Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/b592dd-c711-4301-9be5-aef3fcbb7884/1/1-REcO5J_sNDHp5QyMHQK9hJs5o0.roa
File:                     1-REcO5J_sNDHp5QyMHQK9hJs5o0.roa (raw, json)
Hash identifier:          xwGwct9zoFclxXhr71nd4I0i1zajfbDCLeCO4XmRVU4=
Subject key identifier:   F9:11:1C:3B:92:7F:B0:D0:C7:A7:94:32:30:74:0A:F6:12:6C:E6:8D
Certificate issuer:       /CN=7dc896cb3899c5b6488d1c4653faee4b23151f1f
Certificate serial:       019422FC4836803BA16923748659452D3B0B
Authority key identifier: 7D:C8:96:CB:38:99:C5:B6:48:8D:1C:46:53:FA:EE:4B:23:15:1F:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fciWyziZxbZIjRxGU_ruSyMVHx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/b592dd-c711-4301-9be5-aef3fcbb7884/1/1-REcO5J_sNDHp5QyMHQK9hJs5o0.roa
Signing time:             Wed 01 Jan 2025 17:49:06 +0000
ROA not before:           Wed 01 Jan 2025 17:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12703
IP address blocks:        31.15.104.0/21 maxlen: 24
                          31.47.216.0/21 maxlen: 24
                          82.113.160.0/19 maxlen: 24
                          93.94.72.0/21 maxlen: 24
                          185.153.100.0/22 maxlen: 24
                          194.176.64.0/19 maxlen: 24
                          195.97.192.0/18 maxlen: 24
                          213.131.96.0/19 maxlen: 24
                          217.22.144.0/20 maxlen: 24
                          2001:4dc0::/32 maxlen: 32
                          2a02:2b38::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:48:36:80:3b:a1:69:23:74:86:59:45:2d:3b:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dc896cb3899c5b6488d1c4653faee4b23151f1f
        Validity
            Not Before: Jan  1 17:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9111c3b927fb0d0c7a7943230740af6126ce68d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:27:56:8d:8d:c9:b1:2f:da:82:45:da:68:fb:
                    3c:76:e3:82:a5:92:8b:6c:02:fe:0c:ad:fb:40:38:
                    ae:db:25:a7:13:51:f5:91:d8:c2:7c:72:0c:ca:31:
                    43:c9:84:91:51:e8:4f:7b:95:fe:75:84:e4:d4:4c:
                    6f:43:60:9d:73:5b:93:83:c2:3f:a7:a1:c3:f0:c2:
                    13:e1:71:c6:b9:ed:8e:42:f2:91:22:6d:ab:dd:3a:
                    b9:5a:c0:09:b4:88:3a:c0:d0:02:65:c5:3c:b2:6a:
                    8a:5c:a1:06:d2:6e:66:a4:d2:46:72:05:08:a0:4d:
                    54:c1:06:d0:d5:69:82:1c:c9:d5:d4:37:3b:56:eb:
                    3f:bd:10:93:96:54:70:cb:32:50:da:48:e5:36:75:
                    d9:4e:3f:97:bb:cc:8a:d3:bf:05:4d:00:d0:09:ee:
                    42:9e:75:8f:44:b6:5c:a2:5d:4c:97:61:8b:a3:d3:
                    c6:c4:ff:41:ab:cd:18:3c:4a:51:b1:19:ce:f5:18:
                    82:82:58:52:c2:3f:53:52:f5:b2:49:bd:54:37:47:
                    7c:f7:ac:09:13:34:00:dd:db:2b:24:21:ed:fc:31:
                    98:b2:80:b4:e8:56:2c:a2:e6:e2:e7:0a:89:ab:d8:
                    eb:f2:fd:fa:77:f0:0b:b9:b4:d5:6e:cf:40:91:9e:
                    fb:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:11:1C:3B:92:7F:B0:D0:C7:A7:94:32:30:74:0A:F6:12:6C:E6:8D
            X509v3 Authority Key Identifier:
                keyid:7D:C8:96:CB:38:99:C5:B6:48:8D:1C:46:53:FA:EE:4B:23:15:1F:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fciWyziZxbZIjRxGU_ruSyMVHx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/b592dd-c711-4301-9be5-aef3fcbb7884/1/1-REcO5J_sNDHp5QyMHQK9hJs5o0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/b592dd-c711-4301-9be5-aef3fcbb7884/1/fciWyziZxbZIjRxGU_ruSyMVHx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.15.104.0/21
                  31.47.216.0/21
                  82.113.160.0/19
                  93.94.72.0/21
                  185.153.100.0/22
                  194.176.64.0/19
                  195.97.192.0/18
                  213.131.96.0/19
                  217.22.144.0/20
                IPv6:
                  2001:4dc0::/32
                  2a02:2b38::/32

    Signature Algorithm: sha256WithRSAEncryption
         55:78:f9:97:13:be:f4:e4:df:38:65:1b:4c:dc:18:ab:79:d0:
         fc:b6:52:56:fc:cb:29:f7:5b:ac:6a:e6:9d:7d:94:17:2e:c3:
         db:6a:b9:b6:4a:52:82:fb:c6:d8:00:74:5d:dd:1d:b5:32:38:
         73:2a:02:73:73:c5:d3:d8:0b:2b:bd:b6:a5:be:d3:4b:da:dd:
         4e:cc:c0:55:32:06:e4:5e:d2:51:3b:4d:7c:c1:e4:df:27:92:
         f8:4f:a2:5b:ea:5b:9c:3c:37:38:3d:b7:e2:bd:77:4f:75:4b:
         5b:90:98:2e:fe:4f:e8:8b:a1:3d:15:c0:02:ef:b3:4c:ec:67:
         7a:15:76:d3:ab:9a:49:18:4f:78:c7:a1:4f:e0:14:c3:18:f5:
         1b:13:e1:e0:73:66:ee:17:f6:32:b1:d1:ad:43:ab:3a:b1:56:
         63:6e:cc:39:db:ca:ab:17:a1:a3:ca:b1:b3:1a:1b:2e:42:67:
         08:b0:5d:42:61:bb:66:cb:5e:5b:28:27:7e:af:ea:f3:16:a2:
         c9:c1:32:20:11:71:8f:2f:66:8e:d5:8f:2c:01:83:96:34:51:
         a5:5d:49:f7:c7:5f:f9:18:e5:85:28:e6:52:22:dd:27:c2:e6:
         d4:81:5a:bc:e7:6e:83:78:1b:c5:76:d6:6a:f9:4f:5d:cb:89:
         09:98:da:35
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZQi/Eg2gDuhaSN0hllFLTsLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYzg5NmNiMzg5OWM1YjY0ODhkMWM0NjUzZmFlZTRiMjMx
NTFmMWYwHhcNMjUwMTAxMTc0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTExMWMzYjkyN2ZiMGQwYzdhNzk0MzIzMDc0MGFmNjEyNmNlNjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSdWjY3JsS/agkXaaPs8duOCpZKL
bAL+DK37QDiu2yWnE1H1kdjCfHIMyjFDyYSRUehPe5X+dYTk1ExvQ2Cdc1uTg8I/
p6HD8MIT4XHGue2OQvKRIm2r3Tq5WsAJtIg6wNACZcU8smqKXKEG0m5mpNJGcgUI
oE1UwQbQ1WmCHMnV1Dc7Vus/vRCTllRwyzJQ2kjlNnXZTj+Xu8yK078FTQDQCe5C
nnWPRLZcol1Ml2GLo9PGxP9Bq80YPEpRsRnO9RiCglhSwj9TUvWySb1UN0d896wJ
EzQA3dsrJCHt/DGYsoC06FYsoubi5wqJq9jr8v36d/ALubTVbs9AkZ77dwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFPkRHDuSf7DQx6eUMjB0CvYSbOaNMB8GA1UdIwQY
MBaAFH3Ilss4mcW2SI0cRlP67ksjFR8fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmNpV3l6aVp4YlpJalJ4R1VfcnVTeU1WSHg4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9iNTkyZGQtYzcxMS00MzAxLTliZTUt
YWVmM2ZjYmI3ODg0LzEvMS1SRWNPNUpfc05ESHA1UXlNSFFLOWhKczVvMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGUvYjU5MmRkLWM3MTEtNDMwMS05YmU1LWFlZjNmY2JiNzg4
NC8xL2ZjaVd5emlaeGJaSWpSeEdVX3J1U3lNVkh4OC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBlBggrBgEFBQcBBwEB/wRWMFQwPAQCAAEwNgMEAx8PaAME
Ax8v2AMEBVJxoAMEA11eSAMEArmZZAMEBcKwQAMEBsNhwAMEBdWDYAMEBNkWkDAU
BAIAAjAOAwUAIAFNwAMFACoCKzgwDQYJKoZIhvcNAQELBQADggEBAFV4+ZcTvvTk
3zhlG0zcGKt50Py2Ulb8yyn3W6xq5p19lBcuw9tqubZKUoL7xtgAdF3dHbUyOHMq
AnNzxdPYCyu9tqW+00va3U7MwFUyBuRe0lE7TXzB5N8nkvhPolvqW5w8Nzg9t+K9
d091S1uQmC7+T+iLoT0VwALvs0zsZ3oVdtOrmkkYT3jHoU/gFMMY9RsT4eBzZu4X
9jKx0a1DqzqxVmNuzDnbyqsXoaPKsbMaGy5CZwiwXUJhu2bLXlsoJ36v6vMWosnB
MiARcY8vZo7VjywBg5Y0UaVdSffHX/kY5YUo5lIi3SfC5tSBWrznboN4G8V21mr5
T13LiQmY2jU=
-----END CERTIFICATE-----