Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Qjrrnlt1FqHz6GuAPpO0bLvENuM.roa
File:                     Qjrrnlt1FqHz6GuAPpO0bLvENuM.roa (raw, json)
Hash identifier:          pRPlEcit7hhL4538jhA6INI4KmDVyMDtTN+NiisX/mU=
Subject key identifier:   42:3A:EB:9E:5B:75:16:A1:F3:E8:6B:80:3E:93:B4:6C:BB:C4:36:E3
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01944B9B0AC98359CC5F1F804B6DFAA15C55
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Qjrrnlt1FqHz6GuAPpO0bLvENuM.roa
Signing time:             Thu 09 Jan 2025 15:07:19 +0000
ROA not before:           Thu 09 Jan 2025 15:07:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210876
IP address blocks:        45.134.84.0/22 maxlen: 24
                          45.134.84.0/23 maxlen: 23
                          45.142.228.0/22 maxlen: 24
                          45.147.116.0/22 maxlen: 24
                          45.159.76.0/22 maxlen: 24
                          93.189.123.0/24 maxlen: 24
                          109.107.149.0/24 maxlen: 24
                          185.216.30.0/24 maxlen: 24
                          185.216.31.0/24 maxlen: 24
                          185.226.8.0/24 maxlen: 24
                          185.236.24.0/22 maxlen: 22
                          185.247.6.0/24 maxlen: 24
                          194.35.40.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4b:9b:0a:c9:83:59:cc:5f:1f:80:4b:6d:fa:a1:5c:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  9 15:07:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=423aeb9e5b7516a1f3e86b803e93b46cbbc436e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ee:17:4d:a6:7a:01:f2:f8:5c:76:fc:69:a8:
                    0f:f3:b2:53:9c:1a:a2:22:84:b8:20:42:6c:39:f5:
                    31:34:21:dc:ec:1c:ef:d1:65:31:e3:b5:65:90:ee:
                    13:91:4e:d4:5a:5b:72:5a:29:49:1b:1e:e1:13:44:
                    51:14:6f:a4:99:24:49:b3:24:eb:42:4b:fa:84:e5:
                    2d:b0:0b:4f:56:87:6f:be:7f:e8:d2:00:c5:da:4a:
                    43:14:f0:b1:b6:51:28:59:98:bf:99:fe:b7:a2:07:
                    4b:a5:13:d3:77:9a:a1:44:1c:60:32:07:b5:f1:dd:
                    84:52:09:e4:6b:5d:28:c1:92:9b:bb:6f:52:49:7b:
                    da:92:bb:d7:af:6b:0b:cd:52:d7:04:df:08:c5:67:
                    40:05:23:b6:ef:99:dd:ef:bf:e3:bd:66:aa:f9:0f:
                    e5:48:1e:ef:a4:d6:8b:29:36:5f:21:59:56:b3:41:
                    47:2d:e7:c4:72:b7:28:ce:ab:60:83:36:37:23:b3:
                    28:76:23:1e:ee:40:5e:67:26:64:70:f9:cb:b9:46:
                    96:f8:a5:35:a4:67:b0:c0:fb:5b:c2:4e:da:44:10:
                    54:8b:22:ce:36:7a:7f:50:74:02:c1:28:f3:4c:7a:
                    6b:48:12:1b:b2:5c:83:49:2b:33:d0:da:97:6a:c0:
                    45:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:3A:EB:9E:5B:75:16:A1:F3:E8:6B:80:3E:93:B4:6C:BB:C4:36:E3
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Qjrrnlt1FqHz6GuAPpO0bLvENuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.84.0/22
                  45.142.228.0/22
                  45.147.116.0/22
                  45.159.76.0/22
                  93.189.123.0/24
                  109.107.149.0/24
                  185.216.30.0/23
                  185.226.8.0/24
                  185.236.24.0/22
                  185.247.6.0/24
                  194.35.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:80:41:ba:23:47:fc:36:df:df:aa:60:e9:df:27:ef:a8:2d:
         b1:2e:95:32:e5:5b:4a:f1:86:b3:0f:26:88:8f:0f:02:21:81:
         57:4b:ed:6a:e6:03:9a:e7:d5:6c:2f:00:41:7a:bd:0c:11:66:
         40:eb:e2:50:42:52:59:69:f7:e7:34:19:39:24:ff:f4:13:b1:
         5c:76:dd:ea:ad:35:72:d1:c3:c4:4c:12:32:d1:70:ec:ac:b0:
         7f:1d:9b:c3:f5:1e:eb:4e:90:9a:30:cb:db:c2:98:f3:23:be:
         4a:13:6e:49:5c:f0:7b:6b:9d:a3:c9:69:4a:a5:bc:62:2f:ec:
         4b:23:7d:e7:4d:5e:3e:7a:4a:41:5b:01:31:68:d3:8f:83:73:
         60:f9:ff:1d:c6:38:5d:0b:eb:43:1f:1c:f0:ad:ac:94:fb:af:
         71:f6:ca:67:da:5e:25:8c:19:d2:66:5e:37:bd:ef:99:87:d2:
         ba:46:5f:16:19:b5:78:76:7e:56:43:c3:c1:eb:8f:0a:f9:c0:
         10:22:db:c6:92:7b:08:6a:b5:8a:d9:32:e9:ca:20:2b:46:ca:
         ff:9d:35:8b:50:c5:cd:86:06:2d:68:ff:f9:1e:82:0d:10:bc:
         5d:62:5f:8a:af:1e:d3:2c:32:f3:69:50:ac:ca:d1:e3:7f:1f:
         0f:f7:91:31
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZRLmwrJg1nMXx+AS236oVxVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTA5MTUwNzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjNhZWI5ZTViNzUxNmExZjNlODZiODAzZTkzYjQ2Y2JiYzQzNmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyO4XTaZ6AfL4XHb8aagP87JTnBqi
IoS4IEJsOfUxNCHc7Bzv0WUx47VlkO4TkU7UWltyWilJGx7hE0RRFG+kmSRJsyTr
Qkv6hOUtsAtPVodvvn/o0gDF2kpDFPCxtlEoWZi/mf63ogdLpRPTd5qhRBxgMge1
8d2EUgnka10owZKbu29SSXvakrvXr2sLzVLXBN8IxWdABSO275nd77/jvWaq+Q/l
SB7vpNaLKTZfIVlWs0FHLefEcrcozqtggzY3I7ModiMe7kBeZyZkcPnLuUaW+KU1
pGewwPtbwk7aRBBUiyLONnp/UHQCwSjzTHprSBIbslyDSSsz0NqXasBFdQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFEI6655bdRah8+hrgD6TtGy7xDbjMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvUWpycm5sdDFGcUh6Nkd1QVBwTzBiTHZFTnVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQCLYZUAwQC
LY7kAwQCLZN0AwQCLZ9MAwQAXb17AwQAbWuVAwQBudgeAwQAueIIAwQCuewYAwQA
ufcGAwQAwiMoMA0GCSqGSIb3DQEBCwUAA4IBAQAcgEG6I0f8Nt/fqmDp3yfvqC2x
LpUy5VtK8YazDyaIjw8CIYFXS+1q5gOa59VsLwBBer0MEWZA6+JQQlJZaffnNBk5
JP/0E7Fcdt3qrTVy0cPETBIy0XDsrLB/HZvD9R7rTpCaMMvbwpjzI75KE25JXPB7
a52jyWlKpbxiL+xLI33nTV4+ekpBWwExaNOPg3Ng+f8dxjhdC+tDHxzwrayU+69x
9spn2l4ljBnSZl43ve+Zh9K6Rl8WGbV4dn5WQ8PB648K+cAQItvGknsIarWK2TLp
yiArRsr/nTWLUMXNhgYtaP/5HoINELxdYl+Krx7TLDLzaVCsytHjfx8P95Ex
-----END CERTIFICATE-----