Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/YsUzeXuKor8g8xJ2qQAIbZwuLdA.roa
File:                     YsUzeXuKor8g8xJ2qQAIbZwuLdA.roa (raw, json)
Hash identifier:          b8Dg+ptVU/0cD+fmDjz15R9Y3ThIrc8W4BKhqUm2GSI=
Subject key identifier:   62:C5:33:79:7B:8A:A2:BF:20:F3:12:76:A9:00:08:6D:9C:2E:2D:D0
Certificate issuer:       /CN=535825ce8bf544170282f720a2484141568b0e7d
Certificate serial:       019425FC71C9DF45D779D0ACE23142803771
Authority key identifier: 53:58:25:CE:8B:F5:44:17:02:82:F7:20:A2:48:41:41:56:8B:0E:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U1glzov1RBcCgvcgokhBQVaLDn0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/YsUzeXuKor8g8xJ2qQAIbZwuLdA.roa
Signing time:             Thu 02 Jan 2025 07:48:08 +0000
ROA not before:           Thu 02 Jan 2025 07:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198382
IP address blocks:        185.123.81.0/24 maxlen: 24
                          212.84.64.0/21 maxlen: 24
                          212.84.72.0/21 maxlen: 24
                          212.84.80.0/21 maxlen: 24
                          212.84.88.0/21 maxlen: 24
                          2a00:14a0::/29 maxlen: 48
                          2a00:14a0::/48 maxlen: 48
                          2a00:14a0:1::/48 maxlen: 48
                          2a00:14a0:3::/48 maxlen: 48
                          2a00:14a0:4::/48 maxlen: 48
                          2a00:14a0:5::/48 maxlen: 48
                          2a00:14a0:6::/48 maxlen: 48
                          2a00:14a0:7::/48 maxlen: 48
                          2a00:14a0:8::/48 maxlen: 48
                          2a00:14a0:9::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:71:c9:df:45:d7:79:d0:ac:e2:31:42:80:37:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=535825ce8bf544170282f720a2484141568b0e7d
        Validity
            Not Before: Jan  2 07:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62c533797b8aa2bf20f31276a900086d9c2e2dd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:df:df:ed:df:4c:82:a3:7a:74:36:38:a7:e1:
                    fc:48:bd:15:d6:ed:da:44:f4:f0:e1:1e:bc:67:0e:
                    b6:da:1a:05:f1:26:18:57:f1:3d:ed:3c:11:f0:ac:
                    7d:5d:1a:c5:08:b0:8c:89:27:83:6b:1e:09:69:73:
                    a6:a8:5f:e5:5f:e1:08:b0:27:fe:0e:c6:e7:62:28:
                    a4:e0:8a:a4:18:f9:88:3e:28:96:5b:1f:06:d7:a9:
                    04:02:90:53:4f:11:97:57:1c:3e:e9:e3:ea:0f:c0:
                    da:ea:dc:3d:93:ec:ed:40:7e:5c:77:36:60:62:59:
                    51:62:3d:41:b7:70:1a:df:63:a2:2e:1b:3f:e9:92:
                    f5:a6:23:20:88:24:b3:ce:42:24:42:73:1d:de:c5:
                    cc:08:16:72:85:3e:cc:39:ab:4e:8a:3a:af:5b:4c:
                    8b:ad:15:6f:49:04:46:39:81:7e:20:30:67:dd:f2:
                    e6:69:e5:09:9d:ea:74:30:1a:98:3e:48:8b:56:35:
                    3f:1b:55:3a:d4:80:19:2a:09:12:98:a3:d6:37:a9:
                    54:58:22:fe:ba:9e:1e:9c:07:a0:b9:5d:85:74:d2:
                    c4:68:c7:3b:43:00:db:8e:08:d2:65:07:e2:b0:77:
                    fe:61:b1:8f:52:9c:33:9d:9c:4e:aa:00:f3:bc:15:
                    0d:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:C5:33:79:7B:8A:A2:BF:20:F3:12:76:A9:00:08:6D:9C:2E:2D:D0
            X509v3 Authority Key Identifier:
                keyid:53:58:25:CE:8B:F5:44:17:02:82:F7:20:A2:48:41:41:56:8B:0E:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U1glzov1RBcCgvcgokhBQVaLDn0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/YsUzeXuKor8g8xJ2qQAIbZwuLdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/U1glzov1RBcCgvcgokhBQVaLDn0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.81.0/24
                  212.84.64.0/19
                IPv6:
                  2a00:14a0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:8c:44:3b:d0:21:80:a4:de:09:75:dc:97:c0:34:87:d8:dd:
         97:51:3a:bd:a3:c5:2d:60:3f:d3:39:bb:f9:56:e1:af:eb:a1:
         0b:82:53:39:ff:32:87:74:fb:fb:fa:ce:34:1f:a1:dd:87:ba:
         b7:fc:9f:0e:b8:36:7f:f0:99:ed:31:bd:b9:2f:9f:6a:7e:0b:
         4a:9d:39:0d:46:ce:d3:cc:f9:1a:92:8c:a2:51:7b:89:75:94:
         70:b8:4b:aa:a7:e8:ac:c8:60:89:37:05:80:4f:ad:5c:09:09:
         5a:11:d8:a6:b7:20:51:09:ac:0f:fa:42:bf:b3:1b:2c:fc:84:
         8d:44:9e:3b:8a:42:ad:25:3f:d6:17:b9:6a:f9:82:98:e9:54:
         54:2b:a1:32:49:20:28:43:bf:78:27:34:38:8b:a7:66:e1:c0:
         32:5d:1f:ed:1f:61:cf:a7:b6:14:d6:34:1f:0f:26:6c:1e:65:
         c4:45:eb:73:ea:4d:81:38:9e:5e:de:33:7e:38:bc:58:f8:d4:
         8b:7c:ab:a6:b2:a0:2e:05:1c:8a:73:84:da:5f:15:e7:fc:be:
         91:7c:3f:e6:c8:a9:54:d1:49:d8:3b:6d:4a:ba:72:93:74:75:
         b1:6d:d0:5f:c3:dc:cf:72:05:4f:98:14:98:bf:ce:9a:8b:e8:
         a9:f3:d4:f8
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQl/HHJ30XXedCs4jFCgDdxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNTgyNWNlOGJmNTQ0MTcwMjgyZjcyMGEyNDg0MTQxNTY4
YjBlN2QwHhcNMjUwMTAyMDc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmM1MzM3OTdiOGFhMmJmMjBmMzEyNzZhOTAwMDg2ZDljMmUyZGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsd/f7d9MgqN6dDY4p+H8SL0V1u3a
RPTw4R68Zw622hoF8SYYV/E97TwR8Kx9XRrFCLCMiSeDax4JaXOmqF/lX+EIsCf+
DsbnYiik4IqkGPmIPiiWWx8G16kEApBTTxGXVxw+6ePqD8Da6tw9k+ztQH5cdzZg
YllRYj1Bt3Aa32OiLhs/6ZL1piMgiCSzzkIkQnMd3sXMCBZyhT7MOatOijqvW0yL
rRVvSQRGOYF+IDBn3fLmaeUJnep0MBqYPkiLVjU/G1U61IAZKgkSmKPWN6lUWCL+
up4enAeguV2FdNLEaMc7QwDbjgjSZQfisHf+YbGPUpwznZxOqgDzvBUNDwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGLFM3l7iqK/IPMSdqkACG2cLi3QMB8GA1UdIwQY
MBaAFFNYJc6L9UQXAoL3IKJIQUFWiw59MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTFnbHpvdjFSQmNDZ3ZjZ29raEJRVmFMRG4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8wMWY3MzYtYWY4My00NTZjLThiNDUt
NTE0NmFiN2VhMDE1LzEvWXNVemVYdUtvcjhnOHhKMnFRQUliWnd1TGRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8wMWY3MzYtYWY4My00NTZjLThiNDUtNTE0NmFiN2VhMDE1
LzEvVTFnbHpvdjFSQmNDZ3ZjZ29raEJRVmFMRG4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuXtRAwQF
1FRAMA0EAgACMAcDBQMqABSgMA0GCSqGSIb3DQEBCwUAA4IBAQBejEQ70CGApN4J
ddyXwDSH2N2XUTq9o8UtYD/TObv5VuGv66ELglM5/zKHdPv7+s40H6Hdh7q3/J8O
uDZ/8JntMb25L59qfgtKnTkNRs7TzPkakoyiUXuJdZRwuEuqp+isyGCJNwWAT61c
CQlaEdimtyBRCawP+kK/sxss/ISNRJ47ikKtJT/WF7lq+YKY6VRUK6EySSAoQ794
JzQ4i6dm4cAyXR/tH2HPp7YU1jQfDyZsHmXERetz6k2BOJ5e3jN+OLxY+NSLfKum
sqAuBRyKc4TaXxXn/L6RfD/myKlU0UnYO21KunKTdHWxbdBfw9zPcgVPmBSYv86a
i+ip89T4
-----END CERTIFICATE-----