Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/Jue_aw4zHx1sp-mJmowMMM2tGGA.roa
File:                     Jue_aw4zHx1sp-mJmowMMM2tGGA.roa (raw, json)
Hash identifier:          0Yitoumoz1xxoSRol/a1PWMjCmZIGDa9duJ/3vMhBiw=
Subject key identifier:   26:E7:BF:6B:0E:33:1F:1D:6C:A7:E9:89:9A:8C:0C:30:CD:AD:18:60
Certificate issuer:       /CN=5a141c5090824d0a17c29ec4050e21007113fbda
Certificate serial:       0195F159D049CCEA9690BED1D356B4F183B1
Authority key identifier: 5A:14:1C:50:90:82:4D:0A:17:C2:9E:C4:05:0E:21:00:71:13:FB:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/Jue_aw4zHx1sp-mJmowMMM2tGGA.roa
Signing time:             Tue 01 Apr 2025 12:35:49 +0000
ROA not before:           Tue 01 Apr 2025 12:35:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31688
IP address blocks:        5.63.24.0/21 maxlen: 21
                          5.63.24.0/24 maxlen: 24
                          5.63.25.0/24 maxlen: 24
                          5.63.26.0/24 maxlen: 24
                          5.63.27.0/24 maxlen: 24
                          5.63.28.0/24 maxlen: 24
                          5.63.31.0/24 maxlen: 24
                          91.190.168.0/21 maxlen: 21
                          91.190.168.0/24 maxlen: 24
                          91.190.169.0/24 maxlen: 24
                          91.190.171.0/24 maxlen: 24
                          91.190.172.0/24 maxlen: 24
                          91.190.173.0/24 maxlen: 24
                          91.190.174.0/24 maxlen: 24
                          91.190.175.0/24 maxlen: 24
                          185.85.76.0/22 maxlen: 22
                          185.85.76.0/23 maxlen: 23
                          185.85.78.0/24 maxlen: 24
                          2a02:798::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f1:59:d0:49:cc:ea:96:90:be:d1:d3:56:b4:f1:83:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a141c5090824d0a17c29ec4050e21007113fbda
        Validity
            Not Before: Apr  1 12:35:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26e7bf6b0e331f1d6ca7e9899a8c0c30cdad1860
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:fe:d5:23:df:55:c6:c0:a4:ba:ad:6a:ff:31:
                    f3:02:d4:22:10:6c:7e:0f:a3:df:6b:17:f4:77:a9:
                    a8:67:57:3b:49:bf:58:7c:50:a2:2f:93:d3:24:0e:
                    52:99:6e:d7:a4:3f:de:07:b9:dd:a3:77:f5:bb:10:
                    92:5b:e3:af:03:ae:db:9b:33:c9:f0:d9:d9:24:70:
                    dc:44:d1:36:8b:f2:4a:33:ef:55:fc:c5:c4:0d:44:
                    47:88:a0:5f:23:00:85:6c:5f:55:95:51:06:5c:4c:
                    9f:7f:7c:9c:97:15:2b:aa:0c:6c:01:10:04:56:cd:
                    3e:e5:9b:07:dc:91:c1:62:09:1b:d5:71:5c:75:93:
                    3c:e5:8a:b7:96:40:1f:34:56:cc:8e:7c:ae:57:07:
                    86:7b:64:d8:2b:41:4c:cf:75:cc:00:75:92:23:91:
                    2e:2b:7b:66:17:ce:35:f2:ff:17:fb:35:cf:f1:56:
                    e6:50:27:af:22:f0:98:6c:34:09:33:2a:af:ec:23:
                    33:44:be:28:06:c8:d0:23:89:f3:ea:c6:c6:9b:78:
                    37:64:8f:7e:11:9d:8c:2f:bf:ad:78:20:81:10:b7:
                    99:b0:6a:cc:d4:82:84:8f:3e:79:95:d9:23:7f:86:
                    52:b1:05:a2:1b:b6:64:f3:52:b2:3e:33:9b:09:34:
                    e7:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:E7:BF:6B:0E:33:1F:1D:6C:A7:E9:89:9A:8C:0C:30:CD:AD:18:60
            X509v3 Authority Key Identifier:
                keyid:5A:14:1C:50:90:82:4D:0A:17:C2:9E:C4:05:0E:21:00:71:13:FB:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/Jue_aw4zHx1sp-mJmowMMM2tGGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/WhQcUJCCTQoXwp7EBQ4hAHET-9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.24.0/21
                  91.190.168.0/21
                  185.85.76.0/22
                IPv6:
                  2a02:798::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:f2:15:36:24:0f:65:84:a9:8f:59:ef:02:79:dd:71:45:38:
         3f:28:43:11:b9:81:74:33:29:f3:32:60:25:b6:fa:db:a2:cb:
         cf:ee:10:d6:a3:2d:93:92:44:5b:d5:b1:09:b6:8d:76:ad:ab:
         64:9f:f3:e3:b6:cb:b5:90:94:f8:cf:b5:41:2f:e4:b7:7d:e1:
         c9:b5:78:f8:89:75:10:4d:54:29:28:b7:7b:b5:00:23:82:09:
         d3:43:50:60:d3:6f:c6:95:08:ac:4f:02:2e:a8:0a:e2:9d:44:
         8e:e1:26:18:d2:61:78:fd:46:d7:cd:fe:d9:d6:ad:9d:31:b4:
         55:3c:bd:7e:9b:ab:54:f8:6b:c6:1a:2d:74:e6:81:95:69:48:
         76:6a:35:17:eb:b6:1e:16:ef:6d:47:51:cc:9c:4c:55:19:99:
         a6:3a:9d:a9:d1:d9:50:be:10:29:1a:22:c5:3e:6a:00:7d:b3:
         af:1f:56:bc:17:d6:eb:3c:2c:b4:9f:aa:50:2d:00:f8:33:0e:
         e0:c0:a1:b5:c2:b3:46:16:b1:3a:60:e2:db:b7:63:3d:7b:93:
         eb:4d:e5:52:cc:2e:16:61:82:cd:51:98:ae:1b:ba:e0:c9:87:
         1a:5a:ce:b9:9d:fa:cb:ad:ca:bc:94:40:93:ac:e2:78:a7:fe:
         c2:7e:ef:be
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZXxWdBJzOqWkL7R01a08YOxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMTQxYzUwOTA4MjRkMGExN2MyOWVjNDA1MGUyMTAwNzEx
M2ZiZGEwHhcNMjUwNDAxMTIzNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmU3YmY2YjBlMzMxZjFkNmNhN2U5ODk5YThjMGMzMGNkYWQxODYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/7VI99VxsCkuq1q/zHzAtQiEGx+
D6Pfaxf0d6moZ1c7Sb9YfFCiL5PTJA5SmW7XpD/eB7ndo3f1uxCSW+OvA67bmzPJ
8NnZJHDcRNE2i/JKM+9V/MXEDURHiKBfIwCFbF9VlVEGXEyff3yclxUrqgxsARAE
Vs0+5ZsH3JHBYgkb1XFcdZM85Yq3lkAfNFbMjnyuVweGe2TYK0FMz3XMAHWSI5Eu
K3tmF8418v8X+zXP8VbmUCevIvCYbDQJMyqv7CMzRL4oBsjQI4nz6sbGm3g3ZI9+
EZ2ML7+teCCBELeZsGrM1IKEjz55ldkjf4ZSsQWiG7Zk81KyPjObCTTnOwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFCbnv2sOMx8dbKfpiZqMDDDNrRhgMB8GA1UdIwQY
MBaAFFoUHFCQgk0KF8KexAUOIQBxE/vaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2hRY1VKQ0NUUW9Yd3A3RUJRNGhBSEVULTlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9iMjBlOTAtYmY2ZS00ZTI1LTg3ZDUt
ZWNlZWZmOGU4NGUwLzEvSnVlX2F3NHpIeDFzcC1tSm1vd01NTTJ0R0dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9iMjBlOTAtYmY2ZS00ZTI1LTg3ZDUtZWNlZWZmOGU4NGUw
LzEvV2hRY1VKQ0NUUW9Yd3A3RUJRNGhBSEVULTlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDBT8YAwQD
W76oAwQCuVVMMA0EAgACMAcDBQAqAgeYMA0GCSqGSIb3DQEBCwUAA4IBAQBM8hU2
JA9lhKmPWe8Ced1xRTg/KEMRuYF0MynzMmAltvrbosvP7hDWoy2TkkRb1bEJto12
ratkn/Pjtsu1kJT4z7VBL+S3feHJtXj4iXUQTVQpKLd7tQAjggnTQ1Bg02/GlQis
TwIuqArinUSO4SYY0mF4/UbXzf7Z1q2dMbRVPL1+m6tU+GvGGi105oGVaUh2ajUX
67YeFu9tR1HMnExVGZmmOp2p0dlQvhApGiLFPmoAfbOvH1a8F9brPCy0n6pQLQD4
Mw7gwKG1wrNGFrE6YOLbt2M9e5PrTeVSzC4WYYLNUZiuG7rgyYcaWs65nfrLrcq8
lECTrOJ4p/7Cfu++
-----END CERTIFICATE-----