Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/4tuvtAU5EM21em6mywHpmr0nTS4.roa
File:                     4tuvtAU5EM21em6mywHpmr0nTS4.roa (raw, json)
Hash identifier:          jxm6mrM0TVZUyTmbqWifNbfxKv3TQmtW2+hQBuNoaPE=
Subject key identifier:   E2:DB:AF:B4:05:39:10:CD:B5:7A:6E:A6:CB:01:E9:9A:BD:27:4D:2E
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       0194266B7C249017E7577B98A40D11006A73
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/4tuvtAU5EM21em6mywHpmr0nTS4.roa
Signing time:             Thu 02 Jan 2025 09:49:25 +0000
ROA not before:           Thu 02 Jan 2025 09:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15899
IP address blocks:        31.42.91.0/24 maxlen: 24
                          31.42.92.0/24 maxlen: 24
                          31.42.93.0/24 maxlen: 24
                          31.42.94.0/24 maxlen: 24
                          31.42.95.0/24 maxlen: 24
                          91.90.228.0/23 maxlen: 23
                          91.90.228.0/24 maxlen: 24
                          91.90.229.0/24 maxlen: 24
                          91.90.240.0/24 maxlen: 24
                          91.90.241.0/24 maxlen: 24
                          91.90.242.0/24 maxlen: 24
                          91.90.245.0/24 maxlen: 24
                          176.103.187.0/24 maxlen: 24
                          176.106.96.0/21 maxlen: 24
                          185.47.9.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:7c:24:90:17:e7:57:7b:98:a4:0d:11:00:6a:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jan  2 09:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2dbafb4053910cdb57a6ea6cb01e99abd274d2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:33:5c:48:78:54:32:70:66:1b:38:64:93:f9:
                    f9:c4:fe:76:2a:ed:b4:54:21:60:d3:d7:04:5e:d1:
                    00:54:84:09:51:45:bc:15:28:95:e6:bb:e3:08:49:
                    d3:8b:0b:79:70:5b:eb:1d:18:49:5f:68:71:fd:95:
                    bd:a2:c2:64:67:c8:16:2a:3b:80:93:51:a6:f4:e8:
                    86:7a:bb:e8:0f:0c:27:ff:8f:14:ae:37:90:f3:12:
                    9e:ca:b9:17:9e:b3:4e:3e:af:7e:ac:df:f5:cd:eb:
                    1c:93:ed:c0:d6:b0:29:f9:e3:f1:35:2b:81:80:63:
                    d6:a2:7f:b9:56:ab:6b:02:24:eb:37:5a:48:d5:fb:
                    3d:63:0c:1f:6f:c5:ec:c4:a4:18:9b:c7:94:ed:5b:
                    4b:11:cb:f2:ea:b5:ca:98:8a:62:c1:e7:72:af:ee:
                    97:5b:de:ba:dc:26:b5:04:27:3c:1c:5f:2b:fa:f7:
                    b7:34:06:25:d4:12:30:d7:d0:40:07:0c:b2:fc:c4:
                    3a:a8:4c:b4:ba:c2:94:70:2e:78:7f:a4:b8:45:2b:
                    0f:71:04:90:42:fd:c6:f2:5e:a6:96:4a:3d:9e:e8:
                    dc:53:73:71:ec:73:a8:b6:37:e0:66:43:cb:f9:d1:
                    61:2e:b5:2e:18:2e:c1:86:01:9d:e9:c8:64:93:6c:
                    df:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:DB:AF:B4:05:39:10:CD:B5:7A:6E:A6:CB:01:E9:9A:BD:27:4D:2E
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/4tuvtAU5EM21em6mywHpmr0nTS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.91.0-31.42.95.255
                  91.90.228.0/23
                  91.90.240.0-91.90.242.255
                  91.90.245.0/24
                  176.103.187.0/24
                  176.106.96.0/21
                  185.47.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:ea:d1:ff:41:6c:88:d0:a3:86:59:10:06:70:9a:71:0b:26:
         32:42:cf:6c:f8:1c:f5:c3:ac:6a:1e:b3:49:6d:ca:ec:84:5b:
         91:ee:9e:14:40:1e:0a:4d:08:14:f5:f6:ad:d8:ea:da:f6:85:
         67:41:35:ba:87:76:31:52:dc:d4:fc:1b:a7:25:ff:93:87:6d:
         bf:0d:85:1c:bf:cd:d6:3e:5d:15:c3:93:ca:4e:be:51:96:17:
         45:ec:45:03:b2:92:c6:fb:97:b7:6b:c3:bb:6d:1b:95:80:58:
         9c:81:58:8b:eb:70:fd:b4:c6:b2:52:2d:02:27:75:19:e1:1f:
         94:95:a3:9e:58:0f:e7:c0:f3:ff:9d:fc:1d:97:cc:b3:2f:90:
         15:3b:8a:07:73:79:fb:65:f6:50:68:06:73:42:75:21:58:3b:
         20:32:de:04:76:bb:dd:60:31:51:d4:2c:72:6a:68:7a:01:df:
         f6:c4:9c:32:91:d6:71:f4:a4:d1:02:bf:bc:6f:0d:89:c6:55:
         49:a7:4f:bf:33:cd:ee:34:4d:8a:a1:25:07:77:fc:bb:a5:e4:
         77:a2:8e:2f:b8:46:54:17:0f:ff:a2:a4:46:0b:fc:db:f2:fa:
         a2:05:ff:a5:c4:9a:9a:2c:88:45:2b:8b:54:3e:fa:81:6f:f3:
         04:43:06:ca
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZQma3wkkBfnV3uYpA0RAGpzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjUwMTAyMDk0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmRiYWZiNDA1MzkxMGNkYjU3YTZlYTZjYjAxZTk5YWJkMjc0ZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDNcSHhUMnBmGzhkk/n5xP52Ku20
VCFg09cEXtEAVIQJUUW8FSiV5rvjCEnTiwt5cFvrHRhJX2hx/ZW9osJkZ8gWKjuA
k1Gm9OiGervoDwwn/48UrjeQ8xKeyrkXnrNOPq9+rN/1zesck+3A1rAp+ePxNSuB
gGPWon+5VqtrAiTrN1pI1fs9Ywwfb8XsxKQYm8eU7VtLEcvy6rXKmIpiwedyr+6X
W9663Ca1BCc8HF8r+ve3NAYl1BIw19BABwyy/MQ6qEy0usKUcC54f6S4RSsPcQSQ
Qv3G8l6mlko9nujcU3Nx7HOotjfgZkPL+dFhLrUuGC7BhgGd6chkk2zfLwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFOLbr7QFORDNtXpupssB6Zq9J00uMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvNHR1dnRBVTVFTTIxZW02bXl3SHBtcjBuVFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6MAwDBAAfKlsD
BAUfKkADBAFbWuQwDAMEBFta8AMEAFta8gMEAFta9QMEALBnuwMEA7BqYAMEALkv
CTANBgkqhkiG9w0BAQsFAAOCAQEAUurR/0FsiNCjhlkQBnCacQsmMkLPbPgc9cOs
ah6zSW3K7IRbke6eFEAeCk0IFPX2rdjq2vaFZ0E1uod2MVLc1PwbpyX/k4dtvw2F
HL/N1j5dFcOTyk6+UZYXRexFA7KSxvuXt2vDu20blYBYnIFYi+tw/bTGslItAid1
GeEflJWjnlgP58Dz/538HZfMsy+QFTuKB3N5+2X2UGgGc0J1IVg7IDLeBHa73WAx
UdQscmpoegHf9sScMpHWcfSk0QK/vG8NicZVSadPvzPN7jRNiqElB3f8u6Xkd6KO
L7hGVBcP/6KkRgv82/L6ogX/pcSamiyIRSuLVD76gW/zBEMGyg==
-----END CERTIFICATE-----