Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/a1464a-2411-4cc8-a101-0aecdc5175fa/1/DCQ8ev2rJEL1W4qMxYvpTTH97DQ.roa
File:                     DCQ8ev2rJEL1W4qMxYvpTTH97DQ.roa (raw, json)
Hash identifier:          5TUrDFPHU4UPTK7fffDfhZ7utbYkq6BTbilKpjfC8jM=
Subject key identifier:   0C:24:3C:7A:FD:AB:24:42:F5:5B:8A:8C:C5:8B:E9:4D:31:FD:EC:34
Certificate issuer:       /CN=387b7561d98dacfab863058b3b9807ad823f186a
Certificate serial:       0193BD3848B65B2263CB6FF5B2D3651BCCC6
Authority key identifier: 38:7B:75:61:D9:8D:AC:FA:B8:63:05:8B:3B:98:07:AD:82:3F:18:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OHt1YdmNrPq4YwWLO5gHrYI_GGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/a1464a-2411-4cc8-a101-0aecdc5175fa/1/DCQ8ev2rJEL1W4qMxYvpTTH97DQ.roa
Signing time:             Thu 12 Dec 2024 23:33:22 +0000
ROA not before:           Thu 12 Dec 2024 23:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216434
IP address blocks:        195.160.64.0/24 maxlen: 24
                          195.160.65.0/24 maxlen: 24
                          195.160.66.0/24 maxlen: 24
                          195.160.67.0/24 maxlen: 24
                          195.160.68.0/24 maxlen: 24
                          195.160.70.0/24 maxlen: 24
                          195.160.71.0/24 maxlen: 24
                          195.160.72.0/24 maxlen: 24
                          195.160.74.0/24 maxlen: 24
                          195.160.80.0/23 maxlen: 23
                          195.160.88.0/24 maxlen: 24
                          195.160.89.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:bd:38:48:b6:5b:22:63:cb:6f:f5:b2:d3:65:1b:cc:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=387b7561d98dacfab863058b3b9807ad823f186a
        Validity
            Not Before: Dec 12 23:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c243c7afdab2442f55b8a8cc58be94d31fdec34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:51:49:5c:6e:31:94:92:4d:43:71:e0:72:37:
                    73:52:9e:3b:25:28:15:af:9c:80:c6:d8:8e:89:9a:
                    65:15:ac:85:97:48:a6:9d:e9:e5:fb:87:0e:c7:26:
                    8a:c0:6f:a3:93:3d:ed:19:00:64:19:a9:19:16:8e:
                    56:25:e3:a6:bf:80:42:ba:a2:c2:3c:5e:cc:07:a6:
                    5d:15:a9:77:57:27:45:bf:6d:40:35:61:e8:4d:28:
                    2a:62:6a:a5:f7:e0:c2:c2:70:d5:d8:dc:4e:7a:1e:
                    e1:27:27:f3:6e:67:bc:46:b4:fc:4d:ff:d2:9c:10:
                    08:ca:d8:83:64:70:9d:5e:63:79:c0:3d:6d:7e:a8:
                    09:78:98:0a:cf:9e:f4:ce:48:27:35:80:f9:bd:df:
                    ce:8c:74:7f:3c:f6:cc:c8:92:68:28:43:21:c5:bd:
                    e1:b4:7f:2f:70:f5:5e:1e:0c:42:8e:f4:0c:71:bf:
                    39:f0:ab:fa:cf:aa:5b:f2:85:82:56:c0:dd:9a:76:
                    16:ad:94:25:6a:1c:7f:7e:b5:0e:a7:ab:f3:9a:e8:
                    c2:85:24:79:f3:21:d3:fb:17:3c:5c:d6:7f:6d:d2:
                    6a:d3:35:97:c1:a6:0b:9b:da:41:88:7d:be:fa:09:
                    39:e9:aa:0a:8a:c9:41:a3:ab:e4:91:03:3d:ed:6a:
                    c4:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:24:3C:7A:FD:AB:24:42:F5:5B:8A:8C:C5:8B:E9:4D:31:FD:EC:34
            X509v3 Authority Key Identifier:
                keyid:38:7B:75:61:D9:8D:AC:FA:B8:63:05:8B:3B:98:07:AD:82:3F:18:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OHt1YdmNrPq4YwWLO5gHrYI_GGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/a1464a-2411-4cc8-a101-0aecdc5175fa/1/DCQ8ev2rJEL1W4qMxYvpTTH97DQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/a1464a-2411-4cc8-a101-0aecdc5175fa/1/OHt1YdmNrPq4YwWLO5gHrYI_GGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.160.64.0-195.160.68.255
                  195.160.70.0-195.160.72.255
                  195.160.74.0/24
                  195.160.80.0/23
                  195.160.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:f3:e5:f5:99:a2:ea:8a:c0:9d:09:0a:f4:8c:06:c5:02:cf:
         4d:a8:30:a2:7c:09:56:42:96:3a:97:39:a8:11:17:35:2b:22:
         0c:33:8a:66:42:2e:39:57:79:ba:3b:b7:b8:fc:30:2c:fe:29:
         6b:df:1a:c2:ae:af:96:c8:c0:51:5a:fc:e1:dc:9d:89:a2:17:
         ec:26:36:a2:fd:5f:15:af:45:b8:ae:c0:71:e0:a5:ed:8c:45:
         d8:21:bc:3a:2f:ed:76:dd:25:8d:f4:5f:4d:15:86:fb:bf:39:
         fc:83:23:72:78:1d:70:b6:55:16:b2:1f:d3:d7:c7:08:7c:d2:
         c2:2f:38:c2:1a:dc:72:ba:e3:83:bd:2b:6e:60:0f:e5:25:90:
         69:7e:ba:7c:80:37:0f:dc:e1:7f:96:98:c5:ff:84:64:e3:06:
         f3:60:bd:15:51:38:54:90:99:41:e2:4e:af:cd:e2:6c:84:cf:
         58:e8:f6:74:77:0b:20:a7:ff:76:3d:d7:fd:b5:85:92:70:ca:
         b6:85:76:e6:c5:c9:f4:92:08:fd:b9:fe:08:e4:ce:91:c8:db:
         55:63:c9:3a:4e:c9:50:6a:b4:6a:22:da:49:bd:32:c8:e5:d5:
         03:6d:b3:e7:65:02:01:42:dc:8b:b4:49:e1:6a:97:50:a1:6e:
         63:85:04:5e
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZO9OEi2WyJjy2/1stNlG8zGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4N2I3NTYxZDk4ZGFjZmFiODYzMDU4YjNiOTgwN2FkODIz
ZjE4NmEwHhcNMjQxMjEyMjMzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzI0M2M3YWZkYWIyNDQyZjU1YjhhOGNjNThiZTk0ZDMxZmRlYzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFFJXG4xlJJNQ3HgcjdzUp47JSgV
r5yAxtiOiZplFayFl0imnenl+4cOxyaKwG+jkz3tGQBkGakZFo5WJeOmv4BCuqLC
PF7MB6ZdFal3VydFv21ANWHoTSgqYmql9+DCwnDV2NxOeh7hJyfzbme8RrT8Tf/S
nBAIytiDZHCdXmN5wD1tfqgJeJgKz570zkgnNYD5vd/OjHR/PPbMyJJoKEMhxb3h
tH8vcPVeHgxCjvQMcb858Kv6z6pb8oWCVsDdmnYWrZQlahx/frUOp6vzmujChSR5
8yHT+xc8XNZ/bdJq0zWXwaYLm9pBiH2++gk56aoKislBo6vkkQM97WrEfwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFAwkPHr9qyRC9VuKjMWL6U0x/ew0MB8GA1UdIwQY
MBaAFDh7dWHZjaz6uGMFizuYB62CPxhqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0h0MVlkbU5yUHE0WXdXTE81Z0hyWUlfR0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9hMTQ2NGEtMjQxMS00Y2M4LWExMDEt
MGFlY2RjNTE3NWZhLzEvRENROGV2MnJKRUwxVzRxTXhZdnBUVEg5N0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9hMTQ2NGEtMjQxMS00Y2M4LWExMDEtMGFlY2RjNTE3NWZh
LzEvT0h0MVlkbU5yUHE0WXdXTE81Z0hyWUlfR0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAbDoEAD
BADDoEQwDAMEAcOgRgMEAMOgSAMEAMOgSgMEAcOgUAMEAcOgWDANBgkqhkiG9w0B
AQsFAAOCAQEAPPPl9Zmi6orAnQkK9IwGxQLPTagwonwJVkKWOpc5qBEXNSsiDDOK
ZkIuOVd5uju3uPwwLP4pa98awq6vlsjAUVr84dydiaIX7CY2ov1fFa9FuK7AceCl
7YxF2CG8Oi/tdt0ljfRfTRWG+785/IMjcngdcLZVFrIf09fHCHzSwi84whrccrrj
g70rbmAP5SWQaX66fIA3D9zhf5aYxf+EZOMG82C9FVE4VJCZQeJOr83ibITPWOj2
dHcLIKf/dj3X/bWFknDKtoV25sXJ9JII/bn+COTOkcjbVWPJOk7JUGq0aiLaSb0y
yOXVA22z52UCAULci7RJ4WqXUKFuY4UEXg==
-----END CERTIFICATE-----