Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/i30xTo-UR4_VbHo8fjprUc4AF6g.roa
File:                     i30xTo-UR4_VbHo8fjprUc4AF6g.roa (raw, json)
Hash identifier:          a1dsNKX1kvmUfXHRJMRlL3dZirJz9clcR1rF2jPzapU=
Subject key identifier:   8B:7D:31:4E:8F:94:47:8F:D5:6C:7A:3C:7E:3A:6B:51:CE:00:17:A8
Certificate issuer:       /CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Certificate serial:       01961E96F5EE1EBDE090BCEA0DC366D4EF8E
Authority key identifier: 81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/i30xTo-UR4_VbHo8fjprUc4AF6g.roa
Signing time:             Thu 10 Apr 2025 07:25:31 +0000
ROA not before:           Thu 10 Apr 2025 07:25:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3265
IP address blocks:        62.216.0.0/19 maxlen: 19
                          80.100.0.0/15 maxlen: 15
                          82.92.0.0/14 maxlen: 14
                          82.161.0.0/16 maxlen: 16
                          83.68.0.0/20 maxlen: 20
                          83.68.16.0/21 maxlen: 21
                          83.68.24.0/22 maxlen: 22
                          83.68.28.0/24 maxlen: 24
                          83.68.29.0/24 maxlen: 24
                          83.68.31.0/24 maxlen: 24
                          194.109.0.0/16 maxlen: 16
                          195.64.80.0/20 maxlen: 20
                          213.222.0.0/19 maxlen: 19
                          2001:888::/29 maxlen: 29
                          2001:888::/30 maxlen: 30
                          2001:888::/32 maxlen: 32
                          2001:980::/29 maxlen: 29
                          2001:980::/30 maxlen: 30
                          2001:980::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1e:96:f5:ee:1e:bd:e0:90:bc:ea:0d:c3:66:d4:ef:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
        Validity
            Not Before: Apr 10 07:25:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b7d314e8f94478fd56c7a3c7e3a6b51ce0017a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:8e:7a:bb:40:1e:17:4c:e8:9c:ef:ac:6d:22:
                    83:42:08:6c:92:95:91:b6:e3:41:21:11:3e:0b:dc:
                    00:ae:6d:85:04:ee:40:af:08:45:23:84:64:cf:c6:
                    07:e1:03:16:f0:30:70:b0:09:1e:e7:8c:7d:84:a3:
                    00:fe:cd:46:a0:e6:d9:d0:b2:dc:32:2a:5f:9b:8c:
                    63:07:4e:03:30:25:a0:52:4a:ab:02:62:a9:f9:5b:
                    76:70:27:d2:90:8d:3d:93:05:f9:fb:78:65:a2:4a:
                    f9:95:af:3f:ea:40:c4:81:a3:a0:28:0e:78:6e:6e:
                    fd:31:30:7a:d9:52:f7:38:92:eb:34:70:19:21:68:
                    70:67:2f:a4:4a:5e:70:07:96:8e:da:c1:b8:a6:a4:
                    0f:ca:10:a5:ad:c6:60:79:69:36:01:59:60:60:5a:
                    a8:7f:28:b3:70:0a:ac:d7:c4:7f:fc:d5:ee:0f:59:
                    be:91:ad:89:ff:46:58:f0:66:32:4e:6f:d9:ba:f2:
                    f5:5a:b1:53:53:74:d0:e5:08:ca:84:b9:34:06:ef:
                    bb:06:31:de:43:d7:a1:e3:5e:28:f7:8e:b0:ad:96:
                    31:3b:15:b2:ba:5e:63:5a:5c:f0:fe:7e:f1:7b:ee:
                    df:1b:ed:db:98:65:76:5b:45:e4:c0:02:c1:e1:b7:
                    14:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:7D:31:4E:8F:94:47:8F:D5:6C:7A:3C:7E:3A:6B:51:CE:00:17:A8
            X509v3 Authority Key Identifier:
                keyid:81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/i30xTo-UR4_VbHo8fjprUc4AF6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.216.0.0/19
                  80.100.0.0/15
                  82.92.0.0/14
                  82.161.0.0/16
                  83.68.0.0-83.68.29.255
                  83.68.31.0/24
                  194.109.0.0/16
                  195.64.80.0/20
                  213.222.0.0/19
                IPv6:
                  2001:888::/29
                  2001:980::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:75:d7:a1:6f:da:d8:18:9c:d9:7c:f3:01:a3:47:18:af:ad:
         b7:38:e4:20:78:36:ba:fe:d1:34:c9:8e:77:97:a0:05:2b:bb:
         e4:75:dd:83:4d:f5:e9:05:81:8e:2f:4c:de:b9:64:86:79:e4:
         a9:65:3f:c1:04:a5:64:6d:55:1e:99:cd:d9:50:79:1e:be:d7:
         8c:e3:c1:bf:02:ef:21:d9:87:3b:de:78:c0:86:8f:37:3e:f3:
         5c:4f:7b:22:86:74:c5:48:34:46:40:9d:d1:b8:8d:28:ab:03:
         65:1d:fd:19:7b:e4:f3:a9:45:7e:ac:94:3a:45:62:3f:74:bb:
         e4:f9:de:2d:b1:4a:61:eb:0c:33:01:a9:58:c8:40:ae:41:17:
         22:db:c1:37:05:e4:e1:15:9f:2e:6f:bf:ae:44:89:e8:dd:b6:
         2a:04:2d:f1:0b:2d:01:43:3b:7f:0e:61:51:5f:4c:c1:2f:f4:
         fa:11:42:03:ab:0d:5c:79:0b:59:54:1e:18:a0:32:46:c3:74:
         2b:82:34:e9:17:0c:34:46:6d:14:28:34:28:b0:ed:1d:77:40:
         1e:49:3d:d2:ff:80:ae:a7:e1:c6:96:f0:57:78:46:da:9a:4a:
         23:a0:84:82:f4:ea:24:45:f4:3e:b2:67:04:51:d2:49:b2:51:
         6d:fe:c6:ce
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAZYelvXuHr3gkLzqDcNm1O+OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZWVkNDA5MTM4M2Q5ZWQ0MDU2ZDlmNGVmZjdkMjYyMmRk
Y2UyMDUwHhcNMjUwNDEwMDcyNTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjdkMzE0ZThmOTQ0NzhmZDU2YzdhM2M3ZTNhNmI1MWNlMDAxN2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Y56u0AeF0zonO+sbSKDQghskpWR
tuNBIRE+C9wArm2FBO5ArwhFI4Rkz8YH4QMW8DBwsAke54x9hKMA/s1GoObZ0LLc
Mipfm4xjB04DMCWgUkqrAmKp+Vt2cCfSkI09kwX5+3hlokr5la8/6kDEgaOgKA54
bm79MTB62VL3OJLrNHAZIWhwZy+kSl5wB5aO2sG4pqQPyhClrcZgeWk2AVlgYFqo
fyizcAqs18R//NXuD1m+ka2J/0ZY8GYyTm/ZuvL1WrFTU3TQ5QjKhLk0Bu+7BjHe
Q9eh414o946wrZYxOxWyul5jWlzw/n7xe+7fG+3bmGV2W0XkwALB4bcUlwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFIt9MU6PlEeP1Wx6PH46a1HOABeoMB8GA1UdIwQY
MBaAFIHu1AkTg9ntQFbZ9O/30mIt3OIFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2Et
ODcyYjM3MTBjMmExLzEvaTMweFRvLVVSNF9WYkhvOGZqcHJVYzRBRjZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2EtODcyYjM3MTBjMmEx
LzEvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzA/BAIAATA5AwQFPtgAAwMB
UGQDAwJSXAMDAFKhMAsDAwJTRAMEAVNEHAMEAFNEHwMDAMJtAwQEw0BQAwQF1d4A
MBQEAgACMA4DBQMgAQiIAwUDIAEJgDANBgkqhkiG9w0BAQsFAAOCAQEAE3XXoW/a
2Bic2XzzAaNHGK+ttzjkIHg2uv7RNMmOd5egBSu75HXdg0316QWBji9M3rlkhnnk
qWU/wQSlZG1VHpnN2VB5Hr7XjOPBvwLvIdmHO954wIaPNz7zXE97IoZ0xUg0RkCd
0biNKKsDZR39GXvk86lFfqyUOkViP3S75PneLbFKYesMMwGpWMhArkEXItvBNwXk
4RWfLm+/rkSJ6N22KgQt8QstAUM7fw5hUV9MwS/0+hFCA6sNXHkLWVQeGKAyRsN0
K4I06RcMNEZtFCg0KLDtHXdAHkk90v+ArqfhxpbwV3hG2ppKI6CEgvTqJEX0PrJn
BFHSSbJRbf7Gzg==
-----END CERTIFICATE-----