Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/097748-5cc8-450f-9fbb-8c8d10e8eabc/1/ZMqfcfXLoFwR38mzrlhgUiCnDoc.roa
File:                     ZMqfcfXLoFwR38mzrlhgUiCnDoc.roa (raw, json)
Hash identifier:          K2BcNWwSrD8sIYskDanFqA2gwA8psHreRUAJx23bV/E=
Subject key identifier:   64:CA:9F:71:F5:CB:A0:5C:11:DF:C9:B3:AE:58:60:52:20:A7:0E:87
Certificate issuer:       /CN=e6faa0d2f5dec0201f55e40979c1909b6db77c3b
Certificate serial:       019397750A0E35D297F1E466855E8A497176
Authority key identifier: E6:FA:A0:D2:F5:DE:C0:20:1F:55:E4:09:79:C1:90:9B:6D:B7:7C:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5vqg0vXewCAfVeQJecGQm223fDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/097748-5cc8-450f-9fbb-8c8d10e8eabc/1/ZMqfcfXLoFwR38mzrlhgUiCnDoc.roa
Signing time:             Thu 05 Dec 2024 15:34:10 +0000
ROA not before:           Thu 05 Dec 2024 15:34:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197075
IP address blocks:        37.77.160.0/21 maxlen: 24
                          45.156.60.0/23 maxlen: 24
                          45.156.62.0/23 maxlen: 23
                          46.31.104.0/21 maxlen: 24
                          81.29.176.0/22 maxlen: 23
                          85.208.76.0/22 maxlen: 24
                          185.25.234.0/23 maxlen: 23
                          185.37.116.0/22 maxlen: 23
                          185.47.138.0/24 maxlen: 24
                          185.59.20.0/22 maxlen: 23
                          185.186.12.0/22 maxlen: 23
                          185.246.95.0/24 maxlen: 24
                          195.177.114.0/24 maxlen: 24
                          2a02:2420::/32 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:97:75:0a:0e:35:d2:97:f1:e4:66:85:5e:8a:49:71:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6faa0d2f5dec0201f55e40979c1909b6db77c3b
        Validity
            Not Before: Dec  5 15:34:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64ca9f71f5cba05c11dfc9b3ae58605220a70e87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:89:01:a7:37:80:47:55:72:f2:fd:bd:4d:d4:
                    8d:a4:86:00:4a:f2:6a:97:5b:7d:f3:0a:e5:62:dc:
                    09:c7:8c:38:41:7c:0d:b6:ce:a9:82:04:78:9b:7c:
                    62:4d:10:94:9a:1e:1d:ae:01:f9:24:d8:6c:58:4d:
                    49:6c:33:32:f0:36:6c:88:d1:56:b1:27:41:d6:95:
                    7a:28:a7:df:09:c4:49:75:54:9e:85:b7:a6:61:e0:
                    b2:8c:44:48:ed:ba:b5:ae:c3:87:ce:3f:05:50:0d:
                    05:75:fe:95:e7:7c:e8:06:03:8a:21:9f:39:f9:f7:
                    fd:69:c0:1e:3a:e9:54:51:2b:bc:8f:e3:02:30:93:
                    11:62:e1:54:18:96:15:76:d8:0d:6c:85:69:ab:0a:
                    fc:a5:a8:73:59:09:ab:f2:dc:0a:55:fd:8a:36:c3:
                    62:41:20:35:95:2e:28:60:ed:d1:41:99:26:36:fb:
                    5b:f2:bb:32:50:1b:c5:cb:c8:09:0b:31:d0:8d:a2:
                    18:c4:dd:93:66:2c:c7:f8:ba:5a:d0:e1:f0:ec:0f:
                    0f:65:ed:94:68:f5:05:fa:ce:f3:f4:ce:fb:d4:f6:
                    7b:2d:1b:a7:ac:27:04:b4:9b:29:f0:e8:34:75:4f:
                    bd:a7:b7:97:38:99:5d:95:c9:a9:d0:c7:31:4e:39:
                    f2:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:CA:9F:71:F5:CB:A0:5C:11:DF:C9:B3:AE:58:60:52:20:A7:0E:87
            X509v3 Authority Key Identifier:
                keyid:E6:FA:A0:D2:F5:DE:C0:20:1F:55:E4:09:79:C1:90:9B:6D:B7:7C:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5vqg0vXewCAfVeQJecGQm223fDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/097748-5cc8-450f-9fbb-8c8d10e8eabc/1/ZMqfcfXLoFwR38mzrlhgUiCnDoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/097748-5cc8-450f-9fbb-8c8d10e8eabc/1/5vqg0vXewCAfVeQJecGQm223fDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.160.0/21
                  45.156.60.0/22
                  46.31.104.0/21
                  81.29.176.0/22
                  85.208.76.0/22
                  185.25.234.0/23
                  185.37.116.0/22
                  185.47.138.0/24
                  185.59.20.0/22
                  185.186.12.0/22
                  185.246.95.0/24
                  195.177.114.0/24
                IPv6:
                  2a02:2420::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:14:17:96:b8:d5:cc:49:55:cc:e1:c6:bc:b5:9e:62:0e:75:
         d6:d6:45:55:00:78:1c:d6:99:39:1c:4f:c1:e8:b0:79:62:72:
         3e:a1:fe:a6:a9:e5:99:2a:84:16:61:b9:44:94:a1:4f:5b:e1:
         c5:a0:9c:62:e3:b4:f9:b2:a1:64:96:d0:27:63:cf:33:16:b4:
         8a:68:8c:de:7e:db:6d:b9:f6:94:e6:58:16:1c:06:5d:e6:cb:
         5a:8f:d7:24:51:f1:b2:13:39:fc:d4:91:3b:e6:a9:72:c4:8c:
         49:15:f8:f1:2c:6c:7b:23:83:6f:e2:2b:b8:e0:53:30:f5:d6:
         f8:f9:b0:c3:73:08:4e:47:a2:f3:4e:62:59:51:65:cd:24:55:
         9b:02:84:4c:a7:42:4e:31:8f:57:70:c7:dc:2f:80:ea:31:4e:
         4e:8d:18:76:c7:22:48:8e:26:18:2f:bf:83:28:1c:f9:4b:67:
         86:a4:98:aa:04:30:df:93:4b:24:d7:25:c4:1f:8b:49:5d:e9:
         2f:8f:6f:31:69:5a:36:2d:98:c4:ae:d6:d6:82:a1:ba:36:35:
         d2:1a:aa:46:fe:1c:b7:37:3c:3f:31:0d:ee:36:ea:2f:2f:58:
         34:02:1d:98:66:3d:35:69:84:d5:6e:05:9e:3e:de:c4:c7:54:
         8a:6d:1e:72
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAZOXdQoONdKX8eRmhV6KSXF2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2ZmFhMGQyZjVkZWMwMjAxZjU1ZTQwOTc5YzE5MDliNmRi
NzdjM2IwHhcNMjQxMjA1MTUzNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGNhOWY3MWY1Y2JhMDVjMTFkZmM5YjNhZTU4NjA1MjIwYTcwZTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtokBpzeAR1Vy8v29TdSNpIYASvJq
l1t98wrlYtwJx4w4QXwNts6pggR4m3xiTRCUmh4drgH5JNhsWE1JbDMy8DZsiNFW
sSdB1pV6KKffCcRJdVSehbemYeCyjERI7bq1rsOHzj8FUA0Fdf6V53zoBgOKIZ85
+ff9acAeOulUUSu8j+MCMJMRYuFUGJYVdtgNbIVpqwr8pahzWQmr8twKVf2KNsNi
QSA1lS4oYO3RQZkmNvtb8rsyUBvFy8gJCzHQjaIYxN2TZizH+Lpa0OHw7A8PZe2U
aPUF+s7z9M771PZ7LRunrCcEtJsp8Og0dU+9p7eXOJldlcmp0McxTjnyywIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFGTKn3H1y6BcEd/Js65YYFIgpw6HMB8GA1UdIwQY
MBaAFOb6oNL13sAgH1XkCXnBkJttt3w7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXZxZzB2WGV3Q0FmVmVRSmVjR1FtMjIzZkRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8wOTc3NDgtNWNjOC00NTBmLTlmYmIt
OGM4ZDEwZThlYWJjLzEvWk1xZmNmWExvRndSMzhtenJsaGdVaUNuRG9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8wOTc3NDgtNWNjOC00NTBmLTlmYmItOGM4ZDEwZThlYWJj
LzEvNXZxZzB2WGV3Q0FmVmVRSmVjR1FtMjIzZkRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQDJU2gAwQC
LZw8AwQDLh9oAwQCUR2wAwQCVdBMAwQBuRnqAwQCuSV0AwQAuS+KAwQCuTsUAwQC
uboMAwQAufZfAwQAw7FyMA0EAgACMAcDBQAqAiQgMA0GCSqGSIb3DQEBCwUAA4IB
AQBrFBeWuNXMSVXM4ca8tZ5iDnXW1kVVAHgc1pk5HE/B6LB5YnI+of6mqeWZKoQW
YblElKFPW+HFoJxi47T5sqFkltAnY88zFrSKaIzeftttufaU5lgWHAZd5staj9ck
UfGyEzn81JE75qlyxIxJFfjxLGx7I4Nv4iu44FMw9db4+bDDcwhOR6LzTmJZUWXN
JFWbAoRMp0JOMY9XcMfcL4DqMU5OjRh2xyJIjiYYL7+DKBz5S2eGpJiqBDDfk0sk
1yXEH4tJXekvj28xaVo2LZjErtbWgqG6NjXSGqpG/hy3Nzw/MQ3uNuovL1g0Ah2Y
Zj01aYTVbgWePt7Ex1SKbR5y
-----END CERTIFICATE-----