Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/b033d3-ee96-4c0d-a70e-0274f446d331/1/hDXJqHhRVakrUpAy2mxJpw32amA.roa
File:                     hDXJqHhRVakrUpAy2mxJpw32amA.roa (raw, json)
Hash identifier:          Q2fYQzDzeuJHoaVaTN2Do0bb6ba0BBCZfekXkM6wQUY=
Subject key identifier:   84:35:C9:A8:78:51:55:A9:2B:52:90:32:DA:6C:49:A7:0D:F6:6A:60
Certificate issuer:       /CN=ac56aadc424112c4fc8989c0aee2549bbaf56568
Certificate serial:       019422FBEEBD893BF800D45F460EB7DD3AD1
Authority key identifier: AC:56:AA:DC:42:41:12:C4:FC:89:89:C0:AE:E2:54:9B:BA:F5:65:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rFaq3EJBEsT8iYnAruJUm7r1ZWg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/b033d3-ee96-4c0d-a70e-0274f446d331/1/hDXJqHhRVakrUpAy2mxJpw32amA.roa
Signing time:             Wed 01 Jan 2025 17:48:43 +0000
ROA not before:           Wed 01 Jan 2025 17:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52075
IP address blocks:        45.81.196.0/22 maxlen: 22
                          46.192.0.0/15 maxlen: 15
                          46.193.0.0/19 maxlen: 19
                          46.193.32.0/19 maxlen: 19
                          46.193.64.0/19 maxlen: 19
                          46.193.96.0/19 maxlen: 19
                          46.193.128.0/20 maxlen: 20
                          46.193.144.0/20 maxlen: 20
                          46.193.160.0/20 maxlen: 20
                          46.193.176.0/20 maxlen: 20
                          46.193.224.0/22 maxlen: 22
                          46.193.228.0/22 maxlen: 22
                          46.193.232.0/22 maxlen: 22
                          46.193.236.0/22 maxlen: 22
                          46.193.240.0/20 maxlen: 20
                          2a01:7c00::/29 maxlen: 29
                          2a01:7c00:10::/44 maxlen: 44
                          2a01:7c00:400::/40 maxlen: 40
                          2a01:7c00:500::/40 maxlen: 40
                          2a01:7c00:600::/40 maxlen: 40
                          2a01:7c00:700::/40 maxlen: 40
                          2a01:7c01::/42 maxlen: 42
                          2a01:7c01:40::/42 maxlen: 42
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ee:bd:89:3b:f8:00:d4:5f:46:0e:b7:dd:3a:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac56aadc424112c4fc8989c0aee2549bbaf56568
        Validity
            Not Before: Jan  1 17:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8435c9a8785155a92b529032da6c49a70df66a60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:48:41:b6:fa:7c:98:2d:b5:9d:1a:17:94:20:
                    f1:3e:a8:d3:7a:9d:c0:46:9b:92:a5:90:39:42:46:
                    5a:3b:14:b1:e7:7b:3b:dc:2c:76:a4:2a:50:55:f6:
                    c8:b4:65:e2:96:dc:ee:34:a8:bd:88:be:54:3f:00:
                    90:63:08:65:ab:ed:08:3d:f0:87:47:ee:35:ca:a2:
                    79:15:af:a6:02:5a:30:7c:2b:fc:f2:f2:95:1b:aa:
                    19:6a:c9:a1:c6:ab:e8:43:d4:93:74:8b:2f:f3:b8:
                    7a:6d:ca:10:80:a2:a6:20:1f:95:95:d9:03:0c:28:
                    1d:45:3a:b4:97:ec:c8:dd:96:6f:3b:8f:73:08:d2:
                    9f:02:65:52:44:d1:ee:96:d9:c2:b1:5e:4c:a1:95:
                    58:15:ea:ba:8a:f3:55:fb:e5:f9:12:be:6c:72:ba:
                    24:e1:14:d3:c4:f0:75:d7:d1:2e:4a:a0:d4:11:91:
                    a3:16:05:84:7c:d5:b2:7d:fe:f1:bf:5c:83:b1:05:
                    3e:af:df:da:ee:02:39:0e:e3:52:3c:61:d2:9e:58:
                    c8:cc:65:a0:21:5b:6f:c3:78:a4:d1:24:46:aa:ac:
                    8f:d7:5a:0c:69:17:1f:ab:3d:74:3e:9c:89:80:1e:
                    a1:21:24:de:17:9b:92:0c:23:8e:00:33:82:11:a2:
                    5f:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:35:C9:A8:78:51:55:A9:2B:52:90:32:DA:6C:49:A7:0D:F6:6A:60
            X509v3 Authority Key Identifier:
                keyid:AC:56:AA:DC:42:41:12:C4:FC:89:89:C0:AE:E2:54:9B:BA:F5:65:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rFaq3EJBEsT8iYnAruJUm7r1ZWg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/b033d3-ee96-4c0d-a70e-0274f446d331/1/hDXJqHhRVakrUpAy2mxJpw32amA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/b033d3-ee96-4c0d-a70e-0274f446d331/1/rFaq3EJBEsT8iYnAruJUm7r1ZWg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.196.0/22
                  46.192.0.0/15
                IPv6:
                  2a01:7c00::/29

    Signature Algorithm: sha256WithRSAEncryption
         3a:c9:a3:60:12:bf:94:f6:ad:01:ff:dd:1d:5a:39:97:a9:79:
         aa:0f:da:98:cc:06:57:ca:5e:a1:81:d7:ce:66:11:a9:42:08:
         60:28:8b:71:99:64:44:bb:ae:28:17:48:5d:40:83:b2:fb:24:
         1a:c6:b1:8e:c0:d8:fc:a1:5d:2c:96:66:32:94:da:5b:1d:7a:
         d7:21:1d:65:0d:03:da:f4:54:2d:20:60:da:a1:fc:fd:24:7d:
         70:93:1d:a5:66:c7:d9:72:df:5b:3b:ed:55:3f:ac:40:ba:94:
         7f:75:8d:da:ea:78:e3:35:5c:6d:82:0b:1e:b7:30:01:2f:41:
         86:5d:7f:08:22:84:8b:8b:b7:79:4b:dd:44:6d:45:b7:c8:01:
         df:93:19:72:d8:82:07:df:71:b8:5e:46:dc:ee:17:4e:20:0e:
         ec:8a:05:86:b3:83:a4:d1:d3:7c:2e:8a:db:4a:46:5a:04:14:
         62:19:78:26:ba:6f:96:8b:b9:61:bb:57:ab:31:14:7a:80:15:
         dd:95:f1:0e:8b:b4:b1:5c:a5:ba:28:06:02:fc:6b:18:31:9b:
         3d:25:62:28:93:eb:b8:20:c6:3f:3d:f3:1c:69:3f:1e:d5:cb:
         4a:3f:54:be:03:84:7d:2c:fd:36:54:aa:43:7f:90:59:dd:ff:
         95:4b:30:e6
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQi++69iTv4ANRfRg633TrRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjNTZhYWRjNDI0MTEyYzRmYzg5ODljMGFlZTI1NDliYmFm
NTY1NjgwHhcNMjUwMTAxMTc0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDM1YzlhODc4NTE1NWE5MmI1MjkwMzJkYTZjNDlhNzBkZjY2YTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUhBtvp8mC21nRoXlCDxPqjTep3A
RpuSpZA5QkZaOxSx53s73Cx2pCpQVfbItGXiltzuNKi9iL5UPwCQYwhlq+0IPfCH
R+41yqJ5Fa+mAlowfCv88vKVG6oZasmhxqvoQ9STdIsv87h6bcoQgKKmIB+VldkD
DCgdRTq0l+zI3ZZvO49zCNKfAmVSRNHultnCsV5MoZVYFeq6ivNV++X5Er5scrok
4RTTxPB119EuSqDUEZGjFgWEfNWyff7xv1yDsQU+r9/a7gI5DuNSPGHSnljIzGWg
IVtvw3ik0SRGqqyP11oMaRcfqz10PpyJgB6hISTeF5uSDCOOADOCEaJf2QIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFIQ1yah4UVWpK1KQMtpsSacN9mpgMB8GA1UdIwQY
MBaAFKxWqtxCQRLE/ImJwK7iVJu69WVoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckZhcTNFSkJFc1Q4aVluQXJ1SlVtN3IxWldnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9iMDMzZDMtZWU5Ni00YzBkLWE3MGUt
MDI3NGY0NDZkMzMxLzEvaERYSnFIaFJWYWtyVXBBeTJteEpwdzMyYW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9iMDMzZDMtZWU5Ni00YzBkLWE3MGUtMDI3NGY0NDZkMzMx
LzEvckZhcTNFSkJFc1Q4aVluQXJ1SlVtN3IxWldnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwQCLVHEAwMB
LsAwDQQCAAIwBwMFAyoBfAAwDQYJKoZIhvcNAQELBQADggEBADrJo2ASv5T2rQH/
3R1aOZepeaoP2pjMBlfKXqGB185mEalCCGAoi3GZZES7rigXSF1Ag7L7JBrGsY7A
2PyhXSyWZjKU2lsdetchHWUNA9r0VC0gYNqh/P0kfXCTHaVmx9ly31s77VU/rEC6
lH91jdrqeOM1XG2CCx63MAEvQYZdfwgihIuLt3lL3URtRbfIAd+TGXLYggffcbhe
RtzuF04gDuyKBYazg6TR03wuittKRloEFGIZeCa6b5aLuWG7V6sxFHqAFd2V8Q6L
tLFcpbooBgL8axgxmz0lYiiT67ggxj898xxpPx7Vy0o/VL4DhH0s/TZUqkN/kFnd
/5VLMOY=
-----END CERTIFICATE-----