Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/V838UxuCkE3z_LyO9h8ieI7lUk0.roa
File:                     V838UxuCkE3z_LyO9h8ieI7lUk0.roa (raw, json)
Hash identifier:          JyAJpr0qUTJ71Okf4yLwrhCO9D5t0tKugS+wJyo7zFA=
Subject key identifier:   57:CD:FC:53:1B:82:90:4D:F3:FC:BC:8E:F6:1F:22:78:8E:E5:52:4D
Certificate issuer:       /CN=49378660f5f01923946c35d94be5ccd7d2b71051
Certificate serial:       0193B4C04F8DBB25BC3F75CD2C011432E69C
Authority key identifier: 49:37:86:60:F5:F0:19:23:94:6C:35:D9:4B:E5:CC:D7:D2:B7:10:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/STeGYPXwGSOUbDXZS-XM19K3EFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/V838UxuCkE3z_LyO9h8ieI7lUk0.roa
Signing time:             Wed 11 Dec 2024 08:05:22 +0000
ROA not before:           Wed 11 Dec 2024 08:05:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203593
IP address blocks:        157.97.163.0/24 maxlen: 24
                          185.129.252.0/24 maxlen: 24
                          185.129.253.0/24 maxlen: 24
                          185.129.254.0/24 maxlen: 24
                          185.129.255.0/24 maxlen: 24
                          193.254.202.0/24 maxlen: 24
                          193.254.203.0/24 maxlen: 24
                          213.244.32.0/24 maxlen: 24
                          213.244.33.0/24 maxlen: 24
                          213.244.34.0/24 maxlen: 24
                          213.244.35.0/24 maxlen: 24
                          213.244.36.0/24 maxlen: 24
                          213.244.37.0/24 maxlen: 24
                          213.244.38.0/24 maxlen: 24
                          213.244.39.0/24 maxlen: 24
                          213.244.40.0/24 maxlen: 24
                          213.244.41.0/24 maxlen: 24
                          213.244.42.0/24 maxlen: 24
                          2a06:d680::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:b4:c0:4f:8d:bb:25:bc:3f:75:cd:2c:01:14:32:e6:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49378660f5f01923946c35d94be5ccd7d2b71051
        Validity
            Not Before: Dec 11 08:05:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57cdfc531b82904df3fcbc8ef61f22788ee5524d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ed:c8:8c:60:2c:8b:0c:00:52:ba:22:a0:20:
                    73:4a:9e:06:50:64:44:c2:63:ee:f8:df:d0:a8:6a:
                    ab:02:32:7a:0c:d5:08:f6:3a:ff:ad:3c:78:84:13:
                    09:92:78:16:65:53:c7:12:ff:a6:16:20:cd:55:52:
                    d4:18:38:4d:1c:0e:ca:d0:1f:cf:b5:45:47:00:31:
                    ef:37:ed:54:a2:0b:d9:9c:16:55:dd:5d:a2:15:19:
                    85:05:87:d1:8e:87:1e:b7:f8:2f:32:4d:7a:ed:c8:
                    1f:ca:0f:47:dd:37:e0:e0:36:db:f5:42:83:88:b0:
                    fd:0a:7e:e7:bc:4f:45:e3:c0:32:86:ae:7f:f6:db:
                    08:9a:bc:00:e7:15:fc:67:3f:66:77:bb:b6:38:3e:
                    1e:fa:b5:20:c2:9a:47:1e:9e:96:5b:a1:a0:db:4a:
                    dd:39:1d:d0:a3:b3:5b:ca:30:ce:c7:67:9d:be:45:
                    f4:8d:67:72:9a:e9:76:8a:60:78:f7:c1:87:a6:a2:
                    06:f5:a0:fc:35:32:8d:fe:38:89:6c:f7:6e:8e:8d:
                    bd:5d:f9:58:4a:76:b4:2f:10:22:c7:2f:bd:b7:ba:
                    3f:33:78:5a:38:28:59:d7:63:c6:b9:6f:d6:3c:cf:
                    ad:d8:03:88:3d:2d:45:7e:ff:2a:ec:4c:be:1e:06:
                    1b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:CD:FC:53:1B:82:90:4D:F3:FC:BC:8E:F6:1F:22:78:8E:E5:52:4D
            X509v3 Authority Key Identifier:
                keyid:49:37:86:60:F5:F0:19:23:94:6C:35:D9:4B:E5:CC:D7:D2:B7:10:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/STeGYPXwGSOUbDXZS-XM19K3EFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/V838UxuCkE3z_LyO9h8ieI7lUk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/STeGYPXwGSOUbDXZS-XM19K3EFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.97.163.0/24
                  185.129.252.0/22
                  193.254.202.0/23
                  213.244.32.0-213.244.42.255
                IPv6:
                  2a06:d680::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:a0:4e:db:0b:98:86:20:3c:7c:49:98:8e:e8:8e:d0:ea:48:
         65:77:12:fb:b3:d7:cc:52:fc:83:4e:8d:74:dd:7b:37:79:c0:
         7e:c9:2e:62:30:63:25:86:76:68:87:72:45:95:4d:c6:12:99:
         21:39:c1:46:4f:8f:a7:29:c1:bc:69:58:fd:a9:7e:a7:de:56:
         ac:2c:3a:cb:77:5e:5d:2a:a6:ea:03:c7:f7:0b:4c:5d:da:81:
         12:b9:c0:88:2f:04:90:e9:86:fb:91:70:e3:6b:0f:58:7f:b5:
         05:56:2c:bb:d5:d1:37:56:1c:89:4b:28:97:c0:a9:b6:01:a0:
         2e:85:3f:69:c8:f5:ac:69:67:46:d0:6e:c5:04:33:1f:eb:aa:
         f2:ad:7b:54:1a:a1:e6:06:65:78:cb:e1:f9:0f:ab:3f:bc:39:
         4e:31:68:1a:c2:08:49:b3:1e:dd:cd:34:0f:37:79:3c:c5:eb:
         ed:c9:09:ee:62:73:2d:25:15:5d:7d:cf:84:a1:ea:26:4c:1a:
         20:4f:00:86:64:1b:d9:d1:b3:e1:d0:ca:29:63:a5:88:f5:9a:
         5c:8a:92:a9:65:a8:f9:89:f8:63:1c:cd:f2:11:4b:91:d6:1b:
         dd:21:95:fc:58:33:2c:75:ac:e3:85:84:e7:cc:e0:28:13:ef:
         70:47:4d:19
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZO0wE+NuyW8P3XNLAEUMuacMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5Mzc4NjYwZjVmMDE5MjM5NDZjMzVkOTRiZTVjY2Q3ZDJi
NzEwNTEwHhcNMjQxMjExMDgwNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2NkZmM1MzFiODI5MDRkZjNmY2JjOGVmNjFmMjI3ODhlZTU1MjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvu3IjGAsiwwAUroioCBzSp4GUGRE
wmPu+N/QqGqrAjJ6DNUI9jr/rTx4hBMJkngWZVPHEv+mFiDNVVLUGDhNHA7K0B/P
tUVHADHvN+1UogvZnBZV3V2iFRmFBYfRjocet/gvMk167cgfyg9H3Tfg4Dbb9UKD
iLD9Cn7nvE9F48Ayhq5/9tsImrwA5xX8Zz9md7u2OD4e+rUgwppHHp6WW6Gg20rd
OR3Qo7NbyjDOx2edvkX0jWdymul2imB498GHpqIG9aD8NTKN/jiJbPdujo29XflY
Sna0LxAixy+9t7o/M3haOChZ12PGuW/WPM+t2AOIPS1Ffv8q7Ey+HgYb/wIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFFfN/FMbgpBN8/y8jvYfIniO5VJNMB8GA1UdIwQY
MBaAFEk3hmD18BkjlGw12UvlzNfStxBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1RlR1lQWHdHU09VYkRYWlMtWE0xOUszRUZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8wN2NkY2YtODg3NS00NzcwLThjNzUt
NDFiNzQ1YmY1M2RiLzEvVjgzOFV4dUNrRTN6X0x5TzloOGllSTdsVWswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8wN2NkY2YtODg3NS00NzcwLThjNzUtNDFiNzQ1YmY1M2Ri
LzEvU1RlR1lQWHdHU09VYkRYWlMtWE0xOUszRUZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgAwQAnWGjAwQC
uYH8AwQBwf7KMAwDBAXV9CADBADV9CowDQQCAAIwBwMFAyoG1oAwDQYJKoZIhvcN
AQELBQADggEBABSgTtsLmIYgPHxJmI7ojtDqSGV3Evuz18xS/INOjXTdezd5wH7J
LmIwYyWGdmiHckWVTcYSmSE5wUZPj6cpwbxpWP2pfqfeVqwsOst3Xl0qpuoDx/cL
TF3agRK5wIgvBJDphvuRcONrD1h/tQVWLLvV0TdWHIlLKJfAqbYBoC6FP2nI9axp
Z0bQbsUEMx/rqvKte1QaoeYGZXjL4fkPqz+8OU4xaBrCCEmzHt3NNA83eTzF6+3J
Ce5icy0lFV19z4Sh6iZMGiBPAIZkG9nRs+HQyiljpYj1mlyKkqllqPmJ+GMczfIR
S5HWG90hlfxYMyx1rOOFhOfM4CgT73BHTRk=
-----END CERTIFICATE-----