Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/6ccab3-479b-4da8-ae98-2cb6e3fdf9cd/1/yUqCwPk0Ei-cViitt4Gqnb4KxdE.roa
File:                     yUqCwPk0Ei-cViitt4Gqnb4KxdE.roa (raw, json)
Hash identifier:          rJJZNa4cHpwDRyt4aQOGhddvG2b+c/8oiLA2xlie2pA=
Subject key identifier:   C9:4A:82:C0:F9:34:12:2F:9C:56:28:AD:B7:81:AA:9D:BE:0A:C5:D1
Certificate issuer:       /CN=3ec9fb0d13552aad04f3aaaeb58d4dd4e7cf40f0
Certificate serial:       019546B773BEAA9445C2ACF4429504560815
Authority key identifier: 3E:C9:FB:0D:13:55:2A:AD:04:F3:AA:AE:B5:8D:4D:D4:E7:CF:40:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Psn7DRNVKq0E86qutY1N1OfPQPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/6ccab3-479b-4da8-ae98-2cb6e3fdf9cd/1/yUqCwPk0Ei-cViitt4Gqnb4KxdE.roa
Signing time:             Thu 27 Feb 2025 09:23:02 +0000
ROA not before:           Thu 27 Feb 2025 09:23:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62166
IP address blocks:        185.83.172.0/22 maxlen: 22
                          185.83.172.0/23 maxlen: 23
                          185.83.174.0/23 maxlen: 23
                          185.208.44.0/22 maxlen: 22
                          185.208.44.0/23 maxlen: 23
                          185.208.46.0/23 maxlen: 23
                          185.240.68.0/22 maxlen: 22
                          185.240.68.0/23 maxlen: 23
                          185.240.70.0/23 maxlen: 23
                          193.25.203.0/24 maxlen: 24
                          193.58.36.0/22 maxlen: 22
                          193.58.36.0/23 maxlen: 23
                          193.58.38.0/23 maxlen: 23
                          2a05:9d40::/29 maxlen: 29
                          2a05:9d40:8000::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:46:b7:73:be:aa:94:45:c2:ac:f4:42:95:04:56:08:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec9fb0d13552aad04f3aaaeb58d4dd4e7cf40f0
        Validity
            Not Before: Feb 27 09:23:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c94a82c0f934122f9c5628adb781aa9dbe0ac5d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b0:79:92:79:75:46:d3:47:a0:a0:40:c9:72:
                    fd:a4:e4:ed:51:9e:88:a6:6b:e4:c4:0c:b2:cb:5a:
                    32:04:5d:47:16:4f:ed:1b:40:30:4a:60:44:df:8b:
                    5f:29:fa:9d:df:0a:8b:5a:bc:21:5d:d0:9a:8e:02:
                    6e:48:f4:b7:5b:6c:40:91:48:4e:d8:88:d2:52:f1:
                    db:c4:90:66:bb:c7:72:9f:0a:b5:2e:0b:fd:bb:c5:
                    f2:df:74:0f:c0:58:07:57:d8:ca:5a:32:cf:fa:73:
                    be:ca:9e:96:26:6d:99:84:7e:41:c5:73:7f:86:b9:
                    ae:f3:b6:3c:83:79:71:32:9a:69:d8:6a:46:5f:57:
                    63:f1:f2:8f:25:ee:2f:04:c6:33:e7:f0:22:3b:e0:
                    4c:88:46:c2:e5:70:89:9b:5b:e2:95:76:c9:71:56:
                    24:e4:da:00:cd:74:44:1b:eb:51:ef:60:cd:e3:19:
                    d4:aa:ef:68:4d:73:99:0e:f0:6e:bd:37:38:67:8e:
                    5f:62:d2:24:be:6b:a1:ca:ea:93:aa:8e:ec:99:f7:
                    e5:b4:5e:d7:7a:d5:99:f1:ea:3b:a3:5b:61:30:e9:
                    82:b5:09:8a:94:e9:52:4d:44:67:9c:50:8d:fb:a2:
                    da:dd:6a:5b:77:20:4a:33:09:6f:d0:cf:8c:2a:2c:
                    c4:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:4A:82:C0:F9:34:12:2F:9C:56:28:AD:B7:81:AA:9D:BE:0A:C5:D1
            X509v3 Authority Key Identifier:
                keyid:3E:C9:FB:0D:13:55:2A:AD:04:F3:AA:AE:B5:8D:4D:D4:E7:CF:40:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Psn7DRNVKq0E86qutY1N1OfPQPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6ccab3-479b-4da8-ae98-2cb6e3fdf9cd/1/yUqCwPk0Ei-cViitt4Gqnb4KxdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6ccab3-479b-4da8-ae98-2cb6e3fdf9cd/1/Psn7DRNVKq0E86qutY1N1OfPQPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.172.0/22
                  185.208.44.0/22
                  185.240.68.0/22
                  193.25.203.0/24
                  193.58.36.0/22
                IPv6:
                  2a05:9d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         92:79:a1:a0:7e:02:fd:97:0e:4e:e6:ef:b4:21:4a:39:3f:70:
         84:6e:26:04:a6:54:95:b3:53:aa:98:f5:59:5e:6d:cd:fe:46:
         92:71:5a:36:0d:32:f3:39:8d:9a:54:96:db:53:a2:81:0e:f6:
         aa:36:8c:f1:10:4c:3c:c4:07:25:94:a6:22:61:bb:93:ae:37:
         b6:02:d1:e0:0d:55:f2:1b:db:53:4f:7e:e1:62:34:09:d2:37:
         cb:9a:80:39:4f:3f:b7:8a:2f:7c:5a:45:ec:f3:81:da:ee:c8:
         0b:13:00:09:10:62:4c:8a:6d:73:83:a3:9b:49:a5:86:a8:6a:
         33:1f:ba:33:77:a5:a4:39:05:b7:53:94:eb:9c:91:94:3b:9d:
         56:31:3f:57:85:39:31:63:43:27:bb:a4:68:f1:9d:4a:5a:53:
         cc:a2:9a:93:34:79:2a:20:b9:39:37:0c:20:61:0f:25:03:01:
         7e:47:57:c9:ea:15:a0:49:38:cf:b1:18:2b:fa:58:09:e6:ef:
         a2:ce:fc:75:05:e5:e1:e4:5d:62:93:ca:1f:b2:91:31:41:2d:
         f9:c9:7e:e2:49:84:79:5a:fe:87:b7:c0:50:09:00:18:c1:72:
         86:2d:96:97:56:7e:04:7c:79:3c:18:d5:33:0d:e3:f7:88:e4:
         51:9a:62:0a
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZVGt3O+qpRFwqz0QpUEVggVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzlmYjBkMTM1NTJhYWQwNGYzYWFhZWI1OGQ0ZGQ0ZTdj
ZjQwZjAwHhcNMjUwMjI3MDkyMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTRhODJjMGY5MzQxMjJmOWM1NjI4YWRiNzgxYWE5ZGJlMGFjNWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLB5knl1RtNHoKBAyXL9pOTtUZ6I
pmvkxAyyy1oyBF1HFk/tG0AwSmBE34tfKfqd3wqLWrwhXdCajgJuSPS3W2xAkUhO
2IjSUvHbxJBmu8dynwq1Lgv9u8Xy33QPwFgHV9jKWjLP+nO+yp6WJm2ZhH5BxXN/
hrmu87Y8g3lxMppp2GpGX1dj8fKPJe4vBMYz5/AiO+BMiEbC5XCJm1vilXbJcVYk
5NoAzXREG+tR72DN4xnUqu9oTXOZDvBuvTc4Z45fYtIkvmuhyuqTqo7smffltF7X
etWZ8eo7o1thMOmCtQmKlOlSTURnnFCN+6La3WpbdyBKMwlv0M+MKizExQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFMlKgsD5NBIvnFYorbeBqp2+CsXRMB8GA1UdIwQY
MBaAFD7J+w0TVSqtBPOqrrWNTdTnz0DwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNuN0RSTlZLcTBFODZxdXRZMU4xT2ZQUVBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82Y2NhYjMtNDc5Yi00ZGE4LWFlOTgt
MmNiNmUzZmRmOWNkLzEveVVxQ3dQazBFaS1jVmlpdHQ0R3FuYjRLeGRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny82Y2NhYjMtNDc5Yi00ZGE4LWFlOTgtMmNiNmUzZmRmOWNk
LzEvUHNuN0RSTlZLcTBFODZxdXRZMU4xT2ZQUVBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCuVOsAwQC
udAsAwQCufBEAwQAwRnLAwQCwTokMA0EAgACMAcDBQMqBZ1AMA0GCSqGSIb3DQEB
CwUAA4IBAQCSeaGgfgL9lw5O5u+0IUo5P3CEbiYEplSVs1OqmPVZXm3N/kaScVo2
DTLzOY2aVJbbU6KBDvaqNozxEEw8xAcllKYiYbuTrje2AtHgDVXyG9tTT37hYjQJ
0jfLmoA5Tz+3ii98WkXs84Ha7sgLEwAJEGJMim1zg6ObSaWGqGozH7ozd6WkOQW3
U5TrnJGUO51WMT9XhTkxY0Mnu6Ro8Z1KWlPMopqTNHkqILk5NwwgYQ8lAwF+R1fJ
6hWgSTjPsRgr+lgJ5u+izvx1BeXh5F1ik8ofspExQS35yX7iSYR5Wv6Ht8BQCQAY
wXKGLZaXVn4EfHk8GNUzDeP3iORRmmIK
-----END CERTIFICATE-----