Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/091bd0-2f67-47ce-ae17-d68c57db4cae/1/lpNjWcDqYNxUEkbmUFWNkNGP3TU.roa
File:                     lpNjWcDqYNxUEkbmUFWNkNGP3TU.roa (raw, json)
Hash identifier:          kcvM/hwQgGd7DFNi9gnmV0tC16haiAENeyJbTz8H4R8=
Subject key identifier:   96:93:63:59:C0:EA:60:DC:54:12:46:E6:50:55:8D:90:D1:8F:DD:35
Certificate issuer:       /CN=9e1ac369c9456914a12e02dffc8dd79974eb1ef8
Certificate serial:       0194228D15E77C5AC59FF8270773E5AEC3E0
Authority key identifier: 9E:1A:C3:69:C9:45:69:14:A1:2E:02:DF:FC:8D:D7:99:74:EB:1E:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nhrDaclFaRShLgLf_I3XmXTrHvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/091bd0-2f67-47ce-ae17-d68c57db4cae/1/lpNjWcDqYNxUEkbmUFWNkNGP3TU.roa
Signing time:             Wed 01 Jan 2025 15:47:38 +0000
ROA not before:           Wed 01 Jan 2025 15:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12693
IP address blocks:        82.193.224.0/19 maxlen: 24
                          82.193.255.0/24 maxlen: 24
                          85.199.64.0/18 maxlen: 24
                          85.199.74.0/24 maxlen: 24
                          85.199.96.0/20 maxlen: 24
                          92.42.224.0/21 maxlen: 21
                          149.249.48.0/21 maxlen: 21
                          153.92.72.0/21 maxlen: 24
                          156.67.224.0/21 maxlen: 21
                          185.90.156.0/22 maxlen: 24
                          212.204.32.0/19 maxlen: 24
                          2a01:a380::/32 maxlen: 32
                          2a01:a380::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:15:e7:7c:5a:c5:9f:f8:27:07:73:e5:ae:c3:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e1ac369c9456914a12e02dffc8dd79974eb1ef8
        Validity
            Not Before: Jan  1 15:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96936359c0ea60dc541246e650558d90d18fdd35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:4d:a2:c5:c1:ec:f4:e4:dd:6e:31:47:00:f2:
                    64:69:aa:32:10:d2:56:6b:ad:14:90:c9:a2:54:a1:
                    d1:9d:6e:9d:e9:aa:31:49:21:3f:48:30:28:d8:36:
                    4b:5d:72:8e:6d:6d:1e:13:a2:76:80:70:93:61:1e:
                    f3:d3:96:a1:4d:01:1c:9e:4f:f1:25:a8:eb:49:14:
                    5b:67:ae:1f:22:11:43:98:d1:11:20:23:99:a4:b2:
                    7e:75:19:83:65:10:18:44:4d:0e:1e:d4:8c:e4:d3:
                    6d:9c:cd:5b:76:8b:d5:a0:24:9f:e5:19:07:2a:84:
                    81:02:cf:28:50:fe:68:6d:88:5e:35:5b:2a:e8:69:
                    39:22:9c:7b:34:c7:4b:f3:90:dc:5a:cc:5d:a6:ef:
                    e2:2c:3e:1e:48:30:fe:48:dd:13:c9:34:41:ba:04:
                    a4:59:24:b4:f1:19:f9:8e:b9:fc:d0:b0:a8:fe:76:
                    bc:40:a3:3b:5d:cd:a1:33:1a:fd:e5:b2:64:5f:38:
                    62:fb:e8:f8:b7:09:a4:72:35:24:60:d6:00:bb:d4:
                    74:e0:a0:d5:94:79:ce:ab:4b:80:9d:61:f0:74:93:
                    0c:0f:4f:0d:c8:21:19:33:8d:e8:e2:c5:fd:98:e4:
                    e3:12:15:00:56:fc:41:c4:9f:56:e2:7f:78:25:e6:
                    a4:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:93:63:59:C0:EA:60:DC:54:12:46:E6:50:55:8D:90:D1:8F:DD:35
            X509v3 Authority Key Identifier:
                keyid:9E:1A:C3:69:C9:45:69:14:A1:2E:02:DF:FC:8D:D7:99:74:EB:1E:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nhrDaclFaRShLgLf_I3XmXTrHvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/091bd0-2f67-47ce-ae17-d68c57db4cae/1/lpNjWcDqYNxUEkbmUFWNkNGP3TU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/091bd0-2f67-47ce-ae17-d68c57db4cae/1/nhrDaclFaRShLgLf_I3XmXTrHvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.193.224.0/19
                  85.199.64.0/18
                  92.42.224.0/21
                  149.249.48.0/21
                  153.92.72.0/21
                  156.67.224.0/21
                  185.90.156.0/22
                  212.204.32.0/19
                IPv6:
                  2a01:a380::/32

    Signature Algorithm: sha256WithRSAEncryption
         62:1e:ad:65:e4:e3:e3:19:22:44:70:23:00:d6:d4:43:8e:55:
         13:51:72:af:92:ef:be:1e:6e:2d:e8:d3:f9:d0:d9:07:88:cb:
         3a:f1:5f:d2:d2:ae:5a:0c:b2:a2:a5:6c:00:15:c6:bb:e2:eb:
         e1:d0:a1:77:1c:d7:7a:3e:b7:f7:55:51:eb:e2:04:1f:03:91:
         88:7e:eb:6a:f4:0d:dc:fe:78:1d:37:a9:6f:9d:40:d1:07:ed:
         45:7a:9e:8d:c0:36:7a:8a:b4:8f:63:72:17:bd:c2:a0:40:d4:
         4d:09:65:af:36:f8:36:80:b9:ca:01:1e:65:95:48:85:a5:b7:
         15:71:d6:c6:c2:29:1c:7b:2e:cb:91:8f:fe:72:80:96:1d:0a:
         32:a4:f7:a4:6d:e1:01:29:9f:6b:a4:9f:ab:29:3b:fe:0f:3b:
         7b:db:71:05:e9:96:c9:a4:92:b9:ab:c6:74:45:46:6c:6f:98:
         44:83:19:d4:05:e8:18:3a:20:4b:d3:59:4d:b3:d8:f0:91:fd:
         6c:98:d4:db:20:5a:9a:4c:67:7c:39:ef:e3:bc:29:7a:2a:0e:
         8d:21:f5:11:99:b1:84:bf:e1:65:6e:9e:35:25:55:60:9c:98:
         8f:18:99:c4:bf:94:b4:e5:4b:83:99:46:2c:f0:f0:95:cb:d0:
         74:34:b1:7e
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZQijRXnfFrFn/gnB3PlrsPgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMWFjMzY5Yzk0NTY5MTRhMTJlMDJkZmZjOGRkNzk5NzRl
YjFlZjgwHhcNMjUwMTAxMTU0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjkzNjM1OWMwZWE2MGRjNTQxMjQ2ZTY1MDU1OGQ5MGQxOGZkZDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoE2ixcHs9OTdbjFHAPJkaaoyENJW
a60UkMmiVKHRnW6d6aoxSSE/SDAo2DZLXXKObW0eE6J2gHCTYR7z05ahTQEcnk/x
JajrSRRbZ64fIhFDmNERICOZpLJ+dRmDZRAYRE0OHtSM5NNtnM1bdovVoCSf5RkH
KoSBAs8oUP5obYheNVsq6Gk5Ipx7NMdL85DcWsxdpu/iLD4eSDD+SN0TyTRBugSk
WSS08Rn5jrn80LCo/na8QKM7Xc2hMxr95bJkXzhi++j4twmkcjUkYNYAu9R04KDV
lHnOq0uAnWHwdJMMD08NyCEZM43o4sX9mOTjEhUAVvxBxJ9W4n94JeaksQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFJaTY1nA6mDcVBJG5lBVjZDRj901MB8GA1UdIwQY
MBaAFJ4aw2nJRWkUoS4C3/yN15l06x74MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmhyRGFjbEZhUlNoTGdMZl9JM1htWFRySHZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8wOTFiZDAtMmY2Ny00N2NlLWFlMTct
ZDY4YzU3ZGI0Y2FlLzEvbHBOaldjRHFZTnhVRWtibVVGV05rTkdQM1RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8wOTFiZDAtMmY2Ny00N2NlLWFlMTctZDY4YzU3ZGI0Y2Fl
LzEvbmhyRGFjbEZhUlNoTGdMZl9JM1htWFRySHZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQFUsHgAwQG
VcdAAwQDXCrgAwQDlfkwAwQDmVxIAwQDnEPgAwQCuVqcAwQF1MwgMA0EAgACMAcD
BQAqAaOAMA0GCSqGSIb3DQEBCwUAA4IBAQBiHq1l5OPjGSJEcCMA1tRDjlUTUXKv
ku++Hm4t6NP50NkHiMs68V/S0q5aDLKipWwAFca74uvh0KF3HNd6Prf3VVHr4gQf
A5GIfutq9A3c/ngdN6lvnUDRB+1Fep6NwDZ6irSPY3IXvcKgQNRNCWWvNvg2gLnK
AR5llUiFpbcVcdbGwikcey7LkY/+coCWHQoypPekbeEBKZ9rpJ+rKTv+Dzt723EF
6ZbJpJK5q8Z0RUZsb5hEgxnUBegYOiBL01lNs9jwkf1smNTbIFqaTGd8Oe/jvCl6
Kg6NIfURmbGEv+Flbp41JVVgnJiPGJnEv5S05UuDmUYs8PCVy9B0NLF+
-----END CERTIFICATE-----