Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/yOafeVKjcIl2dO0Q3xA_QyRCUtc.roa
File:                     yOafeVKjcIl2dO0Q3xA_QyRCUtc.roa (raw, json)
Hash identifier:          2zPskBvoYsqvUEbYKhfIcZJn+rj2BweSrLgX+5Zpuug=
Subject key identifier:   C8:E6:9F:79:52:A3:70:89:76:74:ED:10:DF:10:3F:43:24:42:52:D7
Certificate issuer:       /CN=79101035d53377c5a72bedca522fc1456e0b8419
Certificate serial:       019422FC49E046F60E8C78956EC933614344
Authority key identifier: 79:10:10:35:D5:33:77:C5:A7:2B:ED:CA:52:2F:C1:45:6E:0B:84:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eRAQNdUzd8WnK-3KUi_BRW4LhBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/yOafeVKjcIl2dO0Q3xA_QyRCUtc.roa
Signing time:             Wed 01 Jan 2025 17:49:06 +0000
ROA not before:           Wed 01 Jan 2025 17:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28849
IP address blocks:        185.15.156.0/22 maxlen: 22
                          185.15.159.0/24 maxlen: 24
                          217.23.112.0/20 maxlen: 20
                          217.23.112.0/24 maxlen: 24
                          217.23.113.0/24 maxlen: 24
                          217.23.114.0/24 maxlen: 24
                          217.23.115.0/24 maxlen: 24
                          217.23.116.0/24 maxlen: 24
                          217.23.117.0/24 maxlen: 24
                          217.23.119.0/24 maxlen: 24
                          217.23.121.0/24 maxlen: 24
                          217.23.122.0/24 maxlen: 24
                          217.23.123.0/24 maxlen: 24
                          217.23.124.0/24 maxlen: 24
                          217.23.125.0/24 maxlen: 24
                          217.23.126.0/24 maxlen: 24
                          217.23.127.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:49:e0:46:f6:0e:8c:78:95:6e:c9:33:61:43:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79101035d53377c5a72bedca522fc1456e0b8419
        Validity
            Not Before: Jan  1 17:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8e69f7952a370897674ed10df103f43244252d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5e:ff:b5:6f:6a:6d:7f:8f:ea:f1:e3:e9:1a:
                    79:b4:30:f8:b1:00:fd:94:19:f6:65:59:ee:f8:6f:
                    05:2f:a1:0c:8b:5d:0a:85:59:4a:70:ff:46:b1:a0:
                    10:21:dd:37:f4:2a:46:bf:e1:a7:63:01:83:34:55:
                    50:4f:10:cb:3f:f3:58:fb:8d:54:66:5c:fc:77:d7:
                    ed:2c:35:09:97:15:2d:9a:70:d2:b0:76:76:cd:08:
                    c2:22:b9:23:27:e6:33:09:55:ae:61:d9:5e:74:40:
                    44:5c:54:a9:9e:40:71:e4:45:a1:68:43:4c:ba:f2:
                    a7:13:2e:ce:13:6c:44:92:9d:50:1a:cf:d0:f7:ae:
                    02:5d:7f:08:c5:7c:23:f6:2f:7b:86:8c:8b:97:64:
                    5e:e2:cf:38:4b:12:05:ba:28:0b:2a:05:8e:1a:e6:
                    02:3d:6f:7f:d2:47:f3:6c:70:06:fc:ae:3d:58:99:
                    d5:06:35:21:57:68:e8:9e:27:5e:a4:af:6c:ea:31:
                    56:ef:8a:41:c4:31:e9:fc:82:b2:76:13:03:08:90:
                    50:3f:3b:d1:f0:a9:5f:56:52:8a:ae:04:9e:4e:fe:
                    c4:2b:b2:3d:fc:15:f5:d3:5b:d5:02:39:bc:ea:9f:
                    7d:bf:35:12:4c:0a:da:96:3f:19:42:00:15:e7:82:
                    a6:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:E6:9F:79:52:A3:70:89:76:74:ED:10:DF:10:3F:43:24:42:52:D7
            X509v3 Authority Key Identifier:
                keyid:79:10:10:35:D5:33:77:C5:A7:2B:ED:CA:52:2F:C1:45:6E:0B:84:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eRAQNdUzd8WnK-3KUi_BRW4LhBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/yOafeVKjcIl2dO0Q3xA_QyRCUtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/eRAQNdUzd8WnK-3KUi_BRW4LhBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.156.0/22
                  217.23.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         ae:c8:4c:b3:5d:5d:cf:14:2b:b1:e1:51:77:78:a8:e2:66:d6:
         60:1a:99:86:23:e3:af:cd:5a:c6:e5:cb:fa:22:e0:15:3b:c1:
         61:da:1a:e2:93:68:9a:7e:ed:a7:81:6a:50:61:5b:98:90:21:
         5c:90:50:81:9b:d4:9e:05:ab:5e:b3:b5:49:77:67:b5:80:7b:
         ef:e6:81:87:e5:d6:ff:cc:79:a0:8d:88:35:18:e7:69:4b:61:
         2a:ad:22:35:1f:5a:fe:29:11:4b:ec:8b:d2:6b:47:6c:d9:30:
         63:63:9a:9b:70:53:1a:9a:76:73:1c:1f:8e:07:20:b7:9d:fa:
         0a:5d:5c:17:b0:c2:c3:c9:ba:12:b5:62:63:e6:ec:56:2b:fb:
         27:73:45:b5:29:48:e7:d1:6f:9e:82:b3:6e:fb:8d:00:c3:76:
         1a:82:c7:1c:d2:11:ed:f8:37:b6:92:4c:2c:9a:e3:53:2a:51:
         7c:86:5c:d0:8b:58:a3:eb:35:91:d2:1a:52:43:61:d7:15:7c:
         e5:c8:05:eb:d4:a7:03:5c:22:60:63:c7:1a:46:a2:ed:39:32:
         bc:01:3e:2a:2c:81:ff:89:ba:72:0f:68:3f:77:c2:ab:b6:6f:
         6d:20:d6:1b:bc:7b:90:bd:4d:23:44:25:61:4d:93:2c:58:e3:
         f9:3f:cc:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi/EngRvYOjHiVbskzYUNEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5MTAxMDM1ZDUzMzc3YzVhNzJiZWRjYTUyMmZjMTQ1NmUw
Yjg0MTkwHhcNMjUwMTAxMTc0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGU2OWY3OTUyYTM3MDg5NzY3NGVkMTBkZjEwM2Y0MzI0NDI1MmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvF7/tW9qbX+P6vHj6Rp5tDD4sQD9
lBn2ZVnu+G8FL6EMi10KhVlKcP9GsaAQId039CpGv+GnYwGDNFVQTxDLP/NY+41U
Zlz8d9ftLDUJlxUtmnDSsHZ2zQjCIrkjJ+YzCVWuYdledEBEXFSpnkBx5EWhaENM
uvKnEy7OE2xEkp1QGs/Q964CXX8IxXwj9i97hoyLl2Re4s84SxIFuigLKgWOGuYC
PW9/0kfzbHAG/K49WJnVBjUhV2jonidepK9s6jFW74pBxDHp/IKydhMDCJBQPzvR
8KlfVlKKrgSeTv7EK7I9/BX101vVAjm86p99vzUSTAralj8ZQgAV54Km1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMjmn3lSo3CJdnTtEN8QP0MkQlLXMB8GA1UdIwQY
MBaAFHkQEDXVM3fFpyvtylIvwUVuC4QZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVJBUU5kVXpkOFduSy0zS1VpX0JSVzRMaEJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS85NThjMmMtYjRjMy00MzJkLTlhYjEt
MGNjODNiMDBmYzU4LzEveU9hZmVWS2pjSWwyZE8wUTN4QV9ReVJDVXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS85NThjMmMtYjRjMy00MzJkLTlhYjEtMGNjODNiMDBmYzU4
LzEvZVJBUU5kVXpkOFduSy0zS1VpX0JSVzRMaEJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuQ+cAwQE
2RdwMA0GCSqGSIb3DQEBCwUAA4IBAQCuyEyzXV3PFCux4VF3eKjiZtZgGpmGI+Ov
zVrG5cv6IuAVO8Fh2hrik2iafu2ngWpQYVuYkCFckFCBm9SeBates7VJd2e1gHvv
5oGH5db/zHmgjYg1GOdpS2EqrSI1H1r+KRFL7IvSa0ds2TBjY5qbcFMamnZzHB+O
ByC3nfoKXVwXsMLDyboStWJj5uxWK/snc0W1KUjn0W+egrNu+40Aw3Yagscc0hHt
+De2kkwsmuNTKlF8hlzQi1ij6zWR0hpSQ2HXFXzlyAXr1KcDXCJgY8caRqLtOTK8
AT4qLIH/ibpyD2g/d8Krtm9tINYbvHuQvU0jRCVhTZMsWOP5P8xO
-----END CERTIFICATE-----