Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/ad5545-f8af-4278-90a5-a3bbc87a77cc/1/9GHYyQxjIAaL8idlitP2zYbsDjA.roa
File:                     9GHYyQxjIAaL8idlitP2zYbsDjA.roa (raw, json)
Hash identifier:          RL9eBc6j8CiAvBwDEIUMqLZtPOvwgVV2Phu4g1DvLkU=
Subject key identifier:   F4:61:D8:C9:0C:63:20:06:8B:F2:27:65:8A:D3:F6:CD:86:EC:0E:30
Certificate issuer:       /CN=f5d901201ff0b1b97ef3d1a72da41e18f0145762
Certificate serial:       0194206860251006CA8F7296E0A910F335DE
Authority key identifier: F5:D9:01:20:1F:F0:B1:B9:7E:F3:D1:A7:2D:A4:1E:18:F0:14:57:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9dkBIB_wsbl-89GnLaQeGPAUV2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/ad5545-f8af-4278-90a5-a3bbc87a77cc/1/9GHYyQxjIAaL8idlitP2zYbsDjA.roa
Signing time:             Wed 01 Jan 2025 05:48:18 +0000
ROA not before:           Wed 01 Jan 2025 05:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8855
IP address blocks:        212.78.0.0/24 maxlen: 24
                          212.78.2.0/24 maxlen: 24
                          212.78.3.0/24 maxlen: 24
                          212.78.4.0/24 maxlen: 24
                          212.78.5.0/24 maxlen: 24
                          212.78.6.0/24 maxlen: 24
                          212.78.7.0/24 maxlen: 24
                          212.78.9.0/24 maxlen: 24
                          212.78.10.0/24 maxlen: 24
                          212.78.11.0/24 maxlen: 24
                          212.78.12.0/24 maxlen: 24
                          212.78.13.0/24 maxlen: 24
                          212.78.14.0/24 maxlen: 24
                          212.78.15.0/24 maxlen: 24
                          212.78.26.0/24 maxlen: 24
                          212.78.28.0/23 maxlen: 23
                          212.78.28.0/24 maxlen: 24
                          212.78.29.0/24 maxlen: 24
                          212.78.31.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:60:25:10:06:ca:8f:72:96:e0:a9:10:f3:35:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5d901201ff0b1b97ef3d1a72da41e18f0145762
        Validity
            Not Before: Jan  1 05:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f461d8c90c6320068bf227658ad3f6cd86ec0e30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:a9:65:df:36:9c:5d:6e:39:94:1c:4f:2b:8a:
                    48:6d:d2:b9:3f:fb:5a:14:ef:66:fc:07:71:7b:43:
                    b7:c4:22:7d:a7:6e:9b:a3:f6:4b:cc:2e:79:88:a7:
                    fb:96:ef:75:c0:2b:8a:9b:24:ed:39:00:37:aa:4a:
                    fb:0f:96:84:1e:86:40:9a:b8:6e:8a:dd:78:65:fe:
                    69:50:a9:f7:81:d2:34:2f:9e:dc:77:b1:3c:d4:05:
                    98:60:c9:14:66:ed:ab:20:71:c4:db:07:52:82:a0:
                    69:cb:82:b0:99:96:ee:ba:70:f3:cb:cf:28:cc:2e:
                    3c:35:7b:18:b3:98:4b:94:58:ee:46:b7:fc:25:02:
                    bb:09:c0:13:f9:63:b8:0e:bd:4e:6c:f8:53:f9:4a:
                    ed:4f:7e:bf:e2:e5:58:06:a2:45:29:8d:2b:ea:76:
                    b4:78:06:fb:e1:5c:cf:e2:11:21:a3:d1:7a:ed:5c:
                    ac:a5:b8:00:25:2a:c4:47:1c:21:5b:53:bb:d3:7b:
                    c4:77:e5:d3:47:d6:5f:b7:79:99:a6:43:3a:ca:7e:
                    e1:62:7e:dd:63:29:00:9c:20:62:4e:28:17:75:5b:
                    82:7c:f4:7b:5d:d4:3f:45:c8:3c:cb:8d:26:ff:15:
                    ea:c1:a8:a6:ab:1f:f2:bc:50:6d:c7:93:65:36:d2:
                    11:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:61:D8:C9:0C:63:20:06:8B:F2:27:65:8A:D3:F6:CD:86:EC:0E:30
            X509v3 Authority Key Identifier:
                keyid:F5:D9:01:20:1F:F0:B1:B9:7E:F3:D1:A7:2D:A4:1E:18:F0:14:57:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9dkBIB_wsbl-89GnLaQeGPAUV2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/ad5545-f8af-4278-90a5-a3bbc87a77cc/1/9GHYyQxjIAaL8idlitP2zYbsDjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/ad5545-f8af-4278-90a5-a3bbc87a77cc/1/9dkBIB_wsbl-89GnLaQeGPAUV2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.78.0.0/24
                  212.78.2.0-212.78.7.255
                  212.78.9.0-212.78.15.255
                  212.78.26.0/24
                  212.78.28.0/23
                  212.78.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:93:e3:eb:c2:5f:6c:40:3c:28:91:17:b7:82:71:d5:e3:c1:
         22:79:14:fb:77:6a:84:dc:1e:b3:9a:04:72:05:bb:21:30:6c:
         b0:e6:bd:2a:0b:23:49:51:73:31:f4:bb:20:37:6a:52:b5:43:
         1a:f4:70:73:e6:68:33:f2:a3:ee:e5:d8:c2:9d:57:63:ab:79:
         d8:50:1a:6d:14:15:7b:cb:00:f0:4d:c5:ef:77:cb:f7:8c:01:
         66:64:d7:50:67:19:68:ba:7b:40:4b:0b:68:9f:63:f2:bd:29:
         05:6d:ce:f2:57:4f:ac:98:f6:0b:e0:95:f3:db:0b:0d:9c:8b:
         e0:0d:76:fa:08:63:bb:c7:de:d5:77:ae:93:73:c4:71:73:2f:
         6f:ef:50:16:68:d0:30:17:aa:cb:15:f7:97:26:91:0a:da:9e:
         21:ed:21:6e:70:30:23:d4:44:d3:0a:2f:c2:2a:98:21:5e:75:
         66:40:22:35:20:8d:67:92:d7:fb:5c:7d:44:d7:44:55:a7:3f:
         7e:8e:25:b1:88:f9:77:c1:fd:00:91:7c:e9:21:97:2b:b8:e8:
         77:91:79:5f:98:cf:9a:d3:a7:8e:4c:51:a4:34:88:aa:52:4a:
         9e:95:4b:23:3e:db:cb:cc:a5:ff:86:f8:12:ff:35:37:1f:49:
         5d:4e:44:04
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZQgaGAlEAbKj3KW4KkQ8zXeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZDkwMTIwMWZmMGIxYjk3ZWYzZDFhNzJkYTQxZTE4ZjAx
NDU3NjIwHhcNMjUwMTAxMDU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDYxZDhjOTBjNjMyMDA2OGJmMjI3NjU4YWQzZjZjZDg2ZWMwZTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3qll3zacXW45lBxPK4pIbdK5P/ta
FO9m/Adxe0O3xCJ9p26bo/ZLzC55iKf7lu91wCuKmyTtOQA3qkr7D5aEHoZAmrhu
it14Zf5pUKn3gdI0L57cd7E81AWYYMkUZu2rIHHE2wdSgqBpy4KwmZbuunDzy88o
zC48NXsYs5hLlFjuRrf8JQK7CcAT+WO4Dr1ObPhT+UrtT36/4uVYBqJFKY0r6na0
eAb74VzP4hEho9F67VyspbgAJSrERxwhW1O703vEd+XTR9Zft3mZpkM6yn7hYn7d
YykAnCBiTigXdVuCfPR7XdQ/Rcg8y40m/xXqwaimqx/yvFBtx5NlNtIRiQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFPRh2MkMYyAGi/InZYrT9s2G7A4wMB8GA1UdIwQY
MBaAFPXZASAf8LG5fvPRpy2kHhjwFFdiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWRrQklCX3dzYmwtODlHbkxhUWVHUEFVVjJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9hZDU1NDUtZjhhZi00Mjc4LTkwYTUt
YTNiYmM4N2E3N2NjLzEvOUdIWXlReGpJQWFMOGlkbGl0UDJ6WWJzRGpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9hZDU1NDUtZjhhZi00Mjc4LTkwYTUtYTNiYmM4N2E3N2Nj
LzEvOWRrQklCX3dzYmwtODlHbkxhUWVHUEFVVjJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQA1E4AMAwD
BAHUTgIDBAPUTgAwDAMEANROCQMEBNROAAMEANROGgMEAdROHAMEANROHzANBgkq
hkiG9w0BAQsFAAOCAQEAbJPj68JfbEA8KJEXt4Jx1ePBInkU+3dqhNwes5oEcgW7
ITBssOa9KgsjSVFzMfS7IDdqUrVDGvRwc+ZoM/Kj7uXYwp1XY6t52FAabRQVe8sA
8E3F73fL94wBZmTXUGcZaLp7QEsLaJ9j8r0pBW3O8ldPrJj2C+CV89sLDZyL4A12
+ghju8fe1Xeuk3PEcXMvb+9QFmjQMBeqyxX3lyaRCtqeIe0hbnAwI9RE0wovwiqY
IV51ZkAiNSCNZ5LX+1x9RNdEVac/fo4lsYj5d8H9AJF86SGXK7jod5F5X5jPmtOn
jkxRpDSIqlJKnpVLIz7by8yl/4b4Ev81Nx9JXU5EBA==
-----END CERTIFICATE-----