Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/1Ha8srIAp9WOKKhksHpGuM5AJxs.roa
File:                     1Ha8srIAp9WOKKhksHpGuM5AJxs.roa (raw, json)
Hash identifier:          eIlLhqb6Klu7eWMj9sibnBFq4kfPdmxjT0rsiJwbmWs=
Subject key identifier:   D4:76:BC:B2:B2:00:A7:D5:8E:28:A8:64:B0:7A:46:B8:CE:40:27:1B
Certificate issuer:       /CN=63082d6d3a1dc501795737537ca74d27a80265a2
Certificate serial:       019523D90F658C46138926924C9D787D0A7D
Authority key identifier: 63:08:2D:6D:3A:1D:C5:01:79:57:37:53:7C:A7:4D:27:A8:02:65:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YwgtbTodxQF5VzdTfKdNJ6gCZaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/1Ha8srIAp9WOKKhksHpGuM5AJxs.roa
Signing time:             Thu 20 Feb 2025 14:53:02 +0000
ROA not before:           Thu 20 Feb 2025 14:53:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62205
IP address blocks:        79.174.184.0/21 maxlen: 21
                          91.209.128.0/23 maxlen: 23
                          91.209.130.0/24 maxlen: 24
                          139.28.180.0/22 maxlen: 22
                          139.28.180.0/23 maxlen: 23
                          139.28.182.0/23 maxlen: 23
                          178.213.80.0/21 maxlen: 21
                          178.213.80.0/23 maxlen: 23
                          178.213.81.0/24 maxlen: 24
                          178.213.82.0/23 maxlen: 23
                          178.213.84.0/23 maxlen: 23
                          178.213.86.0/23 maxlen: 23
                          185.44.164.0/22 maxlen: 24
                          185.77.228.0/22 maxlen: 22
                          185.77.240.0/22 maxlen: 22
                          2a01:72a0::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:23:d9:0f:65:8c:46:13:89:26:92:4c:9d:78:7d:0a:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63082d6d3a1dc501795737537ca74d27a80265a2
        Validity
            Not Before: Feb 20 14:53:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d476bcb2b200a7d58e28a864b07a46b8ce40271b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:95:8d:0f:25:77:b8:f0:e7:7f:a0:5c:55:bd:
                    1b:90:52:4f:ea:4e:ab:66:96:f6:fb:26:17:eb:6f:
                    d7:fa:f5:c8:40:3c:19:a1:6e:e0:76:40:9f:29:18:
                    86:2f:33:46:af:80:10:81:85:fd:c6:b6:a8:cc:df:
                    22:01:a7:a7:d6:64:b6:16:bf:18:9c:fe:7c:6d:05:
                    f9:10:3f:cd:47:ae:7b:c5:fb:8f:0d:6e:61:ef:c8:
                    56:88:d0:98:b3:52:4b:02:40:9e:43:cc:4e:5d:a2:
                    34:db:88:2f:94:b3:7b:dd:6b:8f:dc:f1:60:a2:9e:
                    9e:2f:27:6c:2b:98:d2:33:6a:db:58:ed:e5:5b:43:
                    fc:8c:af:1c:6d:5b:34:fb:a9:23:d0:50:df:d6:91:
                    5f:1e:52:31:72:ad:c2:99:a6:7d:3e:de:a1:86:3d:
                    8c:6f:db:d0:0d:36:30:e6:02:22:f9:98:25:ca:e0:
                    5b:e2:95:34:e3:c1:19:67:58:08:4f:72:74:ac:29:
                    d5:22:2b:3e:de:2a:8d:2d:ba:ce:ae:40:40:68:6a:
                    6d:8c:1e:34:ef:57:a2:aa:64:ba:fb:4f:7b:94:ad:
                    f9:42:80:27:35:40:06:b1:8b:9f:59:bd:81:97:93:
                    00:01:1d:7e:c0:57:85:88:b9:3e:23:a5:fb:d1:d7:
                    eb:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:76:BC:B2:B2:00:A7:D5:8E:28:A8:64:B0:7A:46:B8:CE:40:27:1B
            X509v3 Authority Key Identifier:
                keyid:63:08:2D:6D:3A:1D:C5:01:79:57:37:53:7C:A7:4D:27:A8:02:65:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YwgtbTodxQF5VzdTfKdNJ6gCZaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/1Ha8srIAp9WOKKhksHpGuM5AJxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/YwgtbTodxQF5VzdTfKdNJ6gCZaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.174.184.0/21
                  91.209.128.0-91.209.130.255
                  139.28.180.0/22
                  178.213.80.0/21
                  185.44.164.0/22
                  185.77.228.0/22
                  185.77.240.0/22
                IPv6:
                  2a01:72a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:66:94:5a:1c:ab:25:0e:7b:d8:7c:e8:fe:a3:b3:1e:0d:2f:
         21:2b:b0:ab:1e:ee:51:d5:fa:43:b2:7b:32:21:91:d9:81:61:
         04:5d:03:1b:1c:eb:ee:0f:bb:ea:33:74:0d:4d:28:13:d6:b5:
         ac:c3:a5:3d:0e:2f:53:5f:9a:dd:83:15:8e:f9:c3:4d:58:54:
         30:ab:af:26:7d:11:43:85:0d:65:a3:6c:3a:13:99:c1:a8:19:
         1d:9c:5f:96:6f:34:a2:c1:75:8a:11:5b:86:9b:df:d7:5b:9b:
         5e:b6:28:bb:95:d6:66:55:80:62:30:e1:59:4b:7c:6a:f7:41:
         80:55:49:d8:97:de:20:55:ad:e7:3d:eb:e1:0b:8f:34:b7:0f:
         51:2b:47:f8:0c:01:7d:54:3f:cc:90:86:76:39:7e:16:46:eb:
         e5:8c:1b:83:36:8f:ab:44:90:f7:3b:4a:f2:62:3b:87:6c:1a:
         b4:4e:d6:f0:ba:1b:f6:39:10:32:d0:ea:71:5e:0a:ed:9f:b9:
         b7:02:98:0a:bf:1a:72:88:f9:19:cd:4a:8a:8e:eb:09:91:12:
         db:80:18:c2:6a:81:5b:2b:b6:a0:48:be:ad:63:83:0f:f6:5f:
         36:1e:56:c5:c5:4b:13:24:98:a5:4e:ae:fb:a7:08:56:26:f6:
         e8:87:3c:e8
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZUj2Q9ljEYTiSaSTJ14fQp9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMDgyZDZkM2ExZGM1MDE3OTU3Mzc1MzdjYTc0ZDI3YTgw
MjY1YTIwHhcNMjUwMjIwMTQ1MzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDc2YmNiMmIyMDBhN2Q1OGUyOGE4NjRiMDdhNDZiOGNlNDAyNzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJWNDyV3uPDnf6BcVb0bkFJP6k6r
Zpb2+yYX62/X+vXIQDwZoW7gdkCfKRiGLzNGr4AQgYX9xraozN8iAaen1mS2Fr8Y
nP58bQX5ED/NR657xfuPDW5h78hWiNCYs1JLAkCeQ8xOXaI024gvlLN73WuP3PFg
op6eLydsK5jSM2rbWO3lW0P8jK8cbVs0+6kj0FDf1pFfHlIxcq3CmaZ9Pt6hhj2M
b9vQDTYw5gIi+ZglyuBb4pU048EZZ1gIT3J0rCnVIis+3iqNLbrOrkBAaGptjB40
71eiqmS6+097lK35QoAnNUAGsYufWb2Bl5MAAR1+wFeFiLk+I6X70dfrAwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFNR2vLKyAKfVjiioZLB6RrjOQCcbMB8GA1UdIwQY
MBaAFGMILW06HcUBeVc3U3ynTSeoAmWiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXdndGJUb2R4UUY1VnpkVGZLZE5KNmdDWmFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85N2UxZTItNTY3Zi00MTRlLTliMDMt
YzE4YWQzNmE3YjMwLzEvMUhhOHNySUFwOVdPS0toa3NIcEd1TTVBSnhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85N2UxZTItNTY3Zi00MTRlLTliMDMtYzE4YWQzNmE3YjMw
LzEvWXdndGJUb2R4UUY1VnpkVGZLZE5KNmdDWmFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQDT664MAwD
BAdb0YADBABb0YIDBAKLHLQDBAOy1VADBAK5LKQDBAK5TeQDBAK5TfAwDQQCAAIw
BwMFACoBcqAwDQYJKoZIhvcNAQELBQADggEBAGpmlFocqyUOe9h86P6jsx4NLyEr
sKse7lHV+kOyezIhkdmBYQRdAxsc6+4Pu+ozdA1NKBPWtazDpT0OL1Nfmt2DFY75
w01YVDCrryZ9EUOFDWWjbDoTmcGoGR2cX5ZvNKLBdYoRW4ab39dbm162KLuV1mZV
gGIw4VlLfGr3QYBVSdiX3iBVrec96+ELjzS3D1ErR/gMAX1UP8yQhnY5fhZG6+WM
G4M2j6tEkPc7SvJiO4dsGrRO1vC6G/Y5EDLQ6nFeCu2fubcCmAq/GnKI+RnNSoqO
6wmREtuAGMJqgVsrtqBIvq1jgw/2XzYeVsXFSxMkmKVOrvunCFYm9uiHPOg=
-----END CERTIFICATE-----