Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/b4b70c-18bf-4502-bf9f-4f8913a915d3/1/psfbhPGIR9OS3HR7S3qur-oF2Wg.roa
File:                     psfbhPGIR9OS3HR7S3qur-oF2Wg.roa (raw, json)
Hash identifier:          FlkCUGKA6sKM5xnwOPU8XOcnUGbtF79h6pPDmcgLJm4=
Subject key identifier:   A6:C7:DB:84:F1:88:47:D3:92:DC:74:7B:4B:7A:AE:AF:EA:05:D9:68
Certificate issuer:       /CN=06defa1311f53f6c441463da8fab3403ad688011
Certificate serial:       019422FAFB362F149A8E090C6EDE3F1173DD
Authority key identifier: 06:DE:FA:13:11:F5:3F:6C:44:14:63:DA:8F:AB:34:03:AD:68:80:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bt76ExH1P2xEFGPaj6s0A61ogBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/b4b70c-18bf-4502-bf9f-4f8913a915d3/1/psfbhPGIR9OS3HR7S3qur-oF2Wg.roa
Signing time:             Wed 01 Jan 2025 17:47:41 +0000
ROA not before:           Wed 01 Jan 2025 17:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8661
IP address blocks:        178.175.0.0/17 maxlen: 17
                          178.175.0.0/18 maxlen: 18
                          178.175.64.0/18 maxlen: 18
                          185.47.188.0/22 maxlen: 22
                          213.163.96.0/19 maxlen: 19
                          213.163.96.0/22 maxlen: 22
                          213.163.96.0/24 maxlen: 24
                          213.163.97.0/24 maxlen: 24
                          213.163.98.0/24 maxlen: 24
                          213.163.99.0/24 maxlen: 24
                          213.163.100.0/22 maxlen: 22
                          213.163.104.0/21 maxlen: 21
                          213.163.112.0/20 maxlen: 20
                          213.163.121.0/24 maxlen: 24
                          2a02:e540::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fa:fb:36:2f:14:9a:8e:09:0c:6e:de:3f:11:73:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06defa1311f53f6c441463da8fab3403ad688011
        Validity
            Not Before: Jan  1 17:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6c7db84f18847d392dc747b4b7aaeafea05d968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:00:01:0f:80:52:2d:a0:c4:3f:8d:32:0c:e7:
                    56:b5:df:66:d5:c9:c5:5f:eb:1d:73:38:38:22:ea:
                    c7:53:5f:ce:d1:72:04:aa:13:4f:3e:b8:37:40:3b:
                    21:a2:15:63:34:31:ed:70:07:53:f6:58:a0:2f:26:
                    e5:b0:29:f8:cd:f4:72:29:4d:c5:8a:cb:7d:58:f7:
                    c3:21:f2:e0:96:7c:66:7b:14:6f:c9:c5:50:f9:7b:
                    af:7e:42:a4:7b:29:60:97:4e:bb:5b:1f:69:4a:cf:
                    ad:2b:3f:29:6f:f8:89:16:8a:a6:19:2b:29:af:12:
                    e0:e1:1f:9b:79:26:33:4f:96:c8:07:fc:13:58:ca:
                    cc:2a:c5:45:d2:99:0e:8b:a7:6a:1e:59:58:8b:1f:
                    a3:af:6a:ec:d6:3d:09:c3:d8:a4:33:6e:1e:5a:81:
                    5c:0f:fe:98:02:f4:27:96:0f:26:20:70:eb:52:33:
                    77:51:69:e9:7e:7e:7d:88:6c:a8:a6:0b:48:5a:aa:
                    90:13:58:4a:5e:bf:40:de:bf:e0:e3:74:da:93:ae:
                    59:90:f4:ee:10:5b:7d:79:dd:5d:49:3f:71:10:be:
                    9e:fa:ff:a8:7b:1a:4a:26:21:85:b3:68:c0:72:06:
                    dc:fb:44:55:c0:cb:77:21:53:f2:82:74:4d:13:23:
                    8d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:C7:DB:84:F1:88:47:D3:92:DC:74:7B:4B:7A:AE:AF:EA:05:D9:68
            X509v3 Authority Key Identifier:
                keyid:06:DE:FA:13:11:F5:3F:6C:44:14:63:DA:8F:AB:34:03:AD:68:80:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bt76ExH1P2xEFGPaj6s0A61ogBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/b4b70c-18bf-4502-bf9f-4f8913a915d3/1/psfbhPGIR9OS3HR7S3qur-oF2Wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/b4b70c-18bf-4502-bf9f-4f8913a915d3/1/Bt76ExH1P2xEFGPaj6s0A61ogBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.175.0.0/17
                  185.47.188.0/22
                  213.163.96.0/19
                IPv6:
                  2a02:e540::/29

    Signature Algorithm: sha256WithRSAEncryption
         29:69:03:b1:92:37:58:82:dc:d0:67:90:18:e8:0f:53:6d:2a:
         7d:81:93:2d:54:bd:7c:f5:c7:56:c1:0a:91:5c:d2:e4:f0:58:
         7d:1a:73:c4:58:bf:24:e1:0e:95:f2:85:16:e6:e7:15:d4:d3:
         e3:41:cc:2b:34:43:ef:75:5d:c7:ec:78:6c:f2:76:47:01:0d:
         5e:b0:3b:c8:aa:01:7a:a5:6d:10:2a:3f:dc:0a:6a:b4:01:7c:
         fc:8a:cf:39:ff:e6:45:36:4b:bf:54:c8:5d:ea:e1:85:34:52:
         17:1a:bc:28:01:85:56:b5:a2:f8:3c:c4:19:9c:c1:6f:e4:4d:
         56:b2:cf:5f:45:bd:f8:a1:f7:d1:c7:4d:69:8f:cc:2e:e5:11:
         66:5d:48:d3:c1:5a:ac:fb:a8:65:8a:e2:ea:6c:96:57:7e:f1:
         3e:fa:36:57:74:c7:40:d6:6e:c1:5b:f5:da:16:b6:50:8c:ed:
         5b:26:30:f0:77:f9:03:96:67:89:1a:c7:1b:6e:72:fe:19:fc:
         eb:88:4a:e3:4c:5d:36:f3:95:ea:3f:2f:55:c9:cd:27:82:e9:
         23:73:ad:48:e4:92:3e:af:ac:89:95:2a:ae:c4:3a:3d:fe:2a:
         29:ee:2a:14:c6:70:c9:80:02:b8:a5:fd:d5:4a:85:37:f5:26:
         92:67:47:57
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQi+vs2LxSajgkMbt4/EXPdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2ZGVmYTEzMTFmNTNmNmM0NDE0NjNkYThmYWIzNDAzYWQ2
ODgwMTEwHhcNMjUwMTAxMTc0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmM3ZGI4NGYxODg0N2QzOTJkYzc0N2I0YjdhYWVhZmVhMDVkOTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwABD4BSLaDEP40yDOdWtd9m1cnF
X+sdczg4IurHU1/O0XIEqhNPPrg3QDshohVjNDHtcAdT9ligLyblsCn4zfRyKU3F
ist9WPfDIfLglnxmexRvycVQ+XuvfkKkeylgl067Wx9pSs+tKz8pb/iJFoqmGSsp
rxLg4R+beSYzT5bIB/wTWMrMKsVF0pkOi6dqHllYix+jr2rs1j0Jw9ikM24eWoFc
D/6YAvQnlg8mIHDrUjN3UWnpfn59iGyopgtIWqqQE1hKXr9A3r/g43Tak65ZkPTu
EFt9ed1dST9xEL6e+v+oexpKJiGFs2jAcgbc+0RVwMt3IVPygnRNEyONvwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFKbH24TxiEfTktx0e0t6rq/qBdloMB8GA1UdIwQY
MBaAFAbe+hMR9T9sRBRj2o+rNAOtaIARMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnQ3NkV4SDFQMnhFRkdQYWo2czBBNjFvZ0JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9iNGI3MGMtMThiZi00NTAyLWJmOWYt
NGY4OTEzYTkxNWQzLzEvcHNmYmhQR0lSOU9TM0hSN1MzcXVyLW9GMldnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9iNGI3MGMtMThiZi00NTAyLWJmOWYtNGY4OTEzYTkxNWQz
LzEvQnQ3NkV4SDFQMnhFRkdQYWo2czBBNjFvZ0JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQHsq8AAwQC
uS+8AwQF1aNgMA0EAgACMAcDBQMqAuVAMA0GCSqGSIb3DQEBCwUAA4IBAQApaQOx
kjdYgtzQZ5AY6A9TbSp9gZMtVL189cdWwQqRXNLk8Fh9GnPEWL8k4Q6V8oUW5ucV
1NPjQcwrNEPvdV3H7Hhs8nZHAQ1esDvIqgF6pW0QKj/cCmq0AXz8is85/+ZFNku/
VMhd6uGFNFIXGrwoAYVWtaL4PMQZnMFv5E1Wss9fRb34offRx01pj8wu5RFmXUjT
wVqs+6hliuLqbJZXfvE++jZXdMdA1m7BW/XaFrZQjO1bJjDwd/kDlmeJGscbbnL+
GfzriErjTF0285XqPy9Vyc0ngukjc61I5JI+r6yJlSquxDo9/iop7ioUxnDJgAK4
pf3VSoU39SaSZ0dX
-----END CERTIFICATE-----