Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/df91c3-d5b8-4a58-ae9e-2f879b5754e1/1/vNb5RJ1NWF9KAT0KbsLINglMmW4.roa
File:                     vNb5RJ1NWF9KAT0KbsLINglMmW4.roa (raw, json)
Hash identifier:          jXTgKmQPGBZpjKgqqLkxLQhegQk4xAz/b6i4eexj5wk=
Subject key identifier:   BC:D6:F9:44:9D:4D:58:5F:4A:01:3D:0A:6E:C2:C8:36:09:4C:99:6E
Certificate issuer:       /CN=1fedc4c19e033a167e4af795d54e34b71ea093c6
Certificate serial:       019426D9D07E485B460FA0383A3C4FA8B04F
Authority key identifier: 1F:ED:C4:C1:9E:03:3A:16:7E:4A:F7:95:D5:4E:34:B7:1E:A0:93:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-3EwZ4DOhZ-SveV1U40tx6gk8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/df91c3-d5b8-4a58-ae9e-2f879b5754e1/1/vNb5RJ1NWF9KAT0KbsLINglMmW4.roa
Signing time:             Thu 02 Jan 2025 11:49:56 +0000
ROA not before:           Thu 02 Jan 2025 11:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34412
IP address blocks:        31.25.90.0/24 maxlen: 24
                          31.25.91.0/24 maxlen: 24
                          62.204.61.0/24 maxlen: 24
                          77.72.80.0/24 maxlen: 24
                          91.246.44.0/24 maxlen: 24
                          146.19.217.0/24 maxlen: 24
                          185.49.231.0/24 maxlen: 24
                          185.226.140.0/24 maxlen: 24
                          185.226.141.0/24 maxlen: 24
                          185.226.142.0/24 maxlen: 24
                          185.226.143.0/24 maxlen: 24
                          193.3.182.0/24 maxlen: 24
                          2a10:5740::/48 maxlen: 48
                          2a10:5740:1::/48 maxlen: 48
                          2a10:5740:2::/48 maxlen: 48
                          2a10:5740:3::/48 maxlen: 48
                          2a11:9b40::/48 maxlen: 48
                          2a11:9b40:1::/48 maxlen: 48
                          2a11:9b40:2::/48 maxlen: 48
                          2a11:9b40:3::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:d0:7e:48:5b:46:0f:a0:38:3a:3c:4f:a8:b0:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fedc4c19e033a167e4af795d54e34b71ea093c6
        Validity
            Not Before: Jan  2 11:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bcd6f9449d4d585f4a013d0a6ec2c836094c996e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d0:23:33:89:8d:ff:53:71:5a:13:1c:97:c7:
                    88:34:d3:56:c2:cb:56:fe:12:2e:33:30:af:e7:83:
                    b8:fd:86:0b:80:0c:66:f1:42:5b:e4:01:c7:1e:ff:
                    c2:62:c7:2d:8d:ab:60:99:e7:1c:ab:82:1d:23:9b:
                    94:f6:b0:77:d2:af:5d:91:d1:0c:6a:5d:64:29:89:
                    45:d7:34:13:8d:cf:c8:18:32:71:12:69:4b:ff:8b:
                    3c:0a:c6:83:ba:0a:9c:12:77:39:38:c2:2c:07:34:
                    1e:00:33:bb:eb:00:fa:be:9a:d0:fc:82:e4:77:d2:
                    3b:98:44:7a:b4:3f:1f:4a:b8:de:bb:4c:97:1e:d8:
                    e5:c3:92:83:b5:66:e3:54:16:b3:ba:d7:3e:41:ec:
                    13:4a:88:42:e4:6a:27:3a:26:c4:0f:38:31:95:6f:
                    fb:e8:ea:62:18:f6:6a:bd:43:05:7d:77:5e:64:9c:
                    c3:66:9f:43:7b:e0:7f:51:ea:f7:0e:7a:cf:e4:ea:
                    73:a6:2e:56:d1:74:e3:59:9c:f7:64:14:d5:76:ca:
                    b1:94:91:c7:47:26:78:f2:12:f1:19:10:9d:4a:65:
                    35:f4:18:ac:d3:60:d4:3c:1e:25:c9:6e:7d:1b:6e:
                    85:2a:c6:1a:e8:a4:66:db:01:1d:00:f7:11:e1:51:
                    d9:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:D6:F9:44:9D:4D:58:5F:4A:01:3D:0A:6E:C2:C8:36:09:4C:99:6E
            X509v3 Authority Key Identifier:
                keyid:1F:ED:C4:C1:9E:03:3A:16:7E:4A:F7:95:D5:4E:34:B7:1E:A0:93:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-3EwZ4DOhZ-SveV1U40tx6gk8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/df91c3-d5b8-4a58-ae9e-2f879b5754e1/1/vNb5RJ1NWF9KAT0KbsLINglMmW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/df91c3-d5b8-4a58-ae9e-2f879b5754e1/1/H-3EwZ4DOhZ-SveV1U40tx6gk8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.25.90.0/23
                  62.204.61.0/24
                  77.72.80.0/24
                  91.246.44.0/24
                  146.19.217.0/24
                  185.49.231.0/24
                  185.226.140.0/22
                  193.3.182.0/24
                IPv6:
                  2a10:5740::/46
                  2a11:9b40::/46

    Signature Algorithm: sha256WithRSAEncryption
         55:38:a6:9c:c8:61:d2:10:dc:be:65:df:2d:4a:97:bb:5f:8e:
         41:fe:38:68:a0:e4:33:79:71:60:a6:d2:78:7c:2d:b0:03:66:
         6e:3c:97:7c:09:f8:9e:25:21:5e:e7:95:ca:05:1d:71:6d:72:
         ef:26:e7:32:cd:a5:06:9e:76:0a:8b:b4:03:77:18:08:fb:c7:
         91:6c:3d:c6:a5:ad:15:f9:5e:43:60:d6:96:73:3d:ba:15:4d:
         cd:b2:48:15:7f:dc:43:39:38:ac:f1:5d:cb:fa:f6:d8:f3:a1:
         93:6f:20:e5:d6:15:cd:70:e4:e9:b4:e7:03:d6:17:ab:e4:8d:
         6f:50:bc:b6:dc:78:0f:43:5b:4c:5f:46:74:da:c5:a7:34:1f:
         57:cf:a1:51:94:5c:5c:c2:fc:34:67:84:30:d2:cf:38:e9:5e:
         9f:40:b3:94:a2:ea:72:a8:29:1e:a8:b6:82:ff:f6:d7:e2:eb:
         1f:c1:4e:3b:11:a2:16:cf:10:f2:85:22:24:b7:07:7b:2d:72:
         4d:63:da:43:86:91:51:40:58:76:b7:74:b0:e3:59:f4:93:78:
         77:7b:07:d0:11:c9:2a:94:f9:00:0a:33:62:f5:03:f7:11:88:
         a2:b7:5e:0c:81:b6:59:1d:20:77:30:e4:0a:d1:b9:30:6a:de:
         66:49:98:4b
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZQm2dB+SFtGD6A4OjxPqLBPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZWRjNGMxOWUwMzNhMTY3ZTRhZjc5NWQ1NGUzNGI3MWVh
MDkzYzYwHhcNMjUwMTAyMTE0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2Q2Zjk0NDlkNGQ1ODVmNGEwMTNkMGE2ZWMyYzgzNjA5NGM5OTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNAjM4mN/1NxWhMcl8eINNNWwstW
/hIuMzCv54O4/YYLgAxm8UJb5AHHHv/CYsctjatgmeccq4IdI5uU9rB30q9dkdEM
al1kKYlF1zQTjc/IGDJxEmlL/4s8CsaDugqcEnc5OMIsBzQeADO76wD6vprQ/ILk
d9I7mER6tD8fSrjeu0yXHtjlw5KDtWbjVBazutc+QewTSohC5GonOibEDzgxlW/7
6OpiGPZqvUMFfXdeZJzDZp9De+B/Uer3DnrP5Opzpi5W0XTjWZz3ZBTVdsqxlJHH
RyZ48hLxGRCdSmU19Bis02DUPB4lyW59G26FKsYa6KRm2wEdAPcR4VHZwwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFLzW+USdTVhfSgE9Cm7CyDYJTJluMB8GA1UdIwQY
MBaAFB/txMGeAzoWfkr3ldVONLceoJPGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC0zRXdaNERPaFotU3ZlVjFVNDB0eDZnazhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9kZjkxYzMtZDViOC00YTU4LWFlOWUt
MmY4NzliNTc1NGUxLzEvdk5iNVJKMU5XRjlLQVQwS2JzTElOZ2xNbVc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9kZjkxYzMtZDViOC00YTU4LWFlOWUtMmY4NzliNTc1NGUx
LzEvSC0zRXdaNERPaFotU3ZlVjFVNDB0eDZnazhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjA2BAIAATAwAwQBHxlaAwQA
Psw9AwQATUhQAwQAW/YsAwQAkhPZAwQAuTHnAwQCueKMAwQAwQO2MBgEAgACMBID
BwIqEFdAAAADBwIqEZtAAAAwDQYJKoZIhvcNAQELBQADggEBAFU4ppzIYdIQ3L5l
3y1Kl7tfjkH+OGig5DN5cWCm0nh8LbADZm48l3wJ+J4lIV7nlcoFHXFtcu8m5zLN
pQaedgqLtAN3GAj7x5FsPcalrRX5XkNg1pZzPboVTc2ySBV/3EM5OKzxXcv69tjz
oZNvIOXWFc1w5Om05wPWF6vkjW9QvLbceA9DW0xfRnTaxac0H1fPoVGUXFzC/DRn
hDDSzzjpXp9As5Si6nKoKR6otoL/9tfi6x/BTjsRohbPEPKFIiS3B3stck1j2kOG
kVFAWHa3dLDjWfSTeHd7B9ARySqU+QAKM2L1A/cRiKK3XgyBtlkdIHcw5ArRuTBq
3mZJmEs=
-----END CERTIFICATE-----