Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3f6178-5fd3-403f-8fec-1a89ff11965e/1/Yy7EyL4jOYhS2ny07A-uohis4hw.roa
File:                     Yy7EyL4jOYhS2ny07A-uohis4hw.roa (raw, json)
Hash identifier:          939gAFuZ8T1J06oXgjy3uy3jHGyJvoFV29uIXoQOhss=
Subject key identifier:   63:2E:C4:C8:BE:23:39:88:52:DA:7C:B4:EC:0F:AE:A2:18:AC:E2:1C
Certificate issuer:       /CN=51ad6791b8dbe9c352bd64a9322172b41c4b2171
Certificate serial:       01942B8E13DCD626740BD6BCE1CCF2DA5A0F
Authority key identifier: 51:AD:67:91:B8:DB:E9:C3:52:BD:64:A9:32:21:72:B4:1C:4B:21:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ua1nkbjb6cNSvWSpMiFytBxLIXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3f6178-5fd3-403f-8fec-1a89ff11965e/1/Yy7EyL4jOYhS2ny07A-uohis4hw.roa
Signing time:             Fri 03 Jan 2025 09:45:18 +0000
ROA not before:           Fri 03 Jan 2025 09:45:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47790
IP address blocks:        91.206.210.0/24 maxlen: 24
                          91.206.211.0/24 maxlen: 24
                          91.224.216.0/23 maxlen: 24
                          91.226.196.0/24 maxlen: 24
                          91.226.197.0/24 maxlen: 24
                          91.230.8.0/24 maxlen: 24
                          91.230.9.0/24 maxlen: 24
                          185.48.28.0/23 maxlen: 24
                          185.48.30.0/24 maxlen: 24
                          185.142.160.0/22 maxlen: 24
                          185.142.160.0/24 maxlen: 24
                          185.142.161.0/24 maxlen: 24
                          185.142.162.0/24 maxlen: 24
                          185.142.163.0/24 maxlen: 24
                          185.152.120.0/24 maxlen: 24
                          185.152.121.0/24 maxlen: 24
                          185.152.122.0/24 maxlen: 24
                          185.152.123.0/24 maxlen: 24
                          2a14:7a80::/29 maxlen: 32
                          2a14:7a80::/30 maxlen: 30
                          2a14:7a84::/30 maxlen: 30

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:2b:8e:13:dc:d6:26:74:0b:d6:bc:e1:cc:f2:da:5a:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51ad6791b8dbe9c352bd64a9322172b41c4b2171
        Validity
            Not Before: Jan  3 09:45:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=632ec4c8be23398852da7cb4ec0faea218ace21c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:81:14:d8:5e:e8:18:86:6f:3a:2e:c3:9c:2f:
                    fa:bc:0d:a3:e4:f0:6e:90:cd:dd:81:fc:a0:00:e4:
                    74:9a:4a:0f:10:7b:c3:8f:ca:d9:5d:6f:06:ac:8e:
                    d2:8b:cc:0d:ae:ba:44:3f:b5:3c:49:5e:24:f5:3b:
                    4f:dc:bf:b7:f0:83:c1:35:89:05:e7:75:13:e3:df:
                    04:79:c1:b4:30:61:89:e9:31:da:8c:46:69:58:e5:
                    02:3b:76:4e:31:87:53:c7:96:46:51:fb:5c:cd:21:
                    26:90:cc:1d:73:97:bc:79:90:74:ae:c8:0f:3b:a3:
                    2d:a3:c7:cc:ab:44:14:8a:6a:c3:15:1e:77:00:a6:
                    f4:4e:7b:38:6e:a0:ea:0f:88:e2:cd:b1:b4:6e:14:
                    e9:d9:05:86:9d:48:da:be:64:b4:bc:df:cf:66:d6:
                    3b:79:3c:de:b5:34:e2:2f:eb:09:13:ef:64:3e:18:
                    95:34:09:73:3e:76:30:af:ab:e7:a8:12:77:c5:83:
                    fb:ff:d2:9d:d0:1a:0d:f2:47:03:01:81:44:9e:4d:
                    e1:59:97:2b:d5:ec:ff:79:30:b6:3b:89:e8:68:e1:
                    3d:b2:49:0e:9b:87:b8:58:b8:e7:5f:86:bd:56:8f:
                    74:c6:54:49:3f:d4:66:9f:4c:05:41:cb:b7:d4:c4:
                    65:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:2E:C4:C8:BE:23:39:88:52:DA:7C:B4:EC:0F:AE:A2:18:AC:E2:1C
            X509v3 Authority Key Identifier:
                keyid:51:AD:67:91:B8:DB:E9:C3:52:BD:64:A9:32:21:72:B4:1C:4B:21:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ua1nkbjb6cNSvWSpMiFytBxLIXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3f6178-5fd3-403f-8fec-1a89ff11965e/1/Yy7EyL4jOYhS2ny07A-uohis4hw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3f6178-5fd3-403f-8fec-1a89ff11965e/1/Ua1nkbjb6cNSvWSpMiFytBxLIXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.210.0/23
                  91.224.216.0/23
                  91.226.196.0/23
                  91.230.8.0/23
                  185.48.28.0-185.48.30.255
                  185.142.160.0/22
                  185.152.120.0/22
                IPv6:
                  2a14:7a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:b4:2d:7e:3b:22:d9:75:d0:ee:d0:52:d9:94:06:3c:d1:63:
         da:ea:0e:aa:dd:54:a7:1d:43:09:12:25:1f:cd:78:d6:d3:75:
         1b:74:53:c6:8a:94:93:fc:3a:88:a2:be:26:41:fc:f4:b4:b3:
         b4:f6:64:8c:4f:05:6f:c2:ff:dc:7d:27:4c:a2:17:d4:a1:8b:
         2c:e4:7c:b0:1a:ab:a1:ef:cd:2b:f1:61:6b:2c:75:3f:3d:75:
         7c:d9:75:5b:b5:2e:2d:14:83:dd:6b:25:ed:46:5e:89:c4:43:
         f7:e6:6a:b8:3f:3e:f6:48:0f:f5:d6:5c:78:11:69:6a:bc:35:
         fb:6b:bf:07:2b:38:a7:f7:74:bc:31:8d:44:0c:e3:b3:97:a7:
         75:f4:ee:7c:be:28:01:a5:a1:8d:49:03:41:30:9e:61:ec:79:
         5e:43:78:b7:46:fd:ba:0c:39:58:af:b6:0d:2d:97:45:39:06:
         7a:bf:63:c3:84:a5:92:cf:90:8a:1e:2b:5f:1e:61:15:66:9a:
         d6:4c:64:4e:70:8b:e8:ad:a3:44:d9:3f:41:3f:f3:01:08:16:
         bb:0e:35:e3:ba:49:5e:ac:76:ea:b5:7c:33:67:a8:2b:14:07:
         ee:95:30:81:cb:98:75:e5:c9:f5:09:74:aa:d0:b0:9e:e9:62:
         e2:11:b1:6e
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZQrjhPc1iZ0C9a84czy2loPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYWQ2NzkxYjhkYmU5YzM1MmJkNjRhOTMyMjE3MmI0MWM0
YjIxNzEwHhcNMjUwMTAzMDk0NTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzJlYzRjOGJlMjMzOTg4NTJkYTdjYjRlYzBmYWVhMjE4YWNlMjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+YEU2F7oGIZvOi7DnC/6vA2j5PBu
kM3dgfygAOR0mkoPEHvDj8rZXW8GrI7Si8wNrrpEP7U8SV4k9TtP3L+38IPBNYkF
53UT498EecG0MGGJ6THajEZpWOUCO3ZOMYdTx5ZGUftczSEmkMwdc5e8eZB0rsgP
O6Mto8fMq0QUimrDFR53AKb0Tns4bqDqD4jizbG0bhTp2QWGnUjavmS0vN/PZtY7
eTzetTTiL+sJE+9kPhiVNAlzPnYwr6vnqBJ3xYP7/9Kd0BoN8kcDAYFEnk3hWZcr
1ez/eTC2O4noaOE9skkOm4e4WLjnX4a9Vo90xlRJP9Rmn0wFQcu31MRlHQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFGMuxMi+IzmIUtp8tOwPrqIYrOIcMB8GA1UdIwQY
MBaAFFGtZ5G42+nDUr1kqTIhcrQcSyFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWExbmtiamI2Y05TdldTcE1pRnl0QnhMSVhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zZjYxNzgtNWZkMy00MDNmLThmZWMt
MWE4OWZmMTE5NjVlLzEvWXk3RXlMNGpPWWhTMm55MDdBLXVvaGlzNGh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zZjYxNzgtNWZkMy00MDNmLThmZWMtMWE4OWZmMTE5NjVl
LzEvVWExbmtiamI2Y05TdldTcE1pRnl0QnhMSVhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQBW87SAwQB
W+DYAwQBW+LEAwQBW+YIMAwDBAK5MBwDBAC5MB4DBAK5jqADBAK5mHgwDQQCAAIw
BwMFAyoUeoAwDQYJKoZIhvcNAQELBQADggEBADi0LX47Itl10O7QUtmUBjzRY9rq
DqrdVKcdQwkSJR/NeNbTdRt0U8aKlJP8OoiiviZB/PS0s7T2ZIxPBW/C/9x9J0yi
F9ShiyzkfLAaq6HvzSvxYWssdT89dXzZdVu1Li0Ug91rJe1GXonEQ/fmarg/PvZI
D/XWXHgRaWq8NftrvwcrOKf3dLwxjUQM47OXp3X07ny+KAGloY1JA0EwnmHseV5D
eLdG/boMOVivtg0tl0U5Bnq/Y8OEpZLPkIoeK18eYRVmmtZMZE5wi+ito0TZP0E/
8wEIFrsONeO6SV6sduq1fDNnqCsUB+6VMIHLmHXlyfUJdKrQsJ7pYuIRsW4=
-----END CERTIFICATE-----