Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/ZvCqqq-N2wSet1rHbD5kf3TON6Y.roa
File:                     ZvCqqq-N2wSet1rHbD5kf3TON6Y.roa (raw, json)
Hash identifier:          /8JUPQ/SLSzPl7LPjIHDuEqtHo2aVJCR9/OWUBvDLzM=
Subject key identifier:   66:F0:AA:AA:AF:8D:DB:04:9E:B7:5A:C7:6C:3E:64:7F:74:CE:37:A6
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       019391D22A72CFB8BAB94883A031C0575AB0
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/ZvCqqq-N2wSet1rHbD5kf3TON6Y.roa
Signing time:             Wed 04 Dec 2024 13:18:09 +0000
ROA not before:           Wed 04 Dec 2024 13:18:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44654
IP address blocks:        37.252.208.0/23 maxlen: 23
                          37.252.208.0/24 maxlen: 24
                          37.252.209.0/24 maxlen: 24
                          37.252.210.0/23 maxlen: 23
                          37.252.210.0/24 maxlen: 24
                          37.252.211.0/24 maxlen: 24
                          37.252.212.0/23 maxlen: 23
                          37.252.212.0/24 maxlen: 24
                          37.252.213.0/24 maxlen: 24
                          37.252.215.0/24 maxlen: 24
                          109.205.8.0/21 maxlen: 24
                          185.36.124.0/22 maxlen: 24
                          185.36.124.0/23 maxlen: 23
                          2a02:d8::/32 maxlen: 48
                          2a02:d8:8::/48 maxlen: 48
                          2a02:d8:9::/48 maxlen: 48
                          2a02:d8:a::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:91:d2:2a:72:cf:b8:ba:b9:48:83:a0:31:c0:57:5a:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Dec  4 13:18:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66f0aaaaaf8ddb049eb75ac76c3e647f74ce37a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:8b:78:4f:7b:72:6a:b6:a7:ae:97:af:a8:02:
                    e6:d2:5d:de:09:cf:66:a5:b2:cc:8f:8d:1b:62:6e:
                    0b:1b:13:7d:c2:85:29:61:f3:7c:7c:7a:08:33:a5:
                    f9:f4:d8:9e:47:0c:01:f5:25:13:11:d4:6a:b5:4d:
                    b3:c8:05:da:83:e9:d4:16:b8:b0:dd:07:c4:4c:2a:
                    ce:af:05:6c:03:0d:6e:e6:7d:c5:c2:c0:b0:1a:bb:
                    1b:b6:da:92:72:ae:76:21:d7:e4:12:a9:1d:ba:fb:
                    bb:1d:da:96:a4:b5:f5:a5:88:7c:e0:02:86:c7:0b:
                    80:e5:3a:d1:cc:95:91:d6:9c:cc:ad:e4:4c:22:8b:
                    55:4f:44:e4:74:c2:1a:86:53:a6:f2:92:7b:a2:1a:
                    c7:69:bc:56:53:5f:34:e8:ed:a1:90:1c:4d:50:e0:
                    13:9e:ee:88:72:f5:f4:51:58:84:9d:e8:8a:68:a1:
                    9c:e5:99:71:25:c8:15:28:07:2d:31:b3:b8:cc:24:
                    b6:dd:ea:37:ef:bb:40:25:a3:22:03:8d:d5:1a:18:
                    83:5b:dd:ba:b9:e8:19:70:fe:63:71:e0:d4:d7:52:
                    5c:58:d8:f5:c2:15:4d:f2:a6:1f:c6:24:a4:5b:e0:
                    50:bc:63:ec:d7:f7:58:ea:4d:e1:69:18:77:44:e7:
                    fb:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:F0:AA:AA:AF:8D:DB:04:9E:B7:5A:C7:6C:3E:64:7F:74:CE:37:A6
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/ZvCqqq-N2wSet1rHbD5kf3TON6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.208.0-37.252.213.255
                  37.252.215.0/24
                  109.205.8.0/21
                  185.36.124.0/22
                IPv6:
                  2a02:d8::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:11:a6:73:01:40:8e:f3:ff:cd:57:36:44:b2:1d:ef:4a:47:
         47:3b:16:71:26:2f:62:3c:09:d6:9f:6d:5b:91:8c:7f:0f:ba:
         0b:4a:08:0b:d7:ae:40:53:e5:49:d6:8d:09:df:ba:09:d5:5f:
         f4:d9:db:e3:d9:4b:3c:f4:5f:a2:1f:ab:ad:87:83:44:4c:b8:
         93:d9:b5:ba:7c:27:c6:81:80:e8:d5:f4:30:cc:6c:20:62:e6:
         99:fd:ae:8d:76:26:55:6c:7b:86:15:44:7a:66:1b:0d:18:c0:
         e0:8f:ea:e0:7b:a7:24:0c:fb:8b:57:2f:e6:70:d5:fd:aa:f6:
         11:f1:4b:ed:fd:02:58:4b:76:75:9d:08:04:7a:ec:f5:bc:f3:
         ab:2f:2e:71:86:ed:97:65:06:fb:c2:67:af:a2:8b:0c:fc:fa:
         ab:28:05:9e:56:bb:58:82:cf:25:34:c0:99:27:a4:2d:ee:46:
         1f:ce:fe:83:4f:f0:af:bf:a7:3b:39:be:44:67:73:7f:6a:1e:
         57:24:4e:73:1b:cb:bf:12:57:7c:ce:14:67:db:6f:c2:45:57:
         56:c4:f2:0f:47:76:8e:ea:7e:07:87:57:f8:96:6a:46:e7:19:
         8c:b2:81:0d:53:9c:45:28:4e:b8:ed:78:f3:1d:96:d7:c7:13:
         1b:88:09:76
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZOR0ipyz7i6uUiDoDHAV1qwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjQxMjA0MTMxODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmYwYWFhYWFmOGRkYjA0OWViNzVhYzc2YzNlNjQ3Zjc0Y2UzN2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1It4T3tyaranrpevqALm0l3eCc9m
pbLMj40bYm4LGxN9woUpYfN8fHoIM6X59NieRwwB9SUTEdRqtU2zyAXag+nUFriw
3QfETCrOrwVsAw1u5n3FwsCwGrsbttqScq52IdfkEqkduvu7HdqWpLX1pYh84AKG
xwuA5TrRzJWR1pzMreRMIotVT0TkdMIahlOm8pJ7ohrHabxWU1806O2hkBxNUOAT
nu6IcvX0UViEneiKaKGc5ZlxJcgVKActMbO4zCS23eo377tAJaMiA43VGhiDW926
uegZcP5jceDU11JcWNj1whVN8qYfxiSkW+BQvGPs1/dY6k3haRh3ROf7DwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFGbwqqqvjdsEnrdax2w+ZH90zjemMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvWnZDcXFxLU4yd1NldDFySGJENWtmM1RPTjZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgMAwDBAQl/NAD
BAEl/NQDBAAl/NcDBANtzQgDBAK5JHwwDQQCAAIwBwMFACoCANgwDQYJKoZIhvcN
AQELBQADggEBAGcRpnMBQI7z/81XNkSyHe9KR0c7FnEmL2I8CdafbVuRjH8PugtK
CAvXrkBT5UnWjQnfugnVX/TZ2+PZSzz0X6Ifq62Hg0RMuJPZtbp8J8aBgOjV9DDM
bCBi5pn9ro12JlVse4YVRHpmGw0YwOCP6uB7pyQM+4tXL+Zw1f2q9hHxS+39AlhL
dnWdCAR67PW886svLnGG7ZdlBvvCZ6+iiwz8+qsoBZ5Wu1iCzyU0wJknpC3uRh/O
/oNP8K+/pzs5vkRnc39qHlckTnMby78SV3zOFGfbb8JFV1bE8g9Hdo7qfgeHV/iW
akbnGYyygQ1TnEUoTrjtePMdltfHExuICXY=
-----END CERTIFICATE-----