Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/W2BuG8RslZuNWC6TDHZNFeUTCEY.roa
File:                     W2BuG8RslZuNWC6TDHZNFeUTCEY.roa (raw, json)
Hash identifier:          +B77DKlelA4p5jWRpiPjtjH8suz5E4rMKyxyDqtqToM=
Subject key identifier:   5B:60:6E:1B:C4:6C:95:9B:8D:58:2E:93:0C:76:4D:15:E5:13:08:46
Certificate issuer:       /CN=7e45a9a0353a33c6a4f93608f9d25f27c85948b7
Certificate serial:       0194282627EB28A3847E8E9327FE4E3CAF43
Authority key identifier: 7E:45:A9:A0:35:3A:33:C6:A4:F9:36:08:F9:D2:5F:27:C8:59:48:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/W2BuG8RslZuNWC6TDHZNFeUTCEY.roa
Signing time:             Thu 02 Jan 2025 17:52:56 +0000
ROA not before:           Thu 02 Jan 2025 17:52:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43207
IP address blocks:        5.133.172.0/22 maxlen: 24
                          46.231.8.0/21 maxlen: 24
                          85.95.32.0/19 maxlen: 19
                          91.209.142.0/24 maxlen: 24
                          91.214.228.0/22 maxlen: 24
                          151.249.64.0/20 maxlen: 24
                          185.44.248.0/22 maxlen: 24
                          185.113.0.0/22 maxlen: 24
                          185.168.144.0/22 maxlen: 22
                          209.35.128.0/20 maxlen: 20
                          2a01:5640::/32 maxlen: 32
                          2a0d:ea00::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:27:eb:28:a3:84:7e:8e:93:27:fe:4e:3c:af:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e45a9a0353a33c6a4f93608f9d25f27c85948b7
        Validity
            Not Before: Jan  2 17:52:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b606e1bc46c959b8d582e930c764d15e5130846
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a4:14:16:76:64:a4:ef:4d:ee:52:c4:1a:c4:
                    ca:10:d0:40:cb:a2:ad:bb:e8:12:8e:5c:90:0a:f4:
                    49:2b:11:19:8c:8e:64:d9:cb:d8:24:6d:da:05:9d:
                    33:e9:88:3b:39:f3:de:9e:cb:b5:60:ad:6f:38:19:
                    a3:7f:89:65:a3:5b:fc:44:80:42:b1:00:29:60:82:
                    a8:e6:36:d6:14:3e:b5:32:20:c4:1a:e1:6c:9d:fe:
                    5b:d6:de:cb:b3:4d:17:45:fd:8e:b9:30:e3:61:c7:
                    ae:e0:2c:99:f2:45:59:a5:63:1a:a1:57:e9:ca:06:
                    f6:5a:49:c1:a8:d3:4a:2b:b2:34:a6:f9:e4:76:ca:
                    72:a9:69:cf:da:e1:49:45:14:fe:39:1b:e8:52:13:
                    32:65:ae:b2:87:43:d8:c0:8d:a1:68:21:3e:51:98:
                    64:fe:b3:3a:6b:ff:e2:b4:fd:48:3d:4d:6d:89:d6:
                    51:fc:0b:68:6e:d6:32:8e:e4:0a:81:5f:d4:72:28:
                    1c:8b:50:e1:c4:18:b8:71:e9:82:27:c3:75:18:ad:
                    be:13:d3:8b:e0:1d:7e:14:b4:cf:5a:91:96:b0:c5:
                    21:1e:62:81:52:c6:e9:57:4e:da:73:de:60:34:99:
                    8e:65:5b:26:cb:e0:bf:e6:b7:0b:41:59:c0:a0:1d:
                    30:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:60:6E:1B:C4:6C:95:9B:8D:58:2E:93:0C:76:4D:15:E5:13:08:46
            X509v3 Authority Key Identifier:
                keyid:7E:45:A9:A0:35:3A:33:C6:A4:F9:36:08:F9:D2:5F:27:C8:59:48:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/W2BuG8RslZuNWC6TDHZNFeUTCEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.172.0/22
                  46.231.8.0/21
                  85.95.32.0/19
                  91.209.142.0/24
                  91.214.228.0/22
                  151.249.64.0/20
                  185.44.248.0/22
                  185.113.0.0/22
                  185.168.144.0/22
                  209.35.128.0/20
                IPv6:
                  2a01:5640::/32
                  2a0d:ea00::/29

    Signature Algorithm: sha256WithRSAEncryption
         03:34:d8:6d:4b:9d:d8:21:ea:d5:d3:22:ec:92:36:5b:30:08:
         57:49:42:25:0f:cb:53:04:8a:95:5a:bd:c1:9c:16:4a:27:f5:
         63:69:2e:66:c0:f5:c4:ad:29:49:54:67:12:b3:e7:96:92:3c:
         fb:90:e5:10:37:e0:5b:bf:24:05:08:75:82:02:b0:4d:16:2a:
         c6:19:23:48:fe:90:93:04:41:45:2f:19:4b:49:c1:74:f4:79:
         3e:b7:55:f6:18:97:a3:93:d7:d6:9d:65:a4:8a:75:5a:7b:91:
         ca:5c:0a:31:f6:4c:bf:5c:d2:8a:6b:46:f6:7e:05:e9:9f:9d:
         32:cc:c9:71:9d:6a:95:3b:cf:56:ba:3f:ed:50:ca:c2:bc:9e:
         c0:fd:b5:bf:7e:ff:94:79:37:da:8c:73:fb:f0:ec:08:3a:20:
         c3:53:d3:bb:dd:ae:44:71:2c:a1:db:2e:af:e1:16:97:b2:ef:
         eb:4b:31:85:88:31:94:24:71:e9:9c:64:eb:65:14:26:e1:8c:
         a7:df:a4:5e:ad:23:95:35:6a:74:29:1c:fa:a5:38:97:85:18:
         46:89:9a:ca:a9:21:05:fa:da:9b:eb:60:c0:a7:29:87:bb:ff:
         70:77:b3:b2:d5:5c:4a:78:95:d9:bb:c7:a5:03:41:a2:9a:66:
         48:9c:2d:d9
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAZQoJifrKKOEfo6TJ/5OPK9DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNDVhOWEwMzUzYTMzYzZhNGY5MzYwOGY5ZDI1ZjI3Yzg1
OTQ4YjcwHhcNMjUwMTAyMTc1MjU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjYwNmUxYmM0NmM5NTliOGQ1ODJlOTMwYzc2NGQxNWU1MTMwODQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsaQUFnZkpO9N7lLEGsTKENBAy6Kt
u+gSjlyQCvRJKxEZjI5k2cvYJG3aBZ0z6Yg7OfPensu1YK1vOBmjf4llo1v8RIBC
sQApYIKo5jbWFD61MiDEGuFsnf5b1t7Ls00XRf2OuTDjYceu4CyZ8kVZpWMaoVfp
ygb2WknBqNNKK7I0pvnkdspyqWnP2uFJRRT+ORvoUhMyZa6yh0PYwI2haCE+UZhk
/rM6a//itP1IPU1tidZR/AtobtYyjuQKgV/Ucigci1DhxBi4cemCJ8N1GK2+E9OL
4B1+FLTPWpGWsMUhHmKBUsbpV07ac95gNJmOZVsmy+C/5rcLQVnAoB0wbQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFFtgbhvEbJWbjVgukwx2TRXlEwhGMB8GA1UdIwQY
MBaAFH5FqaA1OjPGpPk2CPnSXyfIWUi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmtXcG9EVTZNOGFrLVRZSS1kSmZKOGhaU0xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9kZDdiZWItNmY3OC00MTliLTk1N2Qt
MzdhNjBjMzM1YTVkLzEvVzJCdUc4UnNsWnVOV0M2VERIWk5GZVVUQ0VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9kZDdiZWItNmY3OC00MTliLTk1N2QtMzdhNjBjMzM1YTVk
LzEvZmtXcG9EVTZNOGFrLVRZSS1kSmZKOGhaU0xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQCBYWsAwQD
LucIAwQFVV8gAwQAW9GOAwQCW9bkAwQEl/lAAwQCuSz4AwQCuXEAAwQCuaiQAwQE
0SOAMBQEAgACMA4DBQAqAVZAAwUDKg3qADANBgkqhkiG9w0BAQsFAAOCAQEAAzTY
bUud2CHq1dMi7JI2WzAIV0lCJQ/LUwSKlVq9wZwWSif1Y2kuZsD1xK0pSVRnErPn
lpI8+5DlEDfgW78kBQh1ggKwTRYqxhkjSP6QkwRBRS8ZS0nBdPR5PrdV9hiXo5PX
1p1lpIp1WnuRylwKMfZMv1zSimtG9n4F6Z+dMszJcZ1qlTvPVro/7VDKwryewP21
v37/lHk32oxz+/DsCDogw1PTu92uRHEsodsur+EWl7Lv60sxhYgxlCRx6Zxk62UU
JuGMp9+kXq0jlTVqdCkc+qU4l4UYRomayqkhBfram+tgwKcph7v/cHezstVcSniV
2bvHpQNBoppmSJwt2Q==
-----END CERTIFICATE-----