Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/3da6fd-5f10-4058-bc02-23724bab2227/1/qWPaFespItyNWiYubELRVUQ5C4c.roa
File:                     qWPaFespItyNWiYubELRVUQ5C4c.roa (raw, json)
Hash identifier:          Vkd5/efFHp3iBTfEZRqSFj07kvYN0eI3TiFntZvj23s=
Subject key identifier:   A9:63:DA:15:EB:29:22:DC:8D:5A:26:2E:6C:42:D1:55:44:39:0B:87
Certificate issuer:       /CN=8194ea3ced4f13710d34044cfcb3d1d56c550862
Certificate serial:       019518E4CCF54E114C804393E0F4E9A30E51
Authority key identifier: 81:94:EA:3C:ED:4F:13:71:0D:34:04:4C:FC:B3:D1:D5:6C:55:08:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZTqPO1PE3ENNARM_LPR1WxVCGI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/3da6fd-5f10-4058-bc02-23724bab2227/1/qWPaFespItyNWiYubELRVUQ5C4c.roa
Signing time:             Tue 18 Feb 2025 11:50:02 +0000
ROA not before:           Tue 18 Feb 2025 11:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198760
IP address blocks:        37.221.232.0/21 maxlen: 24
                          45.157.216.0/22 maxlen: 24
                          87.236.162.0/24 maxlen: 24
                          89.21.68.0/22 maxlen: 24
                          185.25.24.0/22 maxlen: 24
                          185.163.252.0/22 maxlen: 24
                          185.208.116.0/22 maxlen: 24
                          185.228.116.0/22 maxlen: 24
                          185.236.116.0/22 maxlen: 24
                          185.241.88.0/22 maxlen: 24
                          193.254.32.0/20 maxlen: 24
                          2a04:c80::/29 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:18:e4:cc:f5:4e:11:4c:80:43:93:e0:f4:e9:a3:0e:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8194ea3ced4f13710d34044cfcb3d1d56c550862
        Validity
            Not Before: Feb 18 11:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a963da15eb2922dc8d5a262e6c42d15544390b87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:71:61:61:f8:d7:1e:32:37:c9:66:10:6b:79:
                    5f:08:26:8f:7e:09:79:74:81:8e:46:fa:9b:a2:6b:
                    2f:f2:36:24:e7:1f:1e:7b:bd:37:43:4f:9a:0c:fb:
                    d1:da:d3:f8:c9:33:34:76:0d:47:88:9a:76:e4:6f:
                    f8:06:39:bb:b9:8e:5d:0d:41:64:09:d1:22:09:f9:
                    93:9a:3d:3a:53:70:58:7f:cb:b4:d6:83:0e:d7:5a:
                    85:e1:2a:3e:4b:6a:c4:d6:2d:76:07:53:65:92:01:
                    44:ce:63:df:3b:59:da:7c:72:4e:5b:73:bb:8e:c3:
                    07:8d:22:d6:42:32:ea:8d:86:21:00:c2:2e:fe:e2:
                    78:6c:db:6f:f7:a3:a1:fd:ce:c8:7b:a1:f5:5d:36:
                    77:e7:27:9c:af:b3:a4:26:01:bf:b0:0a:56:fd:f0:
                    b9:8b:f0:6a:55:0d:ba:2d:76:a3:cf:4b:ac:8c:e5:
                    f2:22:fe:6e:40:59:e6:76:f7:2b:bc:73:78:a3:d5:
                    84:ec:c3:cd:65:c3:49:ba:8f:2f:14:cd:ad:13:65:
                    a3:87:eb:23:4a:cd:0e:6a:1c:7b:67:72:68:be:31:
                    cf:9b:dc:37:6c:33:ad:52:b3:76:7d:9a:95:05:3c:
                    c6:27:91:13:3e:ac:4a:41:71:ba:ce:09:31:92:c0:
                    7d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:63:DA:15:EB:29:22:DC:8D:5A:26:2E:6C:42:D1:55:44:39:0B:87
            X509v3 Authority Key Identifier:
                keyid:81:94:EA:3C:ED:4F:13:71:0D:34:04:4C:FC:B3:D1:D5:6C:55:08:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZTqPO1PE3ENNARM_LPR1WxVCGI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3da6fd-5f10-4058-bc02-23724bab2227/1/qWPaFespItyNWiYubELRVUQ5C4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3da6fd-5f10-4058-bc02-23724bab2227/1/gZTqPO1PE3ENNARM_LPR1WxVCGI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.232.0/21
                  45.157.216.0/22
                  87.236.162.0/24
                  89.21.68.0/22
                  185.25.24.0/22
                  185.163.252.0/22
                  185.208.116.0/22
                  185.228.116.0/22
                  185.236.116.0/22
                  185.241.88.0/22
                  193.254.32.0/20
                IPv6:
                  2a04:c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         b3:3d:d1:65:68:67:34:d9:d9:31:13:50:36:ce:c1:a4:ec:65:
         5a:e5:a6:33:c5:52:5b:eb:a8:37:d6:1a:e2:f5:07:c9:2b:ff:
         8a:da:58:17:d2:8f:f4:64:ee:d6:a3:4f:1e:00:ac:d4:25:c9:
         fd:f0:e1:70:83:27:81:f1:59:5c:78:2e:34:d4:d8:51:43:0b:
         c2:ff:ec:7b:83:ba:75:59:02:4a:1e:95:33:1e:b9:5b:bb:d2:
         2e:5f:c2:16:78:a4:73:8f:1f:e1:ea:60:2d:58:1f:1f:2e:69:
         c5:75:29:63:e7:f1:e3:56:d8:21:ac:66:09:91:de:79:c7:6d:
         ac:2b:e0:40:9b:49:40:49:03:ee:a7:eb:eb:ab:2f:4e:60:a3:
         f3:eb:b8:83:52:04:86:cc:fa:2b:d6:2c:b7:a8:25:b5:1c:e4:
         00:cf:eb:1f:86:a0:fd:06:a2:a4:50:80:cb:cd:87:0f:3d:f4:
         51:93:4e:34:76:46:81:11:b1:b1:49:53:ee:d7:88:70:be:67:
         9b:f7:da:3a:bf:d5:55:fe:55:81:b8:61:c8:c3:7e:71:25:b4:
         36:34:f2:a8:b5:04:e7:92:fd:b4:cb:0c:c5:65:43:36:76:c9:
         cf:d3:e6:eb:46:22:37:2e:78:6e:30:95:d0:d0:e8:00:f8:c0:
         74:ab:56:8d
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAZUY5Mz1ThFMgEOT4PTpow5RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTRlYTNjZWQ0ZjEzNzEwZDM0MDQ0Y2ZjYjNkMWQ1NmM1
NTA4NjIwHhcNMjUwMjE4MTE1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTYzZGExNWViMjkyMmRjOGQ1YTI2MmU2YzQyZDE1NTQ0MzkwYjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXFhYfjXHjI3yWYQa3lfCCaPfgl5
dIGORvqbomsv8jYk5x8ee703Q0+aDPvR2tP4yTM0dg1HiJp25G/4Bjm7uY5dDUFk
CdEiCfmTmj06U3BYf8u01oMO11qF4So+S2rE1i12B1NlkgFEzmPfO1nafHJOW3O7
jsMHjSLWQjLqjYYhAMIu/uJ4bNtv96Oh/c7Ie6H1XTZ35yecr7OkJgG/sApW/fC5
i/BqVQ26LXajz0usjOXyIv5uQFnmdvcrvHN4o9WE7MPNZcNJuo8vFM2tE2Wjh+sj
Ss0Oahx7Z3JovjHPm9w3bDOtUrN2fZqVBTzGJ5ETPqxKQXG6zgkxksB9kwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFKlj2hXrKSLcjVomLmxC0VVEOQuHMB8GA1UdIwQY
MBaAFIGU6jztTxNxDTQETPyz0dVsVQhiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pUcVBPMVBFM0VOTkFSTV9MUFIxV3hWQ0dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zZGE2ZmQtNWYxMC00MDU4LWJjMDIt
MjM3MjRiYWIyMjI3LzEvcVdQYUZlc3BJdHlOV2lZdWJFTFJWVVE1QzRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zZGE2ZmQtNWYxMC00MDU4LWJjMDItMjM3MjRiYWIyMjI3
LzEvZ1pUcVBPMVBFM0VOTkFSTV9MUFIxV3hWQ0dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQDJd3oAwQC
LZ3YAwQAV+yiAwQCWRVEAwQCuRkYAwQCuaP8AwQCudB0AwQCueR0AwQCuex0AwQC
ufFYAwQEwf4gMA0EAgACMAcDBQMqBAyAMA0GCSqGSIb3DQEBCwUAA4IBAQCzPdFl
aGc02dkxE1A2zsGk7GVa5aYzxVJb66g31hri9QfJK/+K2lgX0o/0ZO7Wo08eAKzU
Jcn98OFwgyeB8VlceC401NhRQwvC/+x7g7p1WQJKHpUzHrlbu9IuX8IWeKRzjx/h
6mAtWB8fLmnFdSlj5/HjVtghrGYJkd55x22sK+BAm0lASQPup+vrqy9OYKPz67iD
UgSGzPor1iy3qCW1HOQAz+sfhqD9BqKkUIDLzYcPPfRRk040dkaBEbGxSVPu14hw
vmeb99o6v9VV/lWBuGHIw35xJbQ2NPKotQTnkv20ywzFZUM2dsnP0+brRiI3Lnhu
MJXQ0OgA+MB0q1aN
-----END CERTIFICATE-----