Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/ZtDXkoDEmY0I9T1Jbs_bE_-yHRY.roa
File:                     ZtDXkoDEmY0I9T1Jbs_bE_-yHRY.roa (raw, json)
Hash identifier:          Lj8A2InNosTulr9FlQhIEZRobz8dAdS/spyowduAdXA=
Subject key identifier:   66:D0:D7:92:80:C4:99:8D:08:F5:3D:49:6E:CF:DB:13:FF:B2:1D:16
Certificate issuer:       /CN=588b1024ea056e5ed498f6e9ddc20632bdf6c9c5
Certificate serial:       019379AC86507A3A565E7CD3E2311D6F436B
Authority key identifier: 58:8B:10:24:EA:05:6E:5E:D4:98:F6:E9:DD:C2:06:32:BD:F6:C9:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/ZtDXkoDEmY0I9T1Jbs_bE_-yHRY.roa
Signing time:             Fri 29 Nov 2024 20:46:09 +0000
ROA not before:           Fri 29 Nov 2024 20:46:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208208
IP address blocks:        84.252.120.0/24 maxlen: 24
                          84.252.121.0/24 maxlen: 24
                          84.252.122.0/24 maxlen: 24
                          84.252.123.0/24 maxlen: 24
                          185.230.160.0/24 maxlen: 24
                          185.230.161.0/24 maxlen: 24
                          185.230.162.0/24 maxlen: 24
                          185.230.163.0/24 maxlen: 24
                          185.240.241.0/24 maxlen: 24
                          185.240.242.0/24 maxlen: 24
                          185.240.243.0/24 maxlen: 24
                          2a09:6301::/32 maxlen: 32
                          2a09:6302::/32 maxlen: 32
                          2a09:6305::/32 maxlen: 32
                          2a09:6306::/32 maxlen: 32
                          2a09:6307::/32 maxlen: 32
                          2a0c:2500::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:79:ac:86:50:7a:3a:56:5e:7c:d3:e2:31:1d:6f:43:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=588b1024ea056e5ed498f6e9ddc20632bdf6c9c5
        Validity
            Not Before: Nov 29 20:46:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66d0d79280c4998d08f53d496ecfdb13ffb21d16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:3b:71:f5:19:81:47:ff:f8:ff:fe:5f:92:94:
                    78:38:46:98:98:e2:d5:76:83:b2:d4:68:e9:3e:93:
                    2e:65:09:ab:7f:f2:42:48:03:aa:d8:59:ab:4e:44:
                    a0:8b:0c:35:c5:78:c9:9c:76:00:ff:5d:72:30:1e:
                    e7:f5:e2:ca:de:b4:68:ad:b2:fc:a8:84:fb:14:5b:
                    12:59:02:2a:cf:f0:33:d9:78:4c:13:86:52:a1:af:
                    47:6d:8d:b6:59:19:cd:23:c5:64:53:3c:2e:be:9f:
                    86:ed:c6:cf:67:63:5a:7c:2c:db:2e:00:15:a1:10:
                    33:d8:d0:33:17:e0:c1:5b:de:dd:6b:1a:f8:4e:6f:
                    a4:07:db:ac:6a:64:ee:66:e9:bb:ad:54:b8:dc:90:
                    23:f6:17:6f:f3:10:d0:71:2a:2c:1e:c9:cb:2f:ec:
                    09:2b:0e:fc:e3:73:84:06:92:69:13:9e:e1:d6:9b:
                    da:8e:dd:5c:20:a7:74:82:f2:b9:f3:40:6d:fc:92:
                    6e:ee:77:6b:4d:8a:73:3d:51:3f:10:ed:b7:75:1c:
                    8e:9c:82:b3:06:80:00:48:3f:00:35:19:82:2d:56:
                    1e:c2:60:1c:c0:cd:48:05:98:b8:59:0a:0e:22:d9:
                    91:1a:c4:f4:ab:63:5b:9b:97:5a:af:0a:61:ee:1c:
                    85:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:D0:D7:92:80:C4:99:8D:08:F5:3D:49:6E:CF:DB:13:FF:B2:1D:16
            X509v3 Authority Key Identifier:
                keyid:58:8B:10:24:EA:05:6E:5E:D4:98:F6:E9:DD:C2:06:32:BD:F6:C9:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/ZtDXkoDEmY0I9T1Jbs_bE_-yHRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/WIsQJOoFbl7UmPbp3cIGMr32ycU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.120.0/22
                  185.230.160.0/22
                  185.240.241.0-185.240.243.255
                IPv6:
                  2a09:6301::-2a09:6302:ffff:ffff:ffff:ffff:ffff:ffff
                  2a09:6305::-2a09:6307:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0c:2500::/32

    Signature Algorithm: sha256WithRSAEncryption
         3a:5b:ef:39:40:04:48:b2:90:c7:5f:33:8c:61:7d:78:ff:21:
         33:35:0a:28:28:5d:6d:e8:c2:cb:e9:e7:db:58:e9:30:07:d1:
         00:1c:83:a8:ec:37:4b:5d:8b:31:1d:04:db:b4:d7:82:d2:83:
         f4:e5:92:d8:df:45:2d:04:fe:54:d4:66:07:1e:dd:16:3f:0e:
         b6:52:58:51:62:f6:24:c3:00:dd:ce:d4:99:9c:cd:52:c2:3d:
         e6:fd:e8:ee:5e:c8:a8:1c:6e:52:d4:50:fe:16:4d:8e:74:10:
         6c:6e:9e:ba:38:02:48:23:97:b3:87:1f:b7:28:7a:84:35:13:
         c5:8e:a8:b0:05:b3:cf:ac:21:54:53:65:bc:8c:81:0b:c7:57:
         e4:1d:ba:0e:1c:de:58:b0:67:fe:5d:41:9c:2b:9a:d9:09:01:
         f2:4a:ba:4a:01:03:e0:84:cc:be:2b:30:ac:15:42:2d:3c:8b:
         24:04:cc:a0:e2:85:19:5b:f0:45:58:ad:26:b1:bd:ec:4c:1a:
         f9:8f:1a:68:02:3e:52:1e:9f:de:bd:8b:fe:68:1d:90:81:eb:
         93:3a:92:04:d4:0f:8e:01:21:fa:bd:b4:d7:5e:c2:38:05:ef:
         ee:6f:3f:69:8e:ed:fa:34:3f:f0:d1:a3:fa:e6:b7:73:e7:94:
         72:31:df:f5
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAZN5rIZQejpWXnzT4jEdb0NrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4OGIxMDI0ZWEwNTZlNWVkNDk4ZjZlOWRkYzIwNjMyYmRm
NmM5YzUwHhcNMjQxMTI5MjA0NjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmQwZDc5MjgwYzQ5OThkMDhmNTNkNDk2ZWNmZGIxM2ZmYjIxZDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjtx9RmBR//4//5fkpR4OEaYmOLV
doOy1GjpPpMuZQmrf/JCSAOq2FmrTkSgiww1xXjJnHYA/11yMB7n9eLK3rRorbL8
qIT7FFsSWQIqz/Az2XhME4ZSoa9HbY22WRnNI8VkUzwuvp+G7cbPZ2NafCzbLgAV
oRAz2NAzF+DBW97daxr4Tm+kB9usamTuZum7rVS43JAj9hdv8xDQcSosHsnLL+wJ
Kw7843OEBpJpE57h1pvajt1cIKd0gvK580Bt/JJu7ndrTYpzPVE/EO23dRyOnIKz
BoAASD8ANRmCLVYewmAcwM1IBZi4WQoOItmRGsT0q2Nbm5darwph7hyF9QIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFGbQ15KAxJmNCPU9SW7P2xP/sh0WMB8GA1UdIwQY
MBaAFFiLECTqBW5e1Jj26d3CBjK99snFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lzUUpPb0ZibDdVbVBicDNjSUdNcjMyeWNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9kMzRhNzQtZDdjZC00Zjk5LTg0Y2Qt
NTY2MjhhNDZkZjQwLzEvWnREWGtvREVtWTBJOVQxSmJzX2JFXy15SFJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9kMzRhNzQtZDdjZC00Zjk5LTg0Y2QtNTY2MjhhNDZkZjQw
LzEvV0lzUUpPb0ZibDdVbVBicDNjSUdNcjMyeWNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTAgBAIAATAaAwQCVPx4AwQC
ueagMAwDBAC58PEDBAK58PAwLQQCAAIwJzAOAwUAKgljAQMFACoJYwIwDgMFACoJ
YwUDBQMqCWMAAwUAKgwlADANBgkqhkiG9w0BAQsFAAOCAQEAOlvvOUAESLKQx18z
jGF9eP8hMzUKKChdbejCy+nn21jpMAfRAByDqOw3S12LMR0E27TXgtKD9OWS2N9F
LQT+VNRmBx7dFj8OtlJYUWL2JMMA3c7UmZzNUsI95v3o7l7IqBxuUtRQ/hZNjnQQ
bG6eujgCSCOXs4cftyh6hDUTxY6osAWzz6whVFNlvIyBC8dX5B26DhzeWLBn/l1B
nCua2QkB8kq6SgED4ITMviswrBVCLTyLJATMoOKFGVvwRVitJrG97Ewa+Y8aaAI+
Uh6f3r2L/mgdkIHrkzqSBNQPjgEh+r20117COAXv7m8/aY7t+jQ/8NGj+ua3c+eU
cjHf9Q==
-----END CERTIFICATE-----