Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/EMXYEynUntG8ll4EW5Q-6Hk40TY.roa
File:                     EMXYEynUntG8ll4EW5Q-6Hk40TY.roa (raw, json)
Hash identifier:          Xpiy8GuGmhJYwB9WLtl0u6lzkUU+gwZPYmYDPQzDZdI=
Subject key identifier:   10:C5:D8:13:29:D4:9E:D1:BC:96:5E:04:5B:94:3E:E8:79:38:D1:36
Certificate issuer:       /CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
Certificate serial:       019422FB6A07C1FA84035922F5252E0875D5
Authority key identifier: 62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/EMXYEynUntG8ll4EW5Q-6Hk40TY.roa
Signing time:             Wed 01 Jan 2025 17:48:09 +0000
ROA not before:           Wed 01 Jan 2025 17:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137502
IP address blocks:        213.248.216.0/24 maxlen: 24
                          213.248.217.0/24 maxlen: 24
                          213.248.218.0/24 maxlen: 24
                          213.248.219.0/24 maxlen: 24
                          213.248.220.0/24 maxlen: 24
                          213.248.221.0/24 maxlen: 24
                          213.248.222.0/24 maxlen: 24
                          213.248.223.0/24 maxlen: 24
                          213.248.254.0/24 maxlen: 24
                          213.248.255.0/24 maxlen: 24
                          2a01:618:400::/48 maxlen: 48
                          2a01:618:401::/48 maxlen: 48
                          2a01:618:402::/48 maxlen: 48
                          2a01:618:403::/48 maxlen: 48
                          2a01:618:404::/48 maxlen: 48
                          2a01:618:405::/48 maxlen: 48
                          2a01:618:406::/48 maxlen: 48
                          2a01:618:407::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:6a:07:c1:fa:84:03:59:22:f5:25:2e:08:75:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
        Validity
            Not Before: Jan  1 17:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=10c5d81329d49ed1bc965e045b943ee87938d136
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:7f:e3:f2:75:55:90:13:1e:ea:06:8d:cc:1f:
                    b5:25:8c:a9:c0:c1:9c:95:e5:3f:91:1f:56:d6:30:
                    b9:13:b4:a2:6d:29:7b:30:fd:93:65:94:46:95:71:
                    f0:d9:d1:6c:a9:7d:4e:6d:93:38:40:a5:48:e5:06:
                    7d:ea:9e:27:c5:ee:8f:46:45:cc:0f:7a:82:36:1d:
                    22:2b:a7:ba:0e:82:15:d2:72:1e:3e:ac:8c:6f:e7:
                    be:ed:e8:26:c3:00:3c:7a:ea:45:bd:06:23:ad:53:
                    e1:69:a4:5d:e0:e2:1f:c6:a8:85:21:97:b5:08:be:
                    d8:60:e9:92:c0:a7:13:22:50:59:93:a2:04:f1:85:
                    2e:dc:9b:0e:32:c0:c4:84:3f:a4:d8:1e:a7:4e:1b:
                    39:62:89:6c:3c:8d:4d:50:90:d3:d7:71:53:18:86:
                    e4:33:64:fd:13:97:07:e4:ce:f7:e2:e5:c7:46:b2:
                    11:79:fc:82:80:50:13:3d:44:72:dc:38:f7:43:54:
                    98:2b:ab:4b:e5:24:b3:a1:4f:8b:66:7a:15:06:da:
                    46:03:82:61:15:66:55:df:ac:23:c5:0c:a6:ca:5d:
                    f4:38:4b:0b:bb:9f:81:84:06:0d:a3:97:1a:ec:64:
                    31:e4:63:59:43:ad:10:f9:79:ad:6e:a1:23:93:71:
                    9b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:C5:D8:13:29:D4:9E:D1:BC:96:5E:04:5B:94:3E:E8:79:38:D1:36
            X509v3 Authority Key Identifier:
                keyid:62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/EMXYEynUntG8ll4EW5Q-6Hk40TY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/Yi7MbMWQOuoNthIA9MzU-CTN1U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.248.216.0/21
                  213.248.254.0/23
                IPv6:
                  2a01:618:400::/45

    Signature Algorithm: sha256WithRSAEncryption
         21:73:a9:b3:b3:dd:ac:d2:61:fd:81:7e:d9:5c:d1:c5:1f:93:
         98:d9:17:87:8f:0a:78:7e:5b:15:c3:61:42:fc:c0:85:f2:37:
         41:39:8d:39:56:09:47:6f:4d:d4:96:1e:0a:6b:a9:bf:28:e2:
         39:35:d8:ad:c3:07:ff:92:69:59:9d:63:47:2b:c7:89:3a:e1:
         e2:45:c4:91:03:3c:f9:67:9f:3e:64:c8:11:a2:36:81:c3:72:
         79:32:56:6f:0e:ec:e6:0a:a6:f1:60:81:12:db:3b:66:b0:85:
         23:cc:eb:4c:e8:06:15:cb:11:b4:6b:41:4a:b1:e4:0c:1a:7f:
         cc:1b:23:97:68:83:5b:30:96:2f:6e:51:a3:3d:7b:33:81:fb:
         8d:ea:16:19:6e:43:73:89:0c:38:16:a9:f4:27:57:d5:69:5d:
         23:70:fb:e9:89:ef:5c:8b:55:2d:9f:55:a7:2f:43:a7:a0:e2:
         ca:58:30:5c:af:b9:fd:14:e9:a1:a8:25:ed:c4:74:38:39:96:
         8d:10:36:bb:eb:7c:e8:73:4a:1a:ca:98:da:e1:a2:d4:58:0a:
         e5:93:ac:7e:94:75:ce:c4:26:f4:03:0e:22:db:92:13:63:3a:
         cb:8e:2f:ed:3f:9b:a0:91:9a:12:d9:3b:85:49:26:35:7b:03:
         69:86:5b:19
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQi+2oHwfqEA1ki9SUuCHXVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMmVjYzZjYzU5MDNhZWEwZGI2MTIwMGY0Y2NkNGY4MjRj
ZGQ1NGYwHhcNMjUwMTAxMTc0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGM1ZDgxMzI5ZDQ5ZWQxYmM5NjVlMDQ1Yjk0M2VlODc5MzhkMTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1H/j8nVVkBMe6gaNzB+1JYypwMGc
leU/kR9W1jC5E7SibSl7MP2TZZRGlXHw2dFsqX1ObZM4QKVI5QZ96p4nxe6PRkXM
D3qCNh0iK6e6DoIV0nIePqyMb+e+7egmwwA8eupFvQYjrVPhaaRd4OIfxqiFIZe1
CL7YYOmSwKcTIlBZk6IE8YUu3JsOMsDEhD+k2B6nThs5YolsPI1NUJDT13FTGIbk
M2T9E5cH5M734uXHRrIRefyCgFATPURy3Dj3Q1SYK6tL5SSzoU+LZnoVBtpGA4Jh
FWZV36wjxQymyl30OEsLu5+BhAYNo5ca7GQx5GNZQ60Q+XmtbqEjk3GbxQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFBDF2BMp1J7RvJZeBFuUPuh5ONE2MB8GA1UdIwQY
MBaAFGIuzGzFkDrqDbYSAPTM1PgkzdVPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUt
MzQ2MzY4ODI3ZTY4LzEvRU1YWUV5blVudEc4bGw0RVc1US02SGs0MFRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUtMzQ2MzY4ODI3ZTY4
LzEvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQD1fjYAwQB
1fj+MA8EAgACMAkDBwMqAQYYBAAwDQYJKoZIhvcNAQELBQADggEBACFzqbOz3azS
Yf2Bftlc0cUfk5jZF4ePCnh+WxXDYUL8wIXyN0E5jTlWCUdvTdSWHgprqb8o4jk1
2K3DB/+SaVmdY0crx4k64eJFxJEDPPlnnz5kyBGiNoHDcnkyVm8O7OYKpvFggRLb
O2awhSPM60zoBhXLEbRrQUqx5Awaf8wbI5dog1swli9uUaM9ezOB+43qFhluQ3OJ
DDgWqfQnV9VpXSNw++mJ71yLVS2fVacvQ6eg4spYMFyvuf0U6aGoJe3EdDg5lo0Q
NrvrfOhzShrKmNrhotRYCuWTrH6Udc7EJvQDDiLbkhNjOsuOL+0/m6CRmhLZO4VJ
JjV7A2mGWxk=
-----END CERTIFICATE-----