Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/d1628a-33c8-4e47-bfed-99ed6730f84a/1/sT8bdOMkOBuJcpLSNUJLIn8pNo4.roa
File:                     sT8bdOMkOBuJcpLSNUJLIn8pNo4.roa (raw, json)
Hash identifier:          vHy12CSxlbxHZ+bWYL5tzLyPAoKn74EaWNP0Myp+xyg=
Subject key identifier:   B1:3F:1B:74:E3:24:38:1B:89:72:92:D2:35:42:4B:22:7F:29:36:8E
Certificate issuer:       /CN=1201cc343074102efa7f0c30f29499e1ad56e29f
Certificate serial:       0194214468B568C53548EABF253C81D43B63
Authority key identifier: 12:01:CC:34:30:74:10:2E:FA:7F:0C:30:F2:94:99:E1:AD:56:E2:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EgHMNDB0EC76fwww8pSZ4a1W4p8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/d1628a-33c8-4e47-bfed-99ed6730f84a/1/sT8bdOMkOBuJcpLSNUJLIn8pNo4.roa
Signing time:             Wed 01 Jan 2025 09:48:38 +0000
ROA not before:           Wed 01 Jan 2025 09:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42442
IP address blocks:        46.167.160.0/19 maxlen: 24
                          46.167.169.20/32 maxlen: 32
                          91.208.160.0/24 maxlen: 24
                          130.0.72.0/21 maxlen: 32
                          130.0.73.0/24 maxlen: 24
                          130.0.77.0/24 maxlen: 24
                          185.165.16.0/22 maxlen: 22
                          194.50.164.0/24 maxlen: 32
                          195.137.170.0/24 maxlen: 32
                          195.137.170.121/32 maxlen: 32
                          195.137.170.122/32 maxlen: 32
                          2a00:f660::/32 maxlen: 32
                          2a03:9480::/32 maxlen: 32
                          2a03:9480:200::/40 maxlen: 40
                          2a03:9480:300::/40 maxlen: 40
                          2a03:9480:301::/48 maxlen: 48
                          2a03:9480:302::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:68:b5:68:c5:35:48:ea:bf:25:3c:81:d4:3b:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1201cc343074102efa7f0c30f29499e1ad56e29f
        Validity
            Not Before: Jan  1 09:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b13f1b74e324381b897292d235424b227f29368e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:fd:c5:42:d7:58:23:84:a7:9c:a6:f2:73:66:
                    83:17:e4:c6:6a:d8:a8:bf:13:1d:7d:26:ff:0b:28:
                    16:52:68:03:ba:70:c7:ad:01:74:c7:87:53:90:a4:
                    58:85:c5:d6:2d:7f:73:07:9f:06:75:cf:37:51:ae:
                    68:1a:cd:39:32:cd:ee:79:64:cb:a5:2e:58:46:ab:
                    bd:37:03:44:64:f0:1d:c3:d9:34:fa:2a:88:83:66:
                    e1:f5:a8:37:e2:c6:45:df:0f:4c:5d:4f:e6:51:ee:
                    3a:21:d7:46:e3:35:fd:99:9d:f6:04:9f:61:5e:64:
                    a6:c2:5b:94:13:39:53:bb:37:60:7f:25:45:52:88:
                    56:ec:fb:da:4e:82:cf:b9:73:a0:a2:f4:43:c1:be:
                    06:e5:6c:6b:79:61:0d:e7:f4:05:23:d3:ca:0a:4f:
                    49:ca:7f:fe:58:23:52:c4:d2:ac:25:1e:5b:ff:e6:
                    db:9b:5a:97:c3:77:f3:42:fe:94:d8:14:5b:5e:65:
                    0b:0a:de:fc:1c:13:2b:ef:f5:07:d1:44:03:e5:da:
                    b1:b4:a9:3c:7b:1f:57:95:92:3f:7d:cf:b7:b6:76:
                    60:6c:15:4b:6f:57:e6:ab:48:33:52:4b:09:9e:11:
                    56:3f:bd:ee:c6:e4:e0:2a:cf:73:b5:e7:33:34:cd:
                    61:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:3F:1B:74:E3:24:38:1B:89:72:92:D2:35:42:4B:22:7F:29:36:8E
            X509v3 Authority Key Identifier:
                keyid:12:01:CC:34:30:74:10:2E:FA:7F:0C:30:F2:94:99:E1:AD:56:E2:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EgHMNDB0EC76fwww8pSZ4a1W4p8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d1628a-33c8-4e47-bfed-99ed6730f84a/1/sT8bdOMkOBuJcpLSNUJLIn8pNo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d1628a-33c8-4e47-bfed-99ed6730f84a/1/EgHMNDB0EC76fwww8pSZ4a1W4p8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.167.160.0/19
                  91.208.160.0/24
                  130.0.72.0/21
                  185.165.16.0/22
                  194.50.164.0/24
                  195.137.170.0/24
                IPv6:
                  2a00:f660::/32
                  2a03:9480::/32

    Signature Algorithm: sha256WithRSAEncryption
         8f:72:9f:71:7c:a1:d3:c6:8c:db:36:c3:e8:13:4f:2b:2f:82:
         0d:d0:5e:d1:8f:ac:79:1d:8d:d0:a0:2f:02:8b:8f:aa:a2:24:
         bb:cc:c7:08:07:0e:2e:cc:76:0b:4f:55:03:ba:a5:5f:c2:4f:
         0a:f2:8c:73:1a:82:fd:17:e6:88:55:37:3a:76:74:4a:68:9e:
         6c:db:25:4d:bd:13:37:af:d5:e1:f7:d7:16:16:07:21:df:af:
         16:37:e8:43:e2:ad:9f:9f:3d:82:a9:92:39:04:74:d7:6d:5b:
         32:5b:58:55:b7:dd:a9:f8:7c:6d:3f:62:9e:95:6e:32:bb:43:
         9e:7d:9a:4e:a7:fd:68:22:18:fb:48:47:cd:af:bd:5f:70:88:
         77:a6:31:be:3f:06:da:d5:95:15:46:5c:5d:82:2b:59:7b:f6:
         cc:34:e3:e2:ae:be:b0:29:73:63:31:03:f4:64:61:42:09:35:
         80:ad:ea:93:1c:f7:0c:3e:a8:73:6e:63:63:fc:83:9c:44:1f:
         d8:4c:2f:19:20:ad:e5:53:8c:e0:a0:00:1c:d6:fe:7b:73:95:
         70:d3:98:2e:97:a5:e3:de:2c:fa:85:8a:12:ce:14:e9:32:63:
         62:c7:d6:dc:90:e8:0f:c6:23:b3:17:6a:08:d2:d3:1e:9a:ec:
         7a:03:92:30
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZQhRGi1aMU1SOq/JTyB1DtjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMDFjYzM0MzA3NDEwMmVmYTdmMGMzMGYyOTQ5OWUxYWQ1
NmUyOWYwHhcNMjUwMTAxMDk0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTNmMWI3NGUzMjQzODFiODk3MjkyZDIzNTQyNGIyMjdmMjkzNjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuP3FQtdYI4SnnKbyc2aDF+TGatio
vxMdfSb/CygWUmgDunDHrQF0x4dTkKRYhcXWLX9zB58Gdc83Ua5oGs05Ms3ueWTL
pS5YRqu9NwNEZPAdw9k0+iqIg2bh9ag34sZF3w9MXU/mUe46IddG4zX9mZ32BJ9h
XmSmwluUEzlTuzdgfyVFUohW7PvaToLPuXOgovRDwb4G5WxreWEN5/QFI9PKCk9J
yn/+WCNSxNKsJR5b/+bbm1qXw3fzQv6U2BRbXmULCt78HBMr7/UH0UQD5dqxtKk8
ex9XlZI/fc+3tnZgbBVLb1fmq0gzUksJnhFWP73uxuTgKs9zteczNM1hQQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFLE/G3TjJDgbiXKS0jVCSyJ/KTaOMB8GA1UdIwQY
MBaAFBIBzDQwdBAu+n8MMPKUmeGtVuKfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWdITU5EQjBFQzc2Znd3dzhwU1o0YTFXNHA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9kMTYyOGEtMzNjOC00ZTQ3LWJmZWQt
OTllZDY3MzBmODRhLzEvc1Q4YmRPTWtPQnVKY3BMU05VSkxJbjhwTm80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9kMTYyOGEtMzNjOC00ZTQ3LWJmZWQtOTllZDY3MzBmODRh
LzEvRWdITU5EQjBFQzc2Znd3dzhwU1o0YTFXNHA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQFLqegAwQA
W9CgAwQDggBIAwQCuaUQAwQAwjKkAwQAw4mqMBQEAgACMA4DBQAqAPZgAwUAKgOU
gDANBgkqhkiG9w0BAQsFAAOCAQEAj3KfcXyh08aM2zbD6BNPKy+CDdBe0Y+seR2N
0KAvAouPqqIku8zHCAcOLsx2C09VA7qlX8JPCvKMcxqC/RfmiFU3OnZ0SmiebNsl
Tb0TN6/V4ffXFhYHId+vFjfoQ+Ktn589gqmSOQR0121bMltYVbfdqfh8bT9inpVu
MrtDnn2aTqf9aCIY+0hHza+9X3CId6Yxvj8G2tWVFUZcXYIrWXv2zDTj4q6+sClz
YzED9GRhQgk1gK3qkxz3DD6oc25jY/yDnEQf2EwvGSCt5VOM4KAAHNb+e3OVcNOY
Lpel494s+oWKEs4U6TJjYsfW3JDoD8YjsxdqCNLTHprsegOSMA==
-----END CERTIFICATE-----