Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/c3fcd9-00c8-436b-8c01-a5fea604ad53/1/TTDv1twa5Oq2wS4kqb31Wa4mKwc.roa
File:                     TTDv1twa5Oq2wS4kqb31Wa4mKwc.roa (raw, json)
Hash identifier:          kNwC0HcE7BSu6NKB5QfTvVm3I8iIUDuBU4W9LJhw8AE=
Subject key identifier:   4D:30:EF:D6:DC:1A:E4:EA:B6:C1:2E:24:A9:BD:F5:59:AE:26:2B:07
Certificate issuer:       /CN=73fdae1505049e446d5b0d144acc860d6c18167c
Certificate serial:       019421B194FFEA16A6320DFB2FF6C5797868
Authority key identifier: 73:FD:AE:15:05:04:9E:44:6D:5B:0D:14:4A:CC:86:0D:6C:18:16:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_2uFQUEnkRtWw0USsyGDWwYFnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/c3fcd9-00c8-436b-8c01-a5fea604ad53/1/TTDv1twa5Oq2wS4kqb31Wa4mKwc.roa
Signing time:             Wed 01 Jan 2025 11:47:53 +0000
ROA not before:           Wed 01 Jan 2025 11:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201601
IP address blocks:        94.177.25.0/24 maxlen: 24
                          176.112.144.0/22 maxlen: 22
                          176.112.148.0/22 maxlen: 22
                          176.112.152.0/24 maxlen: 24
                          176.112.153.0/24 maxlen: 24
                          176.112.154.0/24 maxlen: 24
                          176.112.155.0/24 maxlen: 24
                          176.112.156.0/22 maxlen: 22
                          185.68.208.0/22 maxlen: 22
                          185.68.208.0/24 maxlen: 24
                          185.68.209.0/24 maxlen: 24
                          185.68.210.0/24 maxlen: 24
                          185.68.211.0/24 maxlen: 24
                          2a05:1cc0::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:94:ff:ea:16:a6:32:0d:fb:2f:f6:c5:79:78:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73fdae1505049e446d5b0d144acc860d6c18167c
        Validity
            Not Before: Jan  1 11:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d30efd6dc1ae4eab6c12e24a9bdf559ae262b07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:58:07:ce:32:2d:cc:c8:15:e6:aa:58:d6:60:
                    de:9e:85:87:93:6e:a9:55:7a:56:de:49:40:66:e4:
                    55:b6:fe:93:d0:02:a6:27:1b:e0:97:c3:5e:69:a6:
                    09:48:df:72:e4:8b:ed:9b:72:9f:e8:3b:cf:78:83:
                    b3:ff:58:f3:2d:5f:0f:e5:55:a7:07:8c:76:bb:2c:
                    2e:82:47:7f:c9:1d:df:28:5d:75:a3:41:23:49:c8:
                    92:c2:9d:68:84:1a:c8:2c:48:e9:59:bc:81:72:d9:
                    25:7b:61:e7:31:7d:a6:64:bc:02:ab:4c:70:88:ab:
                    60:1b:4c:aa:84:01:51:4e:78:5e:57:fe:89:f6:8c:
                    6b:e2:55:2c:a1:75:9b:86:d6:30:28:13:9a:8c:04:
                    af:32:96:4d:9f:68:38:60:97:8f:34:ca:38:3d:c0:
                    bc:bb:70:e1:19:16:96:17:ac:bf:6a:d8:87:aa:9f:
                    83:3f:90:80:f7:f3:ba:88:63:1e:25:4f:7a:f4:5b:
                    78:86:08:2d:d7:91:a7:8d:2f:a9:aa:af:27:22:ba:
                    1e:f3:b4:ec:a2:7d:92:fa:80:d5:20:8d:67:77:f6:
                    5a:50:26:93:5e:8b:7d:5b:60:3e:d9:2e:5c:c6:ed:
                    32:da:d8:86:27:d7:92:b2:dd:13:76:17:e6:34:22:
                    e8:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:30:EF:D6:DC:1A:E4:EA:B6:C1:2E:24:A9:BD:F5:59:AE:26:2B:07
            X509v3 Authority Key Identifier:
                keyid:73:FD:AE:15:05:04:9E:44:6D:5B:0D:14:4A:CC:86:0D:6C:18:16:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_2uFQUEnkRtWw0USsyGDWwYFnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/c3fcd9-00c8-436b-8c01-a5fea604ad53/1/TTDv1twa5Oq2wS4kqb31Wa4mKwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/c3fcd9-00c8-436b-8c01-a5fea604ad53/1/c_2uFQUEnkRtWw0USsyGDWwYFnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.177.25.0/24
                  176.112.144.0/20
                  185.68.208.0/22
                IPv6:
                  2a05:1cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:c4:cb:27:4a:7a:79:da:41:a9:4b:1b:b2:c9:e8:2b:0c:bb:
         c1:9f:d6:76:bb:09:df:95:2b:fc:67:07:14:13:5a:b7:87:a5:
         e8:58:03:9f:ec:be:2a:e9:e5:15:ac:09:fd:67:57:72:7b:26:
         8d:65:84:0c:ac:60:c4:1d:6e:6e:ee:98:70:6d:3a:63:63:aa:
         da:57:4d:7e:42:4c:28:f1:d1:71:33:ff:88:0c:94:cb:cd:19:
         f7:c6:70:d1:f1:13:e0:da:07:74:4c:e2:52:2c:df:a1:16:34:
         11:04:5b:8d:62:df:e8:29:0c:7d:77:35:f2:99:a0:c7:f5:92:
         14:17:0a:7f:07:bd:a0:63:d0:61:f1:ed:76:61:6b:f7:6e:7f:
         7f:3e:77:0c:35:0d:a4:2e:13:06:4a:d9:11:71:bb:3c:61:48:
         5e:18:a1:d2:5a:44:a7:04:c9:7e:bf:7a:5c:84:df:d4:b0:48:
         1d:27:d2:9e:cd:62:31:64:9d:ab:5b:90:44:0d:c5:d7:28:92:
         fb:c0:5a:9d:0b:de:d7:58:b2:3a:b2:34:76:4f:a2:64:bb:7d:
         fc:1f:9d:2a:e0:a4:b7:2b:7b:a6:b6:3f:b3:38:18:89:2b:bc:
         73:d7:40:7e:b2:1a:ee:8f:bc:3d:f3:bf:9c:94:7b:77:86:f5:
         af:27:0a:9a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQhsZT/6hamMg37L/bFeXhoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZmRhZTE1MDUwNDllNDQ2ZDViMGQxNDRhY2M4NjBkNmMx
ODE2N2MwHhcNMjUwMTAxMTE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDMwZWZkNmRjMWFlNGVhYjZjMTJlMjRhOWJkZjU1OWFlMjYyYjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFgHzjItzMgV5qpY1mDenoWHk26p
VXpW3klAZuRVtv6T0AKmJxvgl8NeaaYJSN9y5Ivtm3Kf6DvPeIOz/1jzLV8P5VWn
B4x2uywugkd/yR3fKF11o0EjSciSwp1ohBrILEjpWbyBctkle2HnMX2mZLwCq0xw
iKtgG0yqhAFRTnheV/6J9oxr4lUsoXWbhtYwKBOajASvMpZNn2g4YJePNMo4PcC8
u3DhGRaWF6y/atiHqp+DP5CA9/O6iGMeJU969Ft4hggt15GnjS+pqq8nIroe87Ts
on2S+oDVII1nd/ZaUCaTXot9W2A+2S5cxu0y2tiGJ9eSst0TdhfmNCLovwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFE0w79bcGuTqtsEuJKm99VmuJisHMB8GA1UdIwQY
MBaAFHP9rhUFBJ5EbVsNFErMhg1sGBZ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY18ydUZRVUVua1J0V3cwVVNzeUdEV3dZRm53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jM2ZjZDktMDBjOC00MzZiLThjMDEt
YTVmZWE2MDRhZDUzLzEvVFREdjF0d2E1T3Eyd1M0a3FiMzFXYTRtS3djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jM2ZjZDktMDBjOC00MzZiLThjMDEtYTVmZWE2MDRhZDUz
LzEvY18ydUZRVUVua1J0V3cwVVNzeUdEV3dZRm53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAXrEZAwQE
sHCQAwQCuUTQMA0EAgACMAcDBQMqBRzAMA0GCSqGSIb3DQEBCwUAA4IBAQA4xMsn
Snp52kGpSxuyyegrDLvBn9Z2uwnflSv8ZwcUE1q3h6XoWAOf7L4q6eUVrAn9Z1dy
eyaNZYQMrGDEHW5u7phwbTpjY6raV01+Qkwo8dFxM/+IDJTLzRn3xnDR8RPg2gd0
TOJSLN+hFjQRBFuNYt/oKQx9dzXymaDH9ZIUFwp/B72gY9Bh8e12YWv3bn9/PncM
NQ2kLhMGStkRcbs8YUheGKHSWkSnBMl+v3pchN/UsEgdJ9KezWIxZJ2rW5BEDcXX
KJL7wFqdC97XWLI6sjR2T6Jku338H50q4KS3K3umtj+zOBiJK7xz10B+shruj7w9
87+clHt3hvWvJwqa
-----END CERTIFICATE-----