Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/6WLkt-CJrHz9HrmJ80IE8yLiggQ.roa
File:                     6WLkt-CJrHz9HrmJ80IE8yLiggQ.roa (raw, json)
Hash identifier:          A1D8GCMAKibxSwfJYYFLTLyOk7V1Z8lwvSAEOW0OnkI=
Subject key identifier:   E9:62:E4:B7:E0:89:AC:7C:FD:1E:B9:89:F3:42:04:F3:22:E2:82:04
Certificate issuer:       /CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Certificate serial:       01956EA4A9A87C1A60AADAAB30ED31BB0404
Authority key identifier: BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/6WLkt-CJrHz9HrmJ80IE8yLiggQ.roa
Signing time:             Fri 07 Mar 2025 03:27:19 +0000
ROA not before:           Fri 07 Mar 2025 03:27:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39494
IP address blocks:        31.177.85.0/24 maxlen: 24
                          31.177.86.0/23 maxlen: 24
                          79.174.72.0/22 maxlen: 22
                          89.104.64.0/19 maxlen: 19
                          89.104.76.0/24 maxlen: 24
                          89.104.78.0/23 maxlen: 23
                          89.111.128.0/18 maxlen: 18
                          89.111.144.0/20 maxlen: 20
                          89.111.160.0/20 maxlen: 24
                          89.111.176.0/20 maxlen: 20
                          89.111.176.0/22 maxlen: 22
                          89.111.177.0/24 maxlen: 24
                          91.217.21.0/24 maxlen: 24
                          2a01:d8::/32 maxlen: 48
                          2a02:2090::/32 maxlen: 48
                          2a02:2090:e400::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6e:a4:a9:a8:7c:1a:60:aa:da:ab:30:ed:31:bb:04:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
        Validity
            Not Before: Mar  7 03:27:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e962e4b7e089ac7cfd1eb989f34204f322e28204
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7f:de:8a:98:73:11:6c:2e:83:22:3b:bd:ac:
                    18:98:75:60:ea:65:44:f6:d4:48:49:f6:63:f6:c4:
                    ff:f8:7f:77:87:6e:8d:0c:2d:40:60:1c:de:e0:8e:
                    d9:21:6d:ac:41:45:3c:22:9e:22:57:a9:5a:64:2a:
                    df:b0:60:1c:1e:7c:97:ee:64:eb:2a:88:72:95:f4:
                    65:00:15:8a:f7:f6:85:ef:b2:a4:72:4a:67:a3:d6:
                    3e:8d:3c:97:20:fe:3b:9d:40:db:2c:4e:4b:64:8e:
                    07:b1:08:fe:19:8f:94:9a:2b:97:26:8e:7d:a5:89:
                    89:db:f2:a0:36:6f:47:69:7e:cd:9d:b9:d3:7f:76:
                    fc:25:30:85:73:6a:18:99:c0:d3:47:2a:09:3c:e9:
                    4c:8e:ba:30:e7:ba:4e:64:fd:a0:af:0e:c9:13:81:
                    d9:f7:38:48:a6:e3:99:9d:79:c7:c2:08:24:e3:e2:
                    91:38:a8:d1:b7:34:d4:46:fe:95:92:5c:27:d2:aa:
                    28:8f:f6:5c:b8:5b:ec:ae:75:61:f1:b3:8d:3d:a1:
                    0b:d4:46:9a:16:60:c5:d5:8a:fb:6f:8d:42:29:80:
                    db:ab:f6:d1:b6:86:90:5f:2f:12:ce:f9:4c:ad:8e:
                    96:c8:35:cf:60:40:ff:ae:46:a7:7d:37:74:73:5e:
                    ca:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:62:E4:B7:E0:89:AC:7C:FD:1E:B9:89:F3:42:04:F3:22:E2:82:04
            X509v3 Authority Key Identifier:
                keyid:BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/6WLkt-CJrHz9HrmJ80IE8yLiggQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.177.85.0-31.177.87.255
                  79.174.72.0/22
                  89.104.64.0/19
                  89.111.128.0/18
                  91.217.21.0/24
                IPv6:
                  2a01:d8::/32
                  2a02:2090::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:8a:7f:15:e6:ed:d9:41:00:f0:80:d8:d7:a6:59:cd:46:68:
         e2:63:1e:4a:d1:c7:72:3a:bf:b5:0b:9a:1f:7e:d1:64:8c:46:
         72:6d:8e:b9:f2:a7:79:ef:eb:2b:42:95:2d:fa:d8:fe:d1:1c:
         9f:ce:0e:9a:29:a8:4d:ea:aa:48:38:fe:eb:d5:e2:9e:7a:e3:
         05:1c:c7:1c:15:15:a0:ca:17:73:3c:b9:aa:f1:9f:ae:03:64:
         45:52:f9:bb:6f:bb:4f:26:3f:b1:47:d6:32:96:6d:55:b3:82:
         36:e9:72:2c:f6:e3:e9:c1:71:33:c7:33:85:5f:59:f2:b5:94:
         75:68:f0:22:8d:da:cc:c5:10:06:0b:4a:4c:5f:bb:1f:a1:ce:
         d0:c3:91:47:21:bc:e3:ca:01:a4:ad:08:40:83:e8:cf:8d:d9:
         cf:77:af:57:0e:83:76:00:e6:6e:93:a2:9b:5c:cc:bd:d2:8d:
         9b:96:de:1f:b1:d9:45:e2:d1:43:2c:74:1a:67:b8:88:e4:20:
         dd:b3:4f:51:99:80:11:dc:f6:5a:15:44:2e:b9:84:1d:69:4c:
         20:af:fb:9d:63:ab:8d:f0:80:49:ac:b4:d9:e2:95:0e:9e:94:
         31:ee:ec:fc:56:c0:19:3e:cf:41:e8:21:47:d2:aa:48:d5:8c:
         b8:68:09:53
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZVupKmofBpgqtqrMO0xuwQEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmFkMjNlMTFjZjBkMjRhNDc3NTk0ZWJhMDlmOTlhY2M2
ZjFmZmYwHhcNMjUwMzA3MDMyNzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTYyZTRiN2UwODlhYzdjZmQxZWI5ODlmMzQyMDRmMzIyZTI4MjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApn/eiphzEWwugyI7vawYmHVg6mVE
9tRISfZj9sT/+H93h26NDC1AYBze4I7ZIW2sQUU8Ip4iV6laZCrfsGAcHnyX7mTr
KohylfRlABWK9/aF77Kkckpno9Y+jTyXIP47nUDbLE5LZI4HsQj+GY+UmiuXJo59
pYmJ2/KgNm9HaX7NnbnTf3b8JTCFc2oYmcDTRyoJPOlMjrow57pOZP2grw7JE4HZ
9zhIpuOZnXnHwggk4+KROKjRtzTURv6Vklwn0qooj/ZcuFvsrnVh8bONPaEL1Eaa
FmDF1Yr7b41CKYDbq/bRtoaQXy8SzvlMrY6WyDXPYED/rkanfTd0c17KIwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFOli5Lfgiax8/R65ifNCBPMi4oIEMB8GA1UdIwQY
MBaAFL360j4Rzw0kpHdZTroJ+ZrMbx//MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEt
NGY0ZTcxZTMyMDg0LzEvNldMa3QtQ0pySHo5SHJtSjgwSUU4eUxpZ2dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEtNGY0ZTcxZTMyMDg0
LzEvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAsBAIAATAmMAwDBAAfsVUD
BAMfsVADBAJPrkgDBAVZaEADBAZZb4ADBABb2RUwFAQCAAIwDgMFACoBANgDBQAq
AiCQMA0GCSqGSIb3DQEBCwUAA4IBAQALin8V5u3ZQQDwgNjXplnNRmjiYx5K0cdy
Or+1C5offtFkjEZybY658qd57+srQpUt+tj+0Ryfzg6aKahN6qpIOP7r1eKeeuMF
HMccFRWgyhdzPLmq8Z+uA2RFUvm7b7tPJj+xR9Yylm1Vs4I26XIs9uPpwXEzxzOF
X1nytZR1aPAijdrMxRAGC0pMX7sfoc7Qw5FHIbzjygGkrQhAg+jPjdnPd69XDoN2
AOZuk6KbXMy90o2blt4fsdlF4tFDLHQaZ7iI5CDds09RmYAR3PZaFUQuuYQdaUwg
r/udY6uN8IBJrLTZ4pUOnpQx7uz8VsAZPs9B6CFH0qpI1Yy4aAlT
-----END CERTIFICATE-----