Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/VNgrFCXC6qS8TNps447OxlX8nGY.roa
File:                     VNgrFCXC6qS8TNps447OxlX8nGY.roa (raw, json)
Hash identifier:          amThVjNGNu8Q9uIvlrtcKr2OoymveH71c6BE6WCbqn0=
Subject key identifier:   54:D8:2B:14:25:C2:EA:A4:BC:4C:DA:6C:E3:8E:CE:C6:55:FC:9C:66
Certificate issuer:       /CN=e9b1320fbc24d6f4366cb64fcf5ed2d7b1b6bdf7
Certificate serial:       0193728EA16CAEEC1B2D5EF49F9A183AC8D6
Authority key identifier: E9:B1:32:0F:BC:24:D6:F4:36:6C:B6:4F:CF:5E:D2:D7:B1:B6:BD:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6bEyD7wk1vQ2bLZPz17S17G2vfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/VNgrFCXC6qS8TNps447OxlX8nGY.roa
Signing time:             Thu 28 Nov 2024 11:36:10 +0000
ROA not before:           Thu 28 Nov 2024 11:36:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41937
IP address blocks:        5.134.104.0/21 maxlen: 21
                          91.185.96.0/19 maxlen: 19
                          91.204.52.0/22 maxlen: 22
                          178.237.216.0/22 maxlen: 22
                          178.237.216.0/23 maxlen: 23
                          178.237.216.0/24 maxlen: 24
                          178.237.217.0/24 maxlen: 24
                          178.237.218.0/23 maxlen: 23
                          178.237.218.0/24 maxlen: 24
                          178.237.219.0/24 maxlen: 24
                          178.237.220.0/22 maxlen: 22
                          178.237.220.0/23 maxlen: 23
                          178.237.220.0/24 maxlen: 24
                          178.237.221.0/24 maxlen: 24
                          178.237.222.0/23 maxlen: 23
                          178.237.222.0/24 maxlen: 24
                          178.237.223.0/24 maxlen: 24
                          2a00:cf00::/32 maxlen: 48
                          2a06:63c0::/29 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:72:8e:a1:6c:ae:ec:1b:2d:5e:f4:9f:9a:18:3a:c8:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9b1320fbc24d6f4366cb64fcf5ed2d7b1b6bdf7
        Validity
            Not Before: Nov 28 11:36:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54d82b1425c2eaa4bc4cda6ce38ecec655fc9c66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f1:b7:11:6e:ac:42:0d:7a:69:c8:fa:f1:85:
                    5d:09:10:7a:6e:a9:65:c3:2b:2d:2c:cd:90:2a:8c:
                    e1:be:9a:58:01:ab:9a:ab:4e:1f:01:de:45:2c:f6:
                    c2:66:e3:f6:14:4f:e3:d3:bc:15:89:df:d5:a0:30:
                    58:63:9d:ae:7b:fd:65:07:ff:1a:22:65:38:28:53:
                    e2:52:92:d7:37:0b:8f:40:46:7e:c4:d7:c3:0f:ad:
                    c2:da:2e:1b:d3:f8:65:ec:2b:f2:d2:22:11:4a:bb:
                    46:b7:0c:2c:67:8c:2d:1b:ae:bf:43:87:37:fe:45:
                    ab:13:87:50:f3:01:9d:7b:db:0e:6e:45:d9:93:53:
                    b0:e2:b2:23:fd:9c:d1:68:b7:a3:72:d0:46:02:12:
                    9e:f0:33:71:73:73:32:c3:e2:df:a3:30:0b:26:9e:
                    3b:28:f7:74:b7:a2:67:31:82:ea:35:6c:23:71:02:
                    3f:b5:ea:20:f1:ee:60:d2:e6:6c:1d:28:c9:e5:af:
                    a3:1b:8b:28:5e:ae:42:ca:ef:1b:67:a5:3e:6c:a7:
                    17:fa:f9:3d:80:13:d3:6c:51:8f:58:a5:6d:d7:4c:
                    18:b1:84:92:88:9e:b8:aa:0f:ed:7c:c1:bd:d5:69:
                    be:97:40:da:2d:0d:a9:7e:79:ae:24:9a:95:e7:6e:
                    c2:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:D8:2B:14:25:C2:EA:A4:BC:4C:DA:6C:E3:8E:CE:C6:55:FC:9C:66
            X509v3 Authority Key Identifier:
                keyid:E9:B1:32:0F:BC:24:D6:F4:36:6C:B6:4F:CF:5E:D2:D7:B1:B6:BD:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6bEyD7wk1vQ2bLZPz17S17G2vfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/VNgrFCXC6qS8TNps447OxlX8nGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/6bEyD7wk1vQ2bLZPz17S17G2vfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.134.104.0/21
                  91.185.96.0/19
                  91.204.52.0/22
                  178.237.216.0/21
                IPv6:
                  2a00:cf00::/32
                  2a06:63c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a1:18:15:44:ac:47:e4:eb:df:78:79:2c:41:c7:24:02:e9:ae:
         de:ef:b7:65:75:84:dc:7d:4a:55:db:c2:e5:27:74:39:07:93:
         b7:17:83:96:89:48:15:41:ce:78:c6:df:e7:4b:f0:98:7b:94:
         22:ad:8d:a5:be:db:b6:d6:82:a8:cf:b4:a3:b4:2c:a7:a5:f1:
         72:bf:65:d5:df:82:6d:93:5f:aa:b9:c8:c7:6c:f1:26:e7:51:
         c6:2c:9f:c3:de:77:09:74:8d:07:48:9e:82:66:a0:13:d2:11:
         16:d4:3d:6c:2f:43:33:44:07:49:09:de:fe:02:95:ea:af:85:
         15:95:61:ac:63:27:3b:f1:8a:10:84:3e:7e:1e:e8:14:03:4a:
         66:41:ed:a4:ef:ec:26:82:3d:e8:c9:cf:cf:6f:20:c0:b6:23:
         7c:1c:76:52:04:c4:02:3f:5e:fa:96:c1:0b:64:0a:e9:01:c1:
         e4:72:5c:3b:8f:09:84:1a:41:b0:de:de:71:bf:bf:57:db:c9:
         ff:54:86:bb:48:67:d6:bb:d6:55:23:a0:d9:21:e0:6d:16:40:
         90:64:fd:1a:ed:6e:04:e4:80:f4:97:cc:cd:7f:ee:ec:01:fd:
         bf:f4:c4:23:00:aa:8b:b1:87:45:35:d2:f5:49:ec:19:ce:03:
         f5:92:c0:03
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZNyjqFsruwbLV70n5oYOsjWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YjEzMjBmYmMyNGQ2ZjQzNjZjYjY0ZmNmNWVkMmQ3YjFi
NmJkZjcwHhcNMjQxMTI4MTEzNjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGQ4MmIxNDI1YzJlYWE0YmM0Y2RhNmNlMzhlY2VjNjU1ZmM5YzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfG3EW6sQg16acj68YVdCRB6bqll
wystLM2QKozhvppYAauaq04fAd5FLPbCZuP2FE/j07wVid/VoDBYY52ue/1lB/8a
ImU4KFPiUpLXNwuPQEZ+xNfDD63C2i4b0/hl7Cvy0iIRSrtGtwwsZ4wtG66/Q4c3
/kWrE4dQ8wGde9sObkXZk1Ow4rIj/ZzRaLejctBGAhKe8DNxc3Myw+LfozALJp47
KPd0t6JnMYLqNWwjcQI/teog8e5g0uZsHSjJ5a+jG4soXq5Cyu8bZ6U+bKcX+vk9
gBPTbFGPWKVt10wYsYSSiJ64qg/tfMG91Wm+l0DaLQ2pfnmuJJqV527CjQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFFTYKxQlwuqkvEzabOOOzsZV/JxmMB8GA1UdIwQY
MBaAFOmxMg+8JNb0Nmy2T89e0textr33MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmJFeUQ3d2sxdlEyYkxaUHoxN1MxN0cydmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9kZjFjYjUtNWY0OC00NmEwLWE3NmUt
ZDNlMjgwMGJkNjQwLzEvVk5nckZDWEM2cVM4VE5wczQ0N094bFg4bkdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9kZjFjYjUtNWY0OC00NmEwLWE3NmUtZDNlMjgwMGJkNjQw
LzEvNmJFeUQ3d2sxdlEyYkxaUHoxN1MxN0cydmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQDBYZoAwQF
W7lgAwQCW8w0AwQDsu3YMBQEAgACMA4DBQAqAM8AAwUDKgZjwDANBgkqhkiG9w0B
AQsFAAOCAQEAoRgVRKxH5OvfeHksQcckAumu3u+3ZXWE3H1KVdvC5Sd0OQeTtxeD
lolIFUHOeMbf50vwmHuUIq2Npb7bttaCqM+0o7Qsp6Xxcr9l1d+CbZNfqrnIx2zx
JudRxiyfw953CXSNB0iegmagE9IRFtQ9bC9DM0QHSQne/gKV6q+FFZVhrGMnO/GK
EIQ+fh7oFANKZkHtpO/sJoI96MnPz28gwLYjfBx2UgTEAj9e+pbBC2QK6QHB5HJc
O48JhBpBsN7ecb+/V9vJ/1SGu0hn1rvWVSOg2SHgbRZAkGT9Gu1uBOSA9JfMzX/u
7AH9v/TEIwCqi7GHRTXS9UnsGc4D9ZLAAw==
-----END CERTIFICATE-----