Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/T53HB2PEef5v-E4JAFFm-kwyNIg.roa
File:                     T53HB2PEef5v-E4JAFFm-kwyNIg.roa (raw, json)
Hash identifier:          hSbQjwvV0GCSJs5BN0OznwOA9Xm308Hr/vdacVo76d0=
Subject key identifier:   4F:9D:C7:07:63:C4:79:FE:6F:F8:4E:09:00:51:66:FA:4C:32:34:88
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       019501FA1A19C22A88326785E9BF26A80B35
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/T53HB2PEef5v-E4JAFFm-kwyNIg.roa
Signing time:             Fri 14 Feb 2025 01:02:02 +0000
ROA not before:           Fri 14 Feb 2025 01:02:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42910
IP address blocks:        31.210.46.0/24 maxlen: 24
                          31.210.50.0/24 maxlen: 24
                          31.210.51.0/24 maxlen: 24
                          31.210.53.0/24 maxlen: 24
                          31.210.54.0/24 maxlen: 24
                          77.92.148.0/24 maxlen: 24
                          188.132.170.0/24 maxlen: 24
                          188.132.191.0/24 maxlen: 24
                          188.132.215.0/24 maxlen: 24
                          188.132.227.0/24 maxlen: 24
                          188.132.228.0/24 maxlen: 24
                          188.132.229.0/24 maxlen: 24
                          212.68.36.0/24 maxlen: 24
                          212.68.49.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:01:fa:1a:19:c2:2a:88:32:67:85:e9:bf:26:a8:0b:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Feb 14 01:02:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f9dc70763c479fe6ff84e09005166fa4c323488
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:98:3d:22:97:b8:c7:c0:41:f9:57:6c:cf:ca:
                    17:14:8c:ad:4b:49:78:0d:81:c0:1c:1c:b5:cd:41:
                    d6:c7:ee:07:5b:be:eb:b8:c4:db:e6:a0:92:3a:17:
                    70:8f:a8:2e:d3:78:dd:e5:2d:f9:50:cf:85:dc:38:
                    14:2e:c1:b8:69:2b:9a:51:6a:e3:9b:3f:e0:98:64:
                    9a:8b:99:f6:92:3d:3f:77:88:f9:7c:28:1e:20:0e:
                    03:d6:56:f3:ba:d2:e1:fd:6b:3a:f4:f9:e6:05:04:
                    57:bc:b8:49:f1:4b:27:b3:f1:2c:e3:81:fb:30:ed:
                    27:d2:1e:0e:bd:b5:3c:7a:53:44:48:7f:37:dc:55:
                    49:85:84:a2:0a:3a:83:14:22:79:43:84:f3:7b:7c:
                    de:b1:55:a0:1f:02:48:19:e1:71:17:50:2e:84:76:
                    0d:eb:ef:8d:22:90:4b:99:49:27:92:01:ed:fe:cd:
                    d9:16:71:6e:70:52:ae:32:bd:09:8c:d2:5e:8a:03:
                    b9:38:62:96:4e:1b:90:7a:29:55:a9:1a:c8:99:77:
                    1b:55:4c:f1:d2:56:ee:9d:c1:a1:03:eb:51:81:d7:
                    a7:f4:fb:23:4d:47:c6:22:39:b3:d1:4e:0a:87:01:
                    69:8f:3e:87:43:2e:6e:f6:75:73:c7:63:f7:8e:c1:
                    76:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:9D:C7:07:63:C4:79:FE:6F:F8:4E:09:00:51:66:FA:4C:32:34:88
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/T53HB2PEef5v-E4JAFFm-kwyNIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.46.0/24
                  31.210.50.0/23
                  31.210.53.0-31.210.54.255
                  77.92.148.0/24
                  188.132.170.0/24
                  188.132.191.0/24
                  188.132.215.0/24
                  188.132.227.0-188.132.229.255
                  212.68.36.0/24
                  212.68.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:b8:bb:c4:ac:5c:8b:95:85:a3:fa:d5:43:01:df:2c:8f:f7:
         11:97:9c:ee:bc:60:4f:5c:19:7a:bd:ab:31:fe:5a:91:3b:f8:
         55:ce:fb:85:ca:da:82:39:68:fd:2b:cb:09:f1:77:6c:7d:98:
         a0:9a:ff:b8:2d:00:30:f6:37:cb:94:46:f8:9e:bd:48:53:7d:
         ff:19:3f:d4:b2:21:66:eb:55:e8:a7:97:83:e2:50:8d:a5:7f:
         f3:7b:26:29:a7:cb:a2:ff:d2:a8:bc:df:c6:d9:d4:bb:5b:e7:
         15:e7:75:05:ea:e9:8c:77:98:0b:aa:3f:4d:b3:e4:6e:a4:30:
         b9:de:c6:90:eb:c5:1c:03:42:5f:e8:22:b9:7f:5c:e2:34:e8:
         0f:ec:93:1d:b4:03:69:ab:ff:0e:8c:c2:dd:4d:42:c1:f8:42:
         42:11:22:dc:4e:78:a8:6f:2c:ad:30:2f:bb:00:16:9b:db:93:
         ec:d7:ae:dc:d4:37:dd:a1:68:b4:81:bf:e0:76:98:7a:2c:da:
         49:60:2a:df:62:49:4c:7e:d4:9f:e5:6b:10:a8:15:80:69:02:
         73:6b:78:e5:0d:fa:e8:0d:63:ad:34:3d:4a:19:45:47:9a:c3:
         5f:23:7e:25:08:41:a5:2c:32:48:dd:61:c2:e2:bb:37:40:70:
         ca:23:f9:72
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZUB+hoZwiqIMmeF6b8mqAs1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwMjE0MDEwMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjlkYzcwNzYzYzQ3OWZlNmZmODRlMDkwMDUxNjZmYTRjMzIzNDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3pg9Ipe4x8BB+Vdsz8oXFIytS0l4
DYHAHBy1zUHWx+4HW77ruMTb5qCSOhdwj6gu03jd5S35UM+F3DgULsG4aSuaUWrj
mz/gmGSai5n2kj0/d4j5fCgeIA4D1lbzutLh/Ws69PnmBQRXvLhJ8Usns/Es44H7
MO0n0h4OvbU8elNESH833FVJhYSiCjqDFCJ5Q4Tze3zesVWgHwJIGeFxF1AuhHYN
6++NIpBLmUknkgHt/s3ZFnFucFKuMr0JjNJeigO5OGKWThuQeilVqRrImXcbVUzx
0lbuncGhA+tRgden9PsjTUfGIjmz0U4KhwFpjz6HQy5u9nVzx2P3jsF2CwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFE+dxwdjxHn+b/hOCQBRZvpMMjSIMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvVDUzSEIyUEVlZjV2LUU0SkFGRm0ta3d5TklnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQAH9IuAwQB
H9IyMAwDBAAf0jUDBAAf0jYDBABNXJQDBAC8hKoDBAC8hL8DBAC8hNcwDAMEALyE
4wMEAbyE5AMEANREJAMEANREMTANBgkqhkiG9w0BAQsFAAOCAQEAabi7xKxci5WF
o/rVQwHfLI/3EZec7rxgT1wZer2rMf5akTv4Vc77hcragjlo/SvLCfF3bH2YoJr/
uC0AMPY3y5RG+J69SFN9/xk/1LIhZutV6KeXg+JQjaV/83smKafLov/SqLzfxtnU
u1vnFed1BerpjHeYC6o/TbPkbqQwud7GkOvFHANCX+giuX9c4jToD+yTHbQDaav/
DozC3U1CwfhCQhEi3E54qG8srTAvuwAWm9uT7Neu3NQ33aFotIG/4HaYeizaSWAq
32JJTH7Un+VrEKgVgGkCc2t45Q366A1jrTQ9ShlFR5rDXyN+JQhBpSwySN1hwuK7
N0BwyiP5cg==
-----END CERTIFICATE-----