Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/sffX-nYGq99DvgVYzMMwhSdH-b0.roa
File:                     sffX-nYGq99DvgVYzMMwhSdH-b0.roa (raw, json)
Hash identifier:          qJpJb8/UgUaxOOKEDKlYdODRBedcDN+AFM16u72dA0w=
Subject key identifier:   B1:F7:D7:FA:76:06:AB:DF:43:BE:05:58:CC:C3:30:85:27:47:F9:BD
Certificate issuer:       /CN=22a5d84053e2b0c313af1e3ba5102466a5f79678
Certificate serial:       019326DD7E11AFA6BB6B814E3FDEADBA9CE2
Authority key identifier: 22:A5:D8:40:53:E2:B0:C3:13:AF:1E:3B:A5:10:24:66:A5:F7:96:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IqXYQFPisMMTrx47pRAkZqX3lng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/sffX-nYGq99DvgVYzMMwhSdH-b0.roa
Signing time:             Wed 13 Nov 2024 18:51:09 +0000
ROA not before:           Wed 13 Nov 2024 18:51:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        137.174.0.0/17 maxlen: 22
                          137.174.128.0/18 maxlen: 22
                          137.174.192.0/19 maxlen: 22
                          147.123.36.0/22 maxlen: 24
                          147.123.44.0/22 maxlen: 24
                          147.123.48.0/21 maxlen: 21
                          155.204.64.0/20 maxlen: 20
                          155.204.80.0/21 maxlen: 21
                          155.204.88.0/21 maxlen: 21
                          155.204.96.0/21 maxlen: 21
                          155.204.104.0/21 maxlen: 21
                          155.204.136.0/21 maxlen: 21
                          155.204.208.0/21 maxlen: 21

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:26:dd:7e:11:af:a6:bb:6b:81:4e:3f:de:ad:ba:9c:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22a5d84053e2b0c313af1e3ba5102466a5f79678
        Validity
            Not Before: Nov 13 18:51:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1f7d7fa7606abdf43be0558ccc330852747f9bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:01:b3:81:13:85:74:6d:06:aa:7d:85:d4:7c:
                    6b:e2:75:a0:ad:55:a0:e3:b0:5d:f0:d2:7a:dc:af:
                    07:93:7b:f1:1c:af:92:99:bd:74:24:79:f4:64:49:
                    44:ef:a1:3d:ce:0c:be:48:fc:2f:be:b0:b6:6b:4c:
                    c6:2d:f2:a4:68:70:8a:1e:49:e9:ec:1a:94:58:7b:
                    ae:8a:2f:85:ca:33:bd:bf:9f:33:bd:9c:46:6c:96:
                    79:8b:bd:d1:08:24:4b:1c:e3:64:9c:50:27:04:c4:
                    7a:d7:70:c0:ac:1d:2f:d1:14:3a:91:02:bf:ad:f3:
                    52:ae:f6:24:43:7f:83:1d:6a:2f:bb:c0:65:c9:9c:
                    7f:3c:74:08:bd:98:6f:96:74:b7:f5:25:4c:7b:cd:
                    92:b2:26:61:01:06:0a:3d:49:03:11:de:e5:df:73:
                    01:a4:1d:29:86:6b:19:74:62:e6:a3:75:e1:e3:6c:
                    e1:3f:9f:fc:49:38:7d:53:3e:fb:d0:c9:d1:92:48:
                    d8:bc:b0:7d:91:db:e6:8e:12:96:7f:6f:49:d9:97:
                    9e:3b:94:05:8b:bc:83:1e:7c:f4:74:7e:26:76:3d:
                    a0:8a:67:e6:5f:89:8c:2f:3d:6b:13:9f:f2:5a:bf:
                    38:d6:79:29:20:e4:7b:44:24:95:9f:da:0b:4c:03:
                    37:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F7:D7:FA:76:06:AB:DF:43:BE:05:58:CC:C3:30:85:27:47:F9:BD
            X509v3 Authority Key Identifier:
                keyid:22:A5:D8:40:53:E2:B0:C3:13:AF:1E:3B:A5:10:24:66:A5:F7:96:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqXYQFPisMMTrx47pRAkZqX3lng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/sffX-nYGq99DvgVYzMMwhSdH-b0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/IqXYQFPisMMTrx47pRAkZqX3lng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.174.0.0-137.174.223.255
                  147.123.36.0/22
                  147.123.44.0-147.123.55.255
                  155.204.64.0-155.204.111.255
                  155.204.136.0/21
                  155.204.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         04:73:fa:fe:dc:61:19:d9:a4:fd:31:9e:c4:da:b1:38:8b:ab:
         26:de:77:4c:3e:39:cd:49:51:a9:21:1e:b0:08:39:2a:f7:43:
         4e:b9:c6:bb:ba:b4:fc:1e:8e:f3:cd:e8:9f:9f:7c:0a:e6:34:
         6d:01:40:6f:13:c4:d6:0f:c7:b3:91:58:c0:23:ad:74:d4:7f:
         9e:73:21:c4:39:70:db:ad:07:ea:09:10:29:f8:3f:1c:e9:6e:
         85:c3:ac:c1:3c:95:ae:4b:4b:08:fc:aa:07:d0:83:65:77:63:
         fa:37:f9:df:06:f9:f9:39:f9:7c:96:8e:26:0a:69:60:9b:18:
         62:02:c5:50:3e:29:f4:62:9d:35:22:6f:6b:66:21:f9:8d:52:
         fb:28:03:09:b0:70:c6:a8:06:d8:c3:39:62:c5:cb:a9:a3:90:
         38:e7:f3:7e:2c:40:16:2a:c8:87:d8:67:c6:5c:26:63:28:1c:
         4c:af:c9:e9:b9:36:0e:73:4d:e4:67:fe:c0:e8:4b:0c:76:57:
         9a:80:65:72:d4:ab:6f:19:ce:75:72:67:b2:b2:78:83:0d:04:
         40:a0:6f:44:3f:01:de:5b:de:f9:40:87:f4:1b:b7:d5:af:d7:
         23:4d:22:df:d1:f7:2b:ca:ea:73:d7:1d:dd:dd:59:45:b6:b6:
         df:76:4a:dc
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZMm3X4Rr6a7a4FOP96tupziMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTVkODQwNTNlMmIwYzMxM2FmMWUzYmE1MTAyNDY2YTVm
Nzk2NzgwHhcNMjQxMTEzMTg1MTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWY3ZDdmYTc2MDZhYmRmNDNiZTA1NThjY2MzMzA4NTI3NDdmOWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwGzgROFdG0Gqn2F1Hxr4nWgrVWg
47Bd8NJ63K8Hk3vxHK+Smb10JHn0ZElE76E9zgy+SPwvvrC2a0zGLfKkaHCKHknp
7BqUWHuuii+FyjO9v58zvZxGbJZ5i73RCCRLHONknFAnBMR613DArB0v0RQ6kQK/
rfNSrvYkQ3+DHWovu8BlyZx/PHQIvZhvlnS39SVMe82SsiZhAQYKPUkDEd7l33MB
pB0phmsZdGLmo3Xh42zhP5/8STh9Uz770MnRkkjYvLB9kdvmjhKWf29J2ZeeO5QF
i7yDHnz0dH4mdj2gimfmX4mMLz1rE5/yWr841nkpIOR7RCSVn9oLTAM3RwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFLH31/p2BqvfQ74FWMzDMIUnR/m9MB8GA1UdIwQY
MBaAFCKl2EBT4rDDE68eO6UQJGal95Z4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFYWVFGUGlzTU1Ucng0N3BSQWtacVgzbG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9lM2ZiN2QtZGQ0Yi00ZDg1LWIwOGUt
NTkxY2FmNTM2ZWNjLzEvc2ZmWC1uWUdxOTlEdmdWWXpNTXdoU2RILWIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9lM2ZiN2QtZGQ0Yi00ZDg1LWIwOGUtNTkxY2FmNTM2ZWNj
LzEvSXFYWVFGUGlzTU1Ucng0N3BSQWtacVgzbG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzBBBAIAATA7MAsDAwGJrgME
BYmuwAMEApN7JDAMAwQCk3ssAwQDk3swMAwDBAabzEADBASbzGADBAObzIgDBAOb
zNAwDQYJKoZIhvcNAQELBQADggEBAARz+v7cYRnZpP0xnsTasTiLqybed0w+Oc1J
UakhHrAIOSr3Q065xru6tPwejvPN6J+ffArmNG0BQG8TxNYPx7ORWMAjrXTUf55z
IcQ5cNutB+oJECn4PxzpboXDrME8la5LSwj8qgfQg2V3Y/o3+d8G+fk5+XyWjiYK
aWCbGGICxVA+KfRinTUib2tmIfmNUvsoAwmwcMaoBtjDOWLFy6mjkDjn834sQBYq
yIfYZ8ZcJmMoHEyvyem5Ng5zTeRn/sDoSwx2V5qAZXLUq28ZznVyZ7KyeIMNBECg
b0Q/Ad5b3vlAh/Qbt9Wv1yNNIt/R9yvK6nPXHd3dWUW2tt92Stw=
-----END CERTIFICATE-----