Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/N0dk9fDYMhD0aDz3-75ndRhpEvU.roa
File:                     N0dk9fDYMhD0aDz3-75ndRhpEvU.roa (raw, json)
Hash identifier:          8dk/uBrp3zbBawgAwjXQhLsiyDdY1tWe+H4Sbu9Zuq0=
Subject key identifier:   37:47:64:F5:F0:D8:32:10:F4:68:3C:F7:FB:BE:67:75:18:69:12:F5
Certificate issuer:       /CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Certificate serial:       018DD59240800BD2C333E38ECBAAF05FBEC3
Authority key identifier: C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/N0dk9fDYMhD0aDz3-75ndRhpEvU.roa
Signing time:             Fri 23 Feb 2024 10:45:48 +0000
ROA not before:           Fri 23 Feb 2024 10:45:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59645
IP address blocks:        193.104.168.0/24 maxlen: 24
                          195.191.196.0/23 maxlen: 24
                          2a06:d1c0::/29 maxlen: 29
                          2a06:d1c0:a761::/48 maxlen: 48
                          2a06:d1c0:deac::/48 maxlen: 48
                          2a06:d1c0:dead::/48 maxlen: 48
                          2a06:d1c0:deae::/48 maxlen: 48
                          2a06:d1c0:f761::/48 maxlen: 48
                          2a06:d1c1::/32 maxlen: 48
                          2a06:d1c1:a::/48 maxlen: 48
                          2a06:d1c1:e::/48 maxlen: 48
                          2a06:d1c2::/36 maxlen: 48
                          2a06:d1c7::/48 maxlen: 48
                          2a06:d1c7:a::/48 maxlen: 48
                          2a06:d1c7:b::/48 maxlen: 48
                          2a06:d1c7:d::/48 maxlen: 48

Validation:               Failed, unable to get certificate CRL

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:92:40:80:0b:d2:c3:33:e3:8e:cb:aa:f0:5f:be:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
        Validity
            Not Before: Feb 23 10:45:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=374764f5f0d83210f4683cf7fbbe6775186912f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:f6:52:f6:87:6d:6b:6e:fb:60:a0:d1:ae:23:
                    a6:7b:ec:c0:27:c9:24:17:b1:df:35:40:2e:8c:8e:
                    72:a5:b4:99:a5:2e:d6:1d:15:dc:9e:68:71:ee:4c:
                    89:9a:2a:d0:1d:27:35:04:12:26:a1:a6:ae:3d:bf:
                    0d:df:bc:83:0d:62:a1:97:20:62:26:28:ec:80:11:
                    fc:39:fe:82:7f:4c:48:79:4a:42:79:cf:13:b5:b5:
                    bc:9d:3f:ac:11:fc:2f:a0:2f:22:12:b7:a0:05:d0:
                    42:fa:bf:8e:6e:b9:e6:8b:e5:2a:be:ee:61:f7:4b:
                    ae:f4:e0:36:59:bf:68:32:a9:c1:02:15:f7:a6:ce:
                    97:63:ec:02:8f:62:87:ab:ab:be:94:7d:30:52:c3:
                    55:f3:b1:64:3e:d5:c7:60:9b:8a:2b:bf:b4:a1:a2:
                    dc:73:75:4a:90:60:66:22:60:c3:8e:36:71:53:e9:
                    af:d6:0f:64:f6:bc:40:22:dd:5b:ee:39:48:81:3e:
                    e5:09:99:7a:0e:ec:7d:d3:c8:89:a3:22:c8:9b:ac:
                    b2:12:cd:89:3d:0a:ee:84:ac:4f:f0:00:e8:d0:30:
                    46:f1:33:1a:8c:f2:41:30:66:b9:70:e5:5f:a0:10:
                    42:9c:b8:50:01:91:35:ee:f0:17:d9:5b:45:ec:2b:
                    4c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:47:64:F5:F0:D8:32:10:F4:68:3C:F7:FB:BE:67:75:18:69:12:F5
            X509v3 Authority Key Identifier:
                keyid:C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/N0dk9fDYMhD0aDz3-75ndRhpEvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.168.0/24
                  195.191.196.0/23
                IPv6:
                  2a06:d1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:34:7e:1d:5b:a8:69:c3:af:61:08:dd:26:e5:e4:ff:89:2a:
         ee:b9:b2:3b:d7:ea:cc:e2:7d:71:fb:ff:40:ad:1e:5e:9b:0b:
         9a:d5:54:e2:9b:d8:91:93:8b:3c:ea:85:9e:73:f1:83:b9:9b:
         b4:d8:fe:fd:86:9b:32:77:6f:7b:dc:54:37:93:ce:ca:0e:66:
         ee:6f:5d:dd:3d:b7:ce:29:5d:ec:d2:9b:d0:d8:4e:21:2e:e0:
         e3:f7:18:26:dd:d4:32:2d:4c:1e:88:9c:24:74:11:97:0c:72:
         37:84:dc:b5:72:6a:10:54:23:4c:b4:eb:23:52:2f:e5:19:c7:
         d5:08:06:61:0a:94:90:00:14:7e:bf:13:49:31:ca:ed:6b:09:
         88:1f:25:6d:e4:0a:28:56:50:29:10:58:72:59:c6:df:51:48:
         b7:57:39:28:22:07:03:b8:d7:7a:fd:7a:ac:19:35:06:71:4c:
         63:47:f9:ff:b9:8b:c8:33:44:34:94:c5:63:c3:5f:f6:9d:49:
         5b:04:b1:ad:ca:84:1a:3d:72:19:9b:57:52:67:ab:33:34:f9:
         32:54:87:41:38:ab:3e:2e:45:1f:72:74:7d:74:29:e7:f1:ed:
         68:04:cf:ca:4d:49:7d:c2:92:fe:d7:c7:40:fb:8e:f8:f0:3a:
         62:f3:a4:36
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY3VkkCAC9LDM+OOy6rwX77DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NGZhMGFkODk4NzE0OWYwNTUzNDcyNGI0NWEyZjRkNWVi
ZjQ3NWQwHhcNMjQwMjIzMTA0NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzQ3NjRmNWYwZDgzMjEwZjQ2ODNjZjdmYmJlNjc3NTE4NjkxMmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvZS9odta277YKDRriOme+zAJ8kk
F7HfNUAujI5ypbSZpS7WHRXcnmhx7kyJmirQHSc1BBImoaauPb8N37yDDWKhlyBi
JijsgBH8Of6Cf0xIeUpCec8TtbW8nT+sEfwvoC8iEregBdBC+r+Obrnmi+Uqvu5h
90uu9OA2Wb9oMqnBAhX3ps6XY+wCj2KHq6u+lH0wUsNV87FkPtXHYJuKK7+0oaLc
c3VKkGBmImDDjjZxU+mv1g9k9rxAIt1b7jlIgT7lCZl6Dux908iJoyLIm6yyEs2J
PQruhKxP8ADo0DBG8TMajPJBMGa5cOVfoBBCnLhQAZE17vAX2VtF7CtMgwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDdHZPXw2DIQ9Gg89/u+Z3UYaRL1MB8GA1UdIwQY
MBaAFMZPoK2JhxSfBVNHJLRaL01ev0ddMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEt
YmNmNzcwMjY5MzlkLzEvTjBkazlmRFlNaEQwYUR6My03NW5kUmhwRXZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEtYmNmNzcwMjY5Mzlk
LzEveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwWioAwQB
w7/EMA0EAgACMAcDBQMqBtHAMA0GCSqGSIb3DQEBCwUAA4IBAQBwNH4dW6hpw69h
CN0m5eT/iSruubI71+rM4n1x+/9ArR5emwua1VTim9iRk4s86oWec/GDuZu02P79
hpsyd2973FQ3k87KDmbub13dPbfOKV3s0pvQ2E4hLuDj9xgm3dQyLUweiJwkdBGX
DHI3hNy1cmoQVCNMtOsjUi/lGcfVCAZhCpSQABR+vxNJMcrtawmIHyVt5AooVlAp
EFhyWcbfUUi3VzkoIgcDuNd6/XqsGTUGcUxjR/n/uYvIM0Q0lMVjw1/2nUlbBLGt
yoQaPXIZm1dSZ6szNPkyVIdBOKs+LkUfcnR9dCnn8e1oBM/KTUl9wpL+18dA+474
8Dpi86Q2
-----END CERTIFICATE-----