Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/4711a1-4d25-47e6-acf7-b0712ab0b077/1/KUfFcY4n_r75t21wBTn8NHwpPWo.roa
File:                     KUfFcY4n_r75t21wBTn8NHwpPWo.roa (raw, json)
Hash identifier:          Vj4b0HHRAbzzjfGSfe71X4pK6wA9f27I+UmGi3mJNYI=
Subject key identifier:   29:47:C5:71:8E:27:FE:BE:F9:B7:6D:70:05:39:FC:34:7C:29:3D:6A
Certificate issuer:       /CN=4a2027dbb89427a8e031b90962e26e44affa5a95
Certificate serial:       019424B3F43DC03669B9B570BD0594236367
Authority key identifier: 4A:20:27:DB:B8:94:27:A8:E0:31:B9:09:62:E2:6E:44:AF:FA:5A:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SiAn27iUJ6jgMbkJYuJuRK_6WpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/4711a1-4d25-47e6-acf7-b0712ab0b077/1/KUfFcY4n_r75t21wBTn8NHwpPWo.roa
Signing time:             Thu 02 Jan 2025 01:49:20 +0000
ROA not before:           Thu 02 Jan 2025 01:49:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24800
IP address blocks:        185.96.88.0/22 maxlen: 22
                          185.96.180.0/22 maxlen: 22
                          185.107.168.0/22 maxlen: 22
                          185.107.176.0/22 maxlen: 22
                          185.108.100.0/22 maxlen: 22
                          185.108.108.0/22 maxlen: 22
                          185.108.252.0/22 maxlen: 22
                          185.109.12.0/22 maxlen: 22
                          185.109.64.0/22 maxlen: 22
                          185.109.76.0/22 maxlen: 22
                          185.109.88.0/22 maxlen: 22
                          2a00:4020::/32 maxlen: 32
                          2a00:4820::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:f4:3d:c0:36:69:b9:b5:70:bd:05:94:23:63:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a2027dbb89427a8e031b90962e26e44affa5a95
        Validity
            Not Before: Jan  2 01:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2947c5718e27febef9b76d700539fc347c293d6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:af:71:24:ce:0f:4c:35:b8:97:1d:45:35:c2:
                    8c:3c:e5:7e:f3:fd:fb:39:c0:2b:9d:4d:e4:4d:73:
                    21:62:15:0c:df:7b:62:f6:73:ba:07:a0:e1:5c:29:
                    11:6f:68:52:29:3f:17:a8:f6:fe:ed:e8:db:d9:07:
                    5b:83:ce:c5:d9:c3:bd:02:7c:d7:ac:2f:12:58:3b:
                    57:1c:fc:c5:3c:6f:ed:f5:f5:4c:ab:60:6e:18:da:
                    eb:7f:5b:a9:e9:05:09:0b:38:b4:2a:b7:82:37:39:
                    a1:c9:e5:29:b0:42:11:30:90:56:d3:97:45:7f:9a:
                    ba:54:75:86:5d:68:fd:eb:d7:75:e4:76:ee:9f:b5:
                    11:89:6a:60:41:40:be:ea:80:6c:a5:dc:d9:46:ed:
                    76:12:e1:af:44:3e:1a:63:ad:bf:43:dd:c0:69:3e:
                    ef:0f:a7:b6:ba:46:6f:9b:b6:ea:a8:98:0a:58:e2:
                    a4:2f:d5:94:8c:42:00:d6:c8:41:47:63:48:a8:5f:
                    4e:8b:7f:51:cc:46:cf:76:4a:44:d0:14:b6:7b:7d:
                    77:c2:90:fd:99:85:70:9c:bc:1d:45:43:93:ed:82:
                    29:cf:15:0f:72:50:e7:b7:7f:d3:1b:87:1d:33:b2:
                    88:09:1c:dc:10:3a:67:fb:43:87:24:fd:25:31:f0:
                    e9:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:47:C5:71:8E:27:FE:BE:F9:B7:6D:70:05:39:FC:34:7C:29:3D:6A
            X509v3 Authority Key Identifier:
                keyid:4A:20:27:DB:B8:94:27:A8:E0:31:B9:09:62:E2:6E:44:AF:FA:5A:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SiAn27iUJ6jgMbkJYuJuRK_6WpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/4711a1-4d25-47e6-acf7-b0712ab0b077/1/KUfFcY4n_r75t21wBTn8NHwpPWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/4711a1-4d25-47e6-acf7-b0712ab0b077/1/SiAn27iUJ6jgMbkJYuJuRK_6WpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.96.88.0/22
                  185.96.180.0/22
                  185.107.168.0/22
                  185.107.176.0/22
                  185.108.100.0/22
                  185.108.108.0/22
                  185.108.252.0/22
                  185.109.12.0/22
                  185.109.64.0/22
                  185.109.76.0/22
                  185.109.88.0/22
                IPv6:
                  2a00:4020::/32
                  2a00:4820::/32

    Signature Algorithm: sha256WithRSAEncryption
         a0:63:a3:8f:de:58:40:40:80:e8:99:9c:93:6d:10:6c:ed:0e:
         e0:8d:01:b2:09:d9:89:70:2d:46:e9:61:75:49:13:6a:b3:66:
         81:ea:d7:fb:34:8c:40:41:23:69:d8:49:cc:46:ec:e9:b0:5e:
         f3:ba:ee:5c:c5:19:ef:d4:97:16:e1:42:82:e4:58:e6:b0:09:
         a9:a0:f8:98:61:c1:d5:2c:c9:63:1d:4c:df:15:5d:a6:8f:b8:
         fd:1e:d2:86:58:a6:85:ca:73:c0:8c:c3:eb:3c:ed:39:d2:3d:
         e2:36:33:ec:8c:46:14:cd:c2:e2:fe:92:3b:ba:94:8d:f8:07:
         86:5b:66:ab:8b:db:c8:1d:a2:9d:f2:d6:0d:1a:1a:f9:29:77:
         e3:49:af:cf:c8:6e:03:50:a3:3b:c7:51:7a:c0:e8:46:5d:c5:
         a3:af:b3:22:59:9b:82:54:37:b8:d6:9f:d2:e3:82:15:f4:94:
         df:a1:1d:3d:c1:ef:2e:b6:a2:88:1e:1c:54:e4:ea:20:d1:ed:
         ca:72:09:1b:b1:0a:2e:82:9b:87:d6:d0:17:ed:f6:6a:63:11:
         34:22:c4:b2:63:24:a5:a5:2b:79:4b:1c:2b:45:a1:0e:36:8e:
         65:17:f5:1a:1e:a6:4b:bc:c8:ee:b6:39:24:8c:24:65:91:b7:
         5f:50:8e:7d
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAZQks/Q9wDZpubVwvQWUI2NnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhMjAyN2RiYjg5NDI3YThlMDMxYjkwOTYyZTI2ZTQ0YWZm
YTVhOTUwHhcNMjUwMTAyMDE0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTQ3YzU3MThlMjdmZWJlZjliNzZkNzAwNTM5ZmMzNDdjMjkzZDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1a9xJM4PTDW4lx1FNcKMPOV+8/37
OcArnU3kTXMhYhUM33ti9nO6B6DhXCkRb2hSKT8XqPb+7ejb2Qdbg87F2cO9AnzX
rC8SWDtXHPzFPG/t9fVMq2BuGNrrf1up6QUJCzi0KreCNzmhyeUpsEIRMJBW05dF
f5q6VHWGXWj969d15Hbun7URiWpgQUC+6oBspdzZRu12EuGvRD4aY62/Q93AaT7v
D6e2ukZvm7bqqJgKWOKkL9WUjEIA1shBR2NIqF9Oi39RzEbPdkpE0BS2e313wpD9
mYVwnLwdRUOT7YIpzxUPclDnt3/TG4cdM7KICRzcEDpn+0OHJP0lMfDpDQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFClHxXGOJ/6++bdtcAU5/DR8KT1qMB8GA1UdIwQY
MBaAFEogJ9u4lCeo4DG5CWLibkSv+lqVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2lBbjI3aVVKNmpnTWJrSll1SnVSS182V3BVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC80NzExYTEtNGQyNS00N2U2LWFjZjct
YjA3MTJhYjBiMDc3LzEvS1VmRmNZNG5fcjc1dDIxd0JUbjhOSHdwUFdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC80NzExYTEtNGQyNS00N2U2LWFjZjctYjA3MTJhYjBiMDc3
LzEvU2lBbjI3aVVKNmpnTWJrSll1SnVSS182V3BVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBIBAIAATBCAwQCuWBYAwQC
uWC0AwQCuWuoAwQCuWuwAwQCuWxkAwQCuWxsAwQCuWz8AwQCuW0MAwQCuW1AAwQC
uW1MAwQCuW1YMBQEAgACMA4DBQAqAEAgAwUAKgBIIDANBgkqhkiG9w0BAQsFAAOC
AQEAoGOjj95YQECA6Jmck20QbO0O4I0BsgnZiXAtRulhdUkTarNmgerX+zSMQEEj
adhJzEbs6bBe87ruXMUZ79SXFuFCguRY5rAJqaD4mGHB1SzJYx1M3xVdpo+4/R7S
hlimhcpzwIzD6zztOdI94jYz7IxGFM3C4v6SO7qUjfgHhltmq4vbyB2infLWDRoa
+Sl340mvz8huA1CjO8dResDoRl3Fo6+zIlmbglQ3uNaf0uOCFfSU36EdPcHvLrai
iB4cVOTqINHtynIJG7EKLoKbh9bQF+32amMRNCLEsmMkpaUreUscK0WhDjaOZRf1
Gh6mS7zI7rY5JIwkZZG3X1COfQ==
-----END CERTIFICATE-----