Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/d1faa9-b5a3-4d49-868a-7c7bf27175c5/1/TdGZ39TbjdjBBTMxGvQBWdhQRo4.roa
File:                     TdGZ39TbjdjBBTMxGvQBWdhQRo4.roa (raw, json)
Hash identifier:          lhJrYNrPIHrE1+fMgjz6bgAULgw1D/KiucF41qw2/QE=
Subject key identifier:   4D:D1:99:DF:D4:DB:8D:D8:C1:05:33:31:1A:F4:01:59:D8:50:46:8E
Certificate issuer:       /CN=ac9e2efcdc213ac5b1b0879d922a178b850f451f
Certificate serial:       0195145A14CB7C8268830BC964DB8EE641E0
Authority key identifier: AC:9E:2E:FC:DC:21:3A:C5:B1:B0:87:9D:92:2A:17:8B:85:0F:45:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rJ4u_NwhOsWxsIedkioXi4UPRR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/d1faa9-b5a3-4d49-868a-7c7bf27175c5/1/TdGZ39TbjdjBBTMxGvQBWdhQRo4.roa
Signing time:             Mon 17 Feb 2025 14:40:02 +0000
ROA not before:           Mon 17 Feb 2025 14:40:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29104
IP address blocks:        37.35.0.0/21 maxlen: 21
                          37.35.6.0/24 maxlen: 24
                          185.116.132.0/22 maxlen: 22
                          185.116.134.0/24 maxlen: 24
                          192.54.144.0/24 maxlen: 24
                          192.93.158.0/24 maxlen: 24
                          192.93.159.0/24 maxlen: 24
                          192.93.160.0/24 maxlen: 24
                          192.93.161.0/24 maxlen: 24
                          192.93.166.0/23 maxlen: 23
                          193.56.125.0/24 maxlen: 24
                          193.56.130.0/23 maxlen: 23
                          2a00:4f40::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:14:5a:14:cb:7c:82:68:83:0b:c9:64:db:8e:e6:41:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac9e2efcdc213ac5b1b0879d922a178b850f451f
        Validity
            Not Before: Feb 17 14:40:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4dd199dfd4db8dd8c10533311af40159d850468e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:dc:35:45:40:6f:b8:b7:5b:cd:79:ea:c5:7b:
                    0b:9d:91:fd:57:20:96:71:46:ab:a6:1b:3b:6e:21:
                    68:a7:db:a9:40:3f:01:56:96:92:21:71:2c:68:5e:
                    e1:10:3a:67:dd:a6:91:bf:c4:3a:ba:67:41:b3:95:
                    fe:e3:b1:a8:9f:ac:94:4a:f7:1e:b1:01:f8:81:fa:
                    df:19:2e:4f:5a:0c:ca:bc:b7:ac:16:28:a9:7a:fa:
                    e5:75:19:a1:b6:2d:3e:4b:70:cd:06:dc:6e:9e:8a:
                    e1:fa:c1:c8:02:b2:32:bf:ee:df:fb:fd:e3:4b:4e:
                    ac:df:9a:8c:ac:22:08:80:b8:da:3c:07:d0:66:9c:
                    da:8e:3b:b9:65:cc:18:85:21:44:a2:aa:8d:3e:fa:
                    56:b2:df:c7:b2:6f:78:2c:f2:6b:fb:e8:5e:04:7b:
                    5a:6e:4b:5e:99:1f:03:02:a6:d6:7c:d8:05:62:56:
                    ee:21:07:76:0f:fd:39:ab:78:fb:cb:8a:bf:9f:3c:
                    bc:7e:55:76:af:36:e3:3e:94:d9:60:c7:aa:bc:53:
                    f1:0e:67:6b:47:a1:b5:03:47:71:6e:8a:ed:bb:90:
                    24:a1:19:ff:45:37:45:71:2a:de:b6:41:82:1e:c9:
                    48:c9:f2:49:46:c3:03:db:d9:67:5c:ed:da:a4:0f:
                    2c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:D1:99:DF:D4:DB:8D:D8:C1:05:33:31:1A:F4:01:59:D8:50:46:8E
            X509v3 Authority Key Identifier:
                keyid:AC:9E:2E:FC:DC:21:3A:C5:B1:B0:87:9D:92:2A:17:8B:85:0F:45:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rJ4u_NwhOsWxsIedkioXi4UPRR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/d1faa9-b5a3-4d49-868a-7c7bf27175c5/1/TdGZ39TbjdjBBTMxGvQBWdhQRo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/d1faa9-b5a3-4d49-868a-7c7bf27175c5/1/rJ4u_NwhOsWxsIedkioXi4UPRR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.35.0.0/21
                  185.116.132.0/22
                  192.54.144.0/24
                  192.93.158.0-192.93.161.255
                  192.93.166.0/23
                  193.56.125.0/24
                  193.56.130.0/23
                IPv6:
                  2a00:4f40::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:6d:b0:87:25:fc:64:3c:28:3e:5b:a9:92:b4:7d:3a:c9:9b:
         aa:43:79:e7:08:f5:20:b8:d6:5d:3f:c1:32:63:53:ff:13:90:
         c7:3f:eb:c6:6f:16:c3:a4:37:1a:4f:f7:fc:c1:8d:fe:91:94:
         49:95:3b:b9:e3:f0:9d:35:dc:c6:cb:5b:5c:54:89:5b:10:77:
         e7:08:59:c7:aa:27:98:70:83:7c:05:fb:76:ea:d2:e5:94:e4:
         99:e6:da:7f:c8:f2:1c:aa:73:b4:8e:3f:08:3b:6b:06:64:6d:
         1d:f1:58:d2:aa:f5:e4:e2:1f:d6:ee:0a:32:ce:f7:f3:d3:f2:
         ba:f5:65:f5:dd:72:62:dc:d7:b1:b0:1a:27:7e:e9:3e:c9:df:
         1f:37:75:e7:b4:82:dc:64:45:18:91:35:bd:ff:4d:95:6e:59:
         55:a0:ee:24:86:92:d9:eb:f8:9f:39:60:d4:1c:75:2c:03:71:
         dd:20:aa:62:14:2d:ff:a1:88:6a:08:27:25:cf:32:a3:1c:bb:
         6a:38:66:30:f2:c3:94:3c:69:cd:8f:a3:01:8e:7c:72:a4:94:
         a3:ed:04:4f:5d:12:68:d1:f3:c9:10:ca:c7:0d:09:dd:ca:b6:
         86:a9:31:ee:cb:32:ab:a5:e6:8b:c5:8d:0c:1c:42:49:42:af:
         26:d2:56:60
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZUUWhTLfIJogwvJZNuO5kHgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOWUyZWZjZGMyMTNhYzViMWIwODc5ZDkyMmExNzhiODUw
ZjQ1MWYwHhcNMjUwMjE3MTQ0MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGQxOTlkZmQ0ZGI4ZGQ4YzEwNTMzMzExYWY0MDE1OWQ4NTA0NjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9w1RUBvuLdbzXnqxXsLnZH9VyCW
cUarphs7biFop9upQD8BVpaSIXEsaF7hEDpn3aaRv8Q6umdBs5X+47Gon6yUSvce
sQH4gfrfGS5PWgzKvLesFiipevrldRmhti0+S3DNBtxunorh+sHIArIyv+7f+/3j
S06s35qMrCIIgLjaPAfQZpzajju5ZcwYhSFEoqqNPvpWst/Hsm94LPJr++heBHta
bktemR8DAqbWfNgFYlbuIQd2D/05q3j7y4q/nzy8flV2rzbjPpTZYMeqvFPxDmdr
R6G1A0dxbortu5AkoRn/RTdFcSretkGCHslIyfJJRsMD29lnXO3apA8suQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFE3Rmd/U243YwQUzMRr0AVnYUEaOMB8GA1UdIwQY
MBaAFKyeLvzcITrFsbCHnZIqF4uFD0UfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcko0dV9Od2hPc1d4c0llZGtpb1hpNFVQUlI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9kMWZhYTktYjVhMy00ZDQ5LTg2OGEt
N2M3YmYyNzE3NWM1LzEvVGRHWjM5VGJqZGpCQlRNeEd2UUJXZGhRUm80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9kMWZhYTktYjVhMy00ZDQ5LTg2OGEtN2M3YmYyNzE3NWM1
LzEvcko0dV9Od2hPc1d4c0llZGtpb1hpNFVQUlI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQDJSMAAwQC
uXSEAwQAwDaQMAwDBAHAXZ4DBAHAXaADBAHAXaYDBADBOH0DBAHBOIIwDQQCAAIw
BwMFACoAT0AwDQYJKoZIhvcNAQELBQADggEBAIhtsIcl/GQ8KD5bqZK0fTrJm6pD
eecI9SC41l0/wTJjU/8TkMc/68ZvFsOkNxpP9/zBjf6RlEmVO7nj8J013MbLW1xU
iVsQd+cIWceqJ5hwg3wF+3bq0uWU5Jnm2n/I8hyqc7SOPwg7awZkbR3xWNKq9eTi
H9buCjLO9/PT8rr1ZfXdcmLc17GwGid+6T7J3x83dee0gtxkRRiRNb3/TZVuWVWg
7iSGktnr+J85YNQcdSwDcd0gqmIULf+hiGoIJyXPMqMcu2o4ZjDyw5Q8ac2PowGO
fHKklKPtBE9dEmjR88kQyscNCd3KtoapMe7LMqul5ovFjQwcQklCrybSVmA=
-----END CERTIFICATE-----