Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/OBC2jp5FIHT7G9c2m1xsJUD2ivs.roa
File:                     OBC2jp5FIHT7G9c2m1xsJUD2ivs.roa (raw, json)
Hash identifier:          DrwuyysosoB70lBjSllnHo3rVU0U0NusilzO8tRi9Q0=
Subject key identifier:   38:10:B6:8E:9E:45:20:74:FB:1B:D7:36:9B:5C:6C:25:40:F6:8A:FB
Certificate issuer:       /CN=f0ff2c6229af763a99f5349a32510df4a4526143
Certificate serial:       0194252167D91E16EC72C086A2988826932F
Authority key identifier: F0:FF:2C:62:29:AF:76:3A:99:F5:34:9A:32:51:0D:F4:A4:52:61:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/OBC2jp5FIHT7G9c2m1xsJUD2ivs.roa
Signing time:             Thu 02 Jan 2025 03:48:53 +0000
ROA not before:           Thu 02 Jan 2025 03:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25472
IP address blocks:        37.6.0.0/16 maxlen: 24
                          46.190.0.0/17 maxlen: 24
                          62.169.192.0/18 maxlen: 24
                          79.107.0.0/16 maxlen: 24
                          80.245.160.0/20 maxlen: 24
                          81.92.48.0/20 maxlen: 24
                          84.254.0.0/18 maxlen: 24
                          91.140.0.0/17 maxlen: 24
                          109.242.0.0/16 maxlen: 24
                          176.58.128.0/17 maxlen: 24
                          185.3.220.0/22 maxlen: 24
                          188.73.192.0/18 maxlen: 24
                          2a03:f000::/29 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:67:d9:1e:16:ec:72:c0:86:a2:98:88:26:93:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0ff2c6229af763a99f5349a32510df4a4526143
        Validity
            Not Before: Jan  2 03:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3810b68e9e452074fb1bd7369b5c6c2540f68afb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d2:57:1b:f0:c8:40:34:92:36:8c:e0:b1:68:
                    a5:c9:37:49:ae:36:4e:6a:8c:bb:77:8c:93:f3:58:
                    2c:a6:24:ea:38:45:f2:79:e2:eb:6b:12:58:85:7e:
                    f5:a1:e6:ef:49:31:84:49:09:8e:fe:25:9b:5d:36:
                    c3:29:16:85:d0:81:5a:02:28:2c:dd:94:94:0b:62:
                    1d:85:ef:fe:4a:87:4b:44:e4:4f:fb:71:a3:50:e0:
                    bc:94:f3:60:ee:38:4e:fc:a6:0d:19:10:10:50:a0:
                    be:9f:21:7c:10:72:bd:37:75:22:0c:97:89:1e:7e:
                    22:f6:ef:15:20:2b:26:6e:2f:a4:03:b6:26:fb:20:
                    bb:c5:0f:d0:0d:fa:9d:f8:bc:8a:a4:9f:c0:2b:de:
                    f7:d3:de:ed:c2:76:f0:fb:ad:3a:8e:91:4c:bc:96:
                    77:2b:c4:77:e6:4f:4d:d8:c9:b3:39:19:94:7a:d8:
                    b6:58:d8:83:cb:11:46:8a:b8:f0:8c:ff:ec:66:10:
                    2f:0b:80:89:4e:ea:32:26:6f:15:61:f2:cd:f4:87:
                    db:fd:f5:08:50:d8:14:35:89:e6:33:58:c5:cf:9d:
                    6a:bc:29:bb:76:dc:fe:26:5d:d4:45:b8:08:2e:d1:
                    5b:0d:62:36:e2:2e:18:8a:b5:81:38:af:a9:4f:9f:
                    37:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:10:B6:8E:9E:45:20:74:FB:1B:D7:36:9B:5C:6C:25:40:F6:8A:FB
            X509v3 Authority Key Identifier:
                keyid:F0:FF:2C:62:29:AF:76:3A:99:F5:34:9A:32:51:0D:F4:A4:52:61:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/OBC2jp5FIHT7G9c2m1xsJUD2ivs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.6.0.0/16
                  46.190.0.0/17
                  62.169.192.0/18
                  79.107.0.0/16
                  80.245.160.0/20
                  81.92.48.0/20
                  84.254.0.0/18
                  91.140.0.0/17
                  109.242.0.0/16
                  176.58.128.0/17
                  185.3.220.0/22
                  188.73.192.0/18
                IPv6:
                  2a03:f000::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:50:1a:16:8e:21:31:62:3b:31:e6:d9:73:34:51:44:16:71:
         1e:e7:32:46:fb:5d:81:e4:e9:a3:28:50:89:e3:57:50:17:c3:
         ea:05:1b:05:36:13:64:10:43:74:9a:be:72:34:5a:98:83:ec:
         e2:fd:9b:2b:cb:02:75:ed:1b:aa:ad:f3:38:9f:c6:ac:b4:c2:
         22:65:7b:c2:3b:b9:31:00:f9:71:e7:9a:1b:ff:b2:e7:46:39:
         f0:3e:94:4c:7f:0d:69:1d:3f:df:25:7d:a0:53:34:b1:1b:cb:
         fd:24:6c:57:8e:24:1b:b4:f0:13:42:9a:db:47:46:55:8b:cf:
         ec:08:d0:1d:ca:a7:fc:eb:4a:1e:42:67:3b:0f:f3:52:02:b9:
         7e:29:76:92:e3:03:b7:67:79:40:b3:13:4a:63:ea:a2:2c:f7:
         d3:0b:25:16:6c:65:47:44:e3:11:3c:89:44:f9:38:0a:4a:46:
         c3:93:72:03:d3:41:83:d9:6f:c3:82:e1:0a:2d:85:20:d6:a4:
         e9:80:6b:03:4a:f0:29:10:f3:f1:b1:77:a7:85:16:b2:e6:c5:
         63:1a:78:7d:f0:88:9a:a2:67:68:1c:33:89:c4:b2:4e:49:56:
         e2:43:34:d3:4c:68:ee:20:1c:cf:c2:f5:cc:be:7d:b6:06:58:
         9d:60:13:ab
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZQlIWfZHhbscsCGopiIJpMvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZmYyYzYyMjlhZjc2M2E5OWY1MzQ5YTMyNTEwZGY0YTQ1
MjYxNDMwHhcNMjUwMTAyMDM0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODEwYjY4ZTllNDUyMDc0ZmIxYmQ3MzY5YjVjNmMyNTQwZjY4YWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtJXG/DIQDSSNozgsWilyTdJrjZO
aoy7d4yT81gspiTqOEXyeeLraxJYhX71oebvSTGESQmO/iWbXTbDKRaF0IFaAigs
3ZSUC2Idhe/+SodLRORP+3GjUOC8lPNg7jhO/KYNGRAQUKC+nyF8EHK9N3UiDJeJ
Hn4i9u8VICsmbi+kA7Ym+yC7xQ/QDfqd+LyKpJ/AK973097twnbw+606jpFMvJZ3
K8R35k9N2MmzORmUeti2WNiDyxFGirjwjP/sZhAvC4CJTuoyJm8VYfLN9Ifb/fUI
UNgUNYnmM1jFz51qvCm7dtz+Jl3URbgILtFbDWI24i4YirWBOK+pT583wQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFDgQto6eRSB0+xvXNptcbCVA9or7MB8GA1UdIwQY
MBaAFPD/LGIpr3Y6mfU0mjJRDfSkUmFDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFA4c1lpbXZkanFaOVRTYU1sRU45S1JTWVVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTFmYTItYzU4MC00YTAyLWExODYt
ZTY5ZjdhNWQyZDkwLzEvT0JDMmpwNUZJSFQ3RzljMm0xeHNKVUQyaXZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTFmYTItYzU4MC00YTAyLWExODYtZTY5ZjdhNWQyZDkw
LzEvOFA4c1lpbXZkanFaOVRTYU1sRU45S1JTWVVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBLBAIAATBFAwMAJQYDBAcu
vgADBAY+qcADAwBPawMEBFD1oAMEBFFcMAMEBlT+AAMEB1uMAAMDAG3yAwQHsDqA
AwQCuQPcAwQGvEnAMA0EAgACMAcDBQMqA/AAMA0GCSqGSIb3DQEBCwUAA4IBAQAS
UBoWjiExYjsx5tlzNFFEFnEe5zJG+12B5OmjKFCJ41dQF8PqBRsFNhNkEEN0mr5y
NFqYg+zi/ZsrywJ17RuqrfM4n8astMIiZXvCO7kxAPlx55ob/7LnRjnwPpRMfw1p
HT/fJX2gUzSxG8v9JGxXjiQbtPATQprbR0ZVi8/sCNAdyqf860oeQmc7D/NSArl+
KXaS4wO3Z3lAsxNKY+qiLPfTCyUWbGVHROMRPIlE+TgKSkbDk3ID00GD2W/DguEK
LYUg1qTpgGsDSvApEPPxsXenhRay5sVjGnh98IiaomdoHDOJxLJOSVbiQzTTTGju
IBzPwvXMvn22BlidYBOr
-----END CERTIFICATE-----