Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/55tdVwfIuqoPIcIdhZAb8iCTM3k.roa
File:                     55tdVwfIuqoPIcIdhZAb8iCTM3k.roa (raw, json)
Hash identifier:          SnylWTahxgsn0nH38JNBHkcoI8GMaidaJAz3uF1Hk8Y=
Subject key identifier:   E7:9B:5D:57:07:C8:BA:AA:0F:21:C2:1D:85:90:1B:F2:20:93:33:79
Certificate issuer:       /CN=4ecf53007c79cc5e2f2d7356ba9121a78c0c7714
Certificate serial:       0193BA91DFFAF4D964A2638AE7697A73EA75
Authority key identifier: 4E:CF:53:00:7C:79:CC:5E:2F:2D:73:56:BA:91:21:A7:8C:0C:77:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/55tdVwfIuqoPIcIdhZAb8iCTM3k.roa
Signing time:             Thu 12 Dec 2024 11:12:22 +0000
ROA not before:           Thu 12 Dec 2024 11:12:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29535
IP address blocks:        79.191.255.0/24 maxlen: 24
                          80.54.110.0/23 maxlen: 24
                          83.2.0.0/20 maxlen: 20
                          83.2.8.0/22 maxlen: 22
                          83.2.56.0/22 maxlen: 22
                          178.42.9.0/24 maxlen: 24
                          178.42.22.0/24 maxlen: 24
                          193.110.120.0/22 maxlen: 22
                          195.149.235.0/24 maxlen: 24
                          195.149.236.0/22 maxlen: 22
                          213.76.192.0/18 maxlen: 24
                          2001:7f8:27::/48 maxlen: 48
                          2a01:1101:5::/48 maxlen: 48
                          2a01:11f0::/28 maxlen: 28

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:ba:91:df:fa:f4:d9:64:a2:63:8a:e7:69:7a:73:ea:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ecf53007c79cc5e2f2d7356ba9121a78c0c7714
        Validity
            Not Before: Dec 12 11:12:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e79b5d5707c8baaa0f21c21d85901bf220933379
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:28:c8:87:8b:62:00:40:4f:bc:7b:f7:74:9b:
                    35:54:d1:e1:72:69:29:81:44:18:fe:77:83:d1:a8:
                    69:85:19:da:c7:0e:99:a0:20:f7:dd:c4:3e:9b:e8:
                    4f:a3:99:e7:b1:05:43:7c:6d:bc:17:13:ec:12:d3:
                    f6:cc:35:b7:7f:1b:55:15:a4:32:9e:b0:01:84:d3:
                    e3:47:5e:c8:04:38:e7:7c:96:f7:90:75:9d:42:01:
                    20:79:ad:4a:1e:58:09:f3:e5:83:24:d4:55:4c:c0:
                    5a:b8:c4:e2:c8:8c:ed:ee:4d:ce:e3:85:45:b7:68:
                    26:11:91:d8:dc:13:b4:c7:b9:52:40:8e:5a:78:40:
                    a9:85:fa:e4:2f:e8:5d:cc:b7:13:83:88:30:fb:5b:
                    20:71:03:39:72:c5:d5:c1:ca:27:2c:cc:b1:2e:a8:
                    95:3e:fd:77:e2:f3:1a:18:f6:68:c0:a3:f9:1b:38:
                    a7:e6:5d:15:9a:51:8d:4b:b9:80:55:e9:46:67:3a:
                    d2:e7:e9:43:6b:77:a8:23:da:5e:3e:9a:bd:a6:44:
                    f8:65:44:bf:7b:b2:67:ee:8e:c2:b3:b0:94:88:f0:
                    f5:c5:47:1a:33:5c:8d:74:5f:1c:0e:82:02:99:0e:
                    96:a1:9b:f3:93:b1:6f:1d:1e:66:da:75:bc:d4:31:
                    9f:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:9B:5D:57:07:C8:BA:AA:0F:21:C2:1D:85:90:1B:F2:20:93:33:79
            X509v3 Authority Key Identifier:
                keyid:4E:CF:53:00:7C:79:CC:5E:2F:2D:73:56:BA:91:21:A7:8C:0C:77:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/55tdVwfIuqoPIcIdhZAb8iCTM3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.191.255.0/24
                  80.54.110.0/23
                  83.2.0.0/20
                  83.2.56.0/22
                  178.42.9.0/24
                  178.42.22.0/24
                  193.110.120.0/22
                  195.149.235.0-195.149.239.255
                  213.76.192.0/18
                IPv6:
                  2001:7f8:27::/48
                  2a01:1101:5::/48
                  2a01:11f0::/28

    Signature Algorithm: sha256WithRSAEncryption
         08:21:6f:f2:83:a0:d6:2b:da:6e:49:8f:0f:3a:07:3f:f5:13:
         21:7e:1c:7b:23:68:f6:24:db:05:c9:2e:1d:0b:1f:00:9f:30:
         11:26:be:c0:f3:9c:61:07:99:5f:2c:d4:00:ab:29:91:22:25:
         e4:57:a8:00:d1:ff:7e:54:d8:5b:97:c2:da:f9:f2:14:03:70:
         68:88:5d:97:8f:d2:ab:9c:0f:94:2f:17:90:f6:0c:16:fa:98:
         38:0e:39:45:c2:02:74:82:f8:ee:d0:3c:8d:5a:b6:ba:46:4f:
         35:99:89:2c:e5:30:cb:65:6f:1b:89:bb:a7:eb:ae:fb:07:c5:
         11:65:31:7f:7b:a5:c4:54:3b:d3:f8:db:35:07:c5:73:6f:16:
         5d:d0:27:fa:43:c6:b2:6c:47:db:75:a7:ef:1c:aa:94:da:5a:
         c4:d1:38:d0:d5:15:15:c9:66:6d:df:ce:be:1d:eb:e9:24:bc:
         c1:fb:92:fd:73:ca:33:88:9e:1f:53:46:aa:2f:91:c6:34:1a:
         71:70:f8:72:7a:bc:74:cf:49:3b:3d:ae:eb:89:dd:e2:ff:11:
         45:c8:fc:0f:b8:6c:77:6a:a5:42:c8:26:ca:a1:d3:f1:71:28:
         52:c3:51:1b:45:9d:12:09:83:06:c3:1f:ee:6a:5d:ac:8c:98:
         d0:d2:6e:0d
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAZO6kd/69NlkomOK52l6c+p1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlY2Y1MzAwN2M3OWNjNWUyZjJkNzM1NmJhOTEyMWE3OGMw
Yzc3MTQwHhcNMjQxMjEyMTExMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzliNWQ1NzA3YzhiYWFhMGYyMWMyMWQ4NTkwMWJmMjIwOTMzMzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlijIh4tiAEBPvHv3dJs1VNHhcmkp
gUQY/neD0ahphRnaxw6ZoCD33cQ+m+hPo5nnsQVDfG28FxPsEtP2zDW3fxtVFaQy
nrABhNPjR17IBDjnfJb3kHWdQgEgea1KHlgJ8+WDJNRVTMBauMTiyIzt7k3O44VF
t2gmEZHY3BO0x7lSQI5aeECphfrkL+hdzLcTg4gw+1sgcQM5csXVwconLMyxLqiV
Pv134vMaGPZowKP5Gzin5l0VmlGNS7mAVelGZzrS5+lDa3eoI9pePpq9pkT4ZUS/
e7Jn7o7Cs7CUiPD1xUcaM1yNdF8cDoICmQ6WoZvzk7FvHR5m2nW81DGf4wIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFOebXVcHyLqqDyHCHYWQG/IgkzN5MB8GA1UdIwQY
MBaAFE7PUwB8ecxeLy1zVrqRIaeMDHcUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHM5VEFIeDV6RjR2TFhOV3VwRWhwNHdNZHhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi82NDhjNzUtMmJlOC00YmZkLWExYjEt
Y2I4YjNhMDk0MjA5LzEvNTV0ZFZ3Zkl1cW9QSWNJZGhaQWI4aUNUTTNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi82NDhjNzUtMmJlOC00YmZkLWExYjEtY2I4YjNhMDk0MjA5
LzEvVHM5VEFIeDV6RjR2TFhOV3VwRWhwNHdNZHhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBEBAIAATA+AwQAT7//AwQB
UDZuAwQEUwIAAwQCUwI4AwQAsioJAwQAsioWAwQCwW54MAwDBADDlesDBATDleAD
BAbVTMAwHwQCAAIwGQMHACABB/gAJwMHACoBEQEABQMFBCoBEfAwDQYJKoZIhvcN
AQELBQADggEBAAghb/KDoNYr2m5Jjw86Bz/1EyF+HHsjaPYk2wXJLh0LHwCfMBEm
vsDznGEHmV8s1ACrKZEiJeRXqADR/35U2FuXwtr58hQDcGiIXZeP0qucD5QvF5D2
DBb6mDgOOUXCAnSC+O7QPI1atrpGTzWZiSzlMMtlbxuJu6frrvsHxRFlMX97pcRU
O9P42zUHxXNvFl3QJ/pDxrJsR9t1p+8cqpTaWsTRONDVFRXJZm3fzr4d6+kkvMH7
kv1zyjOInh9TRqovkcY0GnFw+HJ6vHTPSTs9ruuJ3eL/EUXI/A+4bHdqpULIJsqh
0/FxKFLDURtFnRIJgwbDH+5qXayMmNDSbg0=
-----END CERTIFICATE-----