Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/3IjZ5GRES4txzqQX4Qcixk66Q2s.roa
File:                     3IjZ5GRES4txzqQX4Qcixk66Q2s.roa (raw, json)
Hash identifier:          q4Y0aGLsnwyGE/1lp5HXd2+BQA+1jawV7hj7BbQPFKY=
Subject key identifier:   DC:88:D9:E4:64:44:4B:8B:71:CE:A4:17:E1:07:22:C6:4E:BA:43:6B
Certificate issuer:       /CN=f4b769a53dd86352d3440f222bdf907cf09c2dba
Certificate serial:       019427B662DD307452C89FA1E8ACFDD7E93B
Authority key identifier: F4:B7:69:A5:3D:D8:63:52:D3:44:0F:22:2B:DF:90:7C:F0:9C:2D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/3IjZ5GRES4txzqQX4Qcixk66Q2s.roa
Signing time:             Thu 02 Jan 2025 15:50:51 +0000
ROA not before:           Thu 02 Jan 2025 15:50:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50436
IP address blocks:        5.28.64.0/18 maxlen: 19
                          5.28.64.0/19 maxlen: 19
                          5.28.96.0/19 maxlen: 19
                          37.120.0.0/17 maxlen: 18
                          92.206.8.0/21 maxlen: 24
                          92.206.32.0/20 maxlen: 24
                          92.206.48.0/20 maxlen: 24
                          92.206.209.0/24 maxlen: 24
                          92.206.254.0/23 maxlen: 24
                          94.139.0.0/19 maxlen: 20
                          217.68.167.0/24 maxlen: 24
                          2a02:2455:8000::/36 maxlen: 36
                          2a02:2455:9000::/36 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:62:dd:30:74:52:c8:9f:a1:e8:ac:fd:d7:e9:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b769a53dd86352d3440f222bdf907cf09c2dba
        Validity
            Not Before: Jan  2 15:50:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc88d9e464444b8b71cea417e10722c64eba436b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:55:53:a5:49:67:bd:4f:26:35:d3:e6:9a:df:
                    ed:f9:68:2a:fe:1a:53:e8:f6:95:da:05:19:ad:47:
                    91:15:ee:e9:62:0b:2e:35:c5:de:c0:ea:df:9e:d9:
                    c1:87:da:95:e9:10:55:fd:6a:49:f5:f0:29:c5:9a:
                    45:c9:65:9f:bf:37:66:75:2d:5e:f1:cc:99:80:5b:
                    e4:c9:4e:66:95:81:c8:36:91:eb:19:9b:d6:77:31:
                    06:b3:2e:5e:3c:81:35:d4:61:04:b4:44:25:d6:95:
                    42:51:ef:a8:8e:33:46:ee:79:51:8d:aa:26:f1:94:
                    df:f4:e3:08:e6:a6:df:56:d6:97:80:98:ca:d2:64:
                    fc:14:39:2a:bc:79:d6:7a:da:63:ac:34:71:aa:c0:
                    ff:91:68:11:7f:da:0b:2c:97:2c:e4:a5:ec:2b:29:
                    7e:92:5e:a4:35:b1:ef:f5:a6:82:d7:f7:bb:6a:b4:
                    00:8a:2f:62:bd:d4:0f:a1:e7:6d:25:41:10:73:f8:
                    b7:7e:aa:06:bf:f4:56:b7:1d:fc:83:86:94:90:56:
                    e6:58:b0:36:65:88:1d:0a:20:c4:c2:6b:ed:52:b6:
                    53:51:87:d5:7f:68:12:32:bb:5d:7a:9e:e4:f9:af:
                    78:80:0a:32:78:5c:7b:c9:ed:74:25:93:d4:03:f9:
                    c9:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:88:D9:E4:64:44:4B:8B:71:CE:A4:17:E1:07:22:C6:4E:BA:43:6B
            X509v3 Authority Key Identifier:
                keyid:F4:B7:69:A5:3D:D8:63:52:D3:44:0F:22:2B:DF:90:7C:F0:9C:2D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/3IjZ5GRES4txzqQX4Qcixk66Q2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/9LdppT3YY1LTRA8iK9-QfPCcLbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.28.64.0/18
                  37.120.0.0/17
                  92.206.8.0/21
                  92.206.32.0/19
                  92.206.209.0/24
                  92.206.254.0/23
                  94.139.0.0/19
                  217.68.167.0/24
                IPv6:
                  2a02:2455:8000::/35

    Signature Algorithm: sha256WithRSAEncryption
         9b:a9:bc:b1:6f:a5:be:2e:40:5d:aa:00:e6:24:61:ca:2b:ff:
         a2:2f:d1:f3:4c:2e:24:43:70:ab:9d:02:89:ac:6a:9b:f6:f9:
         82:c5:85:1c:8d:c5:e4:f0:39:a8:30:a3:8e:dd:71:00:f5:8c:
         58:e6:34:55:bc:3b:2c:1e:4d:1e:b1:a5:a3:2b:95:af:a7:6f:
         8f:e1:c6:31:76:1c:0f:79:7d:e2:42:24:69:70:0e:a6:f9:28:
         28:3e:00:a3:4f:dc:fa:05:6b:cd:cf:21:fc:84:d3:9a:76:34:
         82:c2:dc:13:c3:d5:da:bd:39:97:f9:7d:f6:56:d2:8d:48:db:
         fe:3c:18:09:ff:c6:ca:72:00:d6:5e:d2:60:8d:a0:9e:b7:17:
         2e:4e:de:a8:0a:13:e9:7d:43:c5:bd:3e:b0:81:67:b5:69:66:
         7a:0e:78:fe:cf:8a:36:75:63:ca:6c:82:8a:ae:50:26:36:0c:
         2d:03:0a:39:db:fa:21:bf:35:03:98:d7:e5:35:0f:dc:9d:26:
         da:12:e1:bd:b1:64:0a:80:01:e5:69:d1:bd:d8:79:82:82:35:
         4b:6d:8d:cf:57:34:a0:7b:da:35:40:ac:12:a2:35:b2:dd:af:
         34:4f:8d:64:df:36:67:82:55:26:b9:56:a9:d6:2f:82:0c:92:
         19:3c:7f:b6
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZQntmLdMHRSyJ+h6Kz91+k7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2OWE1M2RkODYzNTJkMzQ0MGYyMjJiZGY5MDdjZjA5
YzJkYmEwHhcNMjUwMTAyMTU1MDUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzg4ZDllNDY0NDQ0YjhiNzFjZWE0MTdlMTA3MjJjNjRlYmE0MzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2VVTpUlnvU8mNdPmmt/t+Wgq/hpT
6PaV2gUZrUeRFe7pYgsuNcXewOrfntnBh9qV6RBV/WpJ9fApxZpFyWWfvzdmdS1e
8cyZgFvkyU5mlYHINpHrGZvWdzEGsy5ePIE11GEEtEQl1pVCUe+ojjNG7nlRjaom
8ZTf9OMI5qbfVtaXgJjK0mT8FDkqvHnWetpjrDRxqsD/kWgRf9oLLJcs5KXsKyl+
kl6kNbHv9aaC1/e7arQAii9ivdQPoedtJUEQc/i3fqoGv/RWtx38g4aUkFbmWLA2
ZYgdCiDEwmvtUrZTUYfVf2gSMrtdep7k+a94gAoyeFx7ye10JZPUA/nJOwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFNyI2eRkREuLcc6kF+EHIsZOukNrMB8GA1UdIwQY
MBaAFPS3aaU92GNS00QPIivfkHzwnC26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkcHBUM1lZMUxUUkE4aUs5LVFmUENjTGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83MGQ1MGYtZmYzYy00ZjYzLThkZWMt
ZDdjMzZjMjdjMDg3LzEvM0lqWjVHUkVTNHR4enFRWDRRY2l4azY2UTJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83MGQ1MGYtZmYzYy00ZjYzLThkZWMtZDdjMzZjMjdjMDg3
LzEvOUxkcHBUM1lZMUxUUkE4aUs5LVFmUENjTGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDA2BAIAATAwAwQGBRxAAwQH
JXgAAwQDXM4IAwQFXM4gAwQAXM7RAwQBXM7+AwQFXosAAwQA2USnMA4EAgACMAgD
BgUqAiRVgDANBgkqhkiG9w0BAQsFAAOCAQEAm6m8sW+lvi5AXaoA5iRhyiv/oi/R
80wuJENwq50Ciaxqm/b5gsWFHI3F5PA5qDCjjt1xAPWMWOY0Vbw7LB5NHrGloyuV
r6dvj+HGMXYcD3l94kIkaXAOpvkoKD4Ao0/c+gVrzc8h/ITTmnY0gsLcE8PV2r05
l/l99lbSjUjb/jwYCf/GynIA1l7SYI2gnrcXLk7eqAoT6X1Dxb0+sIFntWlmeg54
/s+KNnVjymyCiq5QJjYMLQMKOdv6Ib81A5jX5TUP3J0m2hLhvbFkCoAB5WnRvdh5
goI1S22Nz1c0oHvaNUCsEqI1st2vNE+NZN82Z4JVJrlWqdYvggySGTx/tg==
-----END CERTIFICATE-----