Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/L1Bz6qAa7Tw2r0koEROI1LNkc8U.roa
File:                     L1Bz6qAa7Tw2r0koEROI1LNkc8U.roa (raw, json)
Hash identifier:          DocEMWhWVMmnhBegXTSWZpGGhsBAl4jcHIRujEDNT44=
Subject key identifier:   2F:50:73:EA:A0:1A:ED:3C:36:AF:49:28:11:13:88:D4:B3:64:73:C5
Certificate issuer:       /CN=0bac82804700ad36538bf86f34c073e971430da5
Certificate serial:       019421B1C6EA0D08B9D6986BE3B9CF6301B6
Authority key identifier: 0B:AC:82:80:47:00:AD:36:53:8B:F8:6F:34:C0:73:E9:71:43:0D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C6yCgEcArTZTi_hvNMBz6XFDDaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/L1Bz6qAa7Tw2r0koEROI1LNkc8U.roa
Signing time:             Wed 01 Jan 2025 11:48:06 +0000
ROA not before:           Wed 01 Jan 2025 11:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57021
IP address blocks:        194.58.200.0/24 maxlen: 24
                          194.58.202.0/24 maxlen: 24
                          194.58.203.0/24 maxlen: 24
                          194.58.204.0/24 maxlen: 24
                          194.58.205.0/24 maxlen: 24
                          194.58.206.0/24 maxlen: 24
                          194.58.207.0/24 maxlen: 24
                          2a01:3f7::/32 maxlen: 48
                          2a01:3f7::/48 maxlen: 48
                          2a01:3f7:2::/48 maxlen: 48
                          2a01:3f7:3::/48 maxlen: 48
                          2a01:3f7:4::/48 maxlen: 48
                          2a01:3f7:5::/48 maxlen: 48
                          2a01:3f7:6::/48 maxlen: 48
                          2a01:3f7:7::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:c6:ea:0d:08:b9:d6:98:6b:e3:b9:cf:63:01:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bac82804700ad36538bf86f34c073e971430da5
        Validity
            Not Before: Jan  1 11:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f5073eaa01aed3c36af4928111388d4b36473c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:22:55:b2:33:da:4e:86:16:f9:80:7d:47:9b:
                    4d:ac:44:4c:33:2f:ce:87:84:d0:59:07:32:65:72:
                    d4:0d:a7:44:46:94:10:32:71:5d:59:91:74:1c:54:
                    68:4d:64:0c:86:a6:26:fd:e0:ea:af:52:88:6f:a5:
                    b6:47:98:f4:6d:d0:d7:89:4e:de:25:a7:f2:02:60:
                    cc:26:53:e2:aa:72:d1:a9:fd:b4:d4:b0:af:0a:3e:
                    c1:6e:28:96:b7:8a:d5:93:3f:db:df:99:7a:2b:2f:
                    64:ee:98:6d:80:09:47:cc:74:9e:ac:3d:fc:ce:88:
                    75:a8:ed:0e:1b:77:5c:2a:23:26:4a:34:98:03:e8:
                    ea:d6:f4:4c:0c:e6:8d:59:b6:78:e5:c9:0c:d2:4d:
                    47:48:3e:8e:35:ec:db:d2:7e:94:52:7f:61:11:79:
                    97:85:b9:21:75:80:54:46:95:64:89:dd:42:55:78:
                    b2:22:7c:9e:22:aa:1b:4c:67:96:80:3b:6c:cc:76:
                    b9:5a:af:4a:a4:ec:53:6b:28:0b:68:d8:c3:ce:53:
                    35:c1:8f:11:a2:18:db:23:c5:65:f0:7b:89:ee:d2:
                    10:a6:50:a4:f1:fa:56:95:0a:fb:3a:dd:91:37:17:
                    97:7d:48:4b:ce:99:d5:64:2e:e3:74:bd:a9:dc:b5:
                    55:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:50:73:EA:A0:1A:ED:3C:36:AF:49:28:11:13:88:D4:B3:64:73:C5
            X509v3 Authority Key Identifier:
                keyid:0B:AC:82:80:47:00:AD:36:53:8B:F8:6F:34:C0:73:E9:71:43:0D:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C6yCgEcArTZTi_hvNMBz6XFDDaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/L1Bz6qAa7Tw2r0koEROI1LNkc8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/C6yCgEcArTZTi_hvNMBz6XFDDaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.200.0/24
                  194.58.202.0-194.58.207.255
                IPv6:
                  2a01:3f7::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:2e:71:48:11:23:2d:9e:88:6d:49:66:f6:2a:9b:75:71:0e:
         d1:5b:b3:eb:ba:64:01:15:51:ae:f4:58:12:b1:89:a9:6c:3a:
         32:c6:0e:58:1a:a0:00:35:59:25:8d:74:f4:72:c9:23:52:f2:
         a2:65:78:95:18:a5:82:85:73:17:80:82:d0:27:6f:3f:32:ac:
         13:58:8f:c1:58:f4:dd:2f:13:41:2c:29:6d:b7:a8:f5:89:6e:
         5e:61:a3:37:a4:bf:5a:94:42:cf:11:6e:31:c9:44:16:37:b3:
         23:d8:8b:e8:0b:d7:3e:89:6d:55:e8:1d:7c:ee:40:b1:4d:f6:
         98:76:af:91:5d:e0:d5:67:fd:77:f3:65:42:73:9b:62:d2:8c:
         ea:f0:a6:7e:b3:06:98:0d:89:0c:8a:ee:ed:0c:a0:0c:7c:7e:
         47:d1:f4:ac:79:3f:1d:c5:6c:57:4e:b3:32:f4:43:d2:36:f2:
         41:d7:f3:b5:eb:87:67:58:26:9c:3a:97:2a:f4:e1:c2:2b:d9:
         0d:36:87:95:7d:01:4c:be:81:0a:31:c0:e2:62:d7:8c:f2:a1:
         63:d5:76:20:a0:25:5b:01:99:ee:79:b6:cb:d8:59:18:19:87:
         21:17:1a:14:72:98:85:e8:5f:8a:0d:d5:30:12:9b:55:dd:41:
         cc:ba:4b:a2
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZQhscbqDQi51phr47nPYwG2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYWM4MjgwNDcwMGFkMzY1MzhiZjg2ZjM0YzA3M2U5NzE0
MzBkYTUwHhcNMjUwMTAxMTE0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjUwNzNlYWEwMWFlZDNjMzZhZjQ5MjgxMTEzODhkNGIzNjQ3M2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriJVsjPaToYW+YB9R5tNrERMMy/O
h4TQWQcyZXLUDadERpQQMnFdWZF0HFRoTWQMhqYm/eDqr1KIb6W2R5j0bdDXiU7e
JafyAmDMJlPiqnLRqf201LCvCj7BbiiWt4rVkz/b35l6Ky9k7phtgAlHzHSerD38
zoh1qO0OG3dcKiMmSjSYA+jq1vRMDOaNWbZ45ckM0k1HSD6ONezb0n6UUn9hEXmX
hbkhdYBURpVkid1CVXiyInyeIqobTGeWgDtszHa5Wq9KpOxTaygLaNjDzlM1wY8R
ohjbI8Vl8HuJ7tIQplCk8fpWlQr7Ot2RNxeXfUhLzpnVZC7jdL2p3LVVPQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFC9Qc+qgGu08Nq9JKBETiNSzZHPFMB8GA1UdIwQY
MBaAFAusgoBHAK02U4v4bzTAc+lxQw2lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzZ5Q2dFY0FyVFpUaV9odk5NQno2WEZERGFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9hNzI4OTEtZGUyZi00MTU2LWEwMTEt
NDNmNjRiY2VhOTlkLzEvTDFCejZxQWE3VHcycjBrb0VST0kxTE5rYzhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9hNzI4OTEtZGUyZi00MTU2LWEwMTEtNDNmNjRiY2VhOTlk
LzEvQzZ5Q2dFY0FyVFpUaV9odk5NQno2WEZERGFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQAwjrIMAwD
BAHCOsoDBATCOsAwDQQCAAIwBwMFACoBA/cwDQYJKoZIhvcNAQELBQADggEBAG0u
cUgRIy2eiG1JZvYqm3VxDtFbs+u6ZAEVUa70WBKxialsOjLGDlgaoAA1WSWNdPRy
ySNS8qJleJUYpYKFcxeAgtAnbz8yrBNYj8FY9N0vE0EsKW23qPWJbl5hozekv1qU
Qs8RbjHJRBY3syPYi+gL1z6JbVXoHXzuQLFN9ph2r5Fd4NVn/XfzZUJzm2LSjOrw
pn6zBpgNiQyK7u0MoAx8fkfR9Kx5Px3FbFdOszL0Q9I28kHX87Xrh2dYJpw6lyr0
4cIr2Q02h5V9AUy+gQoxwOJi14zyoWPVdiCgJVsBme55tsvYWRgZhyEXGhRymIXo
X4oN1TASm1XdQcy6S6I=
-----END CERTIFICATE-----