Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/cDHrUcS9iBRAhgzIa-0oojwM6x8.roa
File:                     cDHrUcS9iBRAhgzIa-0oojwM6x8.roa (raw, json)
Hash identifier:          a6MRkFy47YCdZj55gPSM8dAPHE9bL49pr9pcP+5WZCo=
Subject key identifier:   70:31:EB:51:C4:BD:88:14:40:86:0C:C8:6B:ED:28:A2:3C:0C:EB:1F
Certificate issuer:       /CN=9812e491aaa655b6324dbcc0cff00a8d63191076
Certificate serial:       01941FFAAF8756FA46FEE4574450DF4E18EA
Authority key identifier: 98:12:E4:91:AA:A6:55:B6:32:4D:BC:C0:CF:F0:0A:8D:63:19:10:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/cDHrUcS9iBRAhgzIa-0oojwM6x8.roa
Signing time:             Wed 01 Jan 2025 03:48:29 +0000
ROA not before:           Wed 01 Jan 2025 03:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8362
IP address blocks:        5.158.240.0/20 maxlen: 20
                          37.220.48.0/20 maxlen: 20
                          46.162.128.0/18 maxlen: 18
                          62.64.32.0/19 maxlen: 19
                          79.141.192.0/24 maxlen: 24
                          79.141.193.0/24 maxlen: 24
                          79.141.194.0/24 maxlen: 24
                          79.141.195.0/24 maxlen: 24
                          79.141.197.0/24 maxlen: 24
                          79.141.204.0/24 maxlen: 24
                          79.141.206.0/23 maxlen: 23
                          195.146.224.0/20 maxlen: 20
                          195.146.240.0/20 maxlen: 20
                          2a01:8e80::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:af:87:56:fa:46:fe:e4:57:44:50:df:4e:18:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9812e491aaa655b6324dbcc0cff00a8d63191076
        Validity
            Not Before: Jan  1 03:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7031eb51c4bd881440860cc86bed28a23c0ceb1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8e:e2:f6:a4:5b:f9:9b:7e:5c:28:e9:a4:d2:
                    bc:05:3a:09:f9:46:ff:fd:95:8b:1b:0b:c8:5e:7c:
                    74:37:3e:22:75:37:f2:a3:d8:1b:55:cb:3d:2f:17:
                    df:12:0f:9d:3f:90:2f:a1:24:76:5a:43:64:75:6b:
                    d8:0e:90:9e:07:fe:a6:74:21:e7:7a:8b:72:09:f3:
                    a7:76:66:6b:2a:ae:25:d6:05:bd:0f:61:7c:c4:9f:
                    87:3e:70:07:ff:41:2d:cc:4e:1c:5a:47:fc:4f:81:
                    0b:76:98:2d:24:70:e5:57:8f:53:6b:df:fb:92:f8:
                    6c:3d:a5:fd:21:5e:a0:c9:97:3c:26:26:5c:ec:54:
                    f5:b9:e7:ad:72:eb:59:7a:eb:00:09:34:7b:53:d2:
                    ef:94:ae:27:44:47:b6:9d:59:99:ef:9a:ff:8d:5d:
                    b0:08:e3:3b:75:b3:69:a5:c8:31:d2:df:7c:71:bb:
                    5b:4f:8e:b0:06:34:87:12:b2:db:f5:2c:76:6b:04:
                    a7:21:51:94:4a:c6:c7:ac:6f:d8:77:34:b8:43:02:
                    85:8b:f3:9e:06:69:c6:8b:bc:2f:fc:ed:ae:3a:41:
                    fc:bc:a7:af:cd:50:73:a5:35:e5:00:61:7d:b5:2d:
                    25:42:52:74:9a:1f:1c:49:b0:bc:03:05:d0:f8:02:
                    16:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:31:EB:51:C4:BD:88:14:40:86:0C:C8:6B:ED:28:A2:3C:0C:EB:1F
            X509v3 Authority Key Identifier:
                keyid:98:12:E4:91:AA:A6:55:B6:32:4D:BC:C0:CF:F0:0A:8D:63:19:10:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/cDHrUcS9iBRAhgzIa-0oojwM6x8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/mBLkkaqmVbYyTbzAz_AKjWMZEHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.158.240.0/20
                  37.220.48.0/20
                  46.162.128.0/18
                  62.64.32.0/19
                  79.141.192.0/22
                  79.141.197.0/24
                  79.141.204.0/24
                  79.141.206.0/23
                  195.146.224.0/19
                IPv6:
                  2a01:8e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:98:de:c2:f7:f2:a5:8f:5e:9a:98:6f:b1:26:8a:90:5e:12:
         fd:1a:05:83:75:2e:29:49:f5:8b:2b:92:ca:1c:77:ff:34:9e:
         24:cc:ac:31:24:c6:21:b8:0c:30:94:37:58:82:f7:08:27:17:
         eb:5b:65:45:ce:7e:a0:19:c9:54:ed:31:6d:c5:cb:23:d4:0c:
         50:ba:41:62:0d:6d:86:dd:a3:e4:2c:d0:7d:97:e0:dc:0e:a8:
         6f:d3:4e:f2:33:a3:ef:85:e4:a2:3a:c7:c9:7f:15:1e:14:0f:
         6f:ad:43:6f:79:e4:53:97:b3:62:fa:be:ba:72:83:67:be:4b:
         99:fa:9e:fa:39:b7:5c:a8:24:d3:f5:dc:35:16:e1:1e:16:be:
         dd:1f:aa:4b:d9:f6:66:1c:3c:4c:2b:ca:61:9a:db:35:9c:19:
         db:40:18:5a:0a:11:29:42:84:84:68:8a:cf:54:2e:27:80:28:
         55:53:43:7c:81:e8:4c:3b:17:95:a0:2c:75:bb:f1:71:0b:87:
         f5:4b:5c:88:a4:d3:31:28:9c:44:2f:a4:55:ac:de:17:6d:7d:
         a6:1f:b3:f7:82:d9:69:a7:3d:24:2d:db:6a:2f:01:bd:d6:c8:
         02:b9:67:f1:2a:b1:ea:54:66:7f:0b:7c:db:a0:ad:2d:b6:f8:
         d1:c6:7b:95
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZQf+q+HVvpG/uRXRFDfThjqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MTJlNDkxYWFhNjU1YjYzMjRkYmNjMGNmZjAwYThkNjMx
OTEwNzYwHhcNMjUwMTAxMDM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDMxZWI1MWM0YmQ4ODE0NDA4NjBjYzg2YmVkMjhhMjNjMGNlYjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArY7i9qRb+Zt+XCjppNK8BToJ+Ub/
/ZWLGwvIXnx0Nz4idTfyo9gbVcs9LxffEg+dP5AvoSR2WkNkdWvYDpCeB/6mdCHn
eotyCfOndmZrKq4l1gW9D2F8xJ+HPnAH/0EtzE4cWkf8T4ELdpgtJHDlV49Ta9/7
kvhsPaX9IV6gyZc8JiZc7FT1ueetcutZeusACTR7U9LvlK4nREe2nVmZ75r/jV2w
COM7dbNppcgx0t98cbtbT46wBjSHErLb9Sx2awSnIVGUSsbHrG/YdzS4QwKFi/Oe
BmnGi7wv/O2uOkH8vKevzVBzpTXlAGF9tS0lQlJ0mh8cSbC8AwXQ+AIWAwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFHAx61HEvYgUQIYMyGvtKKI8DOsfMB8GA1UdIwQY
MBaAFJgS5JGqplW2Mk28wM/wCo1jGRB2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUJMa2thcW1WYll5VGJ6QXpfQUtqV01aRUhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8wZTdlZDMtNDhjYi00YWZlLThkMTUt
ZGZmZTE3ZjNkYjU0LzEvY0RIclVjUzlpQlJBaGd6SWEtMG9vandNNng4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8wZTdlZDMtNDhjYi00YWZlLThkMTUtZGZmZTE3ZjNkYjU0
LzEvbUJMa2thcW1WYll5VGJ6QXpfQUtqV01aRUhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQEBZ7wAwQE
JdwwAwQGLqKAAwQFPkAgAwQCT43AAwQAT43FAwQAT43MAwQBT43OAwQFw5LgMA0E
AgACMAcDBQMqAY6AMA0GCSqGSIb3DQEBCwUAA4IBAQAqmN7C9/Klj16amG+xJoqQ
XhL9GgWDdS4pSfWLK5LKHHf/NJ4kzKwxJMYhuAwwlDdYgvcIJxfrW2VFzn6gGclU
7TFtxcsj1AxQukFiDW2G3aPkLNB9l+DcDqhv007yM6PvheSiOsfJfxUeFA9vrUNv
eeRTl7Ni+r66coNnvkuZ+p76ObdcqCTT9dw1FuEeFr7dH6pL2fZmHDxMK8phmts1
nBnbQBhaChEpQoSEaIrPVC4ngChVU0N8gehMOxeVoCx1u/FxC4f1S1yIpNMxKJxE
L6RVrN4XbX2mH7P3gtlppz0kLdtqLwG91sgCuWfxKrHqVGZ/C3zboK0ttvjRxnuV
-----END CERTIFICATE-----