Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/56-izg9fvz7DtMwkbjrRGx7K9M4.roa
File:                     56-izg9fvz7DtMwkbjrRGx7K9M4.roa (raw, json)
Hash identifier:          UW2kU7AwmdpcAwGnmK9hJHFYl7KIrM5tCoKFpCYSKow=
Subject key identifier:   E7:AF:A2:CE:0F:5F:BF:3E:C3:B4:CC:24:6E:3A:D1:1B:1E:CA:F4:CE
Certificate issuer:       /CN=4173eeb8d02f5f64788b3fdc78d6bab8a55fd16a
Certificate serial:       0195D6BE4AABAE41FA4D9E7E61B5F702C2C1
Authority key identifier: 41:73:EE:B8:D0:2F:5F:64:78:8B:3F:DC:78:D6:BA:B8:A5:5F:D1:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/56-izg9fvz7DtMwkbjrRGx7K9M4.roa
Signing time:             Thu 27 Mar 2025 08:35:49 +0000
ROA not before:           Thu 27 Mar 2025 08:35:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9002
IP address blocks:        31.128.32.0/22 maxlen: 24
                          37.233.84.0/23 maxlen: 24
                          37.233.86.0/24 maxlen: 24
                          45.130.212.0/22 maxlen: 24
                          77.73.233.0/24 maxlen: 24
                          77.73.235.0/24 maxlen: 24
                          77.73.238.0/24 maxlen: 24
                          83.222.20.0/23 maxlen: 24
                          90.156.254.0/23 maxlen: 24
                          91.218.142.0/23 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d6:be:4a:ab:ae:41:fa:4d:9e:7e:61:b5:f7:02:c2:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4173eeb8d02f5f64788b3fdc78d6bab8a55fd16a
        Validity
            Not Before: Mar 27 08:35:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7afa2ce0f5fbf3ec3b4cc246e3ad11b1ecaf4ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:60:48:c3:68:16:68:39:6d:77:e2:2d:f0:8d:
                    7d:18:87:32:f6:ed:ac:ff:f7:0c:0b:66:be:8b:ea:
                    ac:e0:4f:1b:fc:9d:ac:28:08:eb:ad:e1:ab:fd:22:
                    c9:e1:0e:97:27:da:de:e7:39:56:fb:d2:d0:6d:f3:
                    98:7d:71:24:42:bc:66:43:b8:0b:49:c1:53:c4:ad:
                    8e:d4:eb:eb:a3:74:67:27:32:2f:60:88:47:96:5a:
                    21:54:7c:83:3d:c5:d8:7d:07:5f:31:ec:67:f0:b8:
                    fe:16:a5:05:de:83:b6:c3:e5:6e:54:db:2c:31:ba:
                    01:e9:e1:c6:de:45:96:7a:f3:43:f1:52:53:d7:3b:
                    c2:8b:7e:a6:be:30:ea:05:c2:96:27:9d:2a:37:74:
                    2d:a6:7a:48:99:ff:eb:5d:1f:ac:3c:c1:b5:ad:39:
                    6d:78:ca:e6:f5:9b:a2:dc:9e:1f:ea:e4:d3:aa:a1:
                    43:d5:95:42:6d:f2:b2:61:0f:df:8c:ef:fe:90:71:
                    cb:b7:7f:63:59:85:92:64:d7:ec:2f:20:3d:c0:e3:
                    50:f8:60:31:14:d0:b9:70:7c:5c:af:97:03:51:e5:
                    ba:06:d3:6d:4e:ad:86:94:6d:9e:4b:73:45:67:26:
                    66:e5:59:32:6e:1c:44:37:0c:c6:48:34:2c:be:04:
                    32:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:AF:A2:CE:0F:5F:BF:3E:C3:B4:CC:24:6E:3A:D1:1B:1E:CA:F4:CE
            X509v3 Authority Key Identifier:
                keyid:41:73:EE:B8:D0:2F:5F:64:78:8B:3F:DC:78:D6:BA:B8:A5:5F:D1:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/56-izg9fvz7DtMwkbjrRGx7K9M4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.128.32.0/22
                  37.233.84.0-37.233.86.255
                  45.130.212.0/22
                  77.73.233.0/24
                  77.73.235.0/24
                  77.73.238.0/24
                  83.222.20.0/23
                  90.156.254.0/23
                  91.218.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:17:a1:c9:49:ab:25:10:f1:eb:70:43:c2:82:2f:0a:09:33:
         f9:02:50:e6:54:e5:68:ee:5c:90:b1:91:b9:0b:3f:c9:ea:19:
         8f:5d:1b:6b:bb:4d:3e:d8:bd:3d:06:6f:5c:f8:e7:1b:fb:3a:
         7d:86:fa:04:69:36:66:39:40:47:64:4e:d3:0e:78:bd:a9:a1:
         b8:05:99:d2:ce:ad:1d:ee:5c:ee:b5:fc:53:85:6b:67:df:25:
         c9:83:7e:d5:d8:62:f5:01:11:0b:51:c2:e1:f5:18:5f:10:6b:
         a6:f8:f1:86:04:e2:5f:22:ef:85:ec:21:5f:88:7a:34:fa:32:
         02:c0:a2:bb:57:49:2b:5b:55:ee:0c:da:56:b8:d3:b3:0e:ca:
         21:25:3f:e0:a2:78:e4:66:2f:f6:4f:99:c0:fe:f9:7c:7b:e8:
         e9:ee:b5:a2:b7:9c:45:23:e7:72:f5:e4:48:42:25:a2:df:cb:
         1e:19:f6:cd:60:95:38:81:3c:cd:17:dc:ec:50:25:f9:88:94:
         5a:ed:0b:61:58:47:e9:6d:ff:ea:47:4d:2f:74:e6:c8:27:3c:
         a5:6a:fb:68:ca:03:7e:d2:62:96:89:58:ae:82:68:ea:fb:b3:
         63:4c:ce:6c:05:51:61:89:91:19:99:0a:27:3f:fa:16:3a:78:
         49:40:98:cc
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZXWvkqrrkH6TZ5+YbX3AsLBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNzNlZWI4ZDAyZjVmNjQ3ODhiM2ZkYzc4ZDZiYWI4YTU1
ZmQxNmEwHhcNMjUwMzI3MDgzNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2FmYTJjZTBmNWZiZjNlYzNiNGNjMjQ2ZTNhZDExYjFlY2FmNGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmBIw2gWaDltd+It8I19GIcy9u2s
//cMC2a+i+qs4E8b/J2sKAjrreGr/SLJ4Q6XJ9re5zlW+9LQbfOYfXEkQrxmQ7gL
ScFTxK2O1Ovro3RnJzIvYIhHllohVHyDPcXYfQdfMexn8Lj+FqUF3oO2w+VuVNss
MboB6eHG3kWWevND8VJT1zvCi36mvjDqBcKWJ50qN3QtpnpImf/rXR+sPMG1rTlt
eMrm9Zui3J4f6uTTqqFD1ZVCbfKyYQ/fjO/+kHHLt39jWYWSZNfsLyA9wONQ+GAx
FNC5cHxcr5cDUeW6BtNtTq2GlG2eS3NFZyZm5VkybhxENwzGSDQsvgQyKQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFOevos4PX78+w7TMJG460RseyvTOMB8GA1UdIwQY
MBaAFEFz7rjQL19keIs/3HjWurilX9FqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVhQdXVOQXZYMlI0aXpfY2VOYTZ1S1ZmMFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ODkyYTktM2IzNy00ZDM5LTljMmIt
ZDgzZWQxNDBkMjhkLzEvNTYtaXpnOWZ2ejdEdE13a2JqclJHeDdLOU00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ODkyYTktM2IzNy00ZDM5LTljMmItZDgzZWQxNDBkMjhk
LzEvUVhQdXVOQXZYMlI0aXpfY2VOYTZ1S1ZmMFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQCH4AgMAwD
BAIl6VQDBAAl6VYDBAItgtQDBABNSekDBABNSesDBABNSe4DBAFT3hQDBAFanP4D
BAFb2o4wDQYJKoZIhvcNAQELBQADggEBABYXoclJqyUQ8etwQ8KCLwoJM/kCUOZU
5WjuXJCxkbkLP8nqGY9dG2u7TT7YvT0Gb1z45xv7On2G+gRpNmY5QEdkTtMOeL2p
obgFmdLOrR3uXO61/FOFa2ffJcmDftXYYvUBEQtRwuH1GF8Qa6b48YYE4l8i74Xs
IV+IejT6MgLAortXSStbVe4M2la407MOyiElP+CieORmL/ZPmcD++Xx76OnutaK3
nEUj53L15EhCJaLfyx4Z9s1glTiBPM0X3OxQJfmIlFrtC2FYR+lt/+pHTS905sgn
PKVq+2jKA37SYpaJWK6CaOr7s2NMzmwFUWGJkRmZCic/+hY6eElAmMw=
-----END CERTIFICATE-----