Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/8c79fb-7a57-429d-9c33-8777544c9275/1/ZjitiayafMh0461m-W8Zsib6SjQ.roa
File:                     ZjitiayafMh0461m-W8Zsib6SjQ.roa (raw, json)
Hash identifier:          hV2RQOdzLfYmBCeS0MjoMsyMYVq5ATnOMbGguhNgkzA=
Subject key identifier:   66:38:AD:89:AC:9A:7C:C8:74:E3:AD:66:F9:6F:19:B2:26:FA:4A:34
Certificate issuer:       /CN=34b419fa4a0a1605188318cdf4a2044992853b95
Certificate serial:       01936D96F5FFE9718AE8F8A9ECA4333F1F3F
Authority key identifier: 34:B4:19:FA:4A:0A:16:05:18:83:18:CD:F4:A2:04:49:92:85:3B:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NLQZ-koKFgUYgxjN9KIESZKFO5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/8c79fb-7a57-429d-9c33-8777544c9275/1/ZjitiayafMh0461m-W8Zsib6SjQ.roa
Signing time:             Wed 27 Nov 2024 12:27:10 +0000
ROA not before:           Wed 27 Nov 2024 12:27:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41655
IP address blocks:        37.153.80.0/21 maxlen: 21
                          37.153.80.0/24 maxlen: 24
                          37.153.81.0/24 maxlen: 24
                          37.153.82.0/24 maxlen: 24
                          37.153.83.0/24 maxlen: 24
                          37.153.84.0/24 maxlen: 24
                          37.153.85.0/24 maxlen: 24
                          37.153.86.0/24 maxlen: 24
                          37.153.87.0/24 maxlen: 24
                          185.224.180.0/22 maxlen: 24
                          195.8.198.0/23 maxlen: 23
                          195.8.198.0/24 maxlen: 24
                          195.8.199.0/24 maxlen: 24
                          2a00:adc0::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:6d:96:f5:ff:e9:71:8a:e8:f8:a9:ec:a4:33:3f:1f:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34b419fa4a0a1605188318cdf4a2044992853b95
        Validity
            Not Before: Nov 27 12:27:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6638ad89ac9a7cc874e3ad66f96f19b226fa4a34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:19:ce:df:95:37:b7:13:2d:02:20:25:4b:e2:
                    dc:bc:e9:ff:4a:da:d0:78:ef:13:23:ef:0f:dd:fb:
                    a4:aa:c6:dc:40:d2:54:da:3c:3d:d9:e4:24:0c:44:
                    25:01:c8:1e:95:02:da:a6:d2:60:f6:4c:4b:22:f8:
                    1f:a7:e2:ec:78:6e:77:b8:27:3e:4d:02:6d:9a:94:
                    0d:38:02:9f:36:d6:97:be:5a:24:9d:5d:64:eb:6a:
                    2e:3a:ca:37:78:74:69:49:16:38:92:d8:dc:a0:7f:
                    72:9d:aa:57:6b:8f:de:36:21:7d:a1:af:b3:dc:6b:
                    8b:e1:47:0f:9b:2a:a8:29:85:4b:2b:6b:ef:b2:a3:
                    8a:d4:dc:91:f5:d5:48:c1:63:76:8c:00:e1:a7:5a:
                    cf:5e:5d:6e:4c:9e:32:07:a1:ca:44:5c:19:63:d4:
                    41:b8:c1:c6:6d:05:22:b3:46:d1:f1:6a:07:c4:f5:
                    6d:0a:af:25:f7:cf:0a:3e:7c:9e:33:36:c5:7d:e2:
                    f5:fb:59:bf:0a:bf:8a:fd:75:e9:00:e7:ff:b3:45:
                    ed:b5:8e:29:98:97:04:f1:de:79:aa:e7:d9:a3:ad:
                    0e:92:ad:fc:f6:e7:9b:bb:ec:f8:cc:c1:0a:15:61:
                    23:99:f5:24:75:5e:38:8e:cd:fd:89:d3:3e:bb:3a:
                    71:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:38:AD:89:AC:9A:7C:C8:74:E3:AD:66:F9:6F:19:B2:26:FA:4A:34
            X509v3 Authority Key Identifier:
                keyid:34:B4:19:FA:4A:0A:16:05:18:83:18:CD:F4:A2:04:49:92:85:3B:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NLQZ-koKFgUYgxjN9KIESZKFO5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/8c79fb-7a57-429d-9c33-8777544c9275/1/ZjitiayafMh0461m-W8Zsib6SjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/8c79fb-7a57-429d-9c33-8777544c9275/1/NLQZ-koKFgUYgxjN9KIESZKFO5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.80.0/21
                  185.224.180.0/22
                  195.8.198.0/23
                IPv6:
                  2a00:adc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         94:5a:c4:d7:f7:ed:49:10:2f:9e:07:74:97:86:85:15:29:da:
         e7:84:3c:d5:4d:bd:b9:7e:68:5e:43:46:98:fd:08:2c:9c:54:
         49:86:e5:02:fb:24:b2:1e:f7:d5:cf:62:e0:2d:fb:47:53:88:
         06:be:bc:bd:62:b2:91:56:6a:60:26:91:ef:f8:d7:7d:8f:3d:
         c3:95:8c:63:14:2c:85:84:f6:2c:67:f6:ea:ad:3c:a1:fe:ab:
         45:96:1b:64:0b:20:dc:45:bc:ef:47:22:34:2e:97:e3:0b:9f:
         8f:68:38:4f:f0:53:1e:51:30:3d:b9:b9:af:38:fa:e6:6a:35:
         97:45:f6:9e:c2:82:24:6e:b2:b1:e1:0b:85:e2:1e:40:79:f8:
         3a:70:55:f5:06:ee:dd:52:71:93:3d:84:e2:c5:7f:f3:ec:63:
         e6:64:e1:98:ea:b5:93:58:0b:9d:50:f8:52:cd:50:c8:9c:5d:
         ff:e9:d9:08:7d:54:b8:d1:87:d8:6b:8b:63:f0:33:6e:a9:ba:
         5d:0e:3f:d4:a7:4e:98:c2:48:34:57:f6:a1:da:b2:f8:93:f1:
         75:1d:7c:5c:04:96:28:13:f7:af:d3:ed:af:97:58:57:16:fc:
         fa:8a:81:ba:55:52:fb:0f:19:9d:a5:e3:e4:66:b8:77:bf:c8:
         45:39:95:c4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZNtlvX/6XGK6Pip7KQzPx8/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0YjQxOWZhNGEwYTE2MDUxODgzMThjZGY0YTIwNDQ5OTI4
NTNiOTUwHhcNMjQxMTI3MTIyNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjM4YWQ4OWFjOWE3Y2M4NzRlM2FkNjZmOTZmMTliMjI2ZmE0YTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6xnO35U3txMtAiAlS+LcvOn/StrQ
eO8TI+8P3fukqsbcQNJU2jw92eQkDEQlAcgelQLaptJg9kxLIvgfp+LseG53uCc+
TQJtmpQNOAKfNtaXvloknV1k62ouOso3eHRpSRY4ktjcoH9ynapXa4/eNiF9oa+z
3GuL4UcPmyqoKYVLK2vvsqOK1NyR9dVIwWN2jADhp1rPXl1uTJ4yB6HKRFwZY9RB
uMHGbQUis0bR8WoHxPVtCq8l988KPnyeMzbFfeL1+1m/Cr+K/XXpAOf/s0XttY4p
mJcE8d55qufZo60Okq389uebu+z4zMEKFWEjmfUkdV44js39idM+uzpxwwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFGY4rYmsmnzIdOOtZvlvGbIm+ko0MB8GA1UdIwQY
MBaAFDS0GfpKChYFGIMYzfSiBEmShTuVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkxRWi1rb0tGZ1VZZ3hqTjlLSUVTWktGTzVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84Yzc5ZmItN2E1Ny00MjlkLTljMzMt
ODc3NzU0NGM5Mjc1LzEvWmppdGlheWFmTWgwNDYxbS1XOFpzaWI2U2pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84Yzc5ZmItN2E1Ny00MjlkLTljMzMtODc3NzU0NGM5Mjc1
LzEvTkxRWi1rb0tGZ1VZZ3hqTjlLSUVTWktGTzVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDJZlQAwQC
ueC0AwQBwwjGMA0EAgACMAcDBQAqAK3AMA0GCSqGSIb3DQEBCwUAA4IBAQCUWsTX
9+1JEC+eB3SXhoUVKdrnhDzVTb25fmheQ0aY/QgsnFRJhuUC+ySyHvfVz2LgLftH
U4gGvry9YrKRVmpgJpHv+Nd9jz3DlYxjFCyFhPYsZ/bqrTyh/qtFlhtkCyDcRbzv
RyI0LpfjC5+PaDhP8FMeUTA9ubmvOPrmajWXRfaewoIkbrKx4QuF4h5Aefg6cFX1
Bu7dUnGTPYTixX/z7GPmZOGY6rWTWAudUPhSzVDInF3/6dkIfVS40YfYa4tj8DNu
qbpdDj/Up06Ywkg0V/ah2rL4k/F1HXxcBJYoE/ev0+2vl1hXFvz6ioG6VVL7Dxmd
pePkZrh3v8hFOZXE
-----END CERTIFICATE-----