Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/KTNKEz9B68iNvMGQpqql8Umd6Rg.roa
File:                     KTNKEz9B68iNvMGQpqql8Umd6Rg.roa (raw, json)
Hash identifier:          4c3WZli6HrqpP5XT4I7aYzD+h8A8/oNoRJSDq9oByhk=
Subject key identifier:   29:33:4A:13:3F:41:EB:C8:8D:BC:C1:90:A6:AA:A5:F1:49:9D:E9:18
Certificate issuer:       /CN=b79de9458d190e634329f9df1503b5222c1624ee
Certificate serial:       019523F0DD4FA32C18D5A3E1B11209FA3135
Authority key identifier: B7:9D:E9:45:8D:19:0E:63:43:29:F9:DF:15:03:B5:22:2C:16:24:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t53pRY0ZDmNDKfnfFQO1IiwWJO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/KTNKEz9B68iNvMGQpqql8Umd6Rg.roa
Signing time:             Thu 20 Feb 2025 15:19:02 +0000
ROA not before:           Thu 20 Feb 2025 15:19:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61076
IP address blocks:        91.198.102.0/24 maxlen: 24
                          185.231.52.0/24 maxlen: 24
                          185.231.53.0/24 maxlen: 24
                          185.231.54.0/24 maxlen: 24
                          2a0c:4100::/32 maxlen: 32
                          2a0c:4101::/32 maxlen: 32
                          2a0c:4102::/32 maxlen: 32
                          2a0c:4103::/32 maxlen: 32
                          2a0c:4104::/32 maxlen: 32
                          2a0c:4105::/32 maxlen: 32
                          2a0c:4106::/32 maxlen: 32
                          2a0c:4107::/32 maxlen: 32
                          2a13:bc80::/32 maxlen: 32
                          2a13:bc81::/32 maxlen: 32
                          2a13:bc82::/32 maxlen: 32
                          2a13:bc83::/32 maxlen: 32
                          2a13:bc84::/32 maxlen: 32
                          2a13:bc85::/32 maxlen: 32
                          2a13:bc86::/32 maxlen: 32
                          2a13:bc87::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:23:f0:dd:4f:a3:2c:18:d5:a3:e1:b1:12:09:fa:31:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b79de9458d190e634329f9df1503b5222c1624ee
        Validity
            Not Before: Feb 20 15:19:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29334a133f41ebc88dbcc190a6aaa5f1499de918
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:7a:c6:9e:8e:c4:fd:3d:e1:3f:8f:c1:7f:6e:
                    6d:7c:ff:c7:2a:4b:08:57:dc:62:4a:b3:94:c5:19:
                    93:d8:ee:91:5d:f0:46:99:54:0a:6d:cb:22:c6:4b:
                    78:17:e0:2e:c1:75:b5:03:7a:d7:80:b3:de:b9:e8:
                    10:20:ba:f0:8c:23:cd:31:f4:d5:88:75:3d:7a:bb:
                    92:f0:e2:35:53:cc:a4:52:4b:51:d7:ca:ed:a7:85:
                    29:34:f8:d8:aa:a2:05:d6:3a:a1:da:26:e3:24:5b:
                    cb:a8:fe:bf:4f:0d:20:9a:dc:fe:a2:7f:5c:ae:cc:
                    ba:ee:66:c2:c8:30:4d:6f:7f:86:74:bb:19:7b:e8:
                    f7:d0:77:c2:89:f5:c3:ac:dd:44:85:8e:1e:0e:c4:
                    fb:ee:b0:6e:22:eb:41:90:11:ef:06:e8:4d:77:53:
                    28:da:90:ff:80:a7:e6:5d:ed:14:be:96:32:93:7d:
                    27:f1:02:b7:75:fe:60:13:92:1b:75:23:3b:3f:bf:
                    7d:f2:31:c1:a5:5e:f8:07:05:ed:b9:51:4b:1f:10:
                    17:45:57:13:a0:f3:56:35:c3:a3:b7:dd:23:b2:71:
                    f7:ba:69:dd:65:98:69:19:2d:1b:08:dc:d1:09:06:
                    6b:1e:10:9c:0a:f8:21:8a:43:74:e2:23:99:db:23:
                    11:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:33:4A:13:3F:41:EB:C8:8D:BC:C1:90:A6:AA:A5:F1:49:9D:E9:18
            X509v3 Authority Key Identifier:
                keyid:B7:9D:E9:45:8D:19:0E:63:43:29:F9:DF:15:03:B5:22:2C:16:24:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t53pRY0ZDmNDKfnfFQO1IiwWJO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/KTNKEz9B68iNvMGQpqql8Umd6Rg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/t53pRY0ZDmNDKfnfFQO1IiwWJO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.102.0/24
                  185.231.52.0-185.231.54.255
                IPv6:
                  2a0c:4100::/29
                  2a13:bc80::/29

    Signature Algorithm: sha256WithRSAEncryption
         57:a3:ef:26:34:10:6c:96:fa:87:b8:6a:bb:22:30:4c:ae:47:
         6c:2e:e1:e9:32:b0:4b:84:35:a2:09:fc:c6:14:45:55:74:92:
         a2:55:4e:b0:63:74:b0:c9:09:45:ba:ab:84:17:13:a9:d6:a0:
         5a:96:3a:d5:ec:65:20:13:93:79:3c:be:a1:90:c7:66:09:bd:
         ce:4c:bd:17:7e:16:77:f2:e8:af:e0:97:e2:3a:e6:aa:7a:fd:
         bb:b4:34:d2:e9:00:c8:d0:d5:74:b6:ef:69:b0:05:8d:6c:2f:
         91:83:5a:4f:3d:59:93:1f:6b:29:b8:85:99:a5:46:ba:76:d6:
         e2:62:1c:5b:20:38:68:d3:f3:76:28:bb:73:65:48:e9:83:dc:
         c5:47:55:2b:cb:5f:34:7b:32:31:1f:9e:e4:71:7f:9a:eb:fe:
         2c:c6:ca:5c:01:e4:fe:33:de:c6:5b:74:51:98:af:8f:23:f7:
         70:7a:67:de:b1:4f:a4:02:76:dc:63:48:5f:e3:e5:0b:7d:80:
         a3:75:5e:89:af:9d:68:0f:7d:c2:de:81:ba:c4:e4:a7:38:02:
         25:c3:1c:33:be:31:96:02:18:89:e6:05:44:f7:f9:72:e8:8a:
         b5:ce:85:ac:96:d9:ef:d8:29:59:d8:da:e3:6b:1d:fc:99:e7:
         44:2b:3a:be
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZUj8N1PoywY1aPhsRIJ+jE1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OWRlOTQ1OGQxOTBlNjM0MzI5ZjlkZjE1MDNiNTIyMmMx
NjI0ZWUwHhcNMjUwMjIwMTUxOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTMzNGExMzNmNDFlYmM4OGRiY2MxOTBhNmFhYTVmMTQ5OWRlOTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3rGno7E/T3hP4/Bf25tfP/HKksI
V9xiSrOUxRmT2O6RXfBGmVQKbcsixkt4F+AuwXW1A3rXgLPeuegQILrwjCPNMfTV
iHU9eruS8OI1U8ykUktR18rtp4UpNPjYqqIF1jqh2ibjJFvLqP6/Tw0gmtz+on9c
rsy67mbCyDBNb3+GdLsZe+j30HfCifXDrN1EhY4eDsT77rBuIutBkBHvBuhNd1Mo
2pD/gKfmXe0UvpYyk30n8QK3df5gE5IbdSM7P7998jHBpV74BwXtuVFLHxAXRVcT
oPNWNcOjt90jsnH3umndZZhpGS0bCNzRCQZrHhCcCvghikN04iOZ2yMRKwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFCkzShM/QevIjbzBkKaqpfFJnekYMB8GA1UdIwQY
MBaAFLed6UWNGQ5jQyn53xUDtSIsFiTuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDUzcFJZMFpEbU5ES2ZuZkZRTzFJaXdXSk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8zYmU4OTktYTUyZi00M2FkLThlODkt
ZjFjZDlmYTI4Y2M1LzEvS1ROS0V6OUI2OGlOdk1HUXBxcWw4VW1kNlJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8zYmU4OTktYTUyZi00M2FkLThlODktZjFjZDlmYTI4Y2M1
LzEvdDUzcFJZMFpEbU5ES2ZuZkZRTzFJaXdXSk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAaBAIAATAUAwQAW8ZmMAwD
BAK55zQDBAC55zYwFAQCAAIwDgMFAyoMQQADBQMqE7yAMA0GCSqGSIb3DQEBCwUA
A4IBAQBXo+8mNBBslvqHuGq7IjBMrkdsLuHpMrBLhDWiCfzGFEVVdJKiVU6wY3Sw
yQlFuquEFxOp1qBaljrV7GUgE5N5PL6hkMdmCb3OTL0XfhZ38uiv4JfiOuaqev27
tDTS6QDI0NV0tu9psAWNbC+Rg1pPPVmTH2spuIWZpUa6dtbiYhxbIDho0/N2KLtz
ZUjpg9zFR1Ury180ezIxH57kcX+a6/4sxspcAeT+M97GW3RRmK+PI/dwemfesU+k
AnbcY0hf4+ULfYCjdV6Jr51oD33C3oG6xOSnOAIlwxwzvjGWAhiJ5gVE9/ly6Iq1
zoWsltnv2ClZ2Nrjax38medEKzq+
-----END CERTIFICATE-----