Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/XLYyeQzpSEDWeSSDgt45nVkwip4.roa
File:                     XLYyeQzpSEDWeSSDgt45nVkwip4.roa (raw, json)
Hash identifier:          HsPPfw8bsp9Zq4ZvB2OsdZuzFEl5Gnh0FNKlpoqifUk=
Subject key identifier:   5C:B6:32:79:0C:E9:48:40:D6:79:24:83:82:DE:39:9D:59:30:8A:9E
Certificate issuer:       /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial:       0194FB198AC31A46CEF235BDD5505CAA1899
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/XLYyeQzpSEDWeSSDgt45nVkwip4.roa
Signing time:             Wed 12 Feb 2025 16:59:02 +0000
ROA not before:           Wed 12 Feb 2025 16:59:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196755
IP address blocks:        80.251.108.0/22 maxlen: 22
                          80.251.108.0/23 maxlen: 23
                          157.143.248.0/21 maxlen: 21
                          178.157.16.0/20 maxlen: 20
                          178.157.18.0/23 maxlen: 23
                          178.157.20.0/22 maxlen: 22
                          178.157.24.0/23 maxlen: 23
                          178.157.26.0/23 maxlen: 23
                          178.157.28.0/22 maxlen: 22
                          178.157.44.0/22 maxlen: 22
                          178.174.106.0/23 maxlen: 23
                          178.174.108.0/23 maxlen: 24
                          217.181.251.0/24 maxlen: 24
                          217.181.252.0/23 maxlen: 23

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:fb:19:8a:c3:1a:46:ce:f2:35:bd:d5:50:5c:aa:18:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
        Validity
            Not Before: Feb 12 16:59:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5cb632790ce94840d679248382de399d59308a9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:86:d5:ed:d7:ae:13:19:48:28:3b:4b:19:ff:
                    43:a7:cf:1c:10:62:9e:de:e8:1a:ee:3f:70:18:9a:
                    a4:16:f3:82:54:46:50:1f:cd:2a:a9:06:86:37:18:
                    6f:3d:0b:b8:68:48:5c:ec:44:51:43:f4:b7:ac:f2:
                    8e:b4:2d:54:7c:de:7b:e8:41:30:18:0e:ed:53:57:
                    8f:c6:1d:05:03:31:58:17:28:7b:47:09:1a:91:42:
                    53:9c:16:e0:82:13:55:0a:c5:ae:be:cd:86:45:bc:
                    ba:5d:88:13:83:4d:ff:f2:3a:3f:e9:81:cb:a8:33:
                    39:e9:0f:27:22:5f:bf:ac:9f:7a:f3:00:49:cd:bd:
                    99:0e:a3:94:77:7f:43:e8:11:f2:06:f9:a5:a1:75:
                    ce:b3:68:5e:da:6c:a3:48:b2:87:ad:7f:57:09:55:
                    9d:0f:b7:d0:7b:94:8c:54:87:d7:e2:74:07:dc:fd:
                    bc:d6:eb:8a:b0:c9:ab:28:5b:d8:e9:26:2d:e6:a0:
                    bb:02:49:69:4c:79:d7:2e:1b:41:23:d8:f5:67:c7:
                    af:cc:51:0e:d4:b6:6d:23:98:3a:61:94:66:86:a3:
                    a8:8f:34:f4:d1:22:1f:c6:5c:4f:50:73:94:dc:35:
                    27:8a:db:f7:9c:ca:b1:ad:42:89:28:4f:a1:b3:2e:
                    da:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:B6:32:79:0C:E9:48:40:D6:79:24:83:82:DE:39:9D:59:30:8A:9E
            X509v3 Authority Key Identifier:
                keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/XLYyeQzpSEDWeSSDgt45nVkwip4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.251.108.0/22
                  157.143.248.0/21
                  178.157.16.0/20
                  178.157.44.0/22
                  178.174.106.0-178.174.109.255
                  217.181.251.0-217.181.253.255

    Signature Algorithm: sha256WithRSAEncryption
         9b:9d:07:54:07:5a:ac:4f:b3:98:97:83:7f:a2:5a:8d:d1:57:
         d6:c6:0b:ca:4c:a9:60:1c:bc:60:dd:6b:59:1e:26:53:06:7e:
         38:c3:96:9f:b5:16:02:b5:47:a4:b4:6f:83:16:c8:11:97:71:
         30:cb:a0:c4:04:e4:f9:26:c8:d1:76:fd:62:bc:8a:28:97:c0:
         fc:ee:58:04:3f:7e:75:ab:0d:46:79:d2:3b:5b:47:11:49:7c:
         94:bf:80:11:03:2b:f9:ec:2f:17:cf:e9:a8:d7:16:5b:d3:f3:
         64:2f:68:9a:ab:ea:8a:2e:66:a3:86:95:7b:72:1f:fb:ba:5d:
         72:9b:28:ef:2e:4d:8c:ea:7d:97:64:e3:24:a5:f2:d8:85:5f:
         60:1e:32:92:28:70:56:a6:2e:c4:bb:13:4c:8b:18:3a:44:57:
         b2:d8:c8:06:b0:61:ff:23:44:1c:16:89:37:bf:46:05:71:fb:
         1c:09:2d:e2:b3:7c:ef:d3:24:9c:3d:50:4e:a6:e8:ff:18:cb:
         e8:5b:5c:af:31:53:99:c2:fe:d7:bf:87:02:7a:ed:75:22:de:
         e7:4f:47:af:d7:02:51:cd:c9:17:fe:22:61:d0:ed:6a:31:96:
         07:ae:05:fa:52:88:ef:d0:07:32:39:5e:1a:da:37:e8:87:5e:
         5f:1b:45:21
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZT7GYrDGkbO8jW91VBcqhiZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDc5YjgzYzUyMGQ3ODQ0NDVjMjQ4MjhiYWI2MzNmMGQ3
MDJjZjMwHhcNMjUwMjEyMTY1OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2I2MzI3OTBjZTk0ODQwZDY3OTI0ODM4MmRlMzk5ZDU5MzA4YTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9obV7deuExlIKDtLGf9Dp88cEGKe
3uga7j9wGJqkFvOCVEZQH80qqQaGNxhvPQu4aEhc7ERRQ/S3rPKOtC1UfN576EEw
GA7tU1ePxh0FAzFYFyh7RwkakUJTnBbgghNVCsWuvs2GRby6XYgTg03/8jo/6YHL
qDM56Q8nIl+/rJ968wBJzb2ZDqOUd39D6BHyBvmloXXOs2he2myjSLKHrX9XCVWd
D7fQe5SMVIfX4nQH3P281uuKsMmrKFvY6SYt5qC7AklpTHnXLhtBI9j1Z8evzFEO
1LZtI5g6YZRmhqOojzT00SIfxlxPUHOU3DUnitv3nMqxrUKJKE+hsy7aKQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFFy2MnkM6UhA1nkkg4LeOZ1ZMIqeMB8GA1UdIwQY
MBaAFPFHm4PFINeERFwkgourYz8NcCzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEt
YmRkNGFmNWYzNWQxLzEvWExZeWVRenBTRURXZVNTRGd0NDVuVmt3aXA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEtYmRkNGFmNWYzNWQx
LzEvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQCUPtsAwQD
nY/4AwQEsp0QAwQCsp0sMAwDBAGyrmoDBAGyrmwwDAMEANm1+wMEAdm1/DANBgkq
hkiG9w0BAQsFAAOCAQEAm50HVAdarE+zmJeDf6JajdFX1sYLykypYBy8YN1rWR4m
UwZ+OMOWn7UWArVHpLRvgxbIEZdxMMugxATk+SbI0Xb9YryKKJfA/O5YBD9+dasN
RnnSO1tHEUl8lL+AEQMr+ewvF8/pqNcWW9PzZC9omqvqii5mo4aVe3If+7pdcpso
7y5NjOp9l2TjJKXy2IVfYB4ykihwVqYuxLsTTIsYOkRXstjIBrBh/yNEHBaJN79G
BXH7HAkt4rN879MknD1QTqbo/xjL6FtcrzFTmcL+17+HAnrtdSLe509Hr9cCUc3J
F/4iYdDtajGWB64F+lKI79AHMjleGto36IdeXxtFIQ==
-----END CERTIFICATE-----