Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/tkHsBCLrSLVlITNTYvxAqXdbEhA.roa
File:                     tkHsBCLrSLVlITNTYvxAqXdbEhA.roa (raw, json)
Hash identifier:          CmaRTfbXrgcRiqJZRVt80OI96YULPVIKrf8kK2BnixM=
Subject key identifier:   B6:41:EC:04:22:EB:48:B5:65:21:33:53:62:FC:40:A9:77:5B:12:10
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       0195B24FD02B5C003D69CD90CCB3EDDA5234
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/tkHsBCLrSLVlITNTYvxAqXdbEhA.roa
Signing time:             Thu 20 Mar 2025 06:48:49 +0000
ROA not before:           Thu 20 Mar 2025 06:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39150
IP address blocks:        91.196.136.0/24 maxlen: 24
                          91.196.137.0/24 maxlen: 24
                          91.196.138.0/24 maxlen: 24
                          91.196.139.0/24 maxlen: 24
                          93.179.68.0/23 maxlen: 23
                          93.179.69.0/24 maxlen: 24
                          93.179.120.0/24 maxlen: 24
                          95.85.83.128/25 maxlen: 25
                          95.181.213.0/24 maxlen: 24
                          109.196.133.0/24 maxlen: 24
                          195.182.8.0/24 maxlen: 24
                          2a04:8680::/32 maxlen: 32
                          2a04:8681::/32 maxlen: 32
                          2a09:d5c0::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b2:4f:d0:2b:5c:00:3d:69:cd:90:cc:b3:ed:da:52:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Mar 20 06:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b641ec0422eb48b56521335362fc40a9775b1210
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:85:ef:55:de:1b:4b:d9:6e:82:e0:5a:25:79:
                    f4:ee:88:66:a6:c5:84:2a:bf:b4:2e:a4:3f:15:68:
                    61:ff:00:6a:e3:3a:95:e2:d5:89:ea:5a:23:e2:f5:
                    2c:4e:68:12:e8:17:51:56:08:9a:9a:d2:bf:0a:df:
                    ee:6f:d8:42:ed:f9:eb:6a:37:b0:4e:78:31:d8:ec:
                    cf:ef:f5:f0:57:23:90:32:df:6b:e3:2a:81:ef:33:
                    b1:f1:3c:54:c5:ae:43:49:32:ff:40:5c:be:0b:86:
                    cc:fd:e3:af:00:e4:0e:13:5a:65:d3:82:1d:0d:e0:
                    02:28:dd:8f:61:91:58:bc:b6:27:6d:ef:41:eb:2c:
                    0b:7d:a6:14:ee:31:7e:16:d2:12:1e:5d:d5:c5:13:
                    9a:33:ae:69:2d:38:ce:67:34:8a:5d:6f:e4:6f:0f:
                    fa:8e:8d:c6:d0:c3:9e:b6:b6:9a:f6:01:45:ec:7a:
                    77:ab:39:e7:bb:52:9e:13:16:ab:c9:90:cd:56:4c:
                    8b:2d:1b:34:a6:38:83:db:87:8a:9d:5b:40:2a:4b:
                    5c:e6:3a:59:0e:1d:4e:14:ec:eb:8b:c3:d7:32:07:
                    91:d5:cc:3d:c7:41:9a:6f:ce:d2:3a:6f:eb:b5:f9:
                    74:db:15:eb:3a:d9:41:c9:aa:aa:be:51:7b:9c:1f:
                    e8:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:41:EC:04:22:EB:48:B5:65:21:33:53:62:FC:40:A9:77:5B:12:10
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/tkHsBCLrSLVlITNTYvxAqXdbEhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.136.0/22
                  93.179.68.0/23
                  93.179.120.0/24
                  95.85.83.128/25
                  95.181.213.0/24
                  109.196.133.0/24
                  195.182.8.0/24
                IPv6:
                  2a04:8680::/31
                  2a09:d5c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         13:89:39:25:44:fd:71:e9:f9:02:78:ab:e8:70:5e:cb:db:2f:
         fa:3d:41:34:04:f8:ad:ef:f2:0a:58:c8:13:13:24:d3:a1:18:
         f4:58:32:79:a1:66:b3:b7:97:bd:47:a2:80:d3:c4:c5:13:bc:
         d3:5c:89:50:97:6c:e7:f3:fc:3f:37:d7:b9:d4:2c:3e:4d:3f:
         25:6a:60:7b:fb:7d:c1:2f:47:41:a7:62:0e:5c:51:12:a7:82:
         cc:49:90:21:ea:e0:b2:57:31:7c:dd:1a:41:08:52:9a:4d:db:
         82:ba:1a:13:9d:75:3f:6d:97:ae:29:25:a0:c4:20:ca:ed:f0:
         13:77:df:40:29:d4:29:6b:64:fa:14:49:7b:55:8d:92:94:0c:
         3d:03:f1:1b:3d:ae:53:a8:0c:ef:ed:60:65:f6:a1:52:0d:01:
         71:d0:99:18:42:1a:07:10:35:e3:2d:36:23:73:b4:0a:da:51:
         73:46:e9:0c:5a:55:10:1d:ec:9c:86:39:08:20:89:71:2f:4b:
         bd:c7:f5:64:b7:de:cc:96:61:bc:51:c8:9d:b4:7e:3c:44:4f:
         f3:96:60:67:5b:f8:0d:9f:5f:95:e2:fa:90:f5:11:4b:a4:90:
         56:05:a0:92:ef:fb:85:5d:9c:8f:ed:b4:72:83:b0:eb:17:b1:
         05:93:77:43
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZWyT9ArXAA9ac2QzLPt2lI0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwMzIwMDY0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjQxZWMwNDIyZWI0OGI1NjUyMTMzNTM2MmZjNDBhOTc3NWIxMjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYXvVd4bS9luguBaJXn07ohmpsWE
Kr+0LqQ/FWhh/wBq4zqV4tWJ6loj4vUsTmgS6BdRVgiamtK/Ct/ub9hC7fnrajew
Tngx2OzP7/XwVyOQMt9r4yqB7zOx8TxUxa5DSTL/QFy+C4bM/eOvAOQOE1pl04Id
DeACKN2PYZFYvLYnbe9B6ywLfaYU7jF+FtISHl3VxROaM65pLTjOZzSKXW/kbw/6
jo3G0MOetraa9gFF7Hp3qznnu1KeExaryZDNVkyLLRs0pjiD24eKnVtAKktc5jpZ
Dh1OFOzri8PXMgeR1cw9x0Gab87SOm/rtfl02xXrOtlByaqqvlF7nB/oHwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFLZB7AQi60i1ZSEzU2L8QKl3WxIQMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvdGtIc0JDTHJTTFZsSVROVFl2eEFxWGRiRWhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTAxBAIAATArAwQCW8SIAwQB
XbNEAwQAXbN4AwUHX1VTgAMEAF+11QMEAG3EhQMEAMO2CDAUBAIAAjAOAwUBKgSG
gAMFACoJ1cAwDQYJKoZIhvcNAQELBQADggEBABOJOSVE/XHp+QJ4q+hwXsvbL/o9
QTQE+K3v8gpYyBMTJNOhGPRYMnmhZrO3l71HooDTxMUTvNNciVCXbOfz/D8317nU
LD5NPyVqYHv7fcEvR0GnYg5cURKngsxJkCHq4LJXMXzdGkEIUppN24K6GhOddT9t
l64pJaDEIMrt8BN330Ap1ClrZPoUSXtVjZKUDD0D8Rs9rlOoDO/tYGX2oVINAXHQ
mRhCGgcQNeMtNiNztAraUXNG6QxaVRAd7JyGOQggiXEvS73H9WS33syWYbxRyJ20
fjxET/OWYGdb+A2fX5Xi+pD1EUukkFYFoJLv+4VdnI/ttHKDsOsXsQWTd0M=
-----END CERTIFICATE-----