Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/d60fd8-03d5-4aab-9dab-2e20a79f7145/1/w4V_TjeH7dLAgq7qSzPwinxxOG4.roa
File:                     w4V_TjeH7dLAgq7qSzPwinxxOG4.roa (raw, json)
Hash identifier:          6GCYoFHD3EJJhlFtbdNd/9KCCDomHYZ8sStHyLnmZws=
Subject key identifier:   C3:85:7F:4E:37:87:ED:D2:C0:82:AE:EA:4B:33:F0:8A:7C:71:38:6E
Certificate issuer:       /CN=7bcb127c7cd778607296b88386e894ae1de385bf
Certificate serial:       0195FF0321798F12ABA0148945458B640844
Authority key identifier: 7B:CB:12:7C:7C:D7:78:60:72:96:B8:83:86:E8:94:AE:1D:E3:85:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e8sSfHzXeGBylriDhuiUrh3jhb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/d60fd8-03d5-4aab-9dab-2e20a79f7145/1/w4V_TjeH7dLAgq7qSzPwinxxOG4.roa
Signing time:             Fri 04 Apr 2025 04:15:50 +0000
ROA not before:           Fri 04 Apr 2025 04:15:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198430
IP address blocks:        46.174.168.0/21 maxlen: 24
                          46.174.169.0/24 maxlen: 24
                          91.234.252.0/23 maxlen: 24
                          91.237.172.0/23 maxlen: 24
                          91.239.28.0/22 maxlen: 24
                          91.246.168.0/22 maxlen: 24
                          193.150.50.0/23 maxlen: 24
                          194.28.228.0/22 maxlen: 24
                          194.28.228.0/23 maxlen: 23
                          194.28.228.0/24 maxlen: 24
                          194.28.229.0/24 maxlen: 24
                          194.28.230.0/23 maxlen: 23
                          194.28.230.0/24 maxlen: 24
                          194.28.231.0/24 maxlen: 24
                          2001:678:d40::/48 maxlen: 64

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ff:03:21:79:8f:12:ab:a0:14:89:45:45:8b:64:08:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bcb127c7cd778607296b88386e894ae1de385bf
        Validity
            Not Before: Apr  4 04:15:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3857f4e3787edd2c082aeea4b33f08a7c71386e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b1:93:86:6c:92:59:62:2e:4b:8d:b1:2d:50:
                    e8:7d:9c:df:f7:1a:29:ee:9e:b5:06:92:17:86:0b:
                    74:86:fd:b2:3b:3d:ec:0d:de:c4:2c:15:d4:b8:a7:
                    f0:6c:90:83:d2:12:f7:f0:5d:1b:55:61:5e:21:20:
                    fd:f5:3d:ba:13:e1:23:f0:fc:ec:05:37:aa:9b:d7:
                    e6:f5:26:ee:38:19:49:ad:9e:48:51:8d:8b:39:03:
                    01:6e:9e:da:49:f4:5d:3c:90:1f:a2:5c:dc:5a:45:
                    b6:cd:a2:88:d4:29:20:82:b1:7b:cb:64:f0:72:59:
                    15:bb:d9:48:d2:98:fe:45:8a:1c:fe:d2:4a:db:3f:
                    c5:7c:a6:56:49:dc:3b:62:68:c2:46:49:92:df:92:
                    47:4d:c9:e8:2d:0b:30:df:30:f4:05:7c:6f:3c:e2:
                    69:02:c3:f9:fa:84:98:1a:df:0d:fc:ae:e1:99:a3:
                    86:a0:26:2f:40:f3:5a:84:42:81:34:23:ed:a8:0e:
                    89:7b:ce:42:17:f7:6d:5b:9a:5d:63:b8:9f:c3:3c:
                    42:0c:17:2e:d2:50:bc:f6:4a:89:7d:80:e1:b3:e6:
                    63:33:87:6f:89:e4:59:0e:f7:78:ee:8b:ca:f0:36:
                    17:73:94:a1:df:55:6c:62:d7:63:60:25:f7:52:6b:
                    69:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:85:7F:4E:37:87:ED:D2:C0:82:AE:EA:4B:33:F0:8A:7C:71:38:6E
            X509v3 Authority Key Identifier:
                keyid:7B:CB:12:7C:7C:D7:78:60:72:96:B8:83:86:E8:94:AE:1D:E3:85:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8sSfHzXeGBylriDhuiUrh3jhb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/d60fd8-03d5-4aab-9dab-2e20a79f7145/1/w4V_TjeH7dLAgq7qSzPwinxxOG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/d60fd8-03d5-4aab-9dab-2e20a79f7145/1/e8sSfHzXeGBylriDhuiUrh3jhb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.174.168.0/21
                  91.234.252.0/23
                  91.237.172.0/23
                  91.239.28.0/22
                  91.246.168.0/22
                  193.150.50.0/23
                  194.28.228.0/22
                IPv6:
                  2001:678:d40::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:96:08:01:2b:99:ca:ff:39:62:8e:e1:1d:3c:0b:ca:25:52:
         8d:ef:5d:3a:82:c8:2e:c2:a5:2d:d4:11:9c:8a:25:34:1c:6b:
         a5:68:90:5f:f1:db:26:24:48:60:53:61:bc:4d:aa:bc:fa:17:
         94:21:12:51:6c:b0:3f:aa:ff:ba:39:18:21:f6:a5:1e:fe:35:
         72:66:56:c7:06:9f:c8:1b:45:9d:e1:c7:4a:2f:bf:d6:99:27:
         31:5a:94:c7:b7:a0:ce:31:ec:b9:b5:8d:36:7d:72:3c:d0:55:
         53:04:b3:4e:d9:47:3c:c2:e7:9b:52:1e:4e:f5:5c:68:f7:c2:
         10:04:7a:5e:1d:6a:75:71:6b:ec:de:4c:77:c5:da:b4:e9:1f:
         79:b8:77:5e:f8:fb:c9:d9:21:e3:f5:56:3a:3f:cc:e7:a6:9b:
         e3:48:5c:b6:5a:90:bd:42:1c:13:db:45:71:f1:cd:23:29:1c:
         95:f0:ad:19:d9:c7:70:69:62:20:53:52:45:b1:91:0a:e2:50:
         f4:9d:f9:07:03:10:79:7f:f0:d4:0a:6c:23:92:de:66:2f:e4:
         b1:11:9f:f7:7c:d8:a8:08:95:6e:f2:64:bf:90:4a:38:5a:0b:
         97:af:50:4b:50:9f:da:9e:a6:d2:e8:d6:a7:af:a8:96:a0:94:
         2d:69:78:7c
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZX/AyF5jxKroBSJRUWLZAhEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiY2IxMjdjN2NkNzc4NjA3Mjk2Yjg4Mzg2ZTg5NGFlMWRl
Mzg1YmYwHhcNMjUwNDA0MDQxNTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzg1N2Y0ZTM3ODdlZGQyYzA4MmFlZWE0YjMzZjA4YTdjNzEzODZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbGThmySWWIuS42xLVDofZzf9xop
7p61BpIXhgt0hv2yOz3sDd7ELBXUuKfwbJCD0hL38F0bVWFeISD99T26E+Ej8Pzs
BTeqm9fm9SbuOBlJrZ5IUY2LOQMBbp7aSfRdPJAfolzcWkW2zaKI1CkggrF7y2Tw
clkVu9lI0pj+RYoc/tJK2z/FfKZWSdw7YmjCRkmS35JHTcnoLQsw3zD0BXxvPOJp
AsP5+oSYGt8N/K7hmaOGoCYvQPNahEKBNCPtqA6Je85CF/dtW5pdY7ifwzxCDBcu
0lC89kqJfYDhs+ZjM4dvieRZDvd47ovK8DYXc5Sh31VsYtdjYCX3UmtpKwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFMOFf043h+3SwIKu6ksz8Ip8cThuMB8GA1UdIwQY
MBaAFHvLEnx813hgcpa4g4bolK4d44W/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZThzU2ZIelhlR0J5bHJpRGh1aVVyaDNqaGI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9kNjBmZDgtMDNkNS00YWFiLTlkYWIt
MmUyMGE3OWY3MTQ1LzEvdzRWX1RqZUg3ZExBZ3E3cVN6UHdpbnh4T0c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9kNjBmZDgtMDNkNS00YWFiLTlkYWItMmUyMGE3OWY3MTQ1
LzEvZThzU2ZIelhlR0J5bHJpRGh1aVVyaDNqaGI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAwBAIAATAqAwQDLq6oAwQB
W+r8AwQBW+2sAwQCW+8cAwQCW/aoAwQBwZYyAwQCwhzkMA8EAgACMAkDBwAgAQZ4
DUAwDQYJKoZIhvcNAQELBQADggEBAHOWCAErmcr/OWKO4R08C8olUo3vXTqCyC7C
pS3UEZyKJTQca6VokF/x2yYkSGBTYbxNqrz6F5QhElFssD+q/7o5GCH2pR7+NXJm
VscGn8gbRZ3hx0ovv9aZJzFalMe3oM4x7Lm1jTZ9cjzQVVMEs07ZRzzC55tSHk71
XGj3whAEel4danVxa+zeTHfF2rTpH3m4d174+8nZIeP1Vjo/zOemm+NIXLZakL1C
HBPbRXHxzSMpHJXwrRnZx3BpYiBTUkWxkQriUPSd+QcDEHl/8NQKbCOS3mYv5LER
n/d82KgIlW7yZL+QSjhaC5evUEtQn9qeptLo1qevqJaglC1peHw=
-----END CERTIFICATE-----