Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/3baacc-4201-4951-8354-f85f721fb1b8/1/wIm0A8W2Phgt1OO5oeTqTztju0g.roa
File:                     wIm0A8W2Phgt1OO5oeTqTztju0g.roa (raw, json)
Hash identifier:          NlYQ1T7mFBGddxYYpTaeqb8uAIXp1pec66MhW6UVFnE=
Subject key identifier:   C0:89:B4:03:C5:B6:3E:18:2D:D4:E3:B9:A1:E4:EA:4F:3B:63:BB:48
Certificate issuer:       /CN=88678ca34c3c6365fb616a66077160a494a6e9d6
Certificate serial:       019487ADE01F7AFDBAB0E122603F7B965026
Authority key identifier: 88:67:8C:A3:4C:3C:63:65:FB:61:6A:66:07:71:60:A4:94:A6:E9:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iGeMo0w8Y2X7YWpmB3FgpJSm6dY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/3baacc-4201-4951-8354-f85f721fb1b8/1/wIm0A8W2Phgt1OO5oeTqTztju0g.roa
Signing time:             Tue 21 Jan 2025 07:05:06 +0000
ROA not before:           Tue 21 Jan 2025 07:05:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12479
IP address blocks:        62.32.128.0/19 maxlen: 24
                          62.32.160.0/19 maxlen: 24
                          62.32.192.0/20 maxlen: 24
                          62.32.208.0/20 maxlen: 24
                          62.32.224.0/19 maxlen: 24
                          83.231.0.0/17 maxlen: 17
                          83.231.0.0/19 maxlen: 24
                          83.231.40.0/24 maxlen: 24
                          83.231.41.0/24 maxlen: 24
                          83.231.42.0/24 maxlen: 24
                          83.231.43.0/24 maxlen: 24
                          83.231.48.0/21 maxlen: 24
                          83.231.56.0/21 maxlen: 24
                          83.231.64.0/18 maxlen: 24
                          185.124.28.0/22 maxlen: 24
                          212.169.128.0/17 maxlen: 24
                          213.143.32.0/19 maxlen: 19
                          213.143.32.0/24 maxlen: 24
                          213.143.44.0/22 maxlen: 24
                          213.143.48.0/22 maxlen: 24
                          213.143.56.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:87:ad:e0:1f:7a:fd:ba:b0:e1:22:60:3f:7b:96:50:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88678ca34c3c6365fb616a66077160a494a6e9d6
        Validity
            Not Before: Jan 21 07:05:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c089b403c5b63e182dd4e3b9a1e4ea4f3b63bb48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:e2:ec:8c:4c:59:d5:9f:8f:b5:9c:64:ad:97:
                    7d:59:57:9e:cd:78:ed:49:05:a7:99:24:54:03:03:
                    fe:0f:8e:6e:31:82:72:4b:be:02:11:7d:e6:4c:af:
                    7f:28:bd:ae:a2:91:a7:61:7d:52:67:02:49:1b:c0:
                    1f:93:d4:6b:29:ab:39:00:71:a8:be:18:23:4c:d5:
                    dd:f4:07:d4:e9:e1:e9:f1:e7:13:c3:8b:fe:ac:e3:
                    9f:34:b8:74:40:e7:be:f6:bc:87:5a:55:24:ac:6c:
                    d1:1b:33:50:e4:cf:cb:a6:de:89:60:36:51:8d:6d:
                    fd:7e:a6:f7:41:78:67:5e:4c:65:e7:ee:52:da:e8:
                    fc:fe:ad:28:0f:c9:4b:c5:dd:f0:2e:58:82:ae:8b:
                    ab:f6:3b:c8:c4:7c:71:e2:2a:6d:10:20:7f:ca:07:
                    a4:ad:a4:75:9c:b5:0f:c3:f7:db:2a:ef:62:0d:d7:
                    01:5f:64:d5:c8:bc:89:9a:1b:c0:2a:4f:60:5f:45:
                    20:3a:77:fb:e7:f5:c9:82:68:70:bb:d3:c5:4b:c6:
                    6f:77:dc:07:41:e9:fc:a6:ef:c5:01:a5:83:38:f1:
                    80:b4:c0:78:10:d3:ca:1b:70:03:69:82:e2:fa:52:
                    45:af:25:62:e7:08:28:1d:ac:de:6f:00:45:72:13:
                    51:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:89:B4:03:C5:B6:3E:18:2D:D4:E3:B9:A1:E4:EA:4F:3B:63:BB:48
            X509v3 Authority Key Identifier:
                keyid:88:67:8C:A3:4C:3C:63:65:FB:61:6A:66:07:71:60:A4:94:A6:E9:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iGeMo0w8Y2X7YWpmB3FgpJSm6dY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3baacc-4201-4951-8354-f85f721fb1b8/1/wIm0A8W2Phgt1OO5oeTqTztju0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3baacc-4201-4951-8354-f85f721fb1b8/1/iGeMo0w8Y2X7YWpmB3FgpJSm6dY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.32.128.0/17
                  83.231.0.0/17
                  185.124.28.0/22
                  212.169.128.0/17
                  213.143.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         26:9b:72:a8:ac:59:39:dd:a8:de:c5:81:d4:20:37:df:9c:f6:
         f7:73:f6:95:5d:ef:af:e0:cb:2a:bf:b8:6e:c4:3c:3a:d4:7e:
         34:29:a4:62:36:52:44:94:53:a9:6b:fd:f6:81:13:6a:52:4f:
         79:ac:9a:fb:4e:bf:fe:34:d1:2c:8c:c7:4c:43:06:e7:3f:fa:
         a2:ef:77:28:2c:2d:2a:8e:e2:02:b6:7a:46:54:b6:74:ce:08:
         4a:dd:44:a1:a0:31:ac:27:64:20:6e:75:b2:f4:0a:8e:d6:4a:
         5c:7c:15:16:c9:c1:8c:d5:6d:fa:f3:51:14:1d:f8:1b:68:27:
         a9:f7:03:1b:fe:56:a6:06:0d:b1:1a:c8:67:90:f3:73:0b:23:
         b5:5f:81:65:b0:2d:2c:39:e2:85:a7:bd:3b:d3:0b:9c:7b:22:
         b3:b5:df:3b:1d:ae:c3:7f:9e:94:25:92:24:3c:66:b5:ce:60:
         69:86:50:64:ad:de:ad:a1:34:9d:52:5e:2c:fc:c7:fd:f9:05:
         93:bb:08:91:4d:40:7a:64:13:c0:55:39:2b:19:91:47:7c:b6:
         dc:d1:55:cb:79:9e:72:24:71:e4:44:bf:14:b3:9f:6c:de:9d:
         d7:3b:8c:e8:60:6b:dd:ec:1c:de:4d:cf:ef:7c:82:28:c2:c5:
         f8:26:cb:ec
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZSHreAfev26sOEiYD97llAmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4Njc4Y2EzNGMzYzYzNjVmYjYxNmE2NjA3NzE2MGE0OTRh
NmU5ZDYwHhcNMjUwMTIxMDcwNTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDg5YjQwM2M1YjYzZTE4MmRkNGUzYjlhMWU0ZWE0ZjNiNjNiYjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OLsjExZ1Z+PtZxkrZd9WVeezXjt
SQWnmSRUAwP+D45uMYJyS74CEX3mTK9/KL2uopGnYX1SZwJJG8Afk9RrKas5AHGo
vhgjTNXd9AfU6eHp8ecTw4v+rOOfNLh0QOe+9ryHWlUkrGzRGzNQ5M/Lpt6JYDZR
jW39fqb3QXhnXkxl5+5S2uj8/q0oD8lLxd3wLliCrour9jvIxHxx4iptECB/ygek
raR1nLUPw/fbKu9iDdcBX2TVyLyJmhvAKk9gX0UgOnf75/XJgmhwu9PFS8Zvd9wH
Qen8pu/FAaWDOPGAtMB4ENPKG3ADaYLi+lJFryVi5wgoHazebwBFchNRDwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFMCJtAPFtj4YLdTjuaHk6k87Y7tIMB8GA1UdIwQY
MBaAFIhnjKNMPGNl+2FqZgdxYKSUpunWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUdlTW8wdzhZMlg3WVdwbUIzRmdwSlNtNmRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8zYmFhY2MtNDIwMS00OTUxLTgzNTQt
Zjg1ZjcyMWZiMWI4LzEvd0ltMEE4VzJQaGd0MU9PNW9lVHFUenRqdTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8zYmFhY2MtNDIwMS00OTUxLTgzNTQtZjg1ZjcyMWZiMWI4
LzEvaUdlTW8wdzhZMlg3WVdwbUIzRmdwSlNtNmRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQHPiCAAwQH
U+cAAwQCuXwcAwQH1KmAAwQF1Y8gMA0GCSqGSIb3DQEBCwUAA4IBAQAmm3KorFk5
3ajexYHUIDffnPb3c/aVXe+v4Msqv7huxDw61H40KaRiNlJElFOpa/32gRNqUk95
rJr7Tr/+NNEsjMdMQwbnP/qi73coLC0qjuICtnpGVLZ0zghK3UShoDGsJ2QgbnWy
9AqO1kpcfBUWycGM1W3681EUHfgbaCep9wMb/lamBg2xGshnkPNzCyO1X4FlsC0s
OeKFp7070wuceyKztd87Ha7Df56UJZIkPGa1zmBphlBkrd6toTSdUl4s/Mf9+QWT
uwiRTUB6ZBPAVTkrGZFHfLbc0VXLeZ5yJHHkRL8Us59s3p3XO4zoYGvd7BzeTc/v
fIIowsX4Jsvs
-----END CERTIFICATE-----