Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/mkk-KHtVpdSjRTu_tkkdV37L-30.roa
File:                     mkk-KHtVpdSjRTu_tkkdV37L-30.roa (raw, json)
Hash identifier:          ivbrYqlxOhyTn42BC3RV5SMdz9F9dKpqo8vRZ2G2vog=
Subject key identifier:   9A:49:3E:28:7B:55:A5:D4:A3:45:3B:BF:B6:49:1D:57:7E:CB:FB:7D
Certificate issuer:       /CN=cbdfce3a5355f861fdc48c32012c78c9daf9a5a4
Certificate serial:       019421B2493CF5238335CBD7E459127DB2D2
Authority key identifier: CB:DF:CE:3A:53:55:F8:61:FD:C4:8C:32:01:2C:78:C9:DA:F9:A5:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y9_OOlNV-GH9xIwyASx4ydr5paQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/mkk-KHtVpdSjRTu_tkkdV37L-30.roa
Signing time:             Wed 01 Jan 2025 11:48:39 +0000
ROA not before:           Wed 01 Jan 2025 11:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31655
IP address blocks:        5.2.96.0/19 maxlen: 24
                          5.144.156.0/22 maxlen: 24
                          80.252.64.0/20 maxlen: 24
                          88.215.0.0/18 maxlen: 29
                          89.213.8.0/21 maxlen: 24
                          89.213.16.0/20 maxlen: 24
                          89.213.32.0/21 maxlen: 24
                          185.4.196.0/22 maxlen: 24
                          185.21.208.0/22 maxlen: 24
                          188.66.64.0/18 maxlen: 24
                          195.162.96.0/19 maxlen: 24
                          213.218.192.0/20 maxlen: 24
                          2a02:c1c0::/29 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:49:3c:f5:23:83:35:cb:d7:e4:59:12:7d:b2:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbdfce3a5355f861fdc48c32012c78c9daf9a5a4
        Validity
            Not Before: Jan  1 11:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a493e287b55a5d4a3453bbfb6491d577ecbfb7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:60:42:ce:3a:54:fa:b0:50:1e:72:90:78:9a:
                    97:79:56:a2:44:9f:71:0e:49:85:20:32:ef:26:ac:
                    c8:b9:ce:fc:eb:26:52:e3:6d:8d:e1:e3:37:a8:c4:
                    c5:95:5a:28:54:c9:a7:0a:71:5d:a1:ed:3d:5b:b5:
                    cc:97:fc:56:3b:de:c2:84:43:c8:65:2f:19:ee:5a:
                    2f:ba:bc:16:16:b8:38:2e:ed:9b:f9:dc:71:77:9c:
                    7e:57:59:89:ff:af:a1:9a:8c:96:69:45:73:f9:5f:
                    e1:95:dd:0c:47:87:f0:a6:e6:2a:fe:12:6a:1d:3a:
                    af:ac:29:30:e5:97:86:6e:95:91:f7:89:c9:3f:6b:
                    0e:75:ce:2b:01:a6:28:dc:4d:65:46:3a:25:e1:03:
                    90:ef:cc:42:95:f7:0c:37:77:82:e8:ca:4b:f4:f7:
                    88:93:60:5b:41:2e:e8:c7:dd:6c:ba:02:3a:80:ef:
                    01:2c:31:4d:22:e1:27:1f:bd:87:a6:af:a8:64:52:
                    89:8f:1a:a5:af:c9:78:7f:bb:27:6a:1a:2f:32:e9:
                    81:20:b7:28:63:3f:43:6c:45:56:7b:b2:b4:cb:49:
                    84:6d:e8:94:e6:71:02:da:88:48:ab:a7:4a:60:aa:
                    76:c1:18:68:f1:3c:ae:e0:d1:e8:20:68:be:28:80:
                    06:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:49:3E:28:7B:55:A5:D4:A3:45:3B:BF:B6:49:1D:57:7E:CB:FB:7D
            X509v3 Authority Key Identifier:
                keyid:CB:DF:CE:3A:53:55:F8:61:FD:C4:8C:32:01:2C:78:C9:DA:F9:A5:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y9_OOlNV-GH9xIwyASx4ydr5paQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/mkk-KHtVpdSjRTu_tkkdV37L-30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/y9_OOlNV-GH9xIwyASx4ydr5paQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.2.96.0/19
                  5.144.156.0/22
                  80.252.64.0/20
                  88.215.0.0/18
                  89.213.8.0-89.213.39.255
                  185.4.196.0/22
                  185.21.208.0/22
                  188.66.64.0/18
                  195.162.96.0/19
                  213.218.192.0/20
                IPv6:
                  2a02:c1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:a0:2a:60:19:eb:ed:78:d1:ab:d9:d6:ef:e7:a1:74:02:89:
         f4:d8:2d:75:06:dc:54:ba:a4:94:54:6b:d9:46:1c:4b:2f:27:
         1c:ca:bc:37:cb:99:5f:5d:c4:36:71:96:9b:a4:5d:84:d4:55:
         61:70:e5:95:f9:66:a1:dd:1e:f8:b0:af:da:c8:ff:b3:96:cd:
         d6:e2:13:72:19:a9:b9:70:e1:be:59:87:7e:35:8c:5f:82:33:
         1e:21:da:8b:b0:99:4a:92:ce:8c:23:c5:ab:06:13:37:ce:b5:
         9c:4a:4f:ee:08:42:af:ad:57:08:c8:dc:1c:b7:10:55:22:d8:
         9f:1b:c5:ac:d3:00:c2:05:0c:d8:01:f9:5d:68:0a:fe:e5:9e:
         72:0d:0a:c6:52:66:68:32:85:aa:69:e2:33:4a:fe:cf:67:91:
         7c:fa:ba:2d:d8:d1:0c:9e:f1:23:19:10:cb:c6:59:2e:98:5b:
         09:f9:62:10:0f:27:3d:50:ed:ef:ee:49:4c:8c:d9:40:63:f3:
         62:44:b9:b9:ec:d1:c2:a0:3e:68:e8:0c:f7:e0:e5:2b:99:7a:
         4d:7b:f9:87:db:13:d6:51:d4:64:2a:81:da:73:30:d7:b8:0a:
         ee:30:73:50:44:27:c0:ae:fb:07:c5:64:c8:7e:04:d2:7b:0e:
         e9:45:ac:c7
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAZQhskk89SODNcvX5FkSfbLSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZGZjZTNhNTM1NWY4NjFmZGM0OGMzMjAxMmM3OGM5ZGFm
OWE1YTQwHhcNMjUwMTAxMTE0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTQ5M2UyODdiNTVhNWQ0YTM0NTNiYmZiNjQ5MWQ1NzdlY2JmYjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWBCzjpU+rBQHnKQeJqXeVaiRJ9x
DkmFIDLvJqzIuc786yZS422N4eM3qMTFlVooVMmnCnFdoe09W7XMl/xWO97ChEPI
ZS8Z7lovurwWFrg4Lu2b+dxxd5x+V1mJ/6+hmoyWaUVz+V/hld0MR4fwpuYq/hJq
HTqvrCkw5ZeGbpWR94nJP2sOdc4rAaYo3E1lRjol4QOQ78xClfcMN3eC6MpL9PeI
k2BbQS7ox91sugI6gO8BLDFNIuEnH72Hpq+oZFKJjxqlr8l4f7snahovMumBILco
Yz9DbEVWe7K0y0mEbeiU5nEC2ohIq6dKYKp2wRho8Tyu4NHoIGi+KIAGowIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFJpJPih7VaXUo0U7v7ZJHVd+y/t9MB8GA1UdIwQY
MBaAFMvfzjpTVfhh/cSMMgEseMna+aWkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTlfT09sTlYtR0g5eEl3eUFTeDR5ZHI1cGFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi83NGExYjUtM2MyZS00OGUyLTkwZmQt
YjQ5ZDg5ZTMwZGRkLzEvbWtrLUtIdFZwZFNqUlR1X3Rra2RWMzdMLTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi83NGExYjUtM2MyZS00OGUyLTkwZmQtYjQ5ZDg5ZTMwZGRk
LzEveTlfT09sTlYtR0g5eEl3eUFTeDR5ZHI1cGFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBKBAIAATBEAwQFBQJgAwQC
BZCcAwQEUPxAAwQGWNcAMAwDBANZ1QgDBANZ1SADBAK5BMQDBAK5FdADBAa8QkAD
BAXDomADBATV2sAwDQQCAAIwBwMFAyoCwcAwDQYJKoZIhvcNAQELBQADggEBAGOg
KmAZ6+140avZ1u/noXQCifTYLXUG3FS6pJRUa9lGHEsvJxzKvDfLmV9dxDZxlpuk
XYTUVWFw5ZX5ZqHdHviwr9rI/7OWzdbiE3IZqblw4b5Zh341jF+CMx4h2ouwmUqS
zowjxasGEzfOtZxKT+4IQq+tVwjI3By3EFUi2J8bxazTAMIFDNgB+V1oCv7lnnIN
CsZSZmgyhapp4jNK/s9nkXz6ui3Y0Qye8SMZEMvGWS6YWwn5YhAPJz1Q7e/uSUyM
2UBj82JEubns0cKgPmjoDPfg5SuZek17+YfbE9ZR1GQqgdpzMNe4Cu4wc1BEJ8Cu
+wfFZMh+BNJ7DulFrMc=
-----END CERTIFICATE-----