Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/qW-NdRD8QV2yBqgIbAjuO3oUiME.roa
File:                     qW-NdRD8QV2yBqgIbAjuO3oUiME.roa (raw, json)
Hash identifier:          haYqDYZW5U7u+v6O8/a//f+WrkbCFp/Y8tDtjAtzB+k=
Subject key identifier:   A9:6F:8D:75:10:FC:41:5D:B2:06:A8:08:6C:08:EE:3B:7A:14:88:C1
Certificate issuer:       /CN=7f50077d2dd8a67a1ae8b6abd6bbb3489028a5bb
Certificate serial:       0193D37B715D4CFB5162FDCE7CA025E8ACFA
Authority key identifier: 7F:50:07:7D:2D:D8:A6:7A:1A:E8:B6:AB:D6:BB:B3:48:90:28:A5:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f1AHfS3Ypnoa6Lar1ruzSJAopbs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/qW-NdRD8QV2yBqgIbAjuO3oUiME.roa
Signing time:             Tue 17 Dec 2024 07:18:22 +0000
ROA not before:           Tue 17 Dec 2024 07:18:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     766
IP address blocks:        130.206.0.0/16 maxlen: 16
                          158.99.0.0/16 maxlen: 16
                          185.205.148.0/22 maxlen: 22
                          192.148.201.0/24 maxlen: 24
                          192.148.202.0/23 maxlen: 23
                          192.148.204.0/22 maxlen: 22
                          192.187.24.0/23 maxlen: 23
                          193.144.0.0/14 maxlen: 14
                          212.128.0.0/18 maxlen: 18
                          212.128.64.0/19 maxlen: 19
                          212.128.64.0/20 maxlen: 20
                          212.128.80.0/21 maxlen: 21
                          212.128.128.0/17 maxlen: 17
                          2001:720::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:d3:7b:71:5d:4c:fb:51:62:fd:ce:7c:a0:25:e8:ac:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f50077d2dd8a67a1ae8b6abd6bbb3489028a5bb
        Validity
            Not Before: Dec 17 07:18:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a96f8d7510fc415db206a8086c08ee3b7a1488c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:b7:c4:fe:35:0f:5e:03:c4:07:ec:4b:07:46:
                    86:84:1d:68:d7:a5:d9:35:b9:60:f6:ea:d0:87:98:
                    4b:3f:c8:37:9c:8e:c4:30:15:81:30:87:af:3c:4e:
                    65:19:46:27:10:b5:23:99:a7:43:0b:fa:7c:da:91:
                    71:d2:d8:dc:02:d6:51:66:18:9f:60:f4:fb:0b:dc:
                    c5:1e:09:6c:40:a7:58:69:5a:e4:6b:55:ca:04:a1:
                    67:db:de:f5:3e:d2:51:0b:32:f7:85:fa:2f:56:52:
                    ab:2d:58:ca:b4:1e:5a:10:55:c1:f5:85:23:31:8c:
                    63:12:db:3a:ea:b0:75:b0:a7:81:37:ff:d2:0e:88:
                    59:49:14:09:33:6b:3d:a4:57:de:47:d7:a8:a7:d5:
                    32:a1:f3:9a:93:42:d5:b8:4c:7e:39:63:f0:3b:29:
                    76:63:65:f1:77:27:91:d6:96:68:e8:e9:30:18:b5:
                    24:99:be:dc:d3:87:7d:ea:83:8a:31:5d:0f:23:f5:
                    c5:eb:1a:53:84:e0:8e:51:66:bf:c1:3e:57:6b:5b:
                    88:e3:93:a2:a5:d9:ff:95:2f:eb:3b:3b:34:ac:e1:
                    97:4f:5d:a6:09:7e:b7:2f:06:a6:65:45:27:51:2b:
                    42:52:9b:22:36:45:d1:4f:ad:6e:27:c9:69:16:51:
                    af:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:6F:8D:75:10:FC:41:5D:B2:06:A8:08:6C:08:EE:3B:7A:14:88:C1
            X509v3 Authority Key Identifier:
                keyid:7F:50:07:7D:2D:D8:A6:7A:1A:E8:B6:AB:D6:BB:B3:48:90:28:A5:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1AHfS3Ypnoa6Lar1ruzSJAopbs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/qW-NdRD8QV2yBqgIbAjuO3oUiME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/f1AHfS3Ypnoa6Lar1ruzSJAopbs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.206.0.0/16
                  158.99.0.0/16
                  185.205.148.0/22
                  192.148.201.0-192.148.207.255
                  192.187.24.0/23
                  193.144.0.0/14
                  212.128.0.0-212.128.95.255
                  212.128.128.0/17
                IPv6:
                  2001:720::/32

    Signature Algorithm: sha256WithRSAEncryption
         8f:52:2c:f2:fa:2b:2e:16:07:87:0f:3c:46:2f:f1:90:55:42:
         27:70:a8:af:fe:fb:e4:22:47:70:09:63:44:ed:36:13:9c:7e:
         70:b3:86:22:26:5b:24:25:c7:c8:a5:f1:57:f9:f4:3a:18:84:
         a2:2c:0a:5b:1b:37:01:ce:e8:8a:4c:66:17:ea:48:fd:d4:70:
         8a:86:65:f1:92:0e:c5:b2:30:0d:4e:28:13:c2:f5:6f:64:9b:
         91:f5:98:4e:ec:57:05:b6:1f:54:4c:51:4d:00:c0:88:d6:a7:
         51:7f:7e:af:91:ef:38:e1:39:ff:7f:98:a0:88:23:78:d4:ce:
         93:23:e6:98:06:78:14:f1:9b:c1:08:3e:62:74:13:da:e7:56:
         d9:3e:66:b9:69:e6:30:be:b7:2e:ea:a5:96:ab:45:26:a6:13:
         c5:82:f9:6f:2f:cd:a2:0c:c2:d9:9c:44:7b:5c:5b:c9:85:b6:
         7b:0b:41:27:56:92:fa:95:be:b1:57:4f:ed:2e:8f:c5:4d:b7:
         57:7f:76:53:7e:99:f2:3b:c0:4a:5f:fa:c3:bd:f2:69:d1:61:
         49:4d:94:ec:ef:39:da:a2:29:a0:7d:1a:8f:95:47:eb:6d:fb:
         dc:b5:cd:a6:e9:42:e3:10:5a:6f:c8:58:bc:5b:0d:bb:70:72:
         6f:85:e6:55
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZPTe3FdTPtRYv3OfKAl6Kz6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNTAwNzdkMmRkOGE2N2ExYWU4YjZhYmQ2YmJiMzQ4OTAy
OGE1YmIwHhcNMjQxMjE3MDcxODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTZmOGQ3NTEwZmM0MTVkYjIwNmE4MDg2YzA4ZWUzYjdhMTQ4OGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLfE/jUPXgPEB+xLB0aGhB1o16XZ
Nblg9urQh5hLP8g3nI7EMBWBMIevPE5lGUYnELUjmadDC/p82pFx0tjcAtZRZhif
YPT7C9zFHglsQKdYaVrka1XKBKFn2971PtJRCzL3hfovVlKrLVjKtB5aEFXB9YUj
MYxjEts66rB1sKeBN//SDohZSRQJM2s9pFfeR9eop9UyofOak0LVuEx+OWPwOyl2
Y2XxdyeR1pZo6OkwGLUkmb7c04d96oOKMV0PI/XF6xpThOCOUWa/wT5Xa1uI45Oi
pdn/lS/rOzs0rOGXT12mCX63LwamZUUnUStCUpsiNkXRT61uJ8lpFlGvIQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFKlvjXUQ/EFdsgaoCGwI7jt6FIjBMB8GA1UdIwQY
MBaAFH9QB30t2KZ6Gui2q9a7s0iQKKW7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjFBSGZTM1lwbm9hNkxhcjFydXpTSkFvcGJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9jMWMxY2UtZWE1OS00ZGNmLWJjY2Mt
M2U3Y2FkZDg4YzcwLzEvcVctTmRSRDhRVjJ5QnFnSWJBanVPM29VaU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9jMWMxY2UtZWE1OS00ZGNmLWJjY2MtM2U3Y2FkZDg4Yzcw
LzEvZjFBSGZTM1lwbm9hNkxhcjFydXpTSkFvcGJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwMAgs4DAwCe
YwMEArnNlDAMAwQAwJTJAwQEwJTAAwQBwLsYAwMCwZAwCwMDB9SAAwQF1IBAAwQH
1ICAMA0EAgACMAcDBQAgAQcgMA0GCSqGSIb3DQEBCwUAA4IBAQCPUizy+isuFgeH
DzxGL/GQVUIncKiv/vvkIkdwCWNE7TYTnH5ws4YiJlskJcfIpfFX+fQ6GISiLApb
GzcBzuiKTGYX6kj91HCKhmXxkg7FsjANTigTwvVvZJuR9ZhO7FcFth9UTFFNAMCI
1qdRf36vke844Tn/f5igiCN41M6TI+aYBngU8ZvBCD5idBPa51bZPma5aeYwvrcu
6qWWq0UmphPFgvlvL82iDMLZnER7XFvJhbZ7C0EnVpL6lb6xV0/tLo/FTbdXf3ZT
fpnyO8BKX/rDvfJp0WFJTZTs7znaoimgfRqPlUfrbfvctc2m6ULjEFpvyFi8Ww27
cHJvheZV
-----END CERTIFICATE-----