Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/e0b67e-2690-4a88-9d16-22e98de26106/1/NZHO34bqJfGJUB8RwfDmJN0gvaA.roa
File:                     NZHO34bqJfGJUB8RwfDmJN0gvaA.roa (raw, json)
Hash identifier:          OedtxVExMyxorQN7jxrSNbTMp9qKjCp4QQNIG6pRcVQ=
Subject key identifier:   35:91:CE:DF:86:EA:25:F1:89:50:1F:11:C1:F0:E6:24:DD:20:BD:A0
Certificate issuer:       /CN=2ee56d4d7b1d1a06ce89f746f79b656c7348c525
Certificate serial:       018CC56EFA6104D8BFD42B34AE5EA1BCB181
Authority key identifier: 2E:E5:6D:4D:7B:1D:1A:06:CE:89:F7:46:F7:9B:65:6C:73:48:C5:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LuVtTXsdGgbOifdG95tlbHNIxSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/e0b67e-2690-4a88-9d16-22e98de26106/1/NZHO34bqJfGJUB8RwfDmJN0gvaA.roa
Signing time:             Mon 01 Jan 2024 14:30:33 +0000
ROA not before:           Mon 01 Jan 2024 14:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203507
IP address blocks:        193.28.13.0/24 maxlen: 24
                          185.123.226.0/23 maxlen: 23
                          185.123.226.0/24 maxlen: 24
                          185.123.224.0/22 maxlen: 22
                          185.123.224.0/23 maxlen: 23
                          185.123.224.0/24 maxlen: 24
                          185.123.225.0/24 maxlen: 24
                          185.123.227.0/24 maxlen: 24
                          5.104.152.0/22 maxlen: 22
                          195.245.199.0/24 maxlen: 24
                          212.79.224.0/19 maxlen: 19
                          2a06:e380:8000::/36 maxlen: 36
                          2a06:e380::/36 maxlen: 36
                          2a06:e380:8000::/48 maxlen: 48
                          2a06:e380::/48 maxlen: 48
                          2a06:e380:8001::/48 maxlen: 48
                          2a06:e380:1::/48 maxlen: 48
                          2a06:e380::/29 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:fa:61:04:d8:bf:d4:2b:34:ae:5e:a1:bc:b1:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ee56d4d7b1d1a06ce89f746f79b656c7348c525
        Validity
            Not Before: Jan  1 14:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3591cedf86ea25f189501f11c1f0e624dd20bda0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:70:99:99:1a:99:83:3c:ce:40:79:f7:1a:98:
                    89:a9:83:be:63:9b:b0:56:c9:b4:23:48:8d:49:44:
                    51:e5:88:16:a5:21:80:03:b6:7f:9f:a9:2f:99:b4:
                    c0:f0:60:d8:95:f8:78:a0:32:6d:02:ab:c8:75:5d:
                    ef:34:18:91:5b:1b:fe:7d:43:8a:a2:c2:78:90:3e:
                    90:a5:a9:f5:79:cb:18:7c:65:d8:8d:50:ee:5f:f2:
                    83:9a:96:a9:13:52:e6:d9:da:b9:e3:45:38:59:43:
                    b5:cc:4b:9d:ec:25:a5:27:ea:6c:01:76:75:30:5d:
                    63:b1:5f:a7:ce:0a:3d:e7:c4:d8:dd:07:1d:b3:d9:
                    94:9d:ed:3b:0f:5b:78:16:bb:ee:b4:a0:c7:09:10:
                    83:a8:3b:52:5a:39:e0:0e:be:5f:cd:c0:f1:12:0f:
                    19:87:9b:dc:6d:d7:e1:29:57:a1:03:58:93:e7:9c:
                    fc:c9:ec:16:1a:9d:0b:65:4b:aa:06:c8:13:2b:6a:
                    c7:51:43:f4:2a:8f:21:3d:10:98:37:8c:e8:35:26:
                    85:08:db:6e:6e:de:b6:0c:dd:a4:94:c9:c4:38:50:
                    ac:45:8a:6d:5b:6c:10:2d:8a:3f:dd:22:ea:a0:3a:
                    98:2f:0f:2c:1b:21:9a:d3:22:4c:37:08:ad:85:43:
                    53:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:91:CE:DF:86:EA:25:F1:89:50:1F:11:C1:F0:E6:24:DD:20:BD:A0
            X509v3 Authority Key Identifier:
                keyid:2E:E5:6D:4D:7B:1D:1A:06:CE:89:F7:46:F7:9B:65:6C:73:48:C5:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LuVtTXsdGgbOifdG95tlbHNIxSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/e0b67e-2690-4a88-9d16-22e98de26106/1/NZHO34bqJfGJUB8RwfDmJN0gvaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/e0b67e-2690-4a88-9d16-22e98de26106/1/LuVtTXsdGgbOifdG95tlbHNIxSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.152.0/22
                  185.123.224.0/22
                  193.28.13.0/24
                  195.245.199.0/24
                  212.79.224.0/19
                IPv6:
                  2a06:e380::/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:c1:d3:1e:18:23:fa:13:44:fa:cd:26:a0:88:09:ff:d0:5a:
         e3:1f:78:eb:bd:9a:e6:16:c3:1e:c1:89:b5:8f:1d:43:6b:4b:
         b8:3c:45:61:b6:a4:1d:cf:00:47:dd:88:ae:37:34:8b:6d:7d:
         00:25:d9:79:05:56:1e:c0:1a:65:ce:fa:90:15:80:2f:13:8c:
         8d:b8:9b:e7:db:59:2b:47:5c:6e:70:39:b5:64:85:14:b7:42:
         a3:62:b1:95:cd:57:77:ac:5c:88:03:83:49:f4:06:8c:6b:03:
         6b:31:e5:01:2c:c4:f7:e4:cd:82:94:4c:de:a6:4d:9e:86:c1:
         a7:2e:a1:7a:c0:7e:7b:12:2b:97:ef:15:11:1b:e6:bc:32:45:
         81:3b:ac:95:62:33:d6:8a:af:28:65:ad:cd:72:89:21:ea:fe:
         bc:ef:fc:80:7c:fb:ae:fb:c6:dc:58:01:4c:45:3d:6c:d7:5e:
         ad:44:75:ec:2a:96:57:4c:79:b8:7b:eb:a5:48:1e:36:c6:0a:
         a2:b9:5d:5f:c2:ea:48:1d:ae:00:a4:3a:35:a3:54:6a:96:d7:
         99:25:e6:0c:c8:06:ff:2d:46:a2:4c:b8:e8:02:8a:8c:1a:d7:
         ec:76:ed:d3:27:31:ce:1f:69:3e:c1:f0:1a:6e:7d:af:d4:70:
         f3:6d:25:55
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzFbvphBNi/1Cs0rl6hvLGBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZTU2ZDRkN2IxZDFhMDZjZTg5Zjc0NmY3OWI2NTZjNzM0
OGM1MjUwHhcNMjQwMTAxMTQzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTkxY2VkZjg2ZWEyNWYxODk1MDFmMTFjMWYwZTYyNGRkMjBiZGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXCZmRqZgzzOQHn3GpiJqYO+Y5uw
Vsm0I0iNSURR5YgWpSGAA7Z/n6kvmbTA8GDYlfh4oDJtAqvIdV3vNBiRWxv+fUOK
osJ4kD6Qpan1ecsYfGXYjVDuX/KDmpapE1Lm2dq540U4WUO1zEud7CWlJ+psAXZ1
MF1jsV+nzgo958TY3Qcds9mUne07D1t4FrvutKDHCRCDqDtSWjngDr5fzcDxEg8Z
h5vcbdfhKVehA1iT55z8yewWGp0LZUuqBsgTK2rHUUP0Ko8hPRCYN4zoNSaFCNtu
bt62DN2klMnEOFCsRYptW2wQLYo/3SLqoDqYLw8sGyGa0yJMNwithUNTRwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFDWRzt+G6iXxiVAfEcHw5iTdIL2gMB8GA1UdIwQY
MBaAFC7lbU17HRoGzon3RvebZWxzSMUlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHVWdFRYc2RHZ2JPaWZkRzk1dGxiSE5JeFNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9lMGI2N2UtMjY5MC00YTg4LTlkMTYt
MjJlOThkZTI2MTA2LzEvTlpITzM0YnFKZkdKVUI4UndmRG1KTjBndmFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9lMGI2N2UtMjY5MC00YTg4LTlkMTYtMjJlOThkZTI2MTA2
LzEvTHVWdFRYc2RHZ2JPaWZkRzk1dGxiSE5JeFNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCBWiYAwQC
uXvgAwQAwRwNAwQAw/XHAwQF1E/gMA0EAgACMAcDBQMqBuOAMA0GCSqGSIb3DQEB
CwUAA4IBAQB/wdMeGCP6E0T6zSagiAn/0FrjH3jrvZrmFsMewYm1jx1Da0u4PEVh
tqQdzwBH3YiuNzSLbX0AJdl5BVYewBplzvqQFYAvE4yNuJvn21krR1xucDm1ZIUU
t0KjYrGVzVd3rFyIA4NJ9AaMawNrMeUBLMT35M2ClEzepk2ehsGnLqF6wH57EiuX
7xURG+a8MkWBO6yVYjPWiq8oZa3Ncokh6v687/yAfPuu+8bcWAFMRT1s116tRHXs
KpZXTHm4e+ulSB42xgqiuV1fwupIHa4ApDo1o1RqlteZJeYMyAb/LUaiTLjoAoqM
Gtfsdu3TJzHOH2k+wfAabn2v1HDzbSVV
-----END CERTIFICATE-----