Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/861937-99fe-4b48-99b2-dd907b774f22/1/TsaeWiaMsP1j_z_xMCDhi5soRx0.roa
File:                     TsaeWiaMsP1j_z_xMCDhi5soRx0.roa (raw, json)
Hash identifier:          cFv4JeYxc6KlGhF0oX6eBMNahY8RJkA5Wg3CLEjEyhU=
Subject key identifier:   4E:C6:9E:5A:26:8C:B0:FD:63:FF:3F:F1:30:20:E1:8B:9B:28:47:1D
Certificate issuer:       /CN=776564fc206c4bc5db58f7efbbb1e8f88499e233
Certificate serial:       0195054ACB3FCF597BE87F0E1957044668EA
Authority key identifier: 77:65:64:FC:20:6C:4B:C5:DB:58:F7:EF:BB:B1:E8:F8:84:99:E2:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d2Vk_CBsS8XbWPfvu7Ho-ISZ4jM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/861937-99fe-4b48-99b2-dd907b774f22/1/TsaeWiaMsP1j_z_xMCDhi5soRx0.roa
Signing time:             Fri 14 Feb 2025 16:29:02 +0000
ROA not before:           Fri 14 Feb 2025 16:29:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203462
IP address blocks:        185.134.68.0/22 maxlen: 24
                          185.134.68.0/24 maxlen: 24
                          185.134.69.0/24 maxlen: 24
                          185.134.70.0/24 maxlen: 24
                          185.134.71.0/24 maxlen: 24
                          185.139.181.0/24 maxlen: 24
                          185.139.182.0/24 maxlen: 24
                          2a06:eb00::/29 maxlen: 29
                          2a06:eb00::/32 maxlen: 32
                          2a06:eb01::/32 maxlen: 32
                          2a06:eb02::/32 maxlen: 32
                          2a06:eb03::/32 maxlen: 32
                          2a06:eb04::/32 maxlen: 32
                          2a06:eb05::/32 maxlen: 32
                          2a06:eb06::/32 maxlen: 32
                          2a06:eb07::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:05:4a:cb:3f:cf:59:7b:e8:7f:0e:19:57:04:46:68:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=776564fc206c4bc5db58f7efbbb1e8f88499e233
        Validity
            Not Before: Feb 14 16:29:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ec69e5a268cb0fd63ff3ff13020e18b9b28471d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a9:86:fd:01:9a:dc:e1:a9:34:84:72:ec:3d:
                    9b:99:cc:5d:c2:24:6a:d9:dc:77:07:2c:02:d8:c5:
                    49:33:81:a5:31:0e:21:13:0b:8e:84:7f:56:08:42:
                    ae:21:88:7d:ec:31:e3:1b:9b:d5:aa:37:77:1b:82:
                    6c:97:cb:8d:f9:4f:f0:c8:f0:f8:b3:eb:8b:cc:3b:
                    cb:5c:e8:a6:d1:0a:e8:e0:47:8a:3c:db:ff:51:ca:
                    48:24:72:ed:87:12:7f:a0:16:12:da:7e:9c:1d:3c:
                    aa:25:bb:f3:7b:1f:67:c5:cf:ec:3f:78:c3:98:74:
                    b7:c6:fe:f3:8d:f7:fa:6b:99:42:b5:ff:6c:a4:7f:
                    79:2a:bd:ce:53:f3:c5:c9:06:a3:50:e3:30:a7:c7:
                    14:27:bb:dc:e9:69:1b:88:21:e9:f4:87:d1:a8:da:
                    de:ba:a1:7d:80:64:ff:37:99:e5:ee:ed:2a:ea:d1:
                    a6:3b:a4:a2:f0:1b:e2:43:52:03:6b:a4:23:41:53:
                    68:31:45:f8:a5:7f:b4:e3:29:9c:6a:5d:cb:bc:de:
                    e8:f0:0f:af:25:12:54:28:5c:0a:58:a8:d4:2f:2a:
                    ba:8b:1b:69:69:63:8c:1e:2c:a7:6d:06:27:bf:cf:
                    0e:3d:94:88:51:1d:a5:1d:9a:19:65:53:7a:5f:51:
                    ef:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:C6:9E:5A:26:8C:B0:FD:63:FF:3F:F1:30:20:E1:8B:9B:28:47:1D
            X509v3 Authority Key Identifier:
                keyid:77:65:64:FC:20:6C:4B:C5:DB:58:F7:EF:BB:B1:E8:F8:84:99:E2:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2Vk_CBsS8XbWPfvu7Ho-ISZ4jM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/861937-99fe-4b48-99b2-dd907b774f22/1/TsaeWiaMsP1j_z_xMCDhi5soRx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/861937-99fe-4b48-99b2-dd907b774f22/1/d2Vk_CBsS8XbWPfvu7Ho-ISZ4jM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.68.0/22
                  185.139.181.0-185.139.182.255
                IPv6:
                  2a06:eb00::/29

    Signature Algorithm: sha256WithRSAEncryption
         a7:99:52:43:43:19:f0:98:4a:25:73:21:99:93:f2:c5:07:38:
         85:70:ee:1c:f7:3d:64:75:26:9c:21:a1:54:93:f5:ef:f9:7b:
         d8:2a:aa:9e:92:0d:1b:6c:72:f6:31:64:b6:7d:4c:7a:4c:7a:
         60:1c:8d:a0:f6:4b:03:7f:4f:5c:52:93:da:ea:31:ca:07:17:
         11:7d:d2:17:96:5b:d3:e2:46:a5:5c:39:1f:2c:87:84:a8:8d:
         a2:8b:c0:21:3a:ec:b5:84:a4:a6:3e:d3:88:ed:8d:57:dc:f2:
         ab:4f:0e:e6:9a:78:da:bc:43:5f:3e:17:b1:c8:e2:d7:61:5d:
         b9:51:25:b7:92:16:42:1b:f5:0a:de:ea:b8:e4:75:d4:93:ac:
         69:63:45:49:e3:a3:59:d1:be:77:7b:38:ea:23:26:97:5a:63:
         6c:0b:1a:37:ea:c0:26:e4:01:a1:e7:21:96:3e:c6:99:84:d8:
         57:0e:e6:f6:44:b1:5f:08:5e:b3:35:e8:1c:01:ae:9c:91:aa:
         a9:b8:88:7b:6d:c1:47:48:a1:c1:86:3f:b7:3b:50:d8:0a:82:
         31:75:c5:a3:f9:39:de:df:52:48:e4:e6:02:56:1c:11:6f:cf:
         15:40:ea:07:2d:9b:38:88:95:77:d8:eb:bc:00:9b:3d:c4:f5:
         6a:82:b3:0e
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZUFSss/z1l76H8OGVcERmjqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3NjU2NGZjMjA2YzRiYzVkYjU4ZjdlZmJiYjFlOGY4ODQ5
OWUyMzMwHhcNMjUwMjE0MTYyOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWM2OWU1YTI2OGNiMGZkNjNmZjNmZjEzMDIwZTE4YjliMjg0NzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KmG/QGa3OGpNIRy7D2bmcxdwiRq
2dx3BywC2MVJM4GlMQ4hEwuOhH9WCEKuIYh97DHjG5vVqjd3G4Jsl8uN+U/wyPD4
s+uLzDvLXOim0Qro4EeKPNv/UcpIJHLthxJ/oBYS2n6cHTyqJbvzex9nxc/sP3jD
mHS3xv7zjff6a5lCtf9spH95Kr3OU/PFyQajUOMwp8cUJ7vc6WkbiCHp9IfRqNre
uqF9gGT/N5nl7u0q6tGmO6Si8BviQ1IDa6QjQVNoMUX4pX+04ymcal3LvN7o8A+v
JRJUKFwKWKjULyq6ixtpaWOMHiynbQYnv88OPZSIUR2lHZoZZVN6X1HvswIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFE7GnlomjLD9Y/8/8TAg4YubKEcdMB8GA1UdIwQY
MBaAFHdlZPwgbEvF21j377ux6PiEmeIzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDJWa19DQnNTOFhiV1BmdnU3SG8tSVNaNGpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi84NjE5MzctOTlmZS00YjQ4LTk5YjIt
ZGQ5MDdiNzc0ZjIyLzEvVHNhZVdpYU1zUDFqX3pfeE1DRGhpNXNvUngwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi84NjE5MzctOTlmZS00YjQ4LTk5YjItZGQ5MDdiNzc0ZjIy
LzEvZDJWa19DQnNTOFhiV1BmdnU3SG8tSVNaNGpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQCuYZEMAwD
BAC5i7UDBAC5i7YwDQQCAAIwBwMFAyoG6wAwDQYJKoZIhvcNAQELBQADggEBAKeZ
UkNDGfCYSiVzIZmT8sUHOIVw7hz3PWR1JpwhoVST9e/5e9gqqp6SDRtscvYxZLZ9
THpMemAcjaD2SwN/T1xSk9rqMcoHFxF90heWW9PiRqVcOR8sh4SojaKLwCE67LWE
pKY+04jtjVfc8qtPDuaaeNq8Q18+F7HI4tdhXblRJbeSFkIb9Qre6rjkddSTrGlj
RUnjo1nRvnd7OOojJpdaY2wLGjfqwCbkAaHnIZY+xpmE2FcO5vZEsV8IXrM16BwB
rpyRqqm4iHttwUdIocGGP7c7UNgKgjF1xaP5Od7fUkjk5gJWHBFvzxVA6gctmziI
lXfY67wAmz3E9WqCsw4=
-----END CERTIFICATE-----