Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/jwz6PrQFhFvB8Ouuwat3y2nONuA.roa
File:                     jwz6PrQFhFvB8Ouuwat3y2nONuA.roa (raw, json)
Hash identifier:          TxTry85XsPky+PSHHeTZJCkAX90hbYBwkf2e2x38QSo=
Subject key identifier:   8F:0C:FA:3E:B4:05:84:5B:C1:F0:EB:AE:C1:AB:77:CB:69:CE:36:E0
Certificate issuer:       /CN=1c390bff65dcedca813d7a10d7ec328c2f6eac34
Certificate serial:       019420686C1FA34B96157D9C0EDBD6CD83F9
Authority key identifier: 1C:39:0B:FF:65:DC:ED:CA:81:3D:7A:10:D7:EC:32:8C:2F:6E:AC:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/jwz6PrQFhFvB8Ouuwat3y2nONuA.roa
Signing time:             Wed 01 Jan 2025 05:48:21 +0000
ROA not before:           Wed 01 Jan 2025 05:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201612
IP address blocks:        193.46.128.0/24 maxlen: 24
                          193.46.129.0/24 maxlen: 24
                          193.46.130.0/24 maxlen: 24
                          193.46.131.0/24 maxlen: 24
                          193.46.132.0/24 maxlen: 24
                          193.46.133.0/24 maxlen: 24
                          193.46.134.0/24 maxlen: 24
                          193.46.135.0/24 maxlen: 24
                          194.0.24.0/24 maxlen: 24
                          194.0.25.0/24 maxlen: 24
                          194.0.26.0/24 maxlen: 24
                          2001:678:20::/48 maxlen: 48
                          2001:678:24::/48 maxlen: 48
                          2001:67c:1bc::/48 maxlen: 48
                          2a02:850:ffe0::/48 maxlen: 48
                          2a02:850:ffe1::/48 maxlen: 48
                          2a02:850:ffe2::/48 maxlen: 48
                          2a02:850:ffe3::/48 maxlen: 48
                          2a02:850:ffe4::/48 maxlen: 48
                          2a02:850:ffe5::/48 maxlen: 48
                          2a02:850:ffe6::/48 maxlen: 48
                          2a02:850:ffe7::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:6c:1f:a3:4b:96:15:7d:9c:0e:db:d6:cd:83:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c390bff65dcedca813d7a10d7ec328c2f6eac34
        Validity
            Not Before: Jan  1 05:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f0cfa3eb405845bc1f0ebaec1ab77cb69ce36e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ef:5d:c9:b1:cf:b0:c6:74:b4:fa:a8:69:da:
                    23:9f:7e:a4:a1:26:fb:5d:87:c9:c0:a0:36:39:2b:
                    16:a1:50:9c:41:9e:61:9f:39:e3:e0:c9:1e:9f:db:
                    05:88:97:7f:ee:98:4f:b7:bf:a8:6c:78:56:54:e1:
                    34:28:ea:cd:7d:39:09:48:4e:45:27:80:1a:7f:a5:
                    a3:9e:e7:43:f7:a6:68:5f:7a:5c:49:d7:b5:2c:3f:
                    06:f4:74:b7:5d:1c:a4:5a:d2:2c:9c:48:c4:0a:cf:
                    08:1b:48:cd:ce:9f:86:31:4b:ca:0c:26:9f:3f:30:
                    17:12:97:1c:d0:a8:36:77:c2:de:81:24:89:db:a1:
                    60:5f:b1:33:b0:6f:b9:4b:14:2d:76:ee:fe:42:2a:
                    6a:c5:96:78:88:41:da:4e:fa:31:e7:d9:9e:bf:65:
                    6a:e7:e9:86:48:bf:9e:a3:a9:64:53:fd:c4:80:13:
                    67:d6:d7:db:34:06:7e:60:bd:0f:30:de:97:64:06:
                    39:07:42:45:b0:ed:4e:cf:80:45:46:78:da:91:7a:
                    9a:74:01:8e:33:34:a2:da:2b:a2:d5:26:3f:cb:73:
                    05:50:af:58:4a:d0:78:98:da:5e:01:71:41:9e:e2:
                    44:b5:81:f1:1d:18:51:94:d7:05:6a:6d:8b:41:7b:
                    18:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:0C:FA:3E:B4:05:84:5B:C1:F0:EB:AE:C1:AB:77:CB:69:CE:36:E0
            X509v3 Authority Key Identifier:
                keyid:1C:39:0B:FF:65:DC:ED:CA:81:3D:7A:10:D7:EC:32:8C:2F:6E:AC:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/jwz6PrQFhFvB8Ouuwat3y2nONuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.128.0/21
                  194.0.24.0-194.0.26.255
                IPv6:
                  2001:678:20::/48
                  2001:678:24::/48
                  2001:67c:1bc::/48
                  2a02:850:ffe0::/45

    Signature Algorithm: sha256WithRSAEncryption
         09:8d:79:e2:d8:a5:db:c7:08:48:5d:39:6e:0d:fb:2a:cb:09:
         35:56:45:d3:15:63:81:3b:1d:81:8e:fd:89:62:53:7f:4b:02:
         67:08:d1:ae:03:07:ff:8b:77:af:d8:a5:52:2c:73:80:ac:4e:
         b6:eb:a0:27:68:a3:1a:d3:c9:01:54:67:56:cb:54:73:77:cd:
         58:31:dc:81:f8:fe:e0:c7:b5:4f:9c:fb:6d:b8:03:28:eb:30:
         45:87:6b:29:50:4b:65:03:41:c2:77:85:4c:21:83:18:ac:4e:
         aa:7d:35:11:dc:b2:4c:3d:6e:b2:2d:77:75:c0:9d:52:53:4c:
         a9:5f:f2:b0:35:e5:b9:15:52:14:3f:90:68:27:60:f1:79:b0:
         30:31:03:a3:44:0c:c6:6f:03:87:f9:80:43:4b:91:9b:d9:bc:
         60:d4:62:32:09:aa:d4:4b:44:12:bd:78:ec:27:02:86:99:8d:
         15:f3:ee:17:19:66:c7:0d:75:17:46:db:32:1e:f0:e6:42:25:
         50:8c:10:c3:66:ad:87:d6:76:ea:8a:26:21:12:2d:44:04:25:
         6c:24:3f:52:bf:24:e5:64:a9:e1:5c:ab:da:c0:32:0e:e6:d9:
         91:06:10:7b:c4:32:b6:98:c6:09:00:23:fe:03:c3:4f:e7:5e:
         dc:8e:f9:e1
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZQgaGwfo0uWFX2cDtvWzYP5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMzkwYmZmNjVkY2VkY2E4MTNkN2ExMGQ3ZWMzMjhjMmY2
ZWFjMzQwHhcNMjUwMTAxMDU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjBjZmEzZWI0MDU4NDViYzFmMGViYWVjMWFiNzdjYjY5Y2UzNmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyO9dybHPsMZ0tPqoadojn36koSb7
XYfJwKA2OSsWoVCcQZ5hnznj4Mken9sFiJd/7phPt7+obHhWVOE0KOrNfTkJSE5F
J4Aaf6WjnudD96ZoX3pcSde1LD8G9HS3XRykWtIsnEjECs8IG0jNzp+GMUvKDCaf
PzAXEpcc0Kg2d8LegSSJ26FgX7EzsG+5SxQtdu7+QipqxZZ4iEHaTvox59mev2Vq
5+mGSL+eo6lkU/3EgBNn1tfbNAZ+YL0PMN6XZAY5B0JFsO1Oz4BFRnjakXqadAGO
MzSi2iui1SY/y3MFUK9YStB4mNpeAXFBnuJEtYHxHRhRlNcFam2LQXsYmQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFI8M+j60BYRbwfDrrsGrd8tpzjbgMB8GA1UdIwQY
MBaAFBw5C/9l3O3KgT16ENfsMowvbqw0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSERrTF8yWGM3Y3FCUFhvUTEtd3lqQzl1ckRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zNDgxMDQtOGE0MS00OTQ5LTg1NTIt
YTk3NjVlZGM3OTVjLzEvand6NlByUUZoRnZCOE91dXdhdDN5Mm5PTnVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zNDgxMDQtOGE0MS00OTQ5LTg1NTItYTk3NjVlZGM3OTVj
LzEvSERrTF8yWGM3Y3FCUFhvUTEtd3lqQzl1ckRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAaBAIAATAUAwQDwS6AMAwD
BAPCABgDBADCABowKgQCAAIwJAMHACABBngAIAMHACABBngAJAMHACABBnwBvAMH
AyoCCFD/4DANBgkqhkiG9w0BAQsFAAOCAQEACY154til28cISF05bg37KssJNVZF
0xVjgTsdgY79iWJTf0sCZwjRrgMH/4t3r9ilUixzgKxOtuugJ2ijGtPJAVRnVstU
c3fNWDHcgfj+4Me1T5z7bbgDKOswRYdrKVBLZQNBwneFTCGDGKxOqn01EdyyTD1u
si13dcCdUlNMqV/ysDXluRVSFD+QaCdg8XmwMDEDo0QMxm8Dh/mAQ0uRm9m8YNRi
Mgmq1EtEEr147CcChpmNFfPuFxlmxw11F0bbMh7w5kIlUIwQw2ath9Z26oomIRIt
RAQlbCQ/Ur8k5WSp4Vyr2sAyDubZkQYQe8QytpjGCQAj/gPDT+de3I754Q==
-----END CERTIFICATE-----