Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/e21739-b00b-41c8-a645-db9c3a0c08b9/1/DFKoYfDhHvsTW7q6KwsR23H35Bs.roa
File:                     DFKoYfDhHvsTW7q6KwsR23H35Bs.roa (raw, json)
Hash identifier:          XCZIOyxRNIMNe7Wwa2oaYAMLZ/WlMxLk6ABIiMmNw5w=
Subject key identifier:   0C:52:A8:61:F0:E1:1E:FB:13:5B:BA:BA:2B:0B:11:DB:71:F7:E4:1B
Certificate issuer:       /CN=1ccd05226cb4c1979f96a06d2eb6683b5b0f6a8e
Certificate serial:       0190BB67B4F4D0E4326F30DFFF1F32DAA682
Authority key identifier: 1C:CD:05:22:6C:B4:C1:97:9F:96:A0:6D:2E:B6:68:3B:5B:0F:6A:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HM0FImy0wZeflqBtLrZoO1sPao4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/e21739-b00b-41c8-a645-db9c3a0c08b9/1/DFKoYfDhHvsTW7q6KwsR23H35Bs.roa
Signing time:             Tue 16 Jul 2024 11:57:34 +0000
ROA not before:           Tue 16 Jul 2024 11:57:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15699
IP address blocks:        37.46.72.0/21 maxlen: 32
                          87.236.216.0/21 maxlen: 32
                          88.151.208.0/21 maxlen: 32
                          94.24.112.0/20 maxlen: 32
                          109.235.128.0/21 maxlen: 32
                          185.11.200.0/22 maxlen: 32
                          185.32.28.0/22 maxlen: 32
                          185.32.28.0/24 maxlen: 32
                          212.36.64.0/19 maxlen: 32
                          2a00:6640::/32 maxlen: 32
                          2a01:1c8::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bb:67:b4:f4:d0:e4:32:6f:30:df:ff:1f:32:da:a6:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ccd05226cb4c1979f96a06d2eb6683b5b0f6a8e
        Validity
            Not Before: Jul 16 11:57:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c52a861f0e11efb135bbaba2b0b11db71f7e41b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8a:af:65:1f:72:dd:28:eb:0c:9f:37:f8:86:
                    83:a8:84:96:de:3e:31:fc:01:3a:f4:07:af:98:9f:
                    b2:eb:b2:f5:50:69:51:46:7f:99:10:9f:36:e1:a3:
                    50:55:6b:0b:f7:86:f3:29:d7:43:c6:50:07:56:f6:
                    7e:08:ae:87:2e:5f:84:90:39:64:16:d4:7e:64:68:
                    d8:6e:0d:bc:6f:16:2d:57:96:bf:d3:0b:be:26:66:
                    a7:1f:f4:66:00:37:60:8d:28:3a:0c:30:72:45:18:
                    d6:fd:46:94:66:a5:f7:f5:ca:cd:4f:d0:2e:66:af:
                    5d:36:3a:65:70:8f:38:a1:02:fb:d5:c2:69:82:f0:
                    56:08:8a:80:33:36:af:b0:0f:57:e9:4c:ec:e0:bd:
                    b0:55:be:01:ce:d1:d3:ed:aa:e3:0b:cc:c7:e2:db:
                    de:c6:d2:48:ab:68:f9:81:46:a9:71:cf:02:29:36:
                    7f:86:d2:f8:3e:6f:d6:89:94:a6:97:0e:5f:71:19:
                    a6:6b:3f:a1:92:e9:4f:d8:58:a7:de:44:9b:04:3b:
                    30:dc:f7:70:b4:73:54:06:75:a2:39:0d:81:18:33:
                    c0:b0:26:d4:84:ee:2a:4e:47:ff:aa:42:9e:02:b3:
                    47:42:c9:79:b1:3c:0a:2a:3b:2f:bd:1c:1f:44:ec:
                    7e:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:52:A8:61:F0:E1:1E:FB:13:5B:BA:BA:2B:0B:11:DB:71:F7:E4:1B
            X509v3 Authority Key Identifier:
                keyid:1C:CD:05:22:6C:B4:C1:97:9F:96:A0:6D:2E:B6:68:3B:5B:0F:6A:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HM0FImy0wZeflqBtLrZoO1sPao4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e21739-b00b-41c8-a645-db9c3a0c08b9/1/DFKoYfDhHvsTW7q6KwsR23H35Bs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e21739-b00b-41c8-a645-db9c3a0c08b9/1/HM0FImy0wZeflqBtLrZoO1sPao4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.72.0/21
                  87.236.216.0/21
                  88.151.208.0/21
                  94.24.112.0/20
                  109.235.128.0/21
                  185.11.200.0/22
                  185.32.28.0/22
                  212.36.64.0/19
                IPv6:
                  2a00:6640::/32
                  2a01:1c8::/32

    Signature Algorithm: sha256WithRSAEncryption
         c7:a6:a3:3f:68:8d:66:bd:54:7d:43:d1:a5:e0:69:d7:76:8f:
         21:7c:8c:85:f3:12:88:1d:40:ba:79:52:e2:2b:dd:b6:c8:32:
         cf:df:12:94:74:6d:cf:30:fd:01:b1:0e:56:91:1e:f8:83:c6:
         17:ea:34:86:6d:02:24:73:ef:4e:46:af:2a:83:27:1e:cf:91:
         a4:5d:c7:08:ef:58:92:d9:60:5e:80:8b:8b:b7:af:63:b1:f8:
         e4:bf:e7:a0:3c:8d:2f:a1:a1:07:98:99:ef:c4:30:1f:11:44:
         2e:ed:a7:8f:28:56:8d:3f:bc:d6:84:5a:23:d2:c4:fd:95:7a:
         c2:5e:81:81:03:12:00:56:f9:57:6f:77:ae:e0:1b:ad:06:41:
         fe:70:29:b5:c1:1c:b7:ba:72:33:49:89:d1:8d:a6:e3:59:2d:
         5e:fb:6d:a0:e5:50:69:e0:0e:36:6b:26:bd:92:d7:b7:ac:b3:
         db:b0:b3:5a:eb:c2:87:19:11:6b:5d:a3:94:aa:af:35:14:5b:
         8e:84:df:56:9d:d9:e0:26:dc:25:b9:85:14:04:27:cd:71:a0:
         e5:90:b2:12:60:32:8f:e8:0c:95:85:50:95:92:fa:f9:d4:66:
         53:a2:d7:97:ce:d5:4d:f8:bd:3f:e9:8b:56:56:15:68:e8:5d:
         7a:82:34:0f
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZC7Z7T00OQybzDf/x8y2qaCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjY2QwNTIyNmNiNGMxOTc5Zjk2YTA2ZDJlYjY2ODNiNWIw
ZjZhOGUwHhcNMjQwNzE2MTE1NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzUyYTg2MWYwZTExZWZiMTM1YmJhYmEyYjBiMTFkYjcxZjdlNDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYqvZR9y3SjrDJ83+IaDqISW3j4x
/AE69AevmJ+y67L1UGlRRn+ZEJ824aNQVWsL94bzKddDxlAHVvZ+CK6HLl+EkDlk
FtR+ZGjYbg28bxYtV5a/0wu+JmanH/RmADdgjSg6DDByRRjW/UaUZqX39crNT9Au
Zq9dNjplcI84oQL71cJpgvBWCIqAMzavsA9X6Uzs4L2wVb4BztHT7arjC8zH4tve
xtJIq2j5gUapcc8CKTZ/htL4Pm/WiZSmlw5fcRmmaz+hkulP2Fin3kSbBDsw3Pdw
tHNUBnWiOQ2BGDPAsCbUhO4qTkf/qkKeArNHQsl5sTwKKjsvvRwfROx+cwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFAxSqGHw4R77E1u6uisLEdtx9+QbMB8GA1UdIwQY
MBaAFBzNBSJstMGXn5agbS62aDtbD2qOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSE0wRklteTB3WmVmbHFCdExyWm9PMXNQYW80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9lMjE3MzktYjAwYi00MWM4LWE2NDUt
ZGI5YzNhMGMwOGI5LzEvREZLb1lmRGhIdnNUVzdxNkt3c1IyM0gzNUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9lMjE3MzktYjAwYi00MWM4LWE2NDUtZGI5YzNhMGMwOGI5
LzEvSE0wRklteTB3WmVmbHFCdExyWm9PMXNQYW80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQDJS5IAwQD
V+zYAwQDWJfQAwQEXhhwAwQDbeuAAwQCuQvIAwQCuSAcAwQF1CRAMBQEAgACMA4D
BQAqAGZAAwUAKgEByDANBgkqhkiG9w0BAQsFAAOCAQEAx6ajP2iNZr1UfUPRpeBp
13aPIXyMhfMSiB1AunlS4ivdtsgyz98SlHRtzzD9AbEOVpEe+IPGF+o0hm0CJHPv
TkavKoMnHs+RpF3HCO9YktlgXoCLi7evY7H45L/noDyNL6GhB5iZ78QwHxFELu2n
jyhWjT+81oRaI9LE/ZV6wl6BgQMSAFb5V293ruAbrQZB/nAptcEct7pyM0mJ0Y2m
41ktXvttoOVQaeAONmsmvZLXt6yz27CzWuvChxkRa12jlKqvNRRbjoTfVp3Z4Cbc
JbmFFAQnzXGg5ZCyEmAyj+gMlYVQlZL6+dRmU6LXl87VTfi9P+mLVlYVaOhdeoI0
Dw==
-----END CERTIFICATE-----