Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/lnxBICiuOhb0S2Ss6UKdeHcB0oo.roa
File:                     lnxBICiuOhb0S2Ss6UKdeHcB0oo.roa (raw, json)
Hash identifier:          hdI3xj2P7Sjw6pCwaS0Na+6UrppqSPkWbMvSGZ4mxkQ=
Subject key identifier:   96:7C:41:20:28:AE:3A:16:F4:4B:64:AC:E9:42:9D:78:77:01:D2:8A
Certificate issuer:       /CN=9e4b3281b08e6b5ec1fdeb0d0440528ed934dc3f
Certificate serial:       0196149BFED1750E3B5F4F5984EFCAE5B7F3
Authority key identifier: 9E:4B:32:81:B0:8E:6B:5E:C1:FD:EB:0D:04:40:52:8E:D9:34:DC:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nksygbCOa17B_esNBEBSjtk03D8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/lnxBICiuOhb0S2Ss6UKdeHcB0oo.roa
Signing time:             Tue 08 Apr 2025 08:54:49 +0000
ROA not before:           Tue 08 Apr 2025 08:54:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29447
IP address blocks:        78.208.0.0/13 maxlen: 13
                          78.208.0.0/17 maxlen: 17
                          78.208.128.0/17 maxlen: 17
                          78.209.0.0/17 maxlen: 17
                          78.209.128.0/17 maxlen: 17
                          78.210.0.0/17 maxlen: 17
                          78.210.128.0/17 maxlen: 17
                          78.211.0.0/17 maxlen: 17
                          78.211.128.0/17 maxlen: 17
                          81.56.0.0/15 maxlen: 17
                          2a01:e09::/32 maxlen: 32
                          2a01:e10::/30 maxlen: 30
                          2a01:e11::/32 maxlen: 32
                          2a01:e11::/36 maxlen: 36
                          2a01:e11:1000::/36 maxlen: 36
                          2a01:e11:2000::/36 maxlen: 36
                          2a01:e11:3000::/36 maxlen: 36
                          2a01:e11:4000::/36 maxlen: 36
                          2a01:e11:5000::/36 maxlen: 36
                          2a01:e11:6000::/36 maxlen: 36
                          2a01:e11:7000::/36 maxlen: 36
                          2a01:e11:8000::/36 maxlen: 36
                          2a01:e11:9000::/36 maxlen: 36

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:14:9b:fe:d1:75:0e:3b:5f:4f:59:84:ef:ca:e5:b7:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e4b3281b08e6b5ec1fdeb0d0440528ed934dc3f
        Validity
            Not Before: Apr  8 08:54:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=967c412028ae3a16f44b64ace9429d787701d28a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:8a:23:d9:4b:19:e8:ca:31:17:92:e4:12:53:
                    18:f1:fa:69:0e:a0:93:98:67:f2:47:29:b7:5c:96:
                    28:e0:71:ab:5e:3b:e6:a8:bb:ba:2d:b3:68:80:cb:
                    17:9a:9b:5b:2a:8e:6b:d1:c2:1e:3c:03:17:c0:57:
                    00:af:a1:77:40:b3:78:c4:56:10:f6:fe:6e:33:96:
                    19:e8:d7:c2:32:9d:7e:3a:c0:5c:dc:99:7f:88:1f:
                    4e:cf:74:dd:d7:eb:cb:89:be:64:1b:74:63:b9:9e:
                    e8:52:b3:d3:7a:2a:fc:30:d2:f3:92:92:2a:d7:e2:
                    c6:f3:03:1d:00:d0:01:07:c2:29:a9:f2:17:c9:c2:
                    98:ac:9f:bd:31:84:6f:f0:6b:fd:00:f2:a7:d1:9d:
                    11:f6:b5:48:ce:f9:16:c4:9b:a3:d4:65:74:3a:b8:
                    33:be:44:1f:80:ae:70:2e:de:b2:d4:ac:83:59:f9:
                    a9:18:ec:0b:3d:9a:c7:50:d2:73:3b:e1:bb:5a:cf:
                    be:84:c5:7e:7b:e0:73:0a:e4:38:12:8d:48:2d:79:
                    40:69:79:98:52:a0:c7:39:34:ba:6c:63:20:fd:77:
                    41:9b:c4:63:0e:3f:6d:22:a3:48:cf:58:6b:c2:f3:
                    9b:d0:ef:f3:fe:a9:04:99:55:77:f7:54:5a:f6:71:
                    fe:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:7C:41:20:28:AE:3A:16:F4:4B:64:AC:E9:42:9D:78:77:01:D2:8A
            X509v3 Authority Key Identifier:
                keyid:9E:4B:32:81:B0:8E:6B:5E:C1:FD:EB:0D:04:40:52:8E:D9:34:DC:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nksygbCOa17B_esNBEBSjtk03D8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/lnxBICiuOhb0S2Ss6UKdeHcB0oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/nksygbCOa17B_esNBEBSjtk03D8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.208.0.0/13
                  81.56.0.0/15
                IPv6:
                  2a01:e09::/32
                  2a01:e10::/30

    Signature Algorithm: sha256WithRSAEncryption
         5e:09:15:bb:3a:03:44:74:05:bd:ac:b3:4c:04:b2:47:83:af:
         aa:90:89:a3:e7:44:37:35:4e:e6:56:56:40:bc:0e:c1:72:24:
         e6:ec:2b:7b:68:f0:3c:6d:84:aa:62:c1:d5:47:9c:65:1f:7c:
         02:83:2b:0b:78:25:08:f9:b1:db:d2:a0:b7:0a:a6:23:3d:54:
         54:7e:e3:78:34:c4:4d:45:ba:60:b2:6e:55:c1:88:fd:a1:61:
         22:9e:58:f8:0e:c9:cc:6a:2f:44:3e:92:99:5f:c3:8e:61:c7:
         c2:b3:91:7d:0a:f7:f6:0c:06:09:ed:88:2e:4c:22:da:3d:ca:
         b9:a4:25:51:d9:60:16:0a:d9:75:1f:c5:d8:2f:33:77:b3:fc:
         02:10:80:be:44:7b:12:91:04:34:4f:94:5f:06:35:da:99:8d:
         ce:34:28:da:9a:cc:d0:94:09:31:a2:5f:a0:8e:58:ed:56:f6:
         56:83:59:46:86:8d:1c:d4:a1:65:10:46:cb:6e:a5:93:38:0e:
         dc:8b:ee:dd:3f:99:56:0b:35:6f:cf:33:e2:8d:29:f4:1b:0b:
         ea:56:47:7e:9f:5f:f1:fe:d7:e5:37:23:50:26:21:9a:d7:90:
         fd:5e:a2:d3:05:25:20:a3:7e:69:7f:4d:db:4e:14:55:4b:29:
         67:af:96:2d
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZYUm/7RdQ47X09ZhO/K5bfzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNGIzMjgxYjA4ZTZiNWVjMWZkZWIwZDA0NDA1MjhlZDkz
NGRjM2YwHhcNMjUwNDA4MDg1NDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjdjNDEyMDI4YWUzYTE2ZjQ0YjY0YWNlOTQyOWQ3ODc3MDFkMjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIoj2UsZ6MoxF5LkElMY8fppDqCT
mGfyRym3XJYo4HGrXjvmqLu6LbNogMsXmptbKo5r0cIePAMXwFcAr6F3QLN4xFYQ
9v5uM5YZ6NfCMp1+OsBc3Jl/iB9Oz3Td1+vLib5kG3RjuZ7oUrPTeir8MNLzkpIq
1+LG8wMdANABB8IpqfIXycKYrJ+9MYRv8Gv9APKn0Z0R9rVIzvkWxJuj1GV0Orgz
vkQfgK5wLt6y1KyDWfmpGOwLPZrHUNJzO+G7Ws++hMV+e+BzCuQ4Eo1ILXlAaXmY
UqDHOTS6bGMg/XdBm8RjDj9tIqNIz1hrwvOb0O/z/qkEmVV391Ra9nH+cwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFJZ8QSAorjoW9EtkrOlCnXh3AdKKMB8GA1UdIwQY
MBaAFJ5LMoGwjmtewf3rDQRAUo7ZNNw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtzeWdiQ09hMTdCX2VzTkJFQlNqdGswM0Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9mZjdkMzMtZTRmNy00M2MwLTkyNGIt
NmIyZDQ2OTI0YzZmLzEvbG54QklDaXVPaGIwUzJTczZVS2RlSGNCMG9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9mZjdkMzMtZTRmNy00M2MwLTkyNGItNmIyZDQ2OTI0YzZm
LzEvbmtzeWdiQ09hMTdCX2VzTkJFQlNqdGswM0Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAQBAIAATAKAwMDTtADAwFR
ODAUBAIAAjAOAwUAKgEOCQMFAioBDhAwDQYJKoZIhvcNAQELBQADggEBAF4JFbs6
A0R0Bb2ss0wEskeDr6qQiaPnRDc1TuZWVkC8DsFyJObsK3to8DxthKpiwdVHnGUf
fAKDKwt4JQj5sdvSoLcKpiM9VFR+43g0xE1FumCyblXBiP2hYSKeWPgOycxqL0Q+
kplfw45hx8KzkX0K9/YMBgntiC5MIto9yrmkJVHZYBYK2XUfxdgvM3ez/AIQgL5E
exKRBDRPlF8GNdqZjc40KNqazNCUCTGiX6COWO1W9laDWUaGjRzUoWUQRstupZM4
DtyL7t0/mVYLNW/PM+KNKfQbC+pWR36fX/H+1+U3I1AmIZrXkP1eotMFJSCjfml/
TdtOFFVLKWevli0=
-----END CERTIFICATE-----