Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/Y_bp31HDq8uAy4l6THmKPbLCNsI.roa
File:                     Y_bp31HDq8uAy4l6THmKPbLCNsI.roa (raw, json)
Hash identifier:          9XEelD2ZciA/ZipA/uoYFFsArdGQrDybFJa5ScNreOg=
Subject key identifier:   63:F6:E9:DF:51:C3:AB:CB:80:CB:89:7A:4C:79:8A:3D:B2:C2:36:C2
Certificate issuer:       /CN=cf4a717f8fa1bb0359274223acdae22b70e66bec
Certificate serial:       019420686454B9E82416A94F6B62C43CD7A2
Authority key identifier: CF:4A:71:7F:8F:A1:BB:03:59:27:42:23:AC:DA:E2:2B:70:E6:6B:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z0pxf4-huwNZJ0IjrNriK3Dma-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/Y_bp31HDq8uAy4l6THmKPbLCNsI.roa
Signing time:             Wed 01 Jan 2025 05:48:19 +0000
ROA not before:           Wed 01 Jan 2025 05:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15774
IP address blocks:        37.49.192.0/19 maxlen: 32
                          37.205.48.0/21 maxlen: 32
                          37.205.64.0/19 maxlen: 32
                          46.50.128.0/17 maxlen: 32
                          46.241.0.0/17 maxlen: 32
                          91.105.128.0/18 maxlen: 32
                          109.171.0.0/17 maxlen: 32
                          109.197.128.0/21 maxlen: 32
                          188.44.96.0/19 maxlen: 32
                          188.168.0.0/16 maxlen: 32
                          188.244.128.0/17 maxlen: 32
                          194.187.29.0/24 maxlen: 32
                          195.238.100.0/22 maxlen: 32
                          2a02:618::/32 maxlen: 96

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:64:54:b9:e8:24:16:a9:4f:6b:62:c4:3c:d7:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf4a717f8fa1bb0359274223acdae22b70e66bec
        Validity
            Not Before: Jan  1 05:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63f6e9df51c3abcb80cb897a4c798a3db2c236c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c5:fd:d9:2a:02:a8:ee:35:00:62:59:6b:dd:
                    79:9e:c6:cb:14:88:67:a2:16:80:9c:02:22:ae:6f:
                    c1:66:4f:db:d4:ae:5e:9d:0e:d0:0f:50:0e:28:ff:
                    5e:c8:a5:be:2c:41:9a:f9:78:fb:9e:5b:fd:ea:ee:
                    1c:fb:e1:44:32:7e:cd:a7:00:17:b6:63:6a:a3:bc:
                    58:52:99:dd:a0:a5:2e:3d:2a:0e:86:21:52:48:d3:
                    bb:a6:22:b9:dc:12:2e:a5:0c:c7:db:df:fd:66:e6:
                    45:3c:2f:d1:07:f6:e0:b4:84:23:2c:d4:24:d8:9b:
                    f2:38:d9:58:a9:d8:d0:1c:8b:ea:15:54:da:b4:74:
                    60:9d:d0:16:17:8f:ef:2b:91:cd:54:49:a1:77:50:
                    c7:7b:04:33:6f:d5:19:53:45:5b:ae:e9:f2:bf:da:
                    28:b2:e2:6e:c1:d8:66:d0:ef:51:8c:d0:2d:e0:6e:
                    cd:0e:68:14:91:90:0d:67:ce:e7:76:74:ac:7e:23:
                    f0:c5:1f:31:57:cc:0f:d8:39:8c:d2:d2:ab:13:1f:
                    9a:c0:a6:77:cc:7b:ec:e6:3c:e1:9d:9a:05:ff:6c:
                    f2:51:a1:cc:d5:99:9d:c9:0f:56:5a:ae:77:a9:9d:
                    04:ea:9a:bc:8f:df:64:eb:d4:75:7d:fd:0e:20:49:
                    a8:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:F6:E9:DF:51:C3:AB:CB:80:CB:89:7A:4C:79:8A:3D:B2:C2:36:C2
            X509v3 Authority Key Identifier:
                keyid:CF:4A:71:7F:8F:A1:BB:03:59:27:42:23:AC:DA:E2:2B:70:E6:6B:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z0pxf4-huwNZJ0IjrNriK3Dma-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/Y_bp31HDq8uAy4l6THmKPbLCNsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/z0pxf4-huwNZJ0IjrNriK3Dma-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.49.192.0/19
                  37.205.48.0/21
                  37.205.64.0/19
                  46.50.128.0/17
                  46.241.0.0/17
                  91.105.128.0/18
                  109.171.0.0/17
                  109.197.128.0/21
                  188.44.96.0/19
                  188.168.0.0/16
                  188.244.128.0/17
                  194.187.29.0/24
                  195.238.100.0/22
                IPv6:
                  2a02:618::/32

    Signature Algorithm: sha256WithRSAEncryption
         50:6b:f8:ba:dc:4e:7e:73:cf:25:cd:2d:6a:f0:f4:dc:0b:87:
         b7:59:d7:7a:0a:6d:11:58:d9:76:79:3c:cb:40:f0:cf:3b:12:
         d6:c9:a1:f2:29:cb:d5:9e:6e:eb:a9:53:80:80:49:75:7d:03:
         8f:61:a3:73:fa:c3:cb:c9:ef:24:60:61:42:55:48:07:4d:99:
         51:8d:55:82:2b:14:42:a8:b4:3d:26:a0:1f:3f:ff:69:50:55:
         58:44:55:a3:df:52:f7:d4:b8:ef:c5:73:18:e5:a7:97:ff:dd:
         27:40:98:1e:41:f3:58:ca:a2:81:8b:85:3a:63:13:ae:d9:58:
         bf:69:3c:cd:de:43:aa:03:94:bc:9f:d6:00:d2:6d:e4:43:fc:
         72:de:b0:99:c2:64:d4:d1:62:f1:2d:b6:94:ad:3c:f1:7c:e9:
         85:c4:11:f1:00:57:9b:5f:0a:4d:5b:73:12:5a:a0:97:43:f4:
         ef:3b:44:99:37:68:e8:d0:f4:bd:42:f6:0d:fb:cf:a3:1a:da:
         bd:13:e5:19:c6:33:f7:b2:5f:03:ac:2d:cc:46:69:ac:58:0d:
         e5:f4:ef:a9:cd:c0:ef:39:cd:1c:09:7b:74:cb:e9:d1:2f:2b:
         a8:3a:31:d3:b5:73:08:e8:fa:2b:26:55:05:05:32:5e:86:63:
         2b:a4:a3:f8
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAZQgaGRUuegkFqlPa2LEPNeiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNGE3MTdmOGZhMWJiMDM1OTI3NDIyM2FjZGFlMjJiNzBl
NjZiZWMwHhcNMjUwMTAxMDU0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2Y2ZTlkZjUxYzNhYmNiODBjYjg5N2E0Yzc5OGEzZGIyYzIzNmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcX92SoCqO41AGJZa915nsbLFIhn
ohaAnAIirm/BZk/b1K5enQ7QD1AOKP9eyKW+LEGa+Xj7nlv96u4c++FEMn7NpwAX
tmNqo7xYUpndoKUuPSoOhiFSSNO7piK53BIupQzH29/9ZuZFPC/RB/bgtIQjLNQk
2JvyONlYqdjQHIvqFVTatHRgndAWF4/vK5HNVEmhd1DHewQzb9UZU0Vbrunyv9oo
suJuwdhm0O9RjNAt4G7NDmgUkZANZ87ndnSsfiPwxR8xV8wP2DmM0tKrEx+awKZ3
zHvs5jzhnZoF/2zyUaHM1ZmdyQ9WWq53qZ0E6pq8j99k69R1ff0OIEmoBwIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFGP26d9Rw6vLgMuJekx5ij2ywjbCMB8GA1UdIwQY
MBaAFM9KcX+PobsDWSdCI6za4itw5mvsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejBweGY0LWh1d05aSjBJanJOcmlLM0RtYS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9lNTBmNTQtNmZkZC00ZmU5LTlmZTkt
NmFhYTZiMDIxNjBkLzEvWV9icDMxSERxOHVBeTRsNlRIbUtQYkxDTnNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9lNTBmNTQtNmZkZC00ZmU5LTlmZTktNmFhYTZiMDIxNjBk
LzEvejBweGY0LWh1d05aSjBJanJOcmlLM0RtYS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBTBAIAATBNAwQFJTHAAwQD
Jc0wAwQFJc1AAwQHLjKAAwQHLvEAAwQGW2mAAwQHbasAAwQDbcWAAwQFvCxgAwMA
vKgDBAe89IADBADCux0DBALD7mQwDQQCAAIwBwMFACoCBhgwDQYJKoZIhvcNAQEL
BQADggEBAFBr+LrcTn5zzyXNLWrw9NwLh7dZ13oKbRFY2XZ5PMtA8M87EtbJofIp
y9WebuupU4CASXV9A49ho3P6w8vJ7yRgYUJVSAdNmVGNVYIrFEKotD0moB8//2lQ
VVhEVaPfUvfUuO/Fcxjlp5f/3SdAmB5B81jKooGLhTpjE67ZWL9pPM3eQ6oDlLyf
1gDSbeRD/HLesJnCZNTRYvEttpStPPF86YXEEfEAV5tfCk1bcxJaoJdD9O87RJk3
aOjQ9L1C9g37z6Ma2r0T5RnGM/eyXwOsLcxGaaxYDeX076nNwO85zRwJe3TL6dEv
K6g6MdO1cwjo+ismVQUFMl6GYyuko/g=
-----END CERTIFICATE-----