Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/Ryd53kuAPRSGYU-JpAjw9AoMuOY.roa
File:                     Ryd53kuAPRSGYU-JpAjw9AoMuOY.roa (raw, json)
Hash identifier:          FQChPucfrpTdvyEKGu65uVkHddx/VWOEqm/uue0roDU=
Subject key identifier:   47:27:79:DE:4B:80:3D:14:86:61:4F:89:A4:08:F0:F4:0A:0C:B8:E6
Certificate issuer:       /CN=75ea894ee05775e0ef061d086ca252147f5c91de
Certificate serial:       019391F6C9A2313C6490487848C5D3438058
Authority key identifier: 75:EA:89:4E:E0:57:75:E0:EF:06:1D:08:6C:A2:52:14:7F:5C:91:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/deqJTuBXdeDvBh0IbKJSFH9ckd4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/Ryd53kuAPRSGYU-JpAjw9AoMuOY.roa
Signing time:             Wed 04 Dec 2024 13:58:10 +0000
ROA not before:           Wed 04 Dec 2024 13:58:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58075
IP address blocks:        37.235.80.0/21 maxlen: 24
                          45.95.68.0/22 maxlen: 24
                          45.154.44.0/22 maxlen: 24
                          185.21.52.0/22 maxlen: 24
                          185.43.20.0/22 maxlen: 24
                          185.96.148.0/22 maxlen: 24
                          185.186.172.0/22 maxlen: 24
                          194.110.22.0/24 maxlen: 24
                          194.110.27.0/24 maxlen: 24
                          194.110.30.0/24 maxlen: 24
                          194.110.72.0/24 maxlen: 24
                          2a04:9380::/29 maxlen: 64

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:91:f6:c9:a2:31:3c:64:90:48:78:48:c5:d3:43:80:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75ea894ee05775e0ef061d086ca252147f5c91de
        Validity
            Not Before: Dec  4 13:58:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=472779de4b803d1486614f89a408f0f40a0cb8e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:9c:da:7f:d9:1d:42:2a:67:1f:82:6f:1e:d8:
                    c5:f7:52:74:7a:f1:f8:c6:fd:a4:c0:26:c9:b7:9e:
                    0f:53:50:b1:38:53:b2:d4:ea:23:67:7c:09:d2:02:
                    1f:01:d7:63:b4:a6:0e:ff:64:2c:6b:97:1d:c2:3f:
                    b3:94:85:65:f7:dd:ff:ac:7b:6f:ce:db:c4:4a:be:
                    28:dc:e4:0d:24:d7:ba:74:50:66:df:c3:66:63:ca:
                    25:f9:97:86:73:3c:3f:21:79:e4:b8:af:ca:d0:7a:
                    98:0f:8d:28:e9:2c:12:8d:80:96:2b:de:93:31:50:
                    46:e1:b1:20:ab:9d:10:a9:40:e5:e4:b8:6a:9d:2c:
                    15:0b:3b:b8:42:a8:e1:c9:06:5e:74:80:10:eb:1a:
                    7a:f4:78:e3:77:f1:ae:de:0e:ca:f9:9d:1a:17:f6:
                    2b:02:63:9b:fc:18:c6:b2:36:76:82:56:3e:5d:cd:
                    6a:27:54:2c:1b:40:87:cc:90:56:ec:30:79:8e:b6:
                    88:19:df:b9:44:c8:f3:cd:5d:a2:d2:e1:65:c7:bf:
                    96:af:36:10:a2:51:ed:c6:ce:c6:11:db:1d:93:48:
                    63:ad:42:15:96:9c:44:17:85:22:cd:e7:9b:f8:9b:
                    7e:38:b9:62:5b:c0:ee:fc:f2:20:75:02:82:0e:8a:
                    98:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:27:79:DE:4B:80:3D:14:86:61:4F:89:A4:08:F0:F4:0A:0C:B8:E6
            X509v3 Authority Key Identifier:
                keyid:75:EA:89:4E:E0:57:75:E0:EF:06:1D:08:6C:A2:52:14:7F:5C:91:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/deqJTuBXdeDvBh0IbKJSFH9ckd4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/Ryd53kuAPRSGYU-JpAjw9AoMuOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/deqJTuBXdeDvBh0IbKJSFH9ckd4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.235.80.0/21
                  45.95.68.0/22
                  45.154.44.0/22
                  185.21.52.0/22
                  185.43.20.0/22
                  185.96.148.0/22
                  185.186.172.0/22
                  194.110.22.0/24
                  194.110.27.0/24
                  194.110.30.0/24
                  194.110.72.0/24
                IPv6:
                  2a04:9380::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:ea:2e:ba:89:79:cf:d9:70:b5:77:54:6b:d5:ba:3c:9e:04:
         43:1b:da:5e:9b:d4:08:6b:c4:9e:68:03:60:62:16:9c:78:15:
         b5:18:cc:1f:a1:58:80:5a:60:6c:75:a8:f6:be:4e:42:b1:16:
         b5:94:bb:52:91:c1:50:2f:bf:0b:68:72:c9:64:59:6e:8e:37:
         1f:99:3e:81:e3:5b:1a:f0:d6:cb:b0:8a:6f:6c:0e:bc:82:a1:
         f3:fe:74:70:25:14:03:28:43:f6:45:90:cf:e9:60:a0:de:61:
         e9:4e:7e:70:61:bf:69:83:68:f6:67:9d:d6:9c:f7:76:de:46:
         3e:76:19:f2:dc:99:1d:ba:bb:b4:aa:6c:ee:83:0c:de:0e:4b:
         ea:6a:25:01:45:a7:f4:e8:32:e1:2e:be:11:e5:9f:0d:52:8f:
         6e:06:fe:02:da:bf:37:b4:c6:ef:d9:f7:b1:9b:ff:d4:6a:c4:
         6f:54:1f:25:d0:19:7e:3b:62:33:89:27:07:f1:de:74:48:89:
         07:f8:79:6a:ff:e4:8a:3b:73:44:b6:00:cd:bf:e7:f1:fb:97:
         27:60:e9:45:ae:3a:b1:a6:39:a5:f5:d6:98:58:cc:5a:5e:f8:
         0d:17:d4:96:54:a8:ac:6c:54:38:91:f1:49:eb:9e:27:52:fb:
         28:be:73:eb
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAZOR9smiMTxkkEh4SMXTQ4BYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZWE4OTRlZTA1Nzc1ZTBlZjA2MWQwODZjYTI1MjE0N2Y1
YzkxZGUwHhcNMjQxMjA0MTM1ODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzI3NzlkZTRiODAzZDE0ODY2MTRmODlhNDA4ZjBmNDBhMGNiOGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Zzaf9kdQipnH4JvHtjF91J0evH4
xv2kwCbJt54PU1CxOFOy1OojZ3wJ0gIfAddjtKYO/2Qsa5cdwj+zlIVl993/rHtv
ztvESr4o3OQNJNe6dFBm38NmY8ol+ZeGczw/IXnkuK/K0HqYD40o6SwSjYCWK96T
MVBG4bEgq50QqUDl5LhqnSwVCzu4QqjhyQZedIAQ6xp69Hjjd/Gu3g7K+Z0aF/Yr
AmOb/BjGsjZ2glY+Xc1qJ1QsG0CHzJBW7DB5jraIGd+5RMjzzV2i0uFlx7+WrzYQ
olHtxs7GEdsdk0hjrUIVlpxEF4Uizeeb+Jt+OLliW8Du/PIgdQKCDoqYSwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFEcned5LgD0UhmFPiaQI8PQKDLjmMB8GA1UdIwQY
MBaAFHXqiU7gV3Xg7wYdCGyiUhR/XJHeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGVxSlR1QlhkZUR2QmgwSWJLSlNGSDlja2Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8xY2RjZTItYTNmOC00NGI2LWI1ZTEt
YjdmMjk4NGViNjUzLzEvUnlkNTNrdUFQUlNHWVUtSnBBanc5QW9NdU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8xY2RjZTItYTNmOC00NGI2LWI1ZTEtYjdmMjk4NGViNjUz
LzEvZGVxSlR1QlhkZUR2QmgwSWJLSlNGSDlja2Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQDJetQAwQC
LV9EAwQCLZosAwQCuRU0AwQCuSsUAwQCuWCUAwQCubqsAwQAwm4WAwQAwm4bAwQA
wm4eAwQAwm5IMA0EAgACMAcDBQMqBJOAMA0GCSqGSIb3DQEBCwUAA4IBAQAR6i66
iXnP2XC1d1Rr1bo8ngRDG9pem9QIa8SeaANgYhaceBW1GMwfoViAWmBsdaj2vk5C
sRa1lLtSkcFQL78LaHLJZFlujjcfmT6B41sa8NbLsIpvbA68gqHz/nRwJRQDKEP2
RZDP6WCg3mHpTn5wYb9pg2j2Z53WnPd23kY+dhny3Jkduru0qmzugwzeDkvqaiUB
Raf06DLhLr4R5Z8NUo9uBv4C2r83tMbv2fexm//UasRvVB8l0Bl+O2IziScH8d50
SIkH+Hlq/+SKO3NEtgDNv+fx+5cnYOlFrjqxpjml9daYWMxaXvgNF9SWVKisbFQ4
kfFJ654nUvsovnPr
-----END CERTIFICATE-----