Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ed821b-3452-427a-8e44-d16e4ae61f80/1/twpPI3s0M0CHfpsRtqw1y94__1Q.roa
File:                     twpPI3s0M0CHfpsRtqw1y94__1Q.roa (raw, json)
Hash identifier:          9YvNSCEe8cpoY/bygIYeVTlYIEufzY0ULaNZDfOCQKg=
Subject key identifier:   B7:0A:4F:23:7B:34:33:40:87:7E:9B:11:B6:AC:35:CB:DE:3F:FF:54
Certificate issuer:       /CN=7d61b8378e8f368ae4998d51c3a9ace64148d6cd
Certificate serial:       019421B24861F518F409A08A6D082828A4CB
Authority key identifier: 7D:61:B8:37:8E:8F:36:8A:E4:99:8D:51:C3:A9:AC:E6:41:48:D6:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fWG4N46PNorkmY1Rw6ms5kFI1s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ed821b-3452-427a-8e44-d16e4ae61f80/1/twpPI3s0M0CHfpsRtqw1y94__1Q.roa
Signing time:             Wed 01 Jan 2025 11:48:39 +0000
ROA not before:           Wed 01 Jan 2025 11:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35790
IP address blocks:        185.31.140.0/22 maxlen: 24
                          185.57.84.0/22 maxlen: 24
                          185.105.244.0/22 maxlen: 24
                          185.217.224.0/22 maxlen: 24
                          213.204.192.0/20 maxlen: 24
                          213.204.208.0/20 maxlen: 24
                          213.204.224.0/20 maxlen: 24
                          213.204.240.0/21 maxlen: 24
                          213.204.248.0/22 maxlen: 24
                          213.204.252.0/22 maxlen: 24
                          2a0b:cdc0::/29 maxlen: 29
                          2a0b:cdc0::/32 maxlen: 32
                          2a0b:cdc1::/32 maxlen: 32
                          2a0b:cdc7::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:48:61:f5:18:f4:09:a0:8a:6d:08:28:28:a4:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d61b8378e8f368ae4998d51c3a9ace64148d6cd
        Validity
            Not Before: Jan  1 11:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b70a4f237b343340877e9b11b6ac35cbde3fff54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:a7:4f:bb:20:e2:05:d1:e2:d3:d8:39:67:26:
                    c8:f0:ed:72:1f:16:2f:73:cd:7e:c9:da:f0:22:0a:
                    55:8a:98:ca:36:7f:09:ca:6c:6e:2d:20:55:4e:36:
                    d5:93:15:84:bc:6d:6f:59:dd:05:95:e4:3f:fd:7c:
                    55:c4:e4:82:8e:1a:42:ad:88:2d:dc:82:16:d8:c9:
                    df:c9:a9:2b:28:a5:a9:57:69:12:26:33:e4:49:d4:
                    05:03:e8:9d:91:43:c8:51:be:56:9a:f9:c7:ff:90:
                    40:62:4d:18:f4:93:3c:4f:c0:cc:93:6d:17:bc:07:
                    b8:04:76:9c:22:a6:a8:88:34:9a:3b:06:03:63:9c:
                    c7:46:f5:e7:e2:53:c5:d0:c5:5b:78:e4:87:6b:a3:
                    c9:0d:aa:6a:df:1f:03:33:83:45:59:da:36:6a:60:
                    cf:76:3a:d8:65:3c:c9:87:e2:35:75:84:ea:e9:e9:
                    42:c7:e9:00:e9:b3:7c:38:1f:3f:49:72:2f:b5:ed:
                    03:d7:e3:a5:57:5a:16:e1:8b:0d:66:71:3a:25:4b:
                    1e:a2:9d:cc:08:3d:8a:81:15:bb:ba:62:b1:4d:f0:
                    cf:b0:3f:97:a8:ab:97:72:3b:f8:6b:0a:18:d5:85:
                    98:b5:6a:ac:31:8b:e9:c7:04:0f:84:7c:8f:8b:c2:
                    d4:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:0A:4F:23:7B:34:33:40:87:7E:9B:11:B6:AC:35:CB:DE:3F:FF:54
            X509v3 Authority Key Identifier:
                keyid:7D:61:B8:37:8E:8F:36:8A:E4:99:8D:51:C3:A9:AC:E6:41:48:D6:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fWG4N46PNorkmY1Rw6ms5kFI1s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ed821b-3452-427a-8e44-d16e4ae61f80/1/twpPI3s0M0CHfpsRtqw1y94__1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ed821b-3452-427a-8e44-d16e4ae61f80/1/fWG4N46PNorkmY1Rw6ms5kFI1s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.140.0/22
                  185.57.84.0/22
                  185.105.244.0/22
                  185.217.224.0/22
                  213.204.192.0/18
                IPv6:
                  2a0b:cdc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         17:58:c2:27:93:03:09:c4:e5:fd:48:7f:a8:dd:1a:61:19:0b:
         d1:f9:2d:fb:21:10:11:16:33:42:2a:e7:bc:8a:12:73:ec:79:
         91:ce:54:dc:e8:af:39:eb:4f:5e:84:b0:51:4e:09:73:47:89:
         1b:ad:1b:5a:9f:85:c1:80:13:e6:45:b0:0d:d0:54:0b:38:66:
         e6:27:80:15:a9:dd:3c:d9:18:a5:51:4f:a6:6a:6c:2e:be:d3:
         69:f7:9a:09:72:4f:a9:c3:72:97:db:ca:d6:ab:0a:64:f9:a5:
         e9:f8:de:56:b3:fd:53:89:eb:d0:4a:13:ad:b0:b5:3a:2a:1a:
         97:5c:4f:96:5c:ff:ab:6e:a5:53:ab:20:56:9b:f4:c8:99:6f:
         93:19:17:71:c2:bd:8f:dd:9a:f1:7a:87:be:8a:57:f6:d8:89:
         fc:26:53:36:65:9d:04:bc:a7:30:e9:a6:a1:92:d4:45:6a:b4:
         a5:7b:67:51:64:4a:02:71:44:46:8c:c0:fd:7b:a8:72:95:4c:
         9c:4f:7d:68:1a:8d:f0:bb:03:27:35:ac:8f:7d:ce:3e:b4:f9:
         be:92:ba:31:4b:0e:f6:28:83:c8:a1:0b:0c:27:95:b4:f9:b8:
         fb:dd:45:e3:ce:7e:13:aa:a3:74:17:3d:a1:a2:ee:a5:06:79:
         0f:3e:3c:8f
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQhskhh9Rj0CaCKbQgoKKTLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNjFiODM3OGU4ZjM2OGFlNDk5OGQ1MWMzYTlhY2U2NDE0
OGQ2Y2QwHhcNMjUwMTAxMTE0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzBhNGYyMzdiMzQzMzQwODc3ZTliMTFiNmFjMzVjYmRlM2ZmZjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9KdPuyDiBdHi09g5ZybI8O1yHxYv
c81+ydrwIgpVipjKNn8JymxuLSBVTjbVkxWEvG1vWd0FleQ//XxVxOSCjhpCrYgt
3IIW2MnfyakrKKWpV2kSJjPkSdQFA+idkUPIUb5WmvnH/5BAYk0Y9JM8T8DMk20X
vAe4BHacIqaoiDSaOwYDY5zHRvXn4lPF0MVbeOSHa6PJDapq3x8DM4NFWdo2amDP
djrYZTzJh+I1dYTq6elCx+kA6bN8OB8/SXIvte0D1+OlV1oW4YsNZnE6JUseop3M
CD2KgRW7umKxTfDPsD+XqKuXcjv4awoY1YWYtWqsMYvpxwQPhHyPi8LUewIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFLcKTyN7NDNAh36bEbasNcveP/9UMB8GA1UdIwQY
MBaAFH1huDeOjzaK5JmNUcOprOZBSNbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZldHNE40NlBOb3JrbVkxUnc2bXM1a0ZJMXMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZDgyMWItMzQ1Mi00MjdhLThlNDQt
ZDE2ZTRhZTYxZjgwLzEvdHdwUEkzczBNMENIZnBzUnRxdzF5OTRfXzFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZDgyMWItMzQ1Mi00MjdhLThlNDQtZDE2ZTRhZTYxZjgw
LzEvZldHNE40NlBOb3JrbVkxUnc2bXM1a0ZJMXMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCuR+MAwQC
uTlUAwQCuWn0AwQCudngAwQG1czAMA0EAgACMAcDBQMqC83AMA0GCSqGSIb3DQEB
CwUAA4IBAQAXWMInkwMJxOX9SH+o3RphGQvR+S37IRARFjNCKue8ihJz7HmRzlTc
6K85609ehLBRTglzR4kbrRtan4XBgBPmRbAN0FQLOGbmJ4AVqd082RilUU+mamwu
vtNp95oJck+pw3KX28rWqwpk+aXp+N5Ws/1TievQShOtsLU6KhqXXE+WXP+rbqVT
qyBWm/TImW+TGRdxwr2P3Zrxeoe+ilf22In8JlM2ZZ0EvKcw6aahktRFarSle2dR
ZEoCcURGjMD9e6hylUycT31oGo3wuwMnNayPfc4+tPm+kroxSw72KIPIoQsMJ5W0
+bj73UXjzn4TqqN0Fz2hou6lBnkPPjyP
-----END CERTIFICATE-----