Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/goVpMcG2ODEOIZ7_0hXRiANRZn8.roa
File:                     goVpMcG2ODEOIZ7_0hXRiANRZn8.roa (raw, json)
Hash identifier:          2kl0AvCVYVxh1HGeLnDLOsiWsOqxJNKpCdXHKYMaXEw=
Subject key identifier:   82:85:69:31:C1:B6:38:31:0E:21:9E:FF:D2:15:D1:88:03:51:66:7F
Certificate issuer:       /CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
Certificate serial:       01942067E6F6FDB220DF0BA90D0AC2B745DE
Authority key identifier: 6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/goVpMcG2ODEOIZ7_0hXRiANRZn8.roa
Signing time:             Wed 01 Jan 2025 05:47:47 +0000
ROA not before:           Wed 01 Jan 2025 05:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203020
IP address blocks:        45.114.12.0/22 maxlen: 32
                          45.145.104.0/22 maxlen: 32
                          45.250.64.0/22 maxlen: 32
                          91.132.114.0/23 maxlen: 32
                          103.53.216.0/22 maxlen: 22
                          103.240.180.0/22 maxlen: 32
                          193.19.204.0/24 maxlen: 32
                          193.19.205.0/24 maxlen: 32
                          193.19.206.0/24 maxlen: 32
                          193.19.207.0/24 maxlen: 32
                          193.28.182.0/24 maxlen: 32
                          193.28.191.0/24 maxlen: 32
                          193.28.202.0/24 maxlen: 32
                          193.28.237.0/24 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e6:f6:fd:b2:20:df:0b:a9:0d:0a:c2:b7:45:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
        Validity
            Not Before: Jan  1 05:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82856931c1b638310e219effd215d1880351667f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:bf:7c:0b:e7:d5:e3:db:f5:9d:c6:5f:e6:ef:
                    10:48:37:b1:6d:ec:75:4d:31:31:20:f5:72:e8:3f:
                    82:e8:14:a8:86:b2:44:5c:c1:fe:7f:f2:fb:15:96:
                    2d:81:72:33:9e:d0:6f:64:83:07:87:f5:1e:08:87:
                    43:5c:b3:73:d0:95:50:d7:c1:66:85:30:68:f4:a0:
                    c6:92:b2:66:63:49:82:06:ec:81:c7:9d:99:cb:82:
                    0d:6f:49:c7:4b:e4:fb:68:d1:f3:c5:b3:0b:8e:0f:
                    03:82:94:ff:ac:7c:b1:da:33:d4:19:7f:39:c3:39:
                    c5:61:9e:b3:a1:0c:87:d4:13:c4:1b:0d:21:8e:eb:
                    25:04:af:04:20:30:c6:43:a1:25:c2:ed:f1:3a:35:
                    00:5f:90:ae:ea:7c:62:18:39:77:1c:83:ca:27:b6:
                    06:67:2b:2f:2f:78:d7:12:77:61:44:d7:eb:f0:64:
                    5a:84:4c:9c:09:93:97:c8:ea:64:43:0e:75:29:a6:
                    45:f1:86:99:84:b6:10:f0:98:c0:ee:50:da:06:e1:
                    b6:b7:24:96:a9:e9:dd:83:ea:d5:72:25:10:0a:16:
                    6a:d0:b9:d1:02:c8:2d:68:1c:9c:b7:bc:50:0a:e4:
                    0b:da:d2:83:05:c9:68:b8:20:06:07:18:53:01:b6:
                    57:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:85:69:31:C1:B6:38:31:0E:21:9E:FF:D2:15:D1:88:03:51:66:7F
            X509v3 Authority Key Identifier:
                keyid:6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/goVpMcG2ODEOIZ7_0hXRiANRZn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.114.12.0/22
                  45.145.104.0/22
                  45.250.64.0/22
                  91.132.114.0/23
                  103.53.216.0/22
                  103.240.180.0/22
                  193.19.204.0/22
                  193.28.182.0/24
                  193.28.191.0/24
                  193.28.202.0/24
                  193.28.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:76:b2:06:88:bb:25:71:12:b7:c9:d2:91:64:ae:dd:61:78:
         43:9f:38:4a:c9:b5:27:19:22:d8:95:ce:38:a1:2d:7f:f4:f4:
         80:8a:8e:a5:4e:91:0b:86:b4:b2:0c:22:42:f6:d2:ca:87:df:
         25:1f:dd:5b:f7:d8:26:c6:ea:2b:8c:4b:1e:e8:00:77:47:2b:
         a3:ed:f1:98:71:e3:4d:57:38:de:ba:0d:a6:17:89:7d:50:8e:
         93:3b:74:e4:08:0e:ba:10:3f:92:5a:cf:d4:12:d7:1e:c2:56:
         56:58:ab:07:17:6d:03:42:da:5d:10:0e:3f:66:c4:3d:9b:88:
         48:4d:17:c3:99:1a:72:9d:ab:7b:27:02:07:d5:41:71:53:93:
         b9:dc:4a:0a:42:bd:21:ef:f4:06:31:1a:4d:1e:f3:6d:46:61:
         5d:44:1c:d7:ff:68:d1:79:45:72:84:7c:1e:ad:24:0e:71:5c:
         7f:89:7e:55:9a:00:43:f6:40:92:26:4e:d5:65:af:5a:70:d7:
         5c:cc:2f:71:74:95:37:80:27:e7:f5:c8:cc:2b:19:e1:30:8d:
         2c:18:46:17:d0:c6:db:b1:c5:17:5e:16:85:d8:14:7c:68:1e:
         9e:de:e6:91:cd:0e:09:44:fe:b5:26:2f:f9:7b:2e:3a:ac:0c:
         7a:08:95:55
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZQgZ+b2/bIg3wupDQrCt0XeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDNhMmNhZjI5ODAxOWZiZDY2ODYyMTUxNmM4YzZlMWQx
MGU4M2MwHhcNMjUwMTAxMDU0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mjg1NjkzMWMxYjYzODMxMGUyMTllZmZkMjE1ZDE4ODAzNTE2NjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoL98C+fV49v1ncZf5u8QSDexbex1
TTExIPVy6D+C6BSohrJEXMH+f/L7FZYtgXIzntBvZIMHh/UeCIdDXLNz0JVQ18Fm
hTBo9KDGkrJmY0mCBuyBx52Zy4INb0nHS+T7aNHzxbMLjg8DgpT/rHyx2jPUGX85
wznFYZ6zoQyH1BPEGw0hjuslBK8EIDDGQ6Elwu3xOjUAX5Cu6nxiGDl3HIPKJ7YG
ZysvL3jXEndhRNfr8GRahEycCZOXyOpkQw51KaZF8YaZhLYQ8JjA7lDaBuG2tySW
qendg+rVciUQChZq0LnRAsgtaByct7xQCuQL2tKDBclouCAGBxhTAbZX9QIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFIKFaTHBtjgxDiGe/9IV0YgDUWZ/MB8GA1UdIwQY
MBaAFGwDosrymAGfvWaGIVFsjG4dEOg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDkt
ZmMzN2ZiMGNkNDNiLzEvZ29WcE1jRzJPREVPSVo3XzBoWFJpQU5SWm44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDktZmMzN2ZiMGNkNDNi
LzEvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQCLXIMAwQC
LZFoAwQCLfpAAwQBW4RyAwQCZzXYAwQCZ/C0AwQCwRPMAwQAwRy2AwQAwRy/AwQA
wRzKAwQAwRztMA0GCSqGSIb3DQEBCwUAA4IBAQB5drIGiLslcRK3ydKRZK7dYXhD
nzhKybUnGSLYlc44oS1/9PSAio6lTpELhrSyDCJC9tLKh98lH91b99gmxuorjEse
6AB3Ryuj7fGYceNNVzjeug2mF4l9UI6TO3TkCA66ED+SWs/UEtcewlZWWKsHF20D
QtpdEA4/ZsQ9m4hITRfDmRpynat7JwIH1UFxU5O53EoKQr0h7/QGMRpNHvNtRmFd
RBzX/2jReUVyhHwerSQOcVx/iX5VmgBD9kCSJk7VZa9acNdczC9xdJU3gCfn9cjM
KxnhMI0sGEYX0MbbscUXXhaF2BR8aB6e3uaRzQ4JRP61Ji/5ey46rAx6CJVV
-----END CERTIFICATE-----