Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/TE5fERJgHgtYxUJy4wePwz5mU_w.roa
File:                     TE5fERJgHgtYxUJy4wePwz5mU_w.roa (raw, json)
Hash identifier:          OE1lv0k4N/61BtYex08ZD3aXtpKmdMMTc1Zc1Tz9A/I=
Subject key identifier:   4C:4E:5F:11:12:60:1E:0B:58:C5:42:72:E3:07:8F:C3:3E:66:53:FC
Certificate issuer:       /CN=e9b1320fbc24d6f4366cb64fcf5ed2d7b1b6bdf7
Certificate serial:       019425217276BB826BDF4A1E7BA22E339DEA
Authority key identifier: E9:B1:32:0F:BC:24:D6:F4:36:6C:B6:4F:CF:5E:D2:D7:B1:B6:BD:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6bEyD7wk1vQ2bLZPz17S17G2vfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/TE5fERJgHgtYxUJy4wePwz5mU_w.roa
Signing time:             Thu 02 Jan 2025 03:48:56 +0000
ROA not before:           Thu 02 Jan 2025 03:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41937
IP address blocks:        5.134.104.0/21 maxlen: 21
                          91.185.96.0/19 maxlen: 19
                          91.204.52.0/22 maxlen: 22
                          178.237.216.0/22 maxlen: 22
                          178.237.216.0/23 maxlen: 23
                          178.237.216.0/24 maxlen: 24
                          178.237.217.0/24 maxlen: 24
                          178.237.218.0/23 maxlen: 23
                          178.237.218.0/24 maxlen: 24
                          178.237.219.0/24 maxlen: 24
                          178.237.220.0/22 maxlen: 22
                          178.237.220.0/23 maxlen: 23
                          178.237.220.0/24 maxlen: 24
                          178.237.221.0/24 maxlen: 24
                          178.237.222.0/23 maxlen: 23
                          178.237.222.0/24 maxlen: 24
                          178.237.223.0/24 maxlen: 24
                          2a00:cf00::/32 maxlen: 48
                          2a06:63c0::/29 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:72:76:bb:82:6b:df:4a:1e:7b:a2:2e:33:9d:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9b1320fbc24d6f4366cb64fcf5ed2d7b1b6bdf7
        Validity
            Not Before: Jan  2 03:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c4e5f1112601e0b58c54272e3078fc33e6653fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:32:b1:f9:14:5c:4b:56:11:27:02:32:28:72:
                    e6:79:9b:01:0f:94:f5:32:52:80:38:53:9e:7b:c1:
                    9c:d8:20:0f:80:d0:98:da:6d:8e:f9:07:04:e4:7e:
                    da:33:c3:51:67:94:a3:fa:83:2e:ef:aa:c6:d8:f3:
                    ce:5e:ee:ac:5e:6c:c1:cd:6c:f2:e4:19:a4:96:39:
                    77:b0:6b:00:3c:9d:40:ce:f9:a2:6d:1b:54:74:df:
                    ca:63:db:39:ad:19:a4:1c:2d:dc:2c:b5:b0:c4:d0:
                    8a:84:6d:76:26:0b:87:bc:1b:0f:c5:98:ca:75:44:
                    7b:4a:f2:c0:77:59:4b:0d:b2:85:4b:31:42:18:94:
                    9c:97:0d:b5:24:7c:09:eb:29:aa:f0:9c:2c:5a:34:
                    bf:fb:0a:79:c0:b4:ef:bc:01:be:16:77:3e:74:11:
                    73:c8:5e:64:bb:80:65:ab:5b:25:59:17:a8:aa:ad:
                    06:c7:37:2c:2c:17:d1:48:05:94:69:e6:7e:d3:2e:
                    8c:94:c9:75:71:5d:d2:f3:e4:a6:77:e9:63:a9:3e:
                    49:69:55:84:9b:e8:0e:3f:a0:84:1c:ae:ff:3b:70:
                    21:4e:61:7d:d0:bb:b2:21:27:7d:43:84:51:52:99:
                    6f:fb:20:fc:49:c9:9c:2e:ac:eb:72:94:fd:0f:75:
                    ff:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:4E:5F:11:12:60:1E:0B:58:C5:42:72:E3:07:8F:C3:3E:66:53:FC
            X509v3 Authority Key Identifier:
                keyid:E9:B1:32:0F:BC:24:D6:F4:36:6C:B6:4F:CF:5E:D2:D7:B1:B6:BD:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6bEyD7wk1vQ2bLZPz17S17G2vfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/TE5fERJgHgtYxUJy4wePwz5mU_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/6bEyD7wk1vQ2bLZPz17S17G2vfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.134.104.0/21
                  91.185.96.0/19
                  91.204.52.0/22
                  178.237.216.0/21
                IPv6:
                  2a00:cf00::/32
                  2a06:63c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7a:0e:22:2d:de:05:4a:cf:20:03:ae:7a:a4:fe:a6:88:b8:2e:
         5f:9a:19:c9:d3:fd:d0:44:e8:14:9c:e0:2e:b5:b8:79:7b:2f:
         dd:12:22:c2:0e:51:04:73:7f:12:ac:92:78:17:19:56:8a:1d:
         1c:95:c9:32:33:6d:6b:8a:4e:e5:6b:2a:0a:f7:1f:8f:07:88:
         25:8a:87:44:5e:b0:df:0e:02:cd:79:6a:2b:e7:9a:3d:b9:cc:
         32:fb:1f:af:22:be:1b:4f:b0:c9:d3:3f:78:24:7d:a2:1f:46:
         75:44:31:02:01:a8:3f:a8:d7:9f:3f:d7:a0:25:04:4a:ba:da:
         f5:b8:12:03:03:69:e7:4c:05:64:e2:9b:12:a5:dc:a5:57:c7:
         0a:64:f5:54:b4:da:ee:fd:b5:ec:a7:18:fb:0b:07:1f:d5:ad:
         51:f7:18:4a:01:ce:be:73:e5:ca:20:4f:42:f5:e3:2d:f3:26:
         d7:02:e6:9a:3d:5d:15:2e:e6:8e:f8:13:6a:e9:83:e5:2b:63:
         89:0b:85:7d:3f:43:80:58:70:45:c0:d2:21:59:bd:06:af:15:
         69:e6:6d:ce:bf:98:e8:7c:13:be:70:bc:f9:76:77:f8:2b:54:
         61:dd:21:77:78:8b:f9:79:29:34:16:9d:9d:64:61:75:04:bc:
         aa:b9:af:25
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZQlIXJ2u4Jr30oee6IuM53qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YjEzMjBmYmMyNGQ2ZjQzNjZjYjY0ZmNmNWVkMmQ3YjFi
NmJkZjcwHhcNMjUwMTAyMDM0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzRlNWYxMTEyNjAxZTBiNThjNTQyNzJlMzA3OGZjMzNlNjY1M2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjKx+RRcS1YRJwIyKHLmeZsBD5T1
MlKAOFOee8Gc2CAPgNCY2m2O+QcE5H7aM8NRZ5Sj+oMu76rG2PPOXu6sXmzBzWzy
5Bmkljl3sGsAPJ1AzvmibRtUdN/KY9s5rRmkHC3cLLWwxNCKhG12JguHvBsPxZjK
dUR7SvLAd1lLDbKFSzFCGJSclw21JHwJ6ymq8JwsWjS/+wp5wLTvvAG+Fnc+dBFz
yF5ku4Blq1slWReoqq0GxzcsLBfRSAWUaeZ+0y6MlMl1cV3S8+Smd+ljqT5JaVWE
m+gOP6CEHK7/O3AhTmF90LuyISd9Q4RRUplv+yD8ScmcLqzrcpT9D3X/ywIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFExOXxESYB4LWMVCcuMHj8M+ZlP8MB8GA1UdIwQY
MBaAFOmxMg+8JNb0Nmy2T89e0textr33MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmJFeUQ3d2sxdlEyYkxaUHoxN1MxN0cydmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9kZjFjYjUtNWY0OC00NmEwLWE3NmUt
ZDNlMjgwMGJkNjQwLzEvVEU1ZkVSSmdIZ3RZeFVKeTR3ZVB3ejVtVV93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9kZjFjYjUtNWY0OC00NmEwLWE3NmUtZDNlMjgwMGJkNjQw
LzEvNmJFeUQ3d2sxdlEyYkxaUHoxN1MxN0cydmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQDBYZoAwQF
W7lgAwQCW8w0AwQDsu3YMBQEAgACMA4DBQAqAM8AAwUDKgZjwDANBgkqhkiG9w0B
AQsFAAOCAQEAeg4iLd4FSs8gA656pP6miLguX5oZydP90EToFJzgLrW4eXsv3RIi
wg5RBHN/EqySeBcZVoodHJXJMjNta4pO5WsqCvcfjweIJYqHRF6w3w4CzXlqK+ea
PbnMMvsfryK+G0+wydM/eCR9oh9GdUQxAgGoP6jXnz/XoCUESrra9bgSAwNp50wF
ZOKbEqXcpVfHCmT1VLTa7v217KcY+wsHH9WtUfcYSgHOvnPlyiBPQvXjLfMm1wLm
mj1dFS7mjvgTaumD5StjiQuFfT9DgFhwRcDSIVm9Bq8VaeZtzr+Y6HwTvnC8+XZ3
+CtUYd0hd3iL+XkpNBadnWRhdQS8qrmvJQ==
-----END CERTIFICATE-----