Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/589eca-3f19-4e23-a3fb-3303f71622f9/1/m4a1cEqdcXA2gCo7-zPxjhTN7YQ.roa
File:                     m4a1cEqdcXA2gCo7-zPxjhTN7YQ.roa (raw, json)
Hash identifier:          cLQlIqsW74X+yjbGIRKVorJ6SndfJaS9nFEzRVxItYY=
Subject key identifier:   9B:86:B5:70:4A:9D:71:70:36:80:2A:3B:FB:33:F1:8E:14:CD:ED:84
Certificate issuer:       /CN=6e4067d77bfea99df25ce5e08a9213d1128014cf
Certificate serial:       018D40452C9AFD824377488737B7D50C2906
Authority key identifier: 6E:40:67:D7:7B:FE:A9:9D:F2:5C:E5:E0:8A:92:13:D1:12:80:14:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bkBn13v-qZ3yXOXgipIT0RKAFM8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/589eca-3f19-4e23-a3fb-3303f71622f9/1/m4a1cEqdcXA2gCo7-zPxjhTN7YQ.roa
Signing time:             Thu 25 Jan 2024 10:58:11 +0000
ROA not before:           Thu 25 Jan 2024 10:58:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56730
IP address blocks:        91.227.26.0/24 maxlen: 24
                          134.0.16.0/21 maxlen: 21
                          185.27.32.0/22 maxlen: 22
                          185.42.196.0/22 maxlen: 22
                          185.53.92.0/22 maxlen: 22
                          185.164.44.0/22 maxlen: 22
                          188.114.112.0/21 maxlen: 21
                          188.114.112.0/24 maxlen: 24
                          2a03:b980::/32 maxlen: 32
                          2a03:b980:200::/40 maxlen: 40

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:40:45:2c:9a:fd:82:43:77:48:87:37:b7:d5:0c:29:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e4067d77bfea99df25ce5e08a9213d1128014cf
        Validity
            Not Before: Jan 25 10:58:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b86b5704a9d717036802a3bfb33f18e14cded84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f9:94:50:1a:f9:4d:ed:6f:07:ce:31:12:36:
                    84:2b:d8:60:f8:45:48:af:93:9b:dd:44:ff:05:23:
                    90:a1:9b:6c:89:b9:c6:9d:e9:ff:c0:96:8c:c0:e7:
                    d0:ef:48:2d:f4:f5:64:c0:ea:9b:32:ff:5e:c8:c9:
                    5d:df:49:1b:15:a4:17:aa:91:58:ef:be:67:fb:0e:
                    c2:de:36:14:8b:01:e2:10:66:35:11:8d:a1:be:d1:
                    9b:bf:22:b0:9d:ed:58:8c:87:62:12:04:27:54:3c:
                    1a:d6:33:63:48:ba:75:d2:ca:e3:c1:ae:b7:13:8c:
                    4a:0b:df:a8:f1:e1:08:37:82:8c:50:d0:01:6a:03:
                    4e:c1:42:45:45:a4:f9:0c:ea:42:1f:a9:73:36:9a:
                    bb:d7:0a:e1:6d:c8:77:52:43:5b:63:01:e3:4b:f6:
                    78:0a:04:cc:65:a4:61:b3:f9:8b:17:a6:5e:68:ef:
                    cb:0d:6e:d4:64:00:90:f7:77:fd:0e:32:6f:81:b9:
                    cc:cc:3a:f3:41:40:e3:14:d9:95:c9:ba:3b:c7:ec:
                    f1:aa:89:18:a9:ad:79:f3:61:c6:58:b6:ba:2c:3a:
                    3f:be:c5:ea:78:3f:28:1a:9b:f9:a8:06:53:21:36:
                    cb:72:95:69:72:13:e5:c6:8c:e2:3e:0d:09:72:9d:
                    4b:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:86:B5:70:4A:9D:71:70:36:80:2A:3B:FB:33:F1:8E:14:CD:ED:84
            X509v3 Authority Key Identifier:
                keyid:6E:40:67:D7:7B:FE:A9:9D:F2:5C:E5:E0:8A:92:13:D1:12:80:14:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bkBn13v-qZ3yXOXgipIT0RKAFM8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/589eca-3f19-4e23-a3fb-3303f71622f9/1/m4a1cEqdcXA2gCo7-zPxjhTN7YQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/589eca-3f19-4e23-a3fb-3303f71622f9/1/bkBn13v-qZ3yXOXgipIT0RKAFM8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.26.0/24
                  134.0.16.0/21
                  185.27.32.0/22
                  185.42.196.0/22
                  185.53.92.0/22
                  185.164.44.0/22
                  188.114.112.0/21
                IPv6:
                  2a03:b980::/32

    Signature Algorithm: sha256WithRSAEncryption
         75:88:08:49:4a:b6:46:4b:b1:0f:29:b4:4f:82:1c:de:e0:04:
         65:86:76:5e:83:d7:b6:89:86:02:ab:03:d1:32:9a:a3:c0:56:
         73:40:e0:07:a8:85:40:a5:1e:0d:3a:c7:ec:8d:cd:cc:3a:90:
         71:99:94:31:2a:a6:1c:39:71:26:1e:32:e0:11:de:6f:36:a5:
         ee:08:f1:10:49:6a:bc:3e:58:03:af:7c:75:72:4a:46:cb:cd:
         d9:9e:a6:81:7e:a3:e6:10:d2:b3:ac:29:7d:38:57:ed:4f:f1:
         f8:43:06:2f:a7:48:11:5e:c2:0f:d8:f7:8a:cc:8e:4b:1d:c5:
         d2:3a:73:d3:39:ad:1c:0f:fd:2b:dc:6f:ca:46:7f:3c:9f:69:
         6c:c3:7c:a2:d1:ec:89:5d:c2:3b:e9:a7:96:1f:ef:a1:d2:b4:
         a5:cc:f0:9c:9d:63:c8:e6:51:6c:87:63:30:a5:2f:1f:fb:2a:
         dd:da:68:a0:a7:c5:ba:90:16:47:fe:2b:4f:b2:8a:4c:f6:d3:
         13:a7:44:ab:49:98:52:5a:ed:9a:72:13:79:a3:e6:69:53:7e:
         1d:4d:ec:74:26:58:c2:fa:ac:df:4d:87:d1:a7:c5:4c:b7:65:
         ed:de:3d:77:e2:83:d8:8b:b2:13:8a:55:ca:58:59:0f:7e:90:
         02:97:0e:44
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAY1ARSya/YJDd0iHN7fVDCkGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlNDA2N2Q3N2JmZWE5OWRmMjVjZTVlMDhhOTIxM2QxMTI4
MDE0Y2YwHhcNMjQwMTI1MTA1ODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yjg2YjU3MDRhOWQ3MTcwMzY4MDJhM2JmYjMzZjE4ZTE0Y2RlZDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfmUUBr5Te1vB84xEjaEK9hg+EVI
r5Ob3UT/BSOQoZtsibnGnen/wJaMwOfQ70gt9PVkwOqbMv9eyMld30kbFaQXqpFY
775n+w7C3jYUiwHiEGY1EY2hvtGbvyKwne1YjIdiEgQnVDwa1jNjSLp10srjwa63
E4xKC9+o8eEIN4KMUNABagNOwUJFRaT5DOpCH6lzNpq71wrhbch3UkNbYwHjS/Z4
CgTMZaRhs/mLF6ZeaO/LDW7UZACQ93f9DjJvgbnMzDrzQUDjFNmVybo7x+zxqokY
qa1582HGWLa6LDo/vsXqeD8oGpv5qAZTITbLcpVpchPlxoziPg0Jcp1L5QIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFJuGtXBKnXFwNoAqO/sz8Y4Uze2EMB8GA1UdIwQY
MBaAFG5AZ9d7/qmd8lzl4IqSE9ESgBTPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmtCbjEzdi1xWjN5WE9YZ2lwSVQwUktBRk04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC81ODllY2EtM2YxOS00ZTIzLWEzZmIt
MzMwM2Y3MTYyMmY5LzEvbTRhMWNFcWRjWEEyZ0NvNy16UHhqaFRON1lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC81ODllY2EtM2YxOS00ZTIzLWEzZmItMzMwM2Y3MTYyMmY5
LzEvYmtCbjEzdi1xWjN5WE9YZ2lwSVQwUktBRk04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQAW+MaAwQD
hgAQAwQCuRsgAwQCuSrEAwQCuTVcAwQCuaQsAwQDvHJwMA0EAgACMAcDBQAqA7mA
MA0GCSqGSIb3DQEBCwUAA4IBAQB1iAhJSrZGS7EPKbRPghze4ARlhnZeg9e2iYYC
qwPRMpqjwFZzQOAHqIVApR4NOsfsjc3MOpBxmZQxKqYcOXEmHjLgEd5vNqXuCPEQ
SWq8PlgDr3x1ckpGy83ZnqaBfqPmENKzrCl9OFftT/H4QwYvp0gRXsIP2PeKzI5L
HcXSOnPTOa0cD/0r3G/KRn88n2lsw3yi0eyJXcI76aeWH++h0rSlzPCcnWPI5lFs
h2MwpS8f+yrd2migp8W6kBZH/itPsopM9tMTp0SrSZhSWu2achN5o+ZpU34dTex0
JljC+qzfTYfRp8VMt2Xt3j134oPYi7ITilXKWFkPfpAClw5E
-----END CERTIFICATE-----