Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/403528-9e7c-4b64-9599-ba032323744c/1/fwxt0QHyh3ttD260VFCya7TU-1s.roa
File:                     fwxt0QHyh3ttD260VFCya7TU-1s.roa (raw, json)
Hash identifier:          9i1HvobHCHHVWkd92tpYtwhAF4c8uqpeWhFp9/w1WdA=
Subject key identifier:   7F:0C:6D:D1:01:F2:87:7B:6D:0F:6E:B4:54:50:B2:6B:B4:D4:FB:5B
Certificate issuer:       /CN=50d4ac320965ab4991108501a0602a6893e63fec
Certificate serial:       01954C6DF2BD5506D3CB53CCFE0F0D8C860D
Authority key identifier: 50:D4:AC:32:09:65:AB:49:91:10:85:01:A0:60:2A:68:93:E6:3F:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UNSsMgllq0mREIUBoGAqaJPmP-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/403528-9e7c-4b64-9599-ba032323744c/1/fwxt0QHyh3ttD260VFCya7TU-1s.roa
Signing time:             Fri 28 Feb 2025 12:00:28 +0000
ROA not before:           Fri 28 Feb 2025 12:00:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24953
IP address blocks:        80.64.140.0/22 maxlen: 22
                          83.216.192.0/20 maxlen: 20
                          89.185.96.0/19 maxlen: 19
                          89.185.104.0/24 maxlen: 24
                          89.185.105.0/24 maxlen: 24
                          91.220.239.0/24 maxlen: 24
                          185.34.196.0/22 maxlen: 22
                          185.167.240.0/22 maxlen: 24
                          185.213.124.0/22 maxlen: 22
                          185.224.120.0/22 maxlen: 22
                          195.95.163.0/24 maxlen: 24
                          2001:1ad0::/32 maxlen: 32
                          2001:1ad0:c4fc::/46 maxlen: 48
                          2a0b:c200::/29 maxlen: 32
                          2a0b:c200:cafe::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:4c:6d:f2:bd:55:06:d3:cb:53:cc:fe:0f:0d:8c:86:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50d4ac320965ab4991108501a0602a6893e63fec
        Validity
            Not Before: Feb 28 12:00:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f0c6dd101f2877b6d0f6eb45450b26bb4d4fb5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5a:07:dc:d4:8e:c4:c3:a0:9b:dc:a8:2e:cf:
                    76:d0:9d:f4:c4:8a:f5:e6:e3:9f:23:c0:b1:9b:e0:
                    c6:aa:22:42:46:db:22:0f:88:df:1d:6b:e6:92:71:
                    e8:d0:6e:21:b5:f1:80:e3:5d:f1:57:b0:83:16:c5:
                    f6:13:30:fb:fd:da:48:86:9a:ac:b1:7e:42:be:f0:
                    00:5e:89:84:b5:0f:ec:dc:08:ec:ca:33:11:34:af:
                    eb:c9:3d:e8:b4:31:62:ee:9a:0d:00:64:9e:23:3a:
                    9d:86:0c:1b:d0:31:b8:6c:4a:af:bd:37:24:8e:4b:
                    38:f4:33:c1:4e:06:0f:3b:bd:ba:3c:0a:e0:ca:81:
                    ab:f5:7e:d6:43:f3:9e:ca:7d:fa:05:b0:f2:67:2e:
                    2e:b9:b3:84:d7:67:13:47:a4:29:8b:d9:ed:92:a4:
                    82:23:19:be:d8:92:f9:47:c3:77:cb:12:e2:84:98:
                    cd:a2:b2:2a:c3:48:8d:82:db:70:fc:62:1d:f3:09:
                    36:b7:74:fa:45:77:83:67:1e:16:3f:18:64:ee:6c:
                    23:73:40:bb:dd:65:6a:a6:d9:7f:a1:1b:4a:37:ac:
                    0d:6a:86:72:26:8b:3a:63:b5:84:c4:c7:2d:8d:39:
                    4e:9f:82:d8:ce:96:e9:2d:71:eb:2d:4b:07:8b:76:
                    36:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:0C:6D:D1:01:F2:87:7B:6D:0F:6E:B4:54:50:B2:6B:B4:D4:FB:5B
            X509v3 Authority Key Identifier:
                keyid:50:D4:AC:32:09:65:AB:49:91:10:85:01:A0:60:2A:68:93:E6:3F:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UNSsMgllq0mREIUBoGAqaJPmP-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/403528-9e7c-4b64-9599-ba032323744c/1/fwxt0QHyh3ttD260VFCya7TU-1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/403528-9e7c-4b64-9599-ba032323744c/1/UNSsMgllq0mREIUBoGAqaJPmP-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.140.0/22
                  83.216.192.0/20
                  89.185.96.0/19
                  91.220.239.0/24
                  185.34.196.0/22
                  185.167.240.0/22
                  185.213.124.0/22
                  185.224.120.0/22
                  195.95.163.0/24
                IPv6:
                  2001:1ad0::/32
                  2a0b:c200::/29

    Signature Algorithm: sha256WithRSAEncryption
         9e:c8:84:9b:50:8f:6c:95:59:b5:ab:a3:b9:7f:53:5e:c5:d8:
         15:67:bc:99:b7:d4:dd:3b:d7:10:42:f6:77:2a:02:3e:2a:ca:
         1a:ba:61:4a:bb:a9:76:8a:ff:92:25:fd:f5:72:e3:64:e2:be:
         d2:10:36:d5:0a:5c:0e:31:9d:1e:3f:a9:72:51:ac:69:82:90:
         bf:9c:62:c8:4f:33:1b:d7:d7:e7:a3:3b:54:c5:9b:02:63:58:
         63:80:13:e7:4a:8c:bf:d2:3f:dd:9d:9f:37:05:3a:0f:3f:e5:
         54:e6:af:b4:9f:e9:9a:d4:76:0c:56:23:6b:06:df:5c:a2:c6:
         0e:cc:aa:47:96:1b:7e:5b:7d:77:9a:fb:05:78:77:ad:cc:95:
         7f:85:27:e6:c6:78:4f:19:80:68:b3:47:55:09:3c:67:07:e0:
         62:ce:b0:d2:5f:39:c4:0f:e9:4c:62:b0:96:c9:8f:a6:ac:d4:
         71:d5:6f:58:74:b3:98:4d:ad:e0:a8:f4:9b:38:fe:ad:ce:54:
         fd:fd:bd:54:de:45:bd:37:fb:fc:0f:6c:50:eb:8b:15:ff:85:
         22:5b:c2:17:5e:24:4a:79:66:40:46:90:d7:de:90:87:9b:96:
         0d:b2:e7:40:d4:f1:32:aa:df:c0:4f:15:70:3b:9f:ae:12:26:
         c0:75:24:ad
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZVMbfK9VQbTy1PM/g8NjIYNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwZDRhYzMyMDk2NWFiNDk5MTEwODUwMWEwNjAyYTY4OTNl
NjNmZWMwHhcNMjUwMjI4MTIwMDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjBjNmRkMTAxZjI4NzdiNmQwZjZlYjQ1NDUwYjI2YmI0ZDRmYjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1oH3NSOxMOgm9yoLs920J30xIr1
5uOfI8Cxm+DGqiJCRtsiD4jfHWvmknHo0G4htfGA413xV7CDFsX2EzD7/dpIhpqs
sX5CvvAAXomEtQ/s3AjsyjMRNK/ryT3otDFi7poNAGSeIzqdhgwb0DG4bEqvvTck
jks49DPBTgYPO726PArgyoGr9X7WQ/Oeyn36BbDyZy4uubOE12cTR6Qpi9ntkqSC
Ixm+2JL5R8N3yxLihJjNorIqw0iNgttw/GId8wk2t3T6RXeDZx4WPxhk7mwjc0C7
3WVqptl/oRtKN6wNaoZyJos6Y7WExMctjTlOn4LYzpbpLXHrLUsHi3Y2jwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFH8MbdEB8od7bQ9utFRQsmu01PtbMB8GA1UdIwQY
MBaAFFDUrDIJZatJkRCFAaBgKmiT5j/sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVU5Tc01nbGxxMG1SRUlVQm9HQXFhSlBtUC13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS80MDM1MjgtOWU3Yy00YjY0LTk1OTkt
YmEwMzIzMjM3NDRjLzEvZnd4dDBRSHloM3R0RDI2MFZGQ3lhN1RVLTFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS80MDM1MjgtOWU3Yy00YjY0LTk1OTktYmEwMzIzMjM3NDRj
LzEvVU5Tc01nbGxxMG1SRUlVQm9HQXFhSlBtUC13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQCUECMAwQE
U9jAAwQFWblgAwQAW9zvAwQCuSLEAwQCuafwAwQCudV8AwQCueB4AwQAw1+jMBQE
AgACMA4DBQAgARrQAwUDKgvCADANBgkqhkiG9w0BAQsFAAOCAQEAnsiEm1CPbJVZ
taujuX9TXsXYFWe8mbfU3TvXEEL2dyoCPirKGrphSrupdor/kiX99XLjZOK+0hA2
1QpcDjGdHj+pclGsaYKQv5xiyE8zG9fX56M7VMWbAmNYY4AT50qMv9I/3Z2fNwU6
Dz/lVOavtJ/pmtR2DFYjawbfXKLGDsyqR5Ybflt9d5r7BXh3rcyVf4Un5sZ4TxmA
aLNHVQk8ZwfgYs6w0l85xA/pTGKwlsmPpqzUcdVvWHSzmE2t4Kj0mzj+rc5U/f29
VN5FvTf7/A9sUOuLFf+FIlvCF14kSnlmQEaQ196Qh5uWDbLnQNTxMqrfwE8VcDuf
rhImwHUkrQ==
-----END CERTIFICATE-----