95:2a:04:
                    c3:d6:dd:f7:91:6c:d2:94:a5:3c:ae:71:dc:bf:82:
                    cc:d6:4f:5e:93:a3:28:75:e1:bd:2f:9d:88:78:ad:
                    e6:16:41:2d:bc:a5:53:66:f9:95:eb:88:36:e2:04:
                    ae:55:c0:82:d3:ab:50:90:b7:64:7a:76:f9:68:31:
                    67:13:4d:a7:5b:01:da:d6:a9:89:bb:c5:10:05:5e:
                    9d:d8:65:14:43:d0:aa:3b:b3:5c:f6:88:24:b7:06:
                    d0:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:A1:DB:A6:53:4E:ED:3B:C2:CF:22:BC:8C:24:CC:96:95:2E:0E:01
            X509v3 Authority Key Identifier:
                keyid:BB:8E:2F:5A:C7:CB:E6:21:17:DA:47:8A:C0:C0:27:AD:6D:84:3C:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u44vWsfL5iEX2keKwMAnrW2EPFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/d208a0-e436-4896-bef2-3b9db05d2384/1/PqHbplNO7TvCzyK8jCTMlpUuDgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/d208a0-e436-4896-bef2-3b9db05d2384/1/u44vWsfL5iEX2keKwMAnrW2EPFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.244.128.0/17
                  62.216.192.0/19
                  62.245.128.0/17
                  80.81.0.0/19
                  82.135.0.0/17
                  83.171.128.0/18
                  88.217.0.0/16
                  93.104.0.0/16
                  185.17.204.0/22
                  188.174.0.0/16
                  212.18.0.0/19
                  212.114.128.0/17
                  212.204.64.0/18
                  213.179.128.0/19
                IPv6:
                  2001:a60::/29

    Signature Algorithm: sha256WithRSAEncryption
         92:95:38:0a:b2:b4:1f:09:60:75:76:ee:ec:b1:f9:1e:d5:1c:
         4a:62:e1:bc:f8:ce:27:98:75:9c:f2:42:ac:d3:1a:89:3b:a5:
         74:8c:b6:4f:50:d9:5b:a0:5e:fb:18:d2:92:ab:18:68:70:b1:
         1b:aa:da:f4:d6:2e:f9:cb:d2:2c:2e:7c:9f:5b:5f:e2:05:57:
         89:9d:e7:7a:dc:9c:fb:c6:97:da:9b:64:b1:85:be:54:b6:5f:
         15:ed:6a:ec:79:d1:3c:59:f0:3b:bb:19:5b:64:86:ec:40:44:
         7c:88:73:d6:97:6a:4f:8b:04:17:55:df:11:9a:dc:91:19:b9:
         d0:b0:63:2e:7a:9a:78:1c:9d:66:df:0c:66:f9:2d:df:28:51:
         a6:ff:cb:61:99:d0:f2:24:9e:7e:28:2d:48:15:1c:28:e2:1f:
         d5:c7:59:74:07:32:f3:9f:e4:c7:20:cc:64:a4:d4:af:bc:4e:
         45:98:0e:57:a7:ef:1c:a9:39:e5:27:d7:80:ef:e6:5b:82:c0:
         a9:d6:45:24:3a:1c:ab:93:a3:1f:02:84:f7:13:dc:83:ee:05:
         2b:7e:a8:d0:77:2a:78:af:ae:4c:59:ca:34:09:bf:41:10:fc:
         b6:a1:cf:e8:2a:7a:2e:a9:70:5a:7a:cd:d7:86:2e:a9:37:cd:
         a7:05:40:a8
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAZQl/eaIsp3ymADuwvduc6MeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiOGUyZjVhYzdjYmU2MjExN2RhNDc4YWMwYzAyN2FkNmQ4
NDNjNTYwHhcNMjUwMTAyMDc0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWExZGJhNjUzNGVlZDNiYzJjZjIyYmM4YzI0Y2M5Njk1MmUwZTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqBFKbhJ/J1i9JvFDfbz2J/7t766
KplDZ1MbTRohO8yhN3DXwiJ1uKxqkvYfFhWxNiTRctyPxsq2FrJOdEzkq/CfpIhX
BSNvezMWDzpmDhPPL0xvQ6wcjSF1+9P0kTUXMLG2D75ttA513PIdQPxWwgt1VHxa
TWIu47LtX9FQIJfkM/QaO+w93LxGQqtPSIVf3yKrqNX6lMvOFmFRv+D4ZBaVKgTD
1t33kWzSlKU8rnHcv4LM1k9ek6ModeG9L52IeK3mFkEtvKVTZvmV64g24gSuVcCC
06tQkLdkenb5aDFnE02nWwHa1qmJu8UQBV6d2GUUQ9CqO7Nc9ogktwbQaQIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFD6h26ZTTu07ws8ivIwkzJaVLg4BMB8GA1UdIwQY
MBaAFLuOL1rHy+YhF9pHisDAJ61thDxWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTQ0dldzZkw1aUVYMmtlS3dNQW5yVzJFUEZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9kMjA4YTAtZTQzNi00ODk2LWJlZjIt
M2I5ZGIwNWQyMzg0LzEvUHFIYnBsTk83VHZDenlLOGpDVE1scFV1RGdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9kMjA4YTAtZTQzNi00ODk2LWJlZjItM2I5ZGIwNWQyMzg0
LzEvdTQ0dldzZkw1aUVYMmtlS3dNQW5yVzJFUEZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBXBAIAATBRAwQHLvSAAwQF
PtjAAwQHPvWAAwQFUFEAAwQHUocAAwQGU6uAAwMAWNkDAwBdaAMEArkRzAMDALyu
AwQF1BIAAwQH1HKAAwQG1MxAAwQF1bOAMA0EAgACMAcDBQMgAQpgMA0GCSqGSIb3
DQEBCwUAA4IBAQCSlTgKsrQfCWB1du7ssfke1RxKYuG8+M4nmHWc8kKs0xqJO6V0
jLZPUNlboF77GNKSqxhocLEbqtr01i75y9IsLnyfW1/iBVeJned63Jz7xpfam2Sx
hb5Utl8V7WrsedE8WfA7uxlbZIbsQER8iHPWl2pPiwQXVd8RmtyRGbnQsGMuepp4
HJ1m3wxm+S3fKFGm/8thmdDyJJ5+KC1IFRwo4h/Vx1l0BzLzn+THIMxkpNSvvE5F
mA5Xp+8cqTnlJ9eA7+ZbgsCp1kUkOhyrk6MfAoT3E9yD7gUrfqjQdyp4r65MWco0
Cb9BEPy2oc/oKnouqXBaes3Xhi6pN82nBUCo
-----END CERTIFICATE-----