Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/023b06-5b1e-44e9-98d8-781be598bf58/1/hnxfRANtLNox-MmXTsF04yMAgkk.roa
File:                     hnxfRANtLNox-MmXTsF04yMAgkk.roa (raw, json)
Hash identifier:          u5YnxwmS9Y8FO79Uf9BqR4ELCKOw+RzwkUetHpwJi8Q=
Subject key identifier:   86:7C:5F:44:03:6D:2C:DA:31:F8:C9:97:4E:C1:74:E3:23:00:82:49
Certificate issuer:       /CN=715df9aaf9d1cd17ca40c952ad8f71f0a3432bb7
Certificate serial:       018ED21124E7BE536FB3911A3C6DAFF6C4C3
Authority key identifier: 71:5D:F9:AA:F9:D1:CD:17:CA:40:C9:52:AD:8F:71:F0:A3:43:2B:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cV35qvnRzRfKQMlSrY9x8KNDK7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/023b06-5b1e-44e9-98d8-781be598bf58/1/hnxfRANtLNox-MmXTsF04yMAgkk.roa
Signing time:             Fri 12 Apr 2024 11:28:42 +0000
ROA not before:           Fri 12 Apr 2024 11:28:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47441
IP address blocks:        31.210.137.0/24 maxlen: 24
                          31.210.138.0/23 maxlen: 23
                          31.210.138.0/24 maxlen: 24
                          31.210.139.0/24 maxlen: 24
                          94.125.188.0/23 maxlen: 23
                          94.125.188.0/24 maxlen: 24
                          94.125.189.0/24 maxlen: 24
                          2a02:e480::/29 maxlen: 29
                          2a02:e480::/32 maxlen: 32
                          2a02:e481::/32 maxlen: 32
                          2a02:e482::/32 maxlen: 32
                          2a02:e483::/32 maxlen: 32
                          2a02:e484::/32 maxlen: 32
                          2a02:e485::/32 maxlen: 32
                          2a02:e486::/32 maxlen: 32
                          2a02:e487::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d2:11:24:e7:be:53:6f:b3:91:1a:3c:6d:af:f6:c4:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=715df9aaf9d1cd17ca40c952ad8f71f0a3432bb7
        Validity
            Not Before: Apr 12 11:28:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=867c5f44036d2cda31f8c9974ec174e323008249
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:b1:72:b0:85:25:86:9d:37:e2:b6:29:41:64:
                    b0:ab:f3:fd:95:b3:75:00:ba:c8:20:cd:0b:44:2d:
                    69:5e:e6:34:7d:1f:1c:34:63:23:9c:12:8a:3d:0a:
                    a7:37:16:c6:d7:21:a2:26:f6:34:7a:4f:24:a6:12:
                    5b:92:e6:e7:be:ee:8f:d8:fe:01:c9:00:15:57:7d:
                    cc:36:f6:eb:f3:d5:f4:c0:2b:f1:11:38:38:c5:07:
                    0d:e0:a4:96:49:fa:47:39:25:0a:c1:c7:87:2b:cb:
                    47:a9:db:af:1f:36:e9:12:83:19:7b:2f:3f:67:d3:
                    3d:e1:fe:0c:88:37:48:c6:e9:33:a0:89:d7:7d:b6:
                    83:ac:73:9d:09:0e:ec:5d:95:97:b0:41:66:90:53:
                    29:b6:6c:02:56:03:55:70:1d:e9:70:29:c6:19:cf:
                    a9:89:88:d3:22:6e:ad:72:bf:38:85:81:4d:77:9c:
                    c5:b9:74:5a:11:11:c3:40:42:53:99:d5:53:88:26:
                    fb:75:fa:d1:3e:8b:11:99:0a:62:44:10:50:4e:3a:
                    1b:6d:7a:cb:cb:79:f0:c5:9c:f4:98:85:7b:28:06:
                    60:a8:90:59:5c:a3:3e:76:63:19:f4:ee:c1:bd:74:
                    e9:a0:8b:79:43:9a:ca:ab:de:5b:f7:60:31:12:e5:
                    0a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:7C:5F:44:03:6D:2C:DA:31:F8:C9:97:4E:C1:74:E3:23:00:82:49
            X509v3 Authority Key Identifier:
                keyid:71:5D:F9:AA:F9:D1:CD:17:CA:40:C9:52:AD:8F:71:F0:A3:43:2B:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cV35qvnRzRfKQMlSrY9x8KNDK7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/023b06-5b1e-44e9-98d8-781be598bf58/1/hnxfRANtLNox-MmXTsF04yMAgkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/023b06-5b1e-44e9-98d8-781be598bf58/1/cV35qvnRzRfKQMlSrY9x8KNDK7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.137.0-31.210.139.255
                  94.125.188.0/23
                IPv6:
                  2a02:e480::/29

    Signature Algorithm: sha256WithRSAEncryption
         00:83:df:72:cd:a5:c2:33:b2:3a:ac:8a:b9:a0:eb:bc:cc:e3:
         e3:e1:7a:cd:47:26:5c:dd:65:9c:2d:06:91:23:2c:9c:4f:aa:
         d4:bb:75:e3:00:fc:81:ea:2b:5c:83:3d:7d:bb:30:a1:54:06:
         e5:bf:ec:03:f5:a7:21:2f:e0:bb:7d:50:4b:01:0b:64:eb:4f:
         fc:53:d4:82:e5:40:69:9f:24:b4:ee:9d:f3:83:da:5e:b9:34:
         c7:df:8b:f5:42:e8:d1:d2:85:fa:22:b0:53:d2:e7:a8:bb:ba:
         bf:3a:d5:e6:dc:06:0c:05:3b:a9:0d:98:2b:ba:48:58:e7:4d:
         6a:82:99:a2:fb:7d:c0:84:e7:0d:a9:4e:4c:11:97:ec:af:c2:
         aa:c5:ca:f0:c8:98:f1:b9:80:75:3a:60:7b:f5:48:f7:02:cc:
         9f:db:02:7f:ce:4f:df:eb:cb:a0:5a:91:cf:fd:95:3c:11:61:
         e4:8a:e1:9a:57:84:c2:ae:5f:e4:b6:89:70:50:31:f6:7f:d3:
         ba:35:a6:14:b1:4e:29:32:c2:36:46:5e:b6:e9:57:d5:d6:1c:
         59:bd:01:42:b4:55:1e:b1:36:c9:13:28:d7:a1:ba:1c:fb:2d:
         6f:2e:ff:e5:3d:81:e3:da:51:70:68:27:02:c4:78:96:f0:7e:
         8a:f4:8b:a5
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAY7SESTnvlNvs5EaPG2v9sTDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxNWRmOWFhZjlkMWNkMTdjYTQwYzk1MmFkOGY3MWYwYTM0
MzJiYjcwHhcNMjQwNDEyMTEyODQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjdjNWY0NDAzNmQyY2RhMzFmOGM5OTc0ZWMxNzRlMzIzMDA4MjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLFysIUlhp034rYpQWSwq/P9lbN1
ALrIIM0LRC1pXuY0fR8cNGMjnBKKPQqnNxbG1yGiJvY0ek8kphJbkubnvu6P2P4B
yQAVV33MNvbr89X0wCvxETg4xQcN4KSWSfpHOSUKwceHK8tHqduvHzbpEoMZey8/
Z9M94f4MiDdIxukzoInXfbaDrHOdCQ7sXZWXsEFmkFMptmwCVgNVcB3pcCnGGc+p
iYjTIm6tcr84hYFNd5zFuXRaERHDQEJTmdVTiCb7dfrRPosRmQpiRBBQTjobbXrL
y3nwxZz0mIV7KAZgqJBZXKM+dmMZ9O7BvXTpoIt5Q5rKq95b92AxEuUKEQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFIZ8X0QDbSzaMfjJl07BdOMjAIJJMB8GA1UdIwQY
MBaAFHFd+ar50c0XykDJUq2PcfCjQyu3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1YzNXF2blJ6UmZLUU1sU3JZOXg4S05ESzdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8wMjNiMDYtNWIxZS00NGU5LTk4ZDgt
NzgxYmU1OThiZjU4LzEvaG54ZlJBTnRMTm94LU1tWFRzRjA0eU1BZ2trLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8wMjNiMDYtNWIxZS00NGU5LTk4ZDgtNzgxYmU1OThiZjU4
LzEvY1YzNXF2blJ6UmZLUU1sU3JZOXg4S05ESzdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUMAwDBAAf0okD
BAIf0ogDBAFefbwwDQQCAAIwBwMFAyoC5IAwDQYJKoZIhvcNAQELBQADggEBAACD
33LNpcIzsjqsirmg67zM4+Phes1HJlzdZZwtBpEjLJxPqtS7deMA/IHqK1yDPX27
MKFUBuW/7AP1pyEv4Lt9UEsBC2TrT/xT1ILlQGmfJLTunfOD2l65NMffi/VC6NHS
hfoisFPS56i7ur861ebcBgwFO6kNmCu6SFjnTWqCmaL7fcCE5w2pTkwRl+yvwqrF
yvDImPG5gHU6YHv1SPcCzJ/bAn/OT9/ry6Bakc/9lTwRYeSK4ZpXhMKuX+S2iXBQ
MfZ/07o1phSxTikywjZGXrbpV9XWHFm9AUK0VR6xNskTKNehuhz7LW8u/+U9gePa
UXBoJwLEeJbwfor0i6U=
-----END CERTIFICATE-----