Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/d10b94-4105-45e2-a707-5224cf13f586/1/ZDtq1PMJ4bLyAZfBGau1LOZbhVo.roa
File:                     ZDtq1PMJ4bLyAZfBGau1LOZbhVo.roa (raw, json)
Hash identifier:          5gtTH68znUnL5wSNptf/RMiVSTqEWoz6mOv5UjN0EII=
Subject key identifier:   64:3B:6A:D4:F3:09:E1:B2:F2:01:97:C1:19:AB:B5:2C:E6:5B:85:5A
Certificate issuer:       /CN=3680651aba066b4084a7ed20d7f5201b2296c197
Certificate serial:       0193634B2863C695E766E5FF108A81FCCD3D
Authority key identifier: 36:80:65:1A:BA:06:6B:40:84:A7:ED:20:D7:F5:20:1B:22:96:C1:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NoBlGroGa0CEp-0g1_UgGyKWwZc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/d10b94-4105-45e2-a707-5224cf13f586/1/ZDtq1PMJ4bLyAZfBGau1LOZbhVo.roa
Signing time:             Mon 25 Nov 2024 12:28:10 +0000
ROA not before:           Mon 25 Nov 2024 12:28:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35725
IP address blocks:        89.33.32.0/21 maxlen: 21
                          89.33.48.0/21 maxlen: 21
                          178.138.0.0/16 maxlen: 16
                          178.138.0.0/18 maxlen: 18
                          178.138.1.0/24 maxlen: 24
                          178.138.32.0/22 maxlen: 22
                          178.138.36.0/24 maxlen: 24
                          178.138.38.0/24 maxlen: 24
                          178.138.39.0/24 maxlen: 24
                          178.138.40.0/23 maxlen: 23
                          178.138.42.0/24 maxlen: 24
                          178.138.43.0/24 maxlen: 24
                          178.138.62.0/24 maxlen: 24
                          178.138.63.0/24 maxlen: 24
                          178.138.96.0/22 maxlen: 22
                          178.138.96.0/23 maxlen: 23
                          178.138.98.0/23 maxlen: 23
                          178.138.104.0/24 maxlen: 24
                          178.138.126.0/23 maxlen: 23
                          178.138.192.0/23 maxlen: 23
                          178.138.194.0/23 maxlen: 23
                          193.104.247.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:63:4b:28:63:c6:95:e7:66:e5:ff:10:8a:81:fc:cd:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3680651aba066b4084a7ed20d7f5201b2296c197
        Validity
            Not Before: Nov 25 12:28:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=643b6ad4f309e1b2f20197c119abb52ce65b855a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:96:fa:22:a1:8e:18:6e:ce:8b:de:f6:21:eb:
                    9d:56:73:ed:b9:e4:7b:5e:ad:93:f2:23:14:20:e2:
                    db:99:63:26:2a:6e:b0:cc:95:ec:a2:43:29:48:9b:
                    c1:d9:46:07:33:64:94:7c:2c:c9:cd:97:bd:ec:93:
                    dd:ad:51:2c:0e:b2:cc:46:1e:f8:48:fc:92:c0:9d:
                    53:43:98:0a:db:72:37:76:91:1d:04:7b:fa:f6:d4:
                    7e:24:ac:8a:4b:cc:d8:9d:10:ab:0f:84:a3:59:2e:
                    56:9a:26:82:c4:fd:44:4c:f2:3a:07:89:01:a3:82:
                    45:af:0c:e6:cc:b5:6d:06:15:84:06:28:41:fc:6e:
                    91:ee:2a:f1:32:2c:0d:de:7d:53:8a:dc:a0:99:8a:
                    0b:a2:b1:0c:8c:90:7f:9a:e2:fc:b2:e8:bf:7a:67:
                    22:7b:d9:0a:7b:0c:70:b7:1c:60:98:c3:21:37:35:
                    a7:92:0d:4d:d2:3d:e4:85:46:23:52:4c:9d:6e:bd:
                    d1:a8:43:79:ad:08:20:be:7d:b1:d1:da:d9:ac:74:
                    46:16:3d:87:86:c5:7f:84:7e:74:e3:9c:f2:23:93:
                    3f:51:13:02:ce:50:65:32:9f:bf:02:2d:d4:38:5f:
                    b3:3e:f3:7d:4f:65:a7:f6:e0:86:57:12:38:1e:e2:
                    21:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:3B:6A:D4:F3:09:E1:B2:F2:01:97:C1:19:AB:B5:2C:E6:5B:85:5A
            X509v3 Authority Key Identifier:
                keyid:36:80:65:1A:BA:06:6B:40:84:A7:ED:20:D7:F5:20:1B:22:96:C1:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NoBlGroGa0CEp-0g1_UgGyKWwZc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/d10b94-4105-45e2-a707-5224cf13f586/1/ZDtq1PMJ4bLyAZfBGau1LOZbhVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/d10b94-4105-45e2-a707-5224cf13f586/1/NoBlGroGa0CEp-0g1_UgGyKWwZc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.32.0/21
                  89.33.48.0/21
                  178.138.0.0/16
                  193.104.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:c5:df:11:12:1a:32:c6:b4:ce:fe:67:f6:76:ad:38:2e:87:
         ef:ec:bc:15:18:d9:d8:4f:6b:16:5e:33:1b:68:f6:6a:47:93:
         08:da:42:2b:fc:a4:b3:6e:b4:19:57:3b:58:a8:2b:67:2f:f5:
         94:bf:49:19:a1:df:e2:aa:ca:19:65:be:72:db:a3:d5:83:dd:
         92:06:30:17:91:7e:eb:ca:11:b6:80:64:0d:66:3c:38:df:22:
         8f:88:13:76:89:b9:a8:47:3e:f2:db:fb:b1:44:ac:d2:9d:96:
         8e:d3:a0:67:e3:5c:60:b1:ff:f1:d6:76:45:9d:0b:93:39:b0:
         ef:2b:58:9d:6b:c4:d3:b7:20:b3:2a:17:62:41:a3:9c:45:48:
         59:ac:8a:7e:b7:e4:00:c0:dc:88:d4:33:22:dd:b0:f6:d6:ab:
         87:54:9c:ae:c1:e9:e9:61:26:a7:cd:91:1e:4c:a0:0d:9c:73:
         d0:88:13:63:27:78:f8:c5:a6:63:3c:30:41:fb:27:39:0c:78:
         db:d0:38:26:6a:4f:5a:a4:d4:27:3b:df:ce:38:96:3c:e1:0b:
         76:ca:dd:83:e6:83:ba:f5:e8:d6:d2:18:8c:23:7d:28:58:c3:
         89:7d:8a:b5:a9:5f:de:91:ee:ff:c6:06:5e:43:20:fe:df:23:
         f8:2e:9a:ea
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZNjSyhjxpXnZuX/EIqB/M09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ODA2NTFhYmEwNjZiNDA4NGE3ZWQyMGQ3ZjUyMDFiMjI5
NmMxOTcwHhcNMjQxMTI1MTIyODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDNiNmFkNGYzMDllMWIyZjIwMTk3YzExOWFiYjUyY2U2NWI4NTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Jb6IqGOGG7Oi972IeudVnPtueR7
Xq2T8iMUIOLbmWMmKm6wzJXsokMpSJvB2UYHM2SUfCzJzZe97JPdrVEsDrLMRh74
SPySwJ1TQ5gK23I3dpEdBHv69tR+JKyKS8zYnRCrD4SjWS5WmiaCxP1ETPI6B4kB
o4JFrwzmzLVtBhWEBihB/G6R7irxMiwN3n1TitygmYoLorEMjJB/muL8sui/emci
e9kKewxwtxxgmMMhNzWnkg1N0j3khUYjUkydbr3RqEN5rQggvn2x0drZrHRGFj2H
hsV/hH5045zyI5M/URMCzlBlMp+/Ai3UOF+zPvN9T2Wn9uCGVxI4HuIhewIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGQ7atTzCeGy8gGXwRmrtSzmW4VaMB8GA1UdIwQY
MBaAFDaAZRq6BmtAhKftINf1IBsilsGXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm9CbEdyb0dhMENFcC0wZzFfVWdHeUtXd1pjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9kMTBiOTQtNDEwNS00NWUyLWE3MDct
NTIyNGNmMTNmNTg2LzEvWkR0cTFQTUo0Ykx5QVpmQkdhdTFMT1piaFZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9kMTBiOTQtNDEwNS00NWUyLWE3MDctNTIyNGNmMTNmNTg2
LzEvTm9CbEdyb0dhMENFcC0wZzFfVWdHeUtXd1pjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAATAXAwQDWSEgAwQD
WSEwAwMAsooDBADBaPcwDQYJKoZIhvcNAQELBQADggEBAFfF3xESGjLGtM7+Z/Z2
rTguh+/svBUY2dhPaxZeMxto9mpHkwjaQiv8pLNutBlXO1ioK2cv9ZS/SRmh3+Kq
yhllvnLbo9WD3ZIGMBeRfuvKEbaAZA1mPDjfIo+IE3aJuahHPvLb+7FErNKdlo7T
oGfjXGCx//HWdkWdC5M5sO8rWJ1rxNO3ILMqF2JBo5xFSFmsin635ADA3IjUMyLd
sPbWq4dUnK7B6elhJqfNkR5MoA2cc9CIE2MnePjFpmM8MEH7JzkMeNvQOCZqT1qk
1Cc73844ljzhC3bK3YPmg7r16NbSGIwjfShYw4l9irWpX96R7v/GBl5DIP7fI/gu
muo=
-----END CERTIFICATE-----