Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214654.roa
File:                     AS214654.roa (raw, json)
Hash identifier:          wC36h7nc5e6n4g/xAxKKRAE5GvNZAE4ya/zDnGCtZQM=
Subject key identifier:   BF:DF:81:5C:FD:C4:BD:8E:45:80:43:6F:B5:E8:D7:1A:D0:17:7A:02
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       1D0A0FF384A5F9B5039F0B470E10DAC38F0A6F31
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214654.roa
Signing time:             Fri 29 Nov 2024 15:28:51 +0000
ROA not before:           Fri 29 Nov 2024 15:23:51 +0000
ROA not after:            Fri 28 Nov 2025 15:28:51 +0000
asID:                     214654
IP address blocks:        46.203.98.0/24 maxlen: 24
                          46.203.99.0/24 maxlen: 24
                          46.203.188.0/24 maxlen: 24
                          46.203.189.0/24 maxlen: 24
                          46.203.203.0/24 maxlen: 24
                          46.203.204.0/24 maxlen: 24
                          46.203.250.0/24 maxlen: 24
                          46.203.251.0/24 maxlen: 24
                          91.124.8.0/24 maxlen: 24
                          91.124.9.0/24 maxlen: 24
                          91.124.10.0/24 maxlen: 24
                          91.124.11.0/24 maxlen: 24
                          91.124.12.0/24 maxlen: 24
                          91.124.13.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:0a:0f:f3:84:a5:f9:b5:03:9f:0b:47:0e:10:da:c3:8f:0a:6f:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Nov 29 15:23:51 2024 GMT
            Not After : Nov 28 15:28:51 2025 GMT
        Subject: CN=BFDF815CFDC4BD8E4580436FB5E8D71AD0177A02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7e:4d:e3:af:5b:48:55:22:03:fc:2c:7f:e7:
                    1b:a4:bc:51:39:2d:d8:3b:a9:0d:7c:db:bd:9f:b1:
                    94:d8:56:2f:98:8e:7a:0c:32:d9:e8:19:a3:26:c9:
                    b8:86:8e:1d:ad:2a:4e:f4:e5:78:ef:5b:42:34:0a:
                    b9:a2:83:59:84:24:c8:a9:3c:d9:64:98:e3:74:14:
                    17:e2:ec:b2:1b:9b:c1:fe:ce:97:52:8b:14:cf:ce:
                    0a:dd:03:f1:f8:67:cd:e1:4d:7e:c7:b3:5a:2c:82:
                    13:6a:27:3a:27:21:4b:e0:8f:f1:36:f8:d1:03:28:
                    34:3a:4b:5d:cf:c1:17:af:97:8c:9d:39:8f:44:4a:
                    b6:d4:53:11:0f:58:14:29:f6:25:e8:2a:31:98:7a:
                    bc:2f:5e:6f:b8:bf:ac:9b:57:d0:2a:98:f2:be:6b:
                    cd:68:23:13:8e:ce:b2:d3:37:f4:f1:1b:9a:e0:7e:
                    1f:52:e5:5c:fe:98:3b:47:19:d3:be:22:65:73:df:
                    70:e7:a2:96:4b:df:61:96:0a:0d:9d:ce:06:f3:08:
                    74:20:42:8e:2e:81:c3:34:cc:3a:68:54:94:8a:d4:
                    31:1b:1e:9e:62:cf:0f:0b:b2:c0:1d:a0:f6:76:f6:
                    3d:ae:98:21:14:eb:05:35:cb:7f:4d:fc:48:b4:02:
                    25:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:DF:81:5C:FD:C4:BD:8E:45:80:43:6F:B5:E8:D7:1A:D0:17:7A:02
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214654.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.98.0/23
                  46.203.188.0/23
                  46.203.203.0-46.203.204.255
                  46.203.250.0/23
                  91.124.8.0-91.124.13.255

    Signature Algorithm: sha256WithRSAEncryption
         6a:c9:c5:c2:cd:04:71:43:18:e0:5d:00:3c:1d:66:98:d1:9b:
         35:86:22:b3:fa:36:22:08:eb:12:86:26:69:f5:e5:6e:e9:c5:
         59:72:6b:6c:29:e2:d6:3b:87:cc:78:ff:6b:b6:e6:49:ea:6b:
         c8:6e:36:34:56:b2:42:11:45:2e:a6:d9:89:50:cc:27:b3:78:
         cd:eb:4d:08:28:70:3f:e0:a9:b9:bf:9f:4b:1d:2e:cf:b1:7e:
         46:45:63:24:20:5c:12:9a:cc:4c:df:f1:0f:fa:85:64:2f:e3:
         ac:89:20:8b:03:a0:d3:a1:a8:5a:1e:40:1d:c1:67:c0:bc:03:
         27:e7:27:02:e9:80:6f:66:42:ec:80:e0:f7:c0:16:d7:aa:45:
         9a:f2:69:90:88:0c:f7:c2:3c:3d:f8:4d:2e:03:ba:ca:02:da:
         2b:cd:bc:0c:f1:b6:f2:4c:f5:13:03:3e:97:77:0c:0c:02:a2:
         6f:1d:a2:3b:85:c0:50:0c:5a:b6:0d:d3:0c:77:cf:e9:b1:ff:
         0e:80:32:68:dd:03:c4:88:03:da:91:3b:b6:3a:1e:3d:65:3f:
         01:5f:4a:1c:f4:bf:46:62:bf:c3:88:82:d0:56:7b:eb:5f:b1:
         5f:48:d3:51:20:c2:8a:67:7a:5c:e4:ef:3b:ad:f4:18:dc:58:
         df:23:2c:89
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUHQoP84Sl+bUDnwtHDhDaw48KbzEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDExMjkxNTIzNTFaFw0yNTExMjgxNTI4NTFaMDMxMTAvBgNV
BAMTKEJGREY4MTVDRkRDNEJEOEU0NTgwNDM2RkI1RThENzFBRDAxNzdBMDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkfk3jr1tIVSID/Cx/5xukvFE5
Ldg7qQ18272fsZTYVi+YjnoMMtnoGaMmybiGjh2tKk705XjvW0I0Crmig1mEJMip
PNlkmON0FBfi7LIbm8H+zpdSixTPzgrdA/H4Z83hTX7Hs1osghNqJzonIUvgj/E2
+NEDKDQ6S13PwRevl4ydOY9ESrbUUxEPWBQp9iXoKjGYerwvXm+4v6ybV9AqmPK+
a81oIxOOzrLTN/TxG5rgfh9S5Vz+mDtHGdO+ImVz33DnopZL32GWCg2dzgbzCHQg
Qo4ugcM0zDpoVJSK1DEbHp5izw8LssAdoPZ29j2umCEU6wU1y39N/Ei0AiUdAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUv9+BXP3EvY5FgENvtejXGtAXegIwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0NjU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQBLsti
AwQBLsu8MAwDBAAuy8sDBAAuy8wDBAEuy/owDAMEA1t8CAMEAVt8DDANBgkqhkiG
9w0BAQsFAAOCAQEAasnFws0EcUMY4F0APB1mmNGbNYYis/o2IgjrEoYmafXlbunF
WXJrbCni1juHzHj/a7bmSepryG42NFayQhFFLqbZiVDMJ7N4zetNCChwP+Cpub+f
Sx0uz7F+RkVjJCBcEprMTN/xD/qFZC/jrIkgiwOg06GoWh5AHcFnwLwDJ+cnAumA
b2ZC7IDg98AW16pFmvJpkIgM98I8PfhNLgO6ygLaK828DPG28kz1EwM+l3cMDAKi
bx2iO4XAUAxatg3TDHfP6bH/DoAyaN0DxIgD2pE7tjoePWU/AV9KHPS/RmK/w4iC
0FZ761+xX0jTUSDCimd6XOTvO630GNxY3yMsiQ==
-----END CERTIFICATE-----