Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/4a3d8a-529d-4d91-9f25-2254bc2ca6c0/1/xcIstN59HOzGE1G9ty62N5JYD0o.roa
File:                     xcIstN59HOzGE1G9ty62N5JYD0o.roa (raw, json)
Hash identifier:          BZxFBF1fX1zEMIn2hYmGhW7/ZSCk8wjGWMR8N700UvI=
Subject key identifier:   C5:C2:2C:B4:DE:7D:1C:EC:C6:13:51:BD:B7:2E:B6:37:92:58:0F:4A
Certificate issuer:       /CN=d7805e1cffc1392e7d1768f8f0554a1c7f6344ad
Certificate serial:       01941FFA55E6F4DC544DC119B4FD7286467A
Authority key identifier: D7:80:5E:1C:FF:C1:39:2E:7D:17:68:F8:F0:55:4A:1C:7F:63:44:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/14BeHP_BOS59F2j48FVKHH9jRK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/4a3d8a-529d-4d91-9f25-2254bc2ca6c0/1/xcIstN59HOzGE1G9ty62N5JYD0o.roa
Signing time:             Wed 01 Jan 2025 03:48:07 +0000
ROA not before:           Wed 01 Jan 2025 03:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44484
IP address blocks:        91.201.228.0/22 maxlen: 22
                          91.201.228.0/24 maxlen: 24
                          91.201.229.0/24 maxlen: 24
                          91.201.230.0/24 maxlen: 24
                          91.201.231.0/24 maxlen: 24
                          176.117.192.0/19 maxlen: 19
                          176.117.192.0/21 maxlen: 21
                          176.117.204.0/24 maxlen: 24
                          176.117.205.0/24 maxlen: 24
                          176.117.207.0/24 maxlen: 24
                          176.117.208.0/24 maxlen: 24
                          176.117.209.0/24 maxlen: 24
                          176.117.210.0/24 maxlen: 24
                          176.117.211.0/24 maxlen: 24
                          176.117.212.0/24 maxlen: 24
                          176.117.213.0/24 maxlen: 24
                          176.117.214.0/24 maxlen: 24
                          176.117.215.0/24 maxlen: 24
                          176.117.216.0/24 maxlen: 24
                          176.117.217.0/24 maxlen: 24
                          176.117.218.0/24 maxlen: 24
                          176.117.219.0/24 maxlen: 24
                          176.117.220.0/24 maxlen: 24
                          176.117.221.0/24 maxlen: 24
                          176.117.222.0/24 maxlen: 24
                          176.117.223.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:55:e6:f4:dc:54:4d:c1:19:b4:fd:72:86:46:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7805e1cffc1392e7d1768f8f0554a1c7f6344ad
        Validity
            Not Before: Jan  1 03:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5c22cb4de7d1cecc61351bdb72eb63792580f4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c9:92:de:4e:18:b9:32:3a:9f:46:2e:a2:a2:
                    af:a0:82:2b:f2:6e:dc:24:b2:d3:60:51:80:2d:01:
                    cd:08:00:a2:3e:7a:bd:18:f4:da:e5:e4:07:3e:7b:
                    c6:5d:06:3a:b5:e5:3e:c7:2e:a8:e5:73:97:dd:18:
                    e9:8f:bb:a6:c1:60:5a:f0:81:1f:4f:15:50:31:d1:
                    14:60:2a:5a:41:42:9c:66:c2:65:ff:43:49:70:89:
                    4b:c7:11:4c:66:e2:4f:3a:0f:ac:ff:eb:ab:7c:73:
                    28:bd:5c:be:ca:c0:07:f7:72:9c:9d:2c:26:8b:8f:
                    95:dc:a9:07:82:a5:97:0a:e1:e9:e9:a0:3f:b8:78:
                    78:3f:8a:06:d7:10:8e:96:69:8e:85:7a:d5:2a:1c:
                    46:ab:68:e5:7f:68:b5:bd:47:12:7b:d5:0e:bb:19:
                    d2:3d:cb:fc:93:13:27:2c:60:f5:23:34:a1:9a:af:
                    4e:00:4b:f2:6b:b3:77:3b:26:a8:fd:2a:50:6d:b0:
                    39:b4:e5:09:18:05:aa:5e:c4:76:23:82:98:11:18:
                    90:8b:21:2e:92:5e:c7:d8:5b:c4:6a:3a:c6:91:a6:
                    ee:6f:f4:47:20:a1:ee:56:b8:02:a0:bb:5a:7e:41:
                    3c:62:e6:c9:21:53:21:ad:9b:b8:8c:e9:19:9d:d7:
                    36:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:C2:2C:B4:DE:7D:1C:EC:C6:13:51:BD:B7:2E:B6:37:92:58:0F:4A
            X509v3 Authority Key Identifier:
                keyid:D7:80:5E:1C:FF:C1:39:2E:7D:17:68:F8:F0:55:4A:1C:7F:63:44:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/14BeHP_BOS59F2j48FVKHH9jRK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4a3d8a-529d-4d91-9f25-2254bc2ca6c0/1/xcIstN59HOzGE1G9ty62N5JYD0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4a3d8a-529d-4d91-9f25-2254bc2ca6c0/1/14BeHP_BOS59F2j48FVKHH9jRK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.228.0/22
                  176.117.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a6:9a:68:82:42:1d:74:0a:b0:12:03:7a:88:f9:cd:e9:24:28:
         26:58:be:e3:96:da:5d:6a:26:d5:37:7f:0d:73:db:f8:f1:0b:
         3f:82:2a:76:98:49:97:64:d5:a4:08:6d:8c:14:98:39:1b:08:
         47:32:a2:5c:95:84:ec:2e:3a:33:b0:51:aa:2c:d4:38:de:21:
         25:9f:3a:dd:54:9b:44:d2:b5:61:08:df:de:8c:0b:6a:6f:6d:
         23:b8:bb:23:96:c9:1a:55:62:9b:dc:2d:3e:8a:10:55:82:c3:
         f2:ae:6c:a9:8f:4a:f2:77:5a:eb:c1:d8:6c:99:92:4c:88:ea:
         a4:39:68:ac:5c:4b:51:da:a1:72:12:9e:3f:5a:95:01:55:8d:
         d8:e5:f0:72:a7:57:be:41:37:70:dd:5c:ec:ab:fe:55:3d:61:
         a8:7b:73:67:fd:ff:87:25:f1:75:6d:e9:f6:5c:a3:e0:05:15:
         f5:63:d6:f2:9e:6c:b0:37:f8:c0:57:d3:2a:44:87:8d:44:da:
         38:6a:28:9d:6e:88:cb:8a:ba:a7:c5:d3:70:5c:bd:ab:c9:93:
         81:91:90:5a:ab:88:7b:db:f2:a3:a9:11:01:93:81:e4:cd:b0:
         9d:2f:1d:2c:84:b1:19:9d:fa:fc:0a:99:ce:2c:0e:0e:58:14:
         cc:0d:88:ff
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+lXm9NxUTcEZtP1yhkZ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3ODA1ZTFjZmZjMTM5MmU3ZDE3NjhmOGYwNTU0YTFjN2Y2
MzQ0YWQwHhcNMjUwMTAxMDM0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWMyMmNiNGRlN2QxY2VjYzYxMzUxYmRiNzJlYjYzNzkyNTgwZjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcmS3k4YuTI6n0YuoqKvoIIr8m7c
JLLTYFGALQHNCACiPnq9GPTa5eQHPnvGXQY6teU+xy6o5XOX3Rjpj7umwWBa8IEf
TxVQMdEUYCpaQUKcZsJl/0NJcIlLxxFMZuJPOg+s/+urfHMovVy+ysAH93KcnSwm
i4+V3KkHgqWXCuHp6aA/uHh4P4oG1xCOlmmOhXrVKhxGq2jlf2i1vUcSe9UOuxnS
Pcv8kxMnLGD1IzShmq9OAEvya7N3Oyao/SpQbbA5tOUJGAWqXsR2I4KYERiQiyEu
kl7H2FvEajrGkabub/RHIKHuVrgCoLtafkE8YubJIVMhrZu4jOkZndc2bwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMXCLLTefRzsxhNRvbcutjeSWA9KMB8GA1UdIwQY
MBaAFNeAXhz/wTkufRdo+PBVShx/Y0StMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTRCZUhQX0JPUzU5RjJqNDhGVktISDlqUkswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC80YTNkOGEtNTI5ZC00ZDkxLTlmMjUt
MjI1NGJjMmNhNmMwLzEveGNJc3RONTlIT3pHRTFHOXR5NjJONUpZRDBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC80YTNkOGEtNTI5ZC00ZDkxLTlmMjUtMjI1NGJjMmNhNmMw
LzEvMTRCZUhQX0JPUzU5RjJqNDhGVktISDlqUkswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8nkAwQF
sHXAMA0GCSqGSIb3DQEBCwUAA4IBAQCmmmiCQh10CrASA3qI+c3pJCgmWL7jltpd
aibVN38Nc9v48Qs/gip2mEmXZNWkCG2MFJg5GwhHMqJclYTsLjozsFGqLNQ43iEl
nzrdVJtE0rVhCN/ejAtqb20juLsjlskaVWKb3C0+ihBVgsPyrmypj0ryd1rrwdhs
mZJMiOqkOWisXEtR2qFyEp4/WpUBVY3Y5fByp1e+QTdw3Vzsq/5VPWGoe3Nn/f+H
JfF1ben2XKPgBRX1Y9bynmywN/jAV9MqRIeNRNo4aiidbojLirqnxdNwXL2ryZOB
kZBaq4h72/KjqREBk4HkzbCdLx0shLEZnfr8CpnOLA4OWBTMDYj/
-----END CERTIFICATE-----