Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137409.roa
File:                     AS137409.roa (raw, json)
Hash identifier:          /s/h/d+aTGlciCHk4i0L5Lpw4ETt7VLxwNfvtNU2JQs=
Subject key identifier:   65:97:9A:49:26:4F:67:F8:92:63:FA:DB:3A:82:17:86:03:51:F0:67
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6D857DA3B946A7421E3A98F0261B1819D4A514A5
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137409.roa
Signing time:             Mon 30 Dec 2024 13:10:57 +0000
ROA not before:           Mon 30 Dec 2024 13:05:57 +0000
ROA not after:            Mon 29 Dec 2025 13:10:57 +0000
asID:                     137409
IP address blocks:        5.252.80.0/24 maxlen: 24
                          181.214.122.0/24 maxlen: 24
                          185.141.167.0/24 maxlen: 24
                          2a0a:8e00::/32 maxlen: 48
                          2a0a:9606::/32 maxlen: 48
                          2a0a:9607::/32 maxlen: 48
                          2a0a:be00::/32 maxlen: 48
                          2a0a:ce00::/32 maxlen: 48
                          2a0a:ce01::/32 maxlen: 48
                          2a0a:ce02::/32 maxlen: 48
                          2a0a:ce03::/32 maxlen: 48
                          2a0a:ce04::/32 maxlen: 48
                          2a0a:ce05::/32 maxlen: 48
                          2a0a:ce06::/32 maxlen: 48
                          2a0a:ce07::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:85:7d:a3:b9:46:a7:42:1e:3a:98:f0:26:1b:18:19:d4:a5:14:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec 30 13:05:57 2024 GMT
            Not After : Dec 29 13:10:57 2025 GMT
        Subject: CN=65979A49264F67F89263FADB3A8217860351F067
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:a8:f3:b9:60:e1:ab:7d:e8:4d:2d:51:62:85:
                    38:86:90:59:11:86:1f:a4:60:7d:5b:d5:90:af:30:
                    eb:d6:5b:61:46:59:a4:7c:47:97:d9:73:05:01:b1:
                    1b:1b:e7:e9:d8:85:c1:2e:78:5a:fb:1a:ca:05:25:
                    ec:17:c3:02:a9:82:ff:a7:fb:19:03:05:32:b4:2a:
                    12:12:e2:7f:b0:de:42:72:3d:e7:e3:ea:13:6f:01:
                    f7:7a:c5:bc:52:ac:75:ed:51:6a:f8:4f:78:33:ab:
                    f7:2e:35:cc:33:f7:75:a7:22:f1:7f:f0:8c:06:f1:
                    a9:6a:f2:01:bf:47:7a:1c:38:4f:12:97:fc:1e:d3:
                    ab:16:1d:14:d4:70:f0:3d:66:b2:eb:d4:d5:0f:fb:
                    9c:09:e0:a4:83:42:bd:c0:01:31:99:db:26:f1:4d:
                    87:4b:47:f9:29:7b:22:fd:e3:88:e6:bd:8d:a3:de:
                    e6:40:18:80:2b:3b:fc:66:18:7c:89:cc:73:70:d4:
                    db:52:9c:f9:7a:8e:47:7f:f5:ec:cd:4f:86:7a:d0:
                    ee:35:c1:2c:6d:d5:a8:dd:da:14:17:f1:d9:45:0c:
                    fc:30:51:93:da:08:c6:9f:e5:7f:2c:83:2a:eb:bd:
                    a3:1c:cb:de:c7:f4:a0:e1:0e:b2:d2:ef:82:2d:e2:
                    0c:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:97:9A:49:26:4F:67:F8:92:63:FA:DB:3A:82:17:86:03:51:F0:67
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137409.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.80.0/24
                  181.214.122.0/24
                  185.141.167.0/24
                IPv6:
                  2a0a:8e00::/32
                  2a0a:9606::/31
                  2a0a:be00::/32
                  2a0a:ce00::/29

    Signature Algorithm: sha256WithRSAEncryption
         0e:76:ed:81:21:fa:00:48:49:b4:49:78:92:53:84:e9:9f:af:
         20:f0:e4:8a:3b:7c:39:84:ad:83:f7:c3:4d:44:57:83:ae:cb:
         35:27:fb:1d:35:61:40:26:7d:04:31:73:b0:a1:62:30:ff:31:
         41:e6:c3:26:68:a8:2a:15:29:b7:f9:9a:53:3a:e8:97:4a:fc:
         00:51:93:6d:f8:b1:6f:1f:d3:73:1a:59:05:73:38:6a:d1:86:
         6e:5d:d0:ff:0d:a8:1b:d0:64:a6:47:c3:96:ac:5e:f2:92:5a:
         2f:0b:c0:d5:10:28:cb:0f:bc:ea:2b:b8:69:8b:c5:51:c5:d9:
         88:ff:1c:4b:8e:02:8d:34:bf:0a:1b:40:25:d4:62:61:27:b0:
         46:a1:64:60:d4:86:6e:15:7d:93:79:6f:a2:db:bf:bc:92:df:
         f8:a9:f7:0f:d4:b3:36:dd:85:97:84:04:67:ee:ca:03:6f:7c:
         73:93:4c:c2:51:cd:5a:c4:21:e9:d6:ec:34:05:19:93:c4:7e:
         b1:d9:42:76:07:46:c0:85:aa:c4:ce:f5:10:4e:bd:e3:15:53:
         2b:c0:eb:f9:a5:22:28:2b:e1:9d:1b:49:63:98:60:a3:87:c9:
         89:24:28:53:3b:3f:20:72:3e:5f:49:68:6c:03:ca:3c:05:2e:
         9f:61:cd:43
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUbYV9o7lGp0IeOpjwJhsYGdSlFKUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEyMzAxMzA1NTdaFw0yNTEyMjkxMzEwNTdaMDMxMTAvBgNV
BAMTKDY1OTc5QTQ5MjY0RjY3Rjg5MjYzRkFEQjNBODIxNzg2MDM1MUYwNjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaqPO5YOGrfehNLVFihTiGkFkR
hh+kYH1b1ZCvMOvWW2FGWaR8R5fZcwUBsRsb5+nYhcEueFr7GsoFJewXwwKpgv+n
+xkDBTK0KhIS4n+w3kJyPefj6hNvAfd6xbxSrHXtUWr4T3gzq/cuNcwz93WnIvF/
8IwG8alq8gG/R3ocOE8Sl/we06sWHRTUcPA9ZrLr1NUP+5wJ4KSDQr3AATGZ2ybx
TYdLR/kpeyL944jmvY2j3uZAGIArO/xmGHyJzHNw1NtSnPl6jkd/9ezNT4Z60O41
wSxt1ajd2hQX8dlFDPwwUZPaCMaf5X8sgyrrvaMcy97H9KDhDrLS74It4gwhAgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQUZZeaSSZPZ/iSY/rbOoIXhgNR8GcwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM3NDA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAYBAIAATASAwQABfxQ
AwQAtdZ6AwQAuY2nMCIEAgACMBwDBQAqCo4AAwUBKgqWBgMFACoKvgADBQMqCs4A
MA0GCSqGSIb3DQEBCwUAA4IBAQAOdu2BIfoASEm0SXiSU4Tpn68g8OSKO3w5hK2D
98NNRFeDrss1J/sdNWFAJn0EMXOwoWIw/zFB5sMmaKgqFSm3+ZpTOuiXSvwAUZNt
+LFvH9NzGlkFczhq0YZuXdD/Dagb0GSmR8OWrF7yklovC8DVECjLD7zqK7hpi8VR
xdmI/xxLjgKNNL8KG0Al1GJhJ7BGoWRg1IZuFX2TeW+i27+8kt/4qfcP1LM23YWX
hARn7soDb3xzk0zCUc1axCHp1uw0BRmTxH6x2UJ2B0bAharEzvUQTr3jFVMrwOv5
pSIoK+GdG0ljmGCjh8mJJChTOz8gcj5fSWhsA8o8BS6fYc1D
-----END CERTIFICATE-----