Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/bfb4f2-887a-4013-a8f8-8e300efd13bc/1/1Ge9r9j2Mc4zAG3hKLVFz_XYYqw.roa
File:                     1Ge9r9j2Mc4zAG3hKLVFz_XYYqw.roa (raw, json)
Hash identifier:          yvxTBubQ0woQs4mCoKQOn40cizd3JhoRSYQQ+2QGx9s=
Subject key identifier:   D4:67:BD:AF:D8:F6:31:CE:33:00:6D:E1:28:B5:45:CF:F5:D8:62:AC
Certificate issuer:       /CN=08285473c978ca51ce5469aa4aedca16445bd652
Certificate serial:       018CC8DF8E26AADEC679937A29A76E17DDAD
Authority key identifier: 08:28:54:73:C9:78:CA:51:CE:54:69:AA:4A:ED:CA:16:44:5B:D6:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CChUc8l4ylHOVGmqSu3KFkRb1lI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/bfb4f2-887a-4013-a8f8-8e300efd13bc/1/1Ge9r9j2Mc4zAG3hKLVFz_XYYqw.roa
Signing time:             Tue 02 Jan 2024 06:32:23 +0000
ROA not before:           Tue 02 Jan 2024 06:32:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42863
IP address blocks:        188.140.0.0/17 maxlen: 24
                          83.223.224.0/19 maxlen: 24
                          92.250.0.0/17 maxlen: 24
                          46.50.0.0/17 maxlen: 24
                          95.69.0.0/17 maxlen: 24
                          89.214.0.0/16 maxlen: 24
                          185.92.96.0/22 maxlen: 24
                          31.22.128.0/17 maxlen: 24
                          88.214.128.0/18 maxlen: 24
                          2a02:870::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:8e:26:aa:de:c6:79:93:7a:29:a7:6e:17:dd:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08285473c978ca51ce5469aa4aedca16445bd652
        Validity
            Not Before: Jan  2 06:32:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d467bdafd8f631ce33006de128b545cff5d862ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:24:45:26:02:20:8e:44:79:d2:18:20:47:f9:
                    00:b7:32:be:49:ab:8b:dd:44:93:86:26:11:bb:2d:
                    dc:98:4b:82:3c:9c:b1:ee:3b:ca:55:df:24:15:8c:
                    e5:ab:b1:98:23:e4:4e:ce:72:dd:7f:62:ba:b8:23:
                    43:61:6f:a0:b1:4a:a7:18:c5:01:5f:fe:79:29:3f:
                    d0:fd:f1:49:7f:53:1f:ed:cc:0e:2d:f8:fc:4b:d5:
                    4d:a6:55:ed:a3:dd:c0:2f:7c:ae:30:59:6b:6c:c7:
                    cd:f6:89:df:09:be:1e:f3:c1:5c:92:10:84:8b:cd:
                    67:17:10:74:40:de:b3:37:d5:4d:d1:37:0a:a5:4d:
                    16:d5:05:f9:80:c4:5f:d2:3d:2b:70:40:52:d9:07:
                    99:1a:8d:b3:b8:95:96:03:4d:94:ad:ac:b9:e6:71:
                    56:51:31:82:06:31:25:32:04:dc:18:7f:71:82:69:
                    60:3b:b7:29:d3:d1:f7:ab:df:48:5a:bd:dd:6d:c6:
                    30:18:a8:d2:80:ee:c5:d0:92:f0:67:a8:23:42:c5:
                    ac:64:03:c1:bf:83:69:e4:01:26:fa:c5:d7:a3:3f:
                    31:45:e0:46:71:2f:90:9d:9e:89:a9:ce:97:49:7a:
                    a5:39:fa:6c:39:a2:3d:24:43:74:23:03:21:f2:ba:
                    1c:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:67:BD:AF:D8:F6:31:CE:33:00:6D:E1:28:B5:45:CF:F5:D8:62:AC
            X509v3 Authority Key Identifier:
                keyid:08:28:54:73:C9:78:CA:51:CE:54:69:AA:4A:ED:CA:16:44:5B:D6:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CChUc8l4ylHOVGmqSu3KFkRb1lI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/bfb4f2-887a-4013-a8f8-8e300efd13bc/1/1Ge9r9j2Mc4zAG3hKLVFz_XYYqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/bfb4f2-887a-4013-a8f8-8e300efd13bc/1/CChUc8l4ylHOVGmqSu3KFkRb1lI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.22.128.0/17
                  46.50.0.0/17
                  83.223.224.0/19
                  88.214.128.0/18
                  89.214.0.0/16
                  92.250.0.0/17
                  95.69.0.0/17
                  185.92.96.0/22
                  188.140.0.0/17
                IPv6:
                  2a02:870::/32

    Signature Algorithm: sha256WithRSAEncryption
         24:15:c3:3a:a4:3c:4c:6c:8c:cb:dc:fc:d6:24:79:9e:54:2a:
         16:07:08:52:23:73:98:70:6d:7a:e1:9b:53:a5:dd:12:0a:a8:
         b0:eb:48:9d:ad:34:ef:fa:97:13:99:31:da:20:70:c0:9a:ab:
         35:4a:38:6b:b1:b6:bd:55:83:1a:d4:00:b4:c7:35:47:68:24:
         f3:fb:6c:58:cc:4f:dc:c3:69:bf:6e:a8:7f:5c:7e:3c:22:52:
         7e:96:ab:29:c9:52:ff:2f:dd:93:b2:5e:a5:44:8e:eb:35:6b:
         ba:0e:5f:b6:18:9d:1e:57:85:47:78:82:41:55:c5:69:6e:95:
         c3:a4:0b:e4:5d:e9:f4:9d:ca:4e:16:41:1a:65:20:a3:6b:5f:
         cf:77:17:a4:01:6d:5d:be:bd:12:95:83:db:a6:f9:23:b8:1b:
         dd:27:38:76:1c:3b:21:ef:7a:0c:95:28:59:a2:cd:b1:7b:aa:
         1d:2f:87:61:4d:a9:81:be:13:9d:77:d1:20:18:88:05:95:d6:
         38:2e:1d:c9:f5:ad:92:d1:ee:aa:a0:13:a6:e0:1b:44:cd:c7:
         21:42:46:f1:0c:10:b3:37:84:d3:4b:da:a7:49:22:b8:e8:4d:
         ed:67:bb:03:d8:52:30:2d:87:ae:1e:95:fc:83:ad:82:1f:08:
         a1:6d:46:d7
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYzI344mqt7GeZN6KaduF92tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4Mjg1NDczYzk3OGNhNTFjZTU0NjlhYTRhZWRjYTE2NDQ1
YmQ2NTIwHhcNMjQwMTAyMDYzMjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDY3YmRhZmQ4ZjYzMWNlMzMwMDZkZTEyOGI1NDVjZmY1ZDg2MmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCRFJgIgjkR50hggR/kAtzK+SauL
3USThiYRuy3cmEuCPJyx7jvKVd8kFYzlq7GYI+ROznLdf2K6uCNDYW+gsUqnGMUB
X/55KT/Q/fFJf1Mf7cwOLfj8S9VNplXto93AL3yuMFlrbMfN9onfCb4e88FckhCE
i81nFxB0QN6zN9VN0TcKpU0W1QX5gMRf0j0rcEBS2QeZGo2zuJWWA02Uray55nFW
UTGCBjElMgTcGH9xgmlgO7cp09H3q99IWr3dbcYwGKjSgO7F0JLwZ6gjQsWsZAPB
v4Np5AEm+sXXoz8xReBGcS+QnZ6Jqc6XSXqlOfpsOaI9JEN0IwMh8rocxwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFNRnva/Y9jHOMwBt4Si1Rc/12GKsMB8GA1UdIwQY
MBaAFAgoVHPJeMpRzlRpqkrtyhZEW9ZSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0NoVWM4bDR5bEhPVkdtcVN1M0tGa1JiMWxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9iZmI0ZjItODg3YS00MDEzLWE4Zjgt
OGUzMDBlZmQxM2JjLzEvMUdlOXI5ajJNYzR6QUczaEtMVkZ6X1hZWXF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9iZmI0ZjItODg3YS00MDEzLWE4ZjgtOGUzMDBlZmQxM2Jj
LzEvQ0NoVWM4bDR5bEhPVkdtcVN1M0tGa1JiMWxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDA7BAIAATA1AwQHHxaAAwQH
LjIAAwQFU9/gAwQGWNaAAwMAWdYDBAdc+gADBAdfRQADBAK5XGADBAe8jAAwDQQC
AAIwBwMFACoCCHAwDQYJKoZIhvcNAQELBQADggEBACQVwzqkPExsjMvc/NYkeZ5U
KhYHCFIjc5hwbXrhm1Ol3RIKqLDrSJ2tNO/6lxOZMdogcMCaqzVKOGuxtr1VgxrU
ALTHNUdoJPP7bFjMT9zDab9uqH9cfjwiUn6WqynJUv8v3ZOyXqVEjus1a7oOX7YY
nR5XhUd4gkFVxWlulcOkC+Rd6fSdyk4WQRplIKNrX893F6QBbV2+vRKVg9um+SO4
G90nOHYcOyHvegyVKFmizbF7qh0vh2FNqYG+E5130SAYiAWV1jguHcn1rZLR7qqg
E6bgG0TNxyFCRvEMELM3hNNL2qdJIrjoTe1nuwPYUjAth64elfyDrYIfCKFtRtc=
-----END CERTIFICATE-----