Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/pKRMivQnD51ZFV7c6H0aZRYX5KE.roa
File:                     pKRMivQnD51ZFV7c6H0aZRYX5KE.roa (raw, json)
Hash identifier:          dd7sm2yDcuKSn+d8LJcn2eO/489D0rgWU2bg+0xyjIU=
Subject key identifier:   A4:A4:4C:8A:F4:27:0F:9D:59:15:5E:DC:E8:7D:1A:65:16:17:E4:A1
Certificate issuer:       /CN=4ecf53007c79cc5e2f2d7356ba9121a78c0c7714
Certificate serial:       01941FFAB9E5AE4530469A0DFAB020936F73
Authority key identifier: 4E:CF:53:00:7C:79:CC:5E:2F:2D:73:56:BA:91:21:A7:8C:0C:77:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/pKRMivQnD51ZFV7c6H0aZRYX5KE.roa
Signing time:             Wed 01 Jan 2025 03:48:32 +0000
ROA not before:           Wed 01 Jan 2025 03:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29535
IP address blocks:        79.191.255.0/24 maxlen: 24
                          80.54.110.0/23 maxlen: 24
                          83.2.0.0/20 maxlen: 20
                          83.2.8.0/22 maxlen: 22
                          83.2.56.0/22 maxlen: 22
                          178.42.9.0/24 maxlen: 24
                          178.42.22.0/24 maxlen: 24
                          193.110.120.0/22 maxlen: 22
                          195.149.235.0/24 maxlen: 24
                          195.149.236.0/22 maxlen: 22
                          213.76.192.0/18 maxlen: 24
                          2001:7f8:27::/48 maxlen: 48
                          2a01:1101:5::/48 maxlen: 48
                          2a01:11f0::/28 maxlen: 28

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b9:e5:ae:45:30:46:9a:0d:fa:b0:20:93:6f:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ecf53007c79cc5e2f2d7356ba9121a78c0c7714
        Validity
            Not Before: Jan  1 03:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4a44c8af4270f9d59155edce87d1a651617e4a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ca:00:be:c9:e5:46:da:a2:63:bf:1e:00:e3:
                    10:d6:47:c0:d5:0f:0d:f0:b7:b0:d5:89:ce:f9:cf:
                    fd:f0:d6:cb:29:e2:5c:bc:ad:7f:d0:77:3a:0d:2c:
                    22:65:d6:09:e2:1e:f8:72:21:91:87:eb:b9:78:04:
                    4a:d6:ae:dd:02:1c:ed:1b:01:63:88:d1:51:c2:de:
                    cd:6f:3a:da:d5:ef:87:a7:3b:ce:c8:51:de:c7:3b:
                    2d:7d:ec:36:84:bd:e1:d4:e1:a6:9c:57:7a:f6:31:
                    8a:ee:60:e0:9a:7d:31:56:a3:c2:ff:89:19:1c:02:
                    7d:e7:25:76:7a:ac:09:dd:59:34:4b:7d:aa:2c:ee:
                    2f:18:52:b2:22:a2:32:1b:b1:1c:60:4d:32:49:32:
                    69:01:11:cc:ec:b3:61:8a:1b:eb:6f:15:ce:f2:72:
                    60:06:c7:7c:fd:a5:11:e4:4c:14:10:73:20:ac:26:
                    31:09:30:df:e2:56:6b:05:d0:34:e9:ca:e3:8e:da:
                    3f:94:e2:06:96:87:d4:fc:10:a5:24:07:26:cd:c6:
                    1c:a7:50:d5:ae:4e:d2:67:4d:19:06:b5:b5:a7:57:
                    b8:4a:4a:36:f8:3d:ec:a8:ee:5e:0b:a3:0d:71:52:
                    aa:a0:bb:d3:de:f4:3f:03:f0:3a:75:76:04:7e:09:
                    8b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:A4:4C:8A:F4:27:0F:9D:59:15:5E:DC:E8:7D:1A:65:16:17:E4:A1
            X509v3 Authority Key Identifier:
                keyid:4E:CF:53:00:7C:79:CC:5E:2F:2D:73:56:BA:91:21:A7:8C:0C:77:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/pKRMivQnD51ZFV7c6H0aZRYX5KE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.191.255.0/24
                  80.54.110.0/23
                  83.2.0.0/20
                  83.2.56.0/22
                  178.42.9.0/24
                  178.42.22.0/24
                  193.110.120.0/22
                  195.149.235.0-195.149.239.255
                  213.76.192.0/18
                IPv6:
                  2001:7f8:27::/48
                  2a01:1101:5::/48
                  2a01:11f0::/28

    Signature Algorithm: sha256WithRSAEncryption
         3f:10:f2:81:4f:2c:ba:ce:4a:e9:b0:af:2c:ac:6b:47:44:9a:
         63:c4:82:6f:46:00:2c:e8:c0:42:ac:b4:34:b9:4e:73:7b:52:
         98:1f:64:b6:0f:03:61:ff:27:4a:19:e1:13:fb:9a:c8:a3:4c:
         66:5d:09:8d:e6:38:a2:1e:6e:84:ad:d4:7e:5a:61:74:33:e7:
         24:04:60:e8:db:95:9b:73:5d:e0:b8:c6:54:47:97:03:5d:93:
         e4:43:4a:13:71:4f:b7:56:37:e8:7b:f2:bd:e8:2d:dd:51:af:
         84:35:4a:96:79:e4:7e:fc:be:71:fb:85:27:57:92:ad:89:70:
         66:ab:a9:9d:77:ca:cc:03:fc:7a:80:a3:2d:da:a9:85:b7:88:
         72:b9:d8:cc:66:c5:63:54:83:28:20:c3:ce:13:5c:8d:4d:64:
         74:92:c8:1b:b1:75:d8:7c:74:20:1c:bd:64:ed:fc:63:05:a2:
         35:5a:66:ec:dd:db:2b:46:a4:b0:ef:de:12:74:40:0a:71:4e:
         eb:fd:54:0b:bb:b8:2e:bd:7f:a1:1f:69:f6:91:d6:0b:af:57:
         11:8a:37:15:40:fa:12:b3:05:5f:1a:78:ab:e1:bd:75:d1:58:
         50:f7:b4:1d:f5:ce:e3:5c:28:8c:f6:c4:72:3c:6b:57:9c:b9:
         c6:51:01:ab
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAZQf+rnlrkUwRpoN+rAgk29zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlY2Y1MzAwN2M3OWNjNWUyZjJkNzM1NmJhOTEyMWE3OGMw
Yzc3MTQwHhcNMjUwMTAxMDM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGE0NGM4YWY0MjcwZjlkNTkxNTVlZGNlODdkMWE2NTE2MTdlNGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcoAvsnlRtqiY78eAOMQ1kfA1Q8N
8Lew1YnO+c/98NbLKeJcvK1/0Hc6DSwiZdYJ4h74ciGRh+u5eARK1q7dAhztGwFj
iNFRwt7Nbzra1e+HpzvOyFHexzstfew2hL3h1OGmnFd69jGK7mDgmn0xVqPC/4kZ
HAJ95yV2eqwJ3Vk0S32qLO4vGFKyIqIyG7EcYE0ySTJpARHM7LNhihvrbxXO8nJg
Bsd8/aUR5EwUEHMgrCYxCTDf4lZrBdA06crjjto/lOIGlofU/BClJAcmzcYcp1DV
rk7SZ00ZBrW1p1e4Sko2+D3sqO5eC6MNcVKqoLvT3vQ/A/A6dXYEfgmL0QIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFKSkTIr0Jw+dWRVe3Oh9GmUWF+ShMB8GA1UdIwQY
MBaAFE7PUwB8ecxeLy1zVrqRIaeMDHcUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHM5VEFIeDV6RjR2TFhOV3VwRWhwNHdNZHhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi82NDhjNzUtMmJlOC00YmZkLWExYjEt
Y2I4YjNhMDk0MjA5LzEvcEtSTWl2UW5ENTFaRlY3YzZIMGFaUllYNUtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi82NDhjNzUtMmJlOC00YmZkLWExYjEtY2I4YjNhMDk0MjA5
LzEvVHM5VEFIeDV6RjR2TFhOV3VwRWhwNHdNZHhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBEBAIAATA+AwQAT7//AwQB
UDZuAwQEUwIAAwQCUwI4AwQAsioJAwQAsioWAwQCwW54MAwDBADDlesDBATDleAD
BAbVTMAwHwQCAAIwGQMHACABB/gAJwMHACoBEQEABQMFBCoBEfAwDQYJKoZIhvcN
AQELBQADggEBAD8Q8oFPLLrOSumwryysa0dEmmPEgm9GACzowEKstDS5TnN7Upgf
ZLYPA2H/J0oZ4RP7msijTGZdCY3mOKIeboSt1H5aYXQz5yQEYOjblZtzXeC4xlRH
lwNdk+RDShNxT7dWN+h78r3oLd1Rr4Q1SpZ55H78vnH7hSdXkq2JcGarqZ13yswD
/HqAoy3aqYW3iHK52MxmxWNUgyggw84TXI1NZHSSyBuxddh8dCAcvWTt/GMFojVa
Zuzd2ytGpLDv3hJ0QApxTuv9VAu7uC69f6EfafaR1guvVxGKNxVA+hKzBV8aeKvh
vXXRWFD3tB31zuNcKIz2xHI8a1ecucZRAas=
-----END CERTIFICATE-----