Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/3da6fd-5f10-4058-bc02-23724bab2227/1/p9ItdLtiYL4LWX5NZZnUSYwNxz8.roa
File:                     p9ItdLtiYL4LWX5NZZnUSYwNxz8.roa (raw, json)
Hash identifier:          c3ouMCi1srY/NIddYqnssOpjDGBDizKKZ8LNdOn0Anc=
Subject key identifier:   A7:D2:2D:74:BB:62:60:BE:0B:59:7E:4D:65:99:D4:49:8C:0D:C7:3F
Certificate issuer:       /CN=8194ea3ced4f13710d34044cfcb3d1d56c550862
Certificate serial:       01961ED44DA27FED9EF54DFE9EB010EC6880
Authority key identifier: 81:94:EA:3C:ED:4F:13:71:0D:34:04:4C:FC:B3:D1:D5:6C:55:08:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZTqPO1PE3ENNARM_LPR1WxVCGI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/3da6fd-5f10-4058-bc02-23724bab2227/1/p9ItdLtiYL4LWX5NZZnUSYwNxz8.roa
Signing time:             Thu 10 Apr 2025 08:32:31 +0000
ROA not before:           Thu 10 Apr 2025 08:32:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198760
IP address blocks:        37.221.232.0/21 maxlen: 24
                          45.157.216.0/22 maxlen: 24
                          87.236.162.0/24 maxlen: 24
                          89.21.68.0/22 maxlen: 24
                          157.97.80.0/22 maxlen: 24
                          185.25.24.0/22 maxlen: 24
                          185.163.252.0/22 maxlen: 24
                          185.208.116.0/22 maxlen: 24
                          185.228.116.0/22 maxlen: 24
                          185.236.116.0/22 maxlen: 24
                          185.241.88.0/22 maxlen: 24
                          193.254.32.0/20 maxlen: 24
                          2a04:c80::/29 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1e:d4:4d:a2:7f:ed:9e:f5:4d:fe:9e:b0:10:ec:68:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8194ea3ced4f13710d34044cfcb3d1d56c550862
        Validity
            Not Before: Apr 10 08:32:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7d22d74bb6260be0b597e4d6599d4498c0dc73f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:5f:a2:19:bd:20:b6:89:34:e8:1c:84:ae:c8:
                    4e:3f:7f:58:26:aa:c9:d4:e3:16:41:15:dc:1a:1a:
                    fd:05:11:cb:60:b1:29:f8:22:89:98:bf:d0:4f:bb:
                    95:7d:b3:1d:6a:f6:54:a8:bb:45:49:ac:fd:ff:20:
                    c3:03:92:37:af:e6:b2:02:52:0f:2d:b7:69:9c:1b:
                    ac:63:49:63:18:20:d1:fb:5f:64:0c:67:69:c3:ea:
                    73:7a:6d:8a:03:6a:e9:79:e4:a8:89:7d:c1:1c:c8:
                    34:98:8e:fb:ff:69:e3:04:26:db:f2:ac:98:48:f5:
                    e4:93:86:bd:9b:89:31:26:ed:2c:14:ff:23:6b:fc:
                    46:80:0f:3a:5d:63:0d:3f:77:6b:5d:51:3d:ba:41:
                    d6:c6:15:56:bf:00:0c:4c:12:77:6c:f8:77:c2:16:
                    6e:f3:77:fc:be:6f:5f:38:8b:c9:1a:f0:bb:6e:ba:
                    77:07:79:64:50:81:e6:17:44:39:dc:29:7a:d5:6c:
                    bb:6d:aa:7f:e5:89:76:fc:87:a5:55:0a:ac:05:f9:
                    57:78:fe:b3:2b:4c:c8:34:6d:8c:c5:b4:43:76:c7:
                    74:4c:8d:ed:8f:e3:6a:6e:d0:23:df:f1:5b:e2:f8:
                    67:a5:a5:0c:7f:8e:27:af:4f:bc:a3:69:86:a9:73:
                    93:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:D2:2D:74:BB:62:60:BE:0B:59:7E:4D:65:99:D4:49:8C:0D:C7:3F
            X509v3 Authority Key Identifier:
                keyid:81:94:EA:3C:ED:4F:13:71:0D:34:04:4C:FC:B3:D1:D5:6C:55:08:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZTqPO1PE3ENNARM_LPR1WxVCGI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3da6fd-5f10-4058-bc02-23724bab2227/1/p9ItdLtiYL4LWX5NZZnUSYwNxz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3da6fd-5f10-4058-bc02-23724bab2227/1/gZTqPO1PE3ENNARM_LPR1WxVCGI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.232.0/21
                  45.157.216.0/22
                  87.236.162.0/24
                  89.21.68.0/22
                  157.97.80.0/22
                  185.25.24.0/22
                  185.163.252.0/22
                  185.208.116.0/22
                  185.228.116.0/22
                  185.236.116.0/22
                  185.241.88.0/22
                  193.254.32.0/20
                IPv6:
                  2a04:c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:d6:2f:04:5c:f5:a1:63:e4:61:aa:5e:db:c3:b5:23:cf:a6:
         a8:40:63:33:ca:47:58:10:83:33:77:c4:4e:1d:8e:9b:cd:f8:
         8b:1a:28:65:30:ef:ea:b3:0a:6b:8d:98:31:43:8d:fa:ec:55:
         b9:26:ff:3b:3a:62:8f:04:14:fb:ce:74:93:96:ff:e6:8a:c5:
         fe:e8:c3:8d:a7:eb:d3:f7:8d:10:75:c2:5f:af:89:4c:6f:01:
         30:78:ed:ee:e5:4a:57:74:27:f7:05:f1:bb:d9:fe:3a:a2:a8:
         62:0a:6b:f7:2d:bc:18:29:91:e1:f2:6a:24:a5:07:70:9c:9e:
         69:67:2a:31:b2:88:24:d7:b5:e9:3b:74:4f:bd:db:4d:6d:9c:
         47:a1:73:08:e2:99:04:83:4f:26:3c:6d:98:f1:ca:42:ad:a8:
         de:87:d8:41:52:c3:03:82:53:a1:82:c2:59:b8:80:fe:f9:a6:
         17:89:99:a2:8b:29:82:f1:8e:c8:3c:f5:a9:ee:6b:76:11:d0:
         45:9c:71:1b:95:ec:2d:ab:98:90:23:28:a1:26:6f:f9:ba:16:
         79:69:f1:6f:a0:47:28:58:18:34:f5:06:36:9d:42:ab:6f:ab:
         3d:fb:a3:51:f6:d1:26:f6:43:e8:73:39:2d:31:9b:fa:e7:07:
         0b:28:fa:3c
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAZYe1E2if+2e9U3+nrAQ7GiAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTRlYTNjZWQ0ZjEzNzEwZDM0MDQ0Y2ZjYjNkMWQ1NmM1
NTA4NjIwHhcNMjUwNDEwMDgzMjMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2QyMmQ3NGJiNjI2MGJlMGI1OTdlNGQ2NTk5ZDQ0OThjMGRjNzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6l+iGb0gtok06ByErshOP39YJqrJ
1OMWQRXcGhr9BRHLYLEp+CKJmL/QT7uVfbMdavZUqLtFSaz9/yDDA5I3r+ayAlIP
LbdpnBusY0ljGCDR+19kDGdpw+pzem2KA2rpeeSoiX3BHMg0mI77/2njBCbb8qyY
SPXkk4a9m4kxJu0sFP8ja/xGgA86XWMNP3drXVE9ukHWxhVWvwAMTBJ3bPh3whZu
83f8vm9fOIvJGvC7brp3B3lkUIHmF0Q53Cl61Wy7bap/5Yl2/IelVQqsBflXeP6z
K0zING2MxbRDdsd0TI3tj+NqbtAj3/Fb4vhnpaUMf44nr0+8o2mGqXOTOQIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFKfSLXS7YmC+C1l+TWWZ1EmMDcc/MB8GA1UdIwQY
MBaAFIGU6jztTxNxDTQETPyz0dVsVQhiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pUcVBPMVBFM0VOTkFSTV9MUFIxV3hWQ0dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zZGE2ZmQtNWYxMC00MDU4LWJjMDIt
MjM3MjRiYWIyMjI3LzEvcDlJdGRMdGlZTDRMV1g1TlpablVTWXdOeHo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zZGE2ZmQtNWYxMC00MDU4LWJjMDItMjM3MjRiYWIyMjI3
LzEvZ1pUcVBPMVBFM0VOTkFSTV9MUFIxV3hWQ0dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQDJd3oAwQC
LZ3YAwQAV+yiAwQCWRVEAwQCnWFQAwQCuRkYAwQCuaP8AwQCudB0AwQCueR0AwQC
uex0AwQCufFYAwQEwf4gMA0EAgACMAcDBQMqBAyAMA0GCSqGSIb3DQEBCwUAA4IB
AQBD1i8EXPWhY+Rhql7bw7Ujz6aoQGMzykdYEIMzd8ROHY6bzfiLGihlMO/qswpr
jZgxQ4367FW5Jv87OmKPBBT7znSTlv/misX+6MONp+vT940QdcJfr4lMbwEweO3u
5UpXdCf3BfG72f46oqhiCmv3LbwYKZHh8mokpQdwnJ5pZyoxsogk17XpO3RPvdtN
bZxHoXMI4pkEg08mPG2Y8cpCrajeh9hBUsMDglOhgsJZuID++aYXiZmiiymC8Y7I
PPWp7mt2EdBFnHEblewtq5iQIyihJm/5uhZ5afFvoEcoWBg09QY2nUKrb6s9+6NR
9tEm9kPoczktMZv65wcLKPo8
-----END CERTIFICATE-----