Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/pGg5IZ4_Rh_E3JxX0-HT9TgVPxM.roa
File:                     pGg5IZ4_Rh_E3JxX0-HT9TgVPxM.roa (raw, json)
Hash identifier:          5liIqRjQ5b6iul4uHIld/la3AWJyxn6cmBEC3D1GVaQ=
Subject key identifier:   A4:68:39:21:9E:3F:46:1F:C4:DC:9C:57:D3:E1:D3:F5:38:15:3F:13
Certificate issuer:       /CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Certificate serial:       0194266C3D6456FEBFC7CBD4C2718D989766
Authority key identifier: 31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/pGg5IZ4_Rh_E3JxX0-HT9TgVPxM.roa
Signing time:             Thu 02 Jan 2025 09:50:15 +0000
ROA not before:           Thu 02 Jan 2025 09:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31365
IP address blocks:        85.153.1.0/24 maxlen: 24
                          85.153.2.0/24 maxlen: 24
                          85.153.3.0/24 maxlen: 24
                          85.153.5.0/24 maxlen: 24
                          85.153.6.0/24 maxlen: 24
                          85.153.7.0/24 maxlen: 24
                          85.153.8.0/24 maxlen: 24
                          85.153.10.0/24 maxlen: 24
                          85.153.33.0/24 maxlen: 24
                          85.153.43.0/24 maxlen: 24
                          85.153.56.0/24 maxlen: 24
                          85.153.58.0/24 maxlen: 24
                          85.153.74.0/24 maxlen: 24
                          85.153.75.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:3d:64:56:fe:bf:c7:cb:d4:c2:71:8d:98:97:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
        Validity
            Not Before: Jan  2 09:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a46839219e3f461fc4dc9c57d3e1d3f538153f13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:03:50:92:78:50:44:16:d0:ef:f8:8c:58:bf:
                    00:3b:6a:f5:4c:fa:50:00:40:45:ab:a3:40:c4:96:
                    03:02:d0:55:49:f8:7f:cd:92:a0:17:aa:c4:18:b3:
                    d7:8f:eb:ca:57:40:e5:c2:28:df:d3:b3:de:bb:bd:
                    6d:e7:e2:d0:9a:e4:f5:c2:a7:70:2a:e1:95:d2:4c:
                    f7:02:f0:0c:18:0c:62:44:83:e3:ee:75:a8:1f:ec:
                    73:64:d6:d2:12:a7:34:45:e5:13:dc:80:88:f2:d2:
                    ca:11:f5:c5:4a:b8:39:88:51:39:b4:59:1a:ce:92:
                    20:c9:64:b1:54:3b:db:29:7a:3c:dd:30:1a:eb:f5:
                    84:6d:0e:19:c7:4b:d2:e9:69:8a:9a:11:91:c6:4d:
                    14:b1:cd:1e:4a:a2:eb:69:7a:b1:ae:1c:8b:d4:12:
                    28:27:06:59:d1:dc:65:e7:5d:fa:5c:b7:a2:04:ce:
                    22:b0:6a:86:6c:66:5e:90:d3:ce:8c:de:b1:e0:23:
                    1d:e0:dc:0e:33:e5:cd:5b:07:5e:c1:65:71:68:79:
                    80:18:b9:da:62:b2:ce:7b:36:79:28:50:71:89:88:
                    1d:2c:ea:d6:c4:88:82:fb:97:06:d7:06:4d:4b:e6:
                    79:ee:86:17:e0:e2:d5:7e:17:e9:53:e1:69:7b:b2:
                    41:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:68:39:21:9E:3F:46:1F:C4:DC:9C:57:D3:E1:D3:F5:38:15:3F:13
            X509v3 Authority Key Identifier:
                keyid:31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/pGg5IZ4_Rh_E3JxX0-HT9TgVPxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.1.0-85.153.3.255
                  85.153.5.0-85.153.8.255
                  85.153.10.0/24
                  85.153.33.0/24
                  85.153.43.0/24
                  85.153.56.0/24
                  85.153.58.0/24
                  85.153.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:95:3d:28:92:54:65:a1:74:39:f9:2b:c5:c7:ef:18:5d:77:
         82:f9:c3:5d:9b:30:71:c2:48:c8:1e:21:6d:b9:31:a3:5c:05:
         ba:e9:39:53:43:4e:14:24:ef:ee:51:df:51:b9:fa:01:13:0c:
         55:f3:ad:f1:42:b9:f8:46:0a:b2:39:48:ea:4c:e9:58:0c:20:
         dd:61:6b:25:8f:46:f9:0a:8a:ed:89:61:97:c6:0e:29:6f:ff:
         b0:f4:39:56:e8:23:e8:85:15:23:19:aa:5f:fa:f6:c3:a8:36:
         7e:00:6d:15:12:7c:c9:51:23:a6:93:a4:d8:ac:9e:45:33:2a:
         c3:86:f0:a7:63:f4:23:d9:50:ba:e6:25:f8:09:69:43:b8:ab:
         a0:db:e0:5a:92:07:9f:24:04:10:f8:a4:e0:67:0f:4e:3a:f2:
         23:22:18:c4:1b:45:17:ae:d0:1c:2a:78:d0:b2:db:f8:7b:94:
         20:51:d4:ac:71:bb:9a:8d:99:67:75:a5:e2:31:a8:5d:5b:92:
         5d:c8:fa:a1:a7:a1:32:a1:a8:b6:c3:e0:06:12:61:74:49:57:
         14:27:52:76:bb:b6:70:05:2f:89:fd:17:df:d7:63:43:17:79:
         be:af:b6:20:85:45:4c:5a:0e:1b:bf:40:a8:d5:b3:28:c4:ac:
         54:6c:f6:eb
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZQmbD1kVv6/x8vUwnGNmJdmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYTE4NWQwZWIwY2E3ODExYzU4NjQyNWRlMGU5NjBlMWNm
ZWI2MWIwHhcNMjUwMTAyMDk1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDY4MzkyMTllM2Y0NjFmYzRkYzljNTdkM2UxZDNmNTM4MTUzZjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgNQknhQRBbQ7/iMWL8AO2r1TPpQ
AEBFq6NAxJYDAtBVSfh/zZKgF6rEGLPXj+vKV0Dlwijf07Peu71t5+LQmuT1wqdw
KuGV0kz3AvAMGAxiRIPj7nWoH+xzZNbSEqc0ReUT3ICI8tLKEfXFSrg5iFE5tFka
zpIgyWSxVDvbKXo83TAa6/WEbQ4Zx0vS6WmKmhGRxk0Usc0eSqLraXqxrhyL1BIo
JwZZ0dxl5136XLeiBM4isGqGbGZekNPOjN6x4CMd4NwOM+XNWwdewWVxaHmAGLna
YrLOezZ5KFBxiYgdLOrWxIiC+5cG1wZNS+Z57oYX4OLVfhfpU+Fpe7JBswIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFKRoOSGeP0YfxNycV9Ph0/U4FT8TMB8GA1UdIwQY
MBaAFDGhhdDrDKeBHFhkJd4Olg4c/rYbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUt
MWRjYzg2YzExZTc0LzEvcEdnNUlaNF9SaF9FM0p4WDAtSFQ5VGdWUHhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUtMWRjYzg2YzExZTc0
LzEvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAMAwDBABVmQED
BAJVmQAwDAMEAFWZBQMEAFWZCAMEAFWZCgMEAFWZIQMEAFWZKwMEAFWZOAMEAFWZ
OgMEAVWZSjANBgkqhkiG9w0BAQsFAAOCAQEAL5U9KJJUZaF0OfkrxcfvGF13gvnD
XZswccJIyB4hbbkxo1wFuuk5U0NOFCTv7lHfUbn6ARMMVfOt8UK5+EYKsjlI6kzp
WAwg3WFrJY9G+QqK7Ylhl8YOKW//sPQ5Vugj6IUVIxmqX/r2w6g2fgBtFRJ8yVEj
ppOk2KyeRTMqw4bwp2P0I9lQuuYl+AlpQ7iroNvgWpIHnyQEEPik4GcPTjryIyIY
xBtFF67QHCp40LLb+HuUIFHUrHG7mo2ZZ3Wl4jGoXVuSXcj6oaehMqGotsPgBhJh
dElXFCdSdru2cAUvif0X39djQxd5vq+2IIVFTFoOG79AqNWzKMSsVGz26w==
-----END CERTIFICATE-----