Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/dRGC2CtNq1nebsBP9y6TgkmCi3o.roa
File:                     dRGC2CtNq1nebsBP9y6TgkmCi3o.roa (raw, json)
Hash identifier:          /DLfw9XcGpMwZ6/CVWbNkEA9AelilSIT/zgvxTutATw=
Subject key identifier:   75:11:82:D8:2B:4D:AB:59:DE:6E:C0:4F:F7:2E:93:82:49:82:8B:7A
Certificate issuer:       /CN=b2e448b4a08f0e4c58a283d80735a8a803e10d4e
Certificate serial:       019590E7DEDE8539C2DDCA42F91C44286917
Authority key identifier: B2:E4:48:B4:A0:8F:0E:4C:58:A2:83:D8:07:35:A8:A8:03:E1:0D:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/suRItKCPDkxYooPYBzWoqAPhDU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/dRGC2CtNq1nebsBP9y6TgkmCi3o.roa
Signing time:             Thu 13 Mar 2025 19:07:49 +0000
ROA not before:           Thu 13 Mar 2025 19:07:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3266
IP address blocks:        78.24.72.0/24 maxlen: 24
                          78.24.73.0/24 maxlen: 24
                          78.24.74.0/24 maxlen: 24
                          78.24.75.0/24 maxlen: 24
                          78.24.77.0/24 maxlen: 24
                          78.24.78.0/24 maxlen: 24
                          78.24.79.0/24 maxlen: 24
                          2a00:1908::/35 maxlen: 35
                          2a00:1908::/48 maxlen: 48
                          2a00:1908:2000::/35 maxlen: 35
                          2a00:1908:4000::/35 maxlen: 35
                          2a00:1908:6000::/35 maxlen: 35
                          2a00:1908:8000::/35 maxlen: 35
                          2a00:1908:a000::/35 maxlen: 35
                          2a00:1909::/32 maxlen: 32
                          2a00:1909::/48 maxlen: 48
                          2a00:190a::/32 maxlen: 32
                          2a00:190a::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:90:e7:de:de:85:39:c2:dd:ca:42:f9:1c:44:28:69:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2e448b4a08f0e4c58a283d80735a8a803e10d4e
        Validity
            Not Before: Mar 13 19:07:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=751182d82b4dab59de6ec04ff72e938249828b7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e5:49:ce:f7:b2:f7:01:fb:8f:eb:e2:10:c6:
                    c6:1b:6e:c9:aa:43:bc:c0:17:ea:dc:5b:a5:b9:e0:
                    ad:ae:a8:3f:14:34:e3:89:be:92:a7:01:b8:ee:fd:
                    bf:94:c7:ea:6c:e9:85:55:5b:52:c7:1e:64:f7:2d:
                    a5:81:93:6e:76:22:d5:2e:46:21:fa:c4:7b:1c:ff:
                    26:28:d3:29:ab:45:61:19:45:da:6a:c6:b0:00:63:
                    b3:e1:d2:37:65:f2:a7:88:fe:78:76:07:d6:44:5d:
                    b0:5b:bd:69:d4:4d:9d:ed:1d:01:72:75:7c:11:7b:
                    1a:b8:49:65:09:82:71:bf:80:7a:20:cc:85:92:0c:
                    56:01:0d:2a:b7:96:03:88:0e:73:63:b7:ab:4f:38:
                    de:14:9a:c1:a1:98:01:1d:ff:ab:73:d4:a7:df:58:
                    95:05:c6:9b:27:2a:4e:89:ae:94:1f:e3:f0:fd:33:
                    77:c9:e0:90:95:cf:81:bf:f6:4f:1d:89:60:5d:8b:
                    98:45:44:e7:eb:ef:54:7b:82:8f:5c:b8:76:e7:bd:
                    50:c4:4d:09:30:73:36:3b:4d:64:6a:e9:cd:59:06:
                    6f:13:5b:7c:c8:09:61:40:87:79:4a:af:fc:b3:cf:
                    2f:51:d8:b7:06:7e:b0:29:00:d7:0d:4f:90:b1:7c:
                    dd:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:11:82:D8:2B:4D:AB:59:DE:6E:C0:4F:F7:2E:93:82:49:82:8B:7A
            X509v3 Authority Key Identifier:
                keyid:B2:E4:48:B4:A0:8F:0E:4C:58:A2:83:D8:07:35:A8:A8:03:E1:0D:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/suRItKCPDkxYooPYBzWoqAPhDU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/dRGC2CtNq1nebsBP9y6TgkmCi3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/suRItKCPDkxYooPYBzWoqAPhDU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.72.0/22
                  78.24.77.0-78.24.79.255
                IPv6:
                  2a00:1908::-2a00:1908:bfff:ffff:ffff:ffff:ffff:ffff
                  2a00:1909::-2a00:190a:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         2b:27:23:c7:cc:88:08:4c:0c:ae:a3:43:d0:ec:ce:74:a5:36:
         00:e7:3d:68:43:88:e5:6a:1b:48:39:cb:69:6f:97:d9:82:79:
         11:ed:c1:5c:df:da:af:d8:ed:37:e8:7c:5c:52:eb:9d:36:07:
         eb:9d:84:ee:e1:be:82:49:7a:cd:70:89:60:d8:a6:ea:fc:0f:
         68:4b:52:f6:ad:b6:20:ef:03:0b:9d:82:d7:44:a4:eb:7e:b9:
         33:e7:fc:f9:fa:d5:28:57:fa:cc:7e:ea:81:79:5e:09:49:e3:
         3b:8c:48:4b:73:ed:94:5a:c6:cc:8a:c6:14:c9:ac:82:a1:2d:
         84:89:4b:5b:c6:f9:1a:00:0a:be:a2:77:c8:a7:b8:ff:38:c6:
         91:54:6a:ab:8f:88:5f:56:6d:49:5f:22:dc:73:df:a5:df:36:
         1b:ab:fe:0a:54:d0:03:aa:2e:7e:49:30:1a:33:7f:59:7d:84:
         30:a4:fe:4e:8c:d6:d1:79:f0:d7:ac:00:76:57:7f:ce:ca:12:
         30:56:c8:a9:c2:de:e9:1e:6f:f3:1c:7e:34:5d:17:1d:66:35:
         4d:21:0e:56:f7:05:72:3d:8d:57:28:62:77:1f:39:f7:9d:75:
         5c:18:76:70:06:51:b8:e1:36:17:ae:1b:13:8d:20:31:d3:3e:
         e2:23:20:b5
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAZWQ597ehTnC3cpC+RxEKGkXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZTQ0OGI0YTA4ZjBlNGM1OGEyODNkODA3MzVhOGE4MDNl
MTBkNGUwHhcNMjUwMzEzMTkwNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTExODJkODJiNGRhYjU5ZGU2ZWMwNGZmNzJlOTM4MjQ5ODI4YjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuVJzvey9wH7j+viEMbGG27JqkO8
wBfq3FulueCtrqg/FDTjib6SpwG47v2/lMfqbOmFVVtSxx5k9y2lgZNudiLVLkYh
+sR7HP8mKNMpq0VhGUXaasawAGOz4dI3ZfKniP54dgfWRF2wW71p1E2d7R0BcnV8
EXsauEllCYJxv4B6IMyFkgxWAQ0qt5YDiA5zY7erTzjeFJrBoZgBHf+rc9Sn31iV
BcabJypOia6UH+Pw/TN3yeCQlc+Bv/ZPHYlgXYuYRUTn6+9Ue4KPXLh2571QxE0J
MHM2O01kaunNWQZvE1t8yAlhQId5Sq/8s88vUdi3Bn6wKQDXDU+QsXzdfQIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFHURgtgrTatZ3m7AT/cuk4JJgot6MB8GA1UdIwQY
MBaAFLLkSLSgjw5MWKKD2Ac1qKgD4Q1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3VSSXRLQ1BEa3hZb29QWUJ6V29xQVBoRFU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9hNzA2OGEtOTJiYS00MmVhLTk5NjYt
MjA1NGQ0ZTkwM2JjLzEvZFJHQzJDdE5xMW5lYnNCUDl5NlRna21DaTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9hNzA2OGEtOTJiYS00MmVhLTk5NjYtMjA1NGQ0ZTkwM2Jj
LzEvc3VSSXRLQ1BEa3hZb29QWUJ6V29xQVBoRFU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTAaBAIAATAUAwQCThhIMAwD
BABOGE0DBAROGEAwJwQCAAIwITAPAwUDKgAZCAMGBioAGQiAMA4DBQAqABkJAwUA
KgAZCjANBgkqhkiG9w0BAQsFAAOCAQEAKycjx8yICEwMrqND0OzOdKU2AOc9aEOI
5WobSDnLaW+X2YJ5Ee3BXN/ar9jtN+h8XFLrnTYH652E7uG+gkl6zXCJYNim6vwP
aEtS9q22IO8DC52C10Sk6365M+f8+frVKFf6zH7qgXleCUnjO4xIS3PtlFrGzIrG
FMmsgqEthIlLW8b5GgAKvqJ3yKe4/zjGkVRqq4+IX1ZtSV8i3HPfpd82G6v+ClTQ
A6oufkkwGjN/WX2EMKT+TozW0Xnw16wAdld/zsoSMFbIqcLe6R5v8xx+NF0XHWY1
TSEOVvcFcj2NVyhidx859511XBh2cAZRuOE2F64bE40gMdM+4iMgtQ==
-----END CERTIFICATE-----