Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/7a542d-719e-46d0-a5cc-061dd681332c/1/nxVkwWxp31G9Nhk5RnHhT1dH-NE.roa
File:                     nxVkwWxp31G9Nhk5RnHhT1dH-NE.roa (raw, json)
Hash identifier:          dlhfhOwY+Ae+4z4M/Srqh6E06sqatloTn5dl72qTwng=
Subject key identifier:   9F:15:64:C1:6C:69:DF:51:BD:36:19:39:46:71:E1:4F:57:47:F8:D1
Certificate issuer:       /CN=36af041d12c4adb66f8c16113c9a6147d02388d9
Certificate serial:       0194221FF341A47DDD9021868FBD3BDA325E
Authority key identifier: 36:AF:04:1D:12:C4:AD:B6:6F:8C:16:11:3C:9A:61:47:D0:23:88:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nq8EHRLErbZvjBYRPJphR9AjiNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/7a542d-719e-46d0-a5cc-061dd681332c/1/nxVkwWxp31G9Nhk5RnHhT1dH-NE.roa
Signing time:             Wed 01 Jan 2025 13:48:26 +0000
ROA not before:           Wed 01 Jan 2025 13:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198203
IP address blocks:        81.4.100.0/22 maxlen: 24
                          81.4.104.0/22 maxlen: 24
                          81.4.108.0/22 maxlen: 24
                          81.4.120.0/22 maxlen: 24
                          81.4.124.0/22 maxlen: 24
                          91.229.232.0/24 maxlen: 24
                          176.56.224.0/20 maxlen: 24
                          176.56.232.0/24 maxlen: 24
                          176.56.236.0/24 maxlen: 24
                          176.56.237.0/24 maxlen: 24
                          176.56.238.0/24 maxlen: 24
                          185.34.216.0/24 maxlen: 24
                          185.34.218.0/24 maxlen: 24
                          185.34.219.0/24 maxlen: 24
                          185.56.60.0/22 maxlen: 24
                          185.56.61.0/24 maxlen: 24
                          2a00:d880::/32 maxlen: 48
                          2a00:d880:4::/48 maxlen: 48
                          2a02:50e0::/32 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f3:41:a4:7d:dd:90:21:86:8f:bd:3b:da:32:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36af041d12c4adb66f8c16113c9a6147d02388d9
        Validity
            Not Before: Jan  1 13:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f1564c16c69df51bd3619394671e14f5747f8d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:f4:38:ab:cd:df:1a:a0:73:9e:9f:aa:47:0e:
                    d9:c9:63:c4:53:ab:63:4d:95:da:3d:b6:3b:8e:d1:
                    0f:0c:61:2e:d0:d6:2b:03:f5:aa:74:39:ca:cc:23:
                    e7:ff:97:5d:94:39:8f:ae:92:fd:d5:0f:20:93:e5:
                    98:ce:6c:9c:a7:4f:bd:f4:d6:5d:0f:55:18:f6:36:
                    ee:c4:03:46:a2:f3:e9:20:2c:23:fd:f1:84:b2:4d:
                    79:50:c9:db:0a:bc:4e:f8:97:07:d7:41:04:82:40:
                    c1:65:46:29:7a:83:ec:b7:ff:f3:db:45:84:37:19:
                    b8:4e:94:e9:03:26:f4:d2:31:a6:0c:3e:f6:59:8d:
                    04:86:dd:68:36:48:3d:5f:1c:1d:bb:b0:5b:df:45:
                    79:89:77:29:24:ed:25:ec:ce:4c:f0:60:9b:ef:a8:
                    4b:a9:4e:9b:f0:c6:45:68:06:af:05:bd:dd:52:4c:
                    11:cc:d4:70:f9:38:ea:96:0b:6f:24:fe:30:df:2f:
                    48:de:f0:75:04:9f:20:2c:2a:c4:58:fd:0d:08:d8:
                    38:26:fc:32:92:3a:9b:47:cf:7c:79:57:83:56:98:
                    4b:47:22:1a:53:e4:3e:cf:a2:8b:a7:b6:6e:87:12:
                    57:0e:11:6f:f6:c6:bc:5b:ce:71:f0:a9:0a:31:7a:
                    1c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:15:64:C1:6C:69:DF:51:BD:36:19:39:46:71:E1:4F:57:47:F8:D1
            X509v3 Authority Key Identifier:
                keyid:36:AF:04:1D:12:C4:AD:B6:6F:8C:16:11:3C:9A:61:47:D0:23:88:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nq8EHRLErbZvjBYRPJphR9AjiNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/7a542d-719e-46d0-a5cc-061dd681332c/1/nxVkwWxp31G9Nhk5RnHhT1dH-NE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/7a542d-719e-46d0-a5cc-061dd681332c/1/Nq8EHRLErbZvjBYRPJphR9AjiNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.4.100.0-81.4.111.255
                  81.4.120.0/21
                  91.229.232.0/24
                  176.56.224.0/20
                  185.34.216.0/24
                  185.34.218.0/23
                  185.56.60.0/22
                IPv6:
                  2a00:d880::/32
                  2a02:50e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:23:fd:7e:fe:bc:97:58:42:dd:1f:a9:1a:2e:01:5e:07:85:
         b8:b9:bc:ae:d9:a5:93:17:1d:9e:c8:fa:ff:0a:6a:e9:8c:26:
         0d:87:40:81:75:a2:a1:e2:41:88:8c:58:5f:c0:51:13:5a:95:
         83:9d:dd:22:2c:d5:ed:4a:3e:f8:d3:10:75:03:4a:78:6f:ba:
         7f:8c:2d:eb:7f:9b:e6:9a:22:ff:e9:8b:1a:7b:f4:ec:2d:68:
         65:09:52:1a:3e:7f:eb:53:26:b0:c1:55:8f:93:20:7d:f4:16:
         bc:a5:df:94:c1:e5:86:9e:8a:d1:74:85:d6:c0:30:ed:69:b2:
         98:6f:1a:82:db:b5:50:e7:e4:b7:ee:0f:30:72:39:0d:f1:d2:
         a5:fb:7d:cc:aa:53:4e:48:b9:41:91:60:e8:b0:4b:01:95:b8:
         f4:d1:5e:dd:7b:30:69:91:0d:ac:1e:71:d2:a2:d3:f6:69:7d:
         18:dc:c7:63:06:ed:70:4d:9d:87:a5:3a:a1:37:24:a7:cb:31:
         81:90:17:30:5a:23:64:98:aa:e9:b6:27:58:7c:94:df:26:0f:
         c6:0d:39:30:a1:94:e9:50:f5:d7:03:8d:72:b2:4f:60:01:71:
         08:6b:37:5a:11:af:8a:0b:16:03:2f:60:4b:74:6c:03:70:61:
         d0:41:19:c4
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZQiH/NBpH3dkCGGj7072jJeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YWYwNDFkMTJjNGFkYjY2ZjhjMTYxMTNjOWE2MTQ3ZDAy
Mzg4ZDkwHhcNMjUwMTAxMTM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjE1NjRjMTZjNjlkZjUxYmQzNjE5Mzk0NjcxZTE0ZjU3NDdmOGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfQ4q83fGqBznp+qRw7ZyWPEU6tj
TZXaPbY7jtEPDGEu0NYrA/WqdDnKzCPn/5ddlDmPrpL91Q8gk+WYzmycp0+99NZd
D1UY9jbuxANGovPpICwj/fGEsk15UMnbCrxO+JcH10EEgkDBZUYpeoPst//z20WE
Nxm4TpTpAyb00jGmDD72WY0Eht1oNkg9Xxwdu7Bb30V5iXcpJO0l7M5M8GCb76hL
qU6b8MZFaAavBb3dUkwRzNRw+TjqlgtvJP4w3y9I3vB1BJ8gLCrEWP0NCNg4Jvwy
kjqbR898eVeDVphLRyIaU+Q+z6KLp7ZuhxJXDhFv9sa8W85x8KkKMXocBwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFJ8VZMFsad9RvTYZOUZx4U9XR/jRMB8GA1UdIwQY
MBaAFDavBB0SxK22b4wWETyaYUfQI4jZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnE4RUhSTEVyYlp2akJZUlBKcGhSOUFqaU5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83YTU0MmQtNzE5ZS00NmQwLWE1Y2Mt
MDYxZGQ2ODEzMzJjLzEvbnhWa3dXeHAzMUc5TmhrNVJuSGhUMWRILU5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83YTU0MmQtNzE5ZS00NmQwLWE1Y2MtMDYxZGQ2ODEzMzJj
LzEvTnE4RUhSTEVyYlp2akJZUlBKcGhSOUFqaU5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDA4BAIAATAyMAwDBAJRBGQD
BARRBGADBANRBHgDBABb5egDBASwOOADBAC5ItgDBAG5ItoDBAK5ODwwFAQCAAIw
DgMFACoA2IADBQAqAlDgMA0GCSqGSIb3DQEBCwUAA4IBAQApI/1+/ryXWELdH6ka
LgFeB4W4ubyu2aWTFx2eyPr/CmrpjCYNh0CBdaKh4kGIjFhfwFETWpWDnd0iLNXt
Sj740xB1A0p4b7p/jC3rf5vmmiL/6Ysae/TsLWhlCVIaPn/rUyawwVWPkyB99Ba8
pd+UweWGnorRdIXWwDDtabKYbxqC27VQ5+S37g8wcjkN8dKl+33MqlNOSLlBkWDo
sEsBlbj00V7dezBpkQ2sHnHSotP2aX0Y3MdjBu1wTZ2HpTqhNySnyzGBkBcwWiNk
mKrptidYfJTfJg/GDTkwoZTpUPXXA41ysk9gAXEIazdaEa+KCxYDL2BLdGwDcGHQ
QRnE
-----END CERTIFICATE-----