Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/zUOHmz4he7t-oj3r4DpUJC2Kqcs.roa
File:                     zUOHmz4he7t-oj3r4DpUJC2Kqcs.roa (raw, json)
Hash identifier:          Jyg+ZydIF4amYWUE+lrxZSwO98Ld9STptPegsBdTfs0=
Subject key identifier:   CD:43:87:9B:3E:21:7B:BB:7E:A2:3D:EB:E0:3A:54:24:2D:8A:A9:CB
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       0195EAEAC7E4E2D36B02EB12626381D33B61
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/zUOHmz4he7t-oj3r4DpUJC2Kqcs.roa
Signing time:             Mon 31 Mar 2025 06:36:49 +0000
ROA not before:           Mon 31 Mar 2025 06:36:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        85.115.208.0/23 maxlen: 24
                          85.115.210.0/23 maxlen: 24
                          85.115.210.0/24 maxlen: 24
                          85.115.211.0/24 maxlen: 24
                          213.145.68.0/23 maxlen: 23
                          213.145.68.0/24 maxlen: 24
                          213.145.70.0/23 maxlen: 24
                          213.145.71.0/24 maxlen: 24
                          213.145.72.0/21 maxlen: 24
                          213.145.82.0/23 maxlen: 24
                          213.145.82.0/24 maxlen: 24
                          213.145.83.0/24 maxlen: 24
                          213.145.84.0/23 maxlen: 23
                          213.145.86.0/23 maxlen: 23
                          213.145.88.0/23 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ea:ea:c7:e4:e2:d3:6b:02:eb:12:62:63:81:d3:3b:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Mar 31 06:36:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd43879b3e217bbb7ea23debe03a54242d8aa9cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:37:1b:04:a4:fa:64:25:ed:6d:c7:44:54:55:
                    3d:73:a6:4f:c4:fb:97:fc:a7:5b:36:20:c5:86:00:
                    da:9a:86:1d:f2:e2:09:c5:52:5a:e8:59:ff:b9:b2:
                    4d:86:56:25:50:72:30:91:35:57:d2:e3:e9:9f:d0:
                    5b:53:61:3d:dd:63:bd:75:44:5f:80:9e:21:b4:db:
                    70:58:7a:42:77:67:50:84:c9:cd:4f:14:43:7d:8a:
                    6a:a6:50:f6:d1:b7:58:df:57:7d:00:75:c6:99:cc:
                    62:3d:89:0b:ae:21:52:2a:2b:d4:cc:50:2b:26:91:
                    eb:20:3e:d1:ca:fd:2b:d7:05:cd:fa:46:95:97:32:
                    7d:72:95:5c:7b:cf:88:ec:34:d1:25:50:6d:48:f8:
                    11:51:a1:f0:66:07:da:bf:8c:94:11:b9:13:af:7d:
                    15:64:24:ee:b4:52:34:48:6b:cf:35:e9:6b:07:22:
                    21:3d:b0:0e:2e:83:50:19:e2:a9:66:50:3f:f0:fd:
                    6d:79:1a:75:85:03:ff:c9:11:3d:01:e0:0f:d5:8c:
                    44:f1:c8:06:45:bc:66:f5:7f:38:6a:a2:46:c1:d0:
                    3e:7e:4a:9a:65:da:de:76:12:66:ea:1d:0b:98:4b:
                    fd:10:b7:76:8f:83:f1:f3:a5:e2:43:a7:f1:c5:82:
                    7b:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:43:87:9B:3E:21:7B:BB:7E:A2:3D:EB:E0:3A:54:24:2D:8A:A9:CB
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/zUOHmz4he7t-oj3r4DpUJC2Kqcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.115.208.0/22
                  213.145.68.0-213.145.79.255
                  213.145.82.0-213.145.89.255

    Signature Algorithm: sha256WithRSAEncryption
         3a:ab:5e:34:8e:a6:13:ce:43:f4:06:8f:0a:6e:0b:13:b2:be:
         5f:cb:12:4d:af:5d:29:67:0f:96:54:67:ce:76:f4:ea:39:2c:
         5a:44:92:28:10:07:c3:bf:93:fb:65:69:88:38:41:96:6a:fd:
         b5:54:09:53:51:65:44:0b:99:3e:7a:f2:6c:be:aa:29:c1:99:
         02:0f:90:39:3d:05:ee:9b:46:37:48:1a:f6:8f:e7:b9:83:b4:
         bb:c2:fc:b1:38:c8:45:33:86:79:55:e6:00:0e:31:e0:d7:dd:
         84:d1:30:cb:f5:9c:c4:e6:2a:15:fe:9c:4e:39:25:f2:f8:6d:
         4d:1c:92:15:94:fa:14:d4:de:3d:c4:cb:17:75:4e:87:75:84:
         3c:17:bb:36:d4:0b:9a:cc:d1:d9:f9:4f:10:9d:e7:b1:4b:e2:
         7f:98:37:df:bf:3a:8f:2e:0e:8f:4d:b7:e3:6c:26:f5:64:46:
         89:07:a6:ba:d5:3f:b8:c1:af:88:5d:32:aa:9d:87:a9:40:56:
         7e:45:54:e8:71:9f:91:fe:82:b7:96:d6:0a:57:b4:53:08:4b:
         a8:37:ef:1a:64:79:b1:da:f5:9a:9d:94:77:14:bb:49:d5:b7:
         93:f7:7b:43:8c:1a:1a:91:00:9b:3c:e3:3d:ce:93:5a:bc:1d:
         6e:a7:bb:91
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZXq6sfk4tNrAusSYmOB0zthMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjUwMzMxMDYzNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDQzODc5YjNlMjE3YmJiN2VhMjNkZWJlMDNhNTQyNDJkOGFhOWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDcbBKT6ZCXtbcdEVFU9c6ZPxPuX
/KdbNiDFhgDamoYd8uIJxVJa6Fn/ubJNhlYlUHIwkTVX0uPpn9BbU2E93WO9dURf
gJ4htNtwWHpCd2dQhMnNTxRDfYpqplD20bdY31d9AHXGmcxiPYkLriFSKivUzFAr
JpHrID7Ryv0r1wXN+kaVlzJ9cpVce8+I7DTRJVBtSPgRUaHwZgfav4yUEbkTr30V
ZCTutFI0SGvPNelrByIhPbAOLoNQGeKpZlA/8P1teRp1hQP/yRE9AeAP1YxE8cgG
Rbxm9X84aqJGwdA+fkqaZdredhJm6h0LmEv9ELd2j4Px86XiQ6fxxYJ7swIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFM1Dh5s+IXu7fqI96+A6VCQtiqnLMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvelVPSG16NGhlN3Qtb2ozcjREcFVKQzJLcWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiAwQCVXPQMAwD
BALVkUQDBATVkUAwDAMEAdWRUgMEAdWRWDANBgkqhkiG9w0BAQsFAAOCAQEAOqte
NI6mE85D9AaPCm4LE7K+X8sSTa9dKWcPllRnznb06jksWkSSKBAHw7+T+2VpiDhB
lmr9tVQJU1FlRAuZPnrybL6qKcGZAg+QOT0F7ptGN0ga9o/nuYO0u8L8sTjIRTOG
eVXmAA4x4NfdhNEwy/WcxOYqFf6cTjkl8vhtTRySFZT6FNTePcTLF3VOh3WEPBe7
NtQLmszR2flPEJ3nsUvif5g33786jy4Oj02342wm9WRGiQemutU/uMGviF0yqp2H
qUBWfkVU6HGfkf6Ct5bWCle0UwhLqDfvGmR5sdr1mp2UdxS7SdW3k/d7Q4waGpEA
mzzjPc6TWrwdbqe7kQ==
-----END CERTIFICATE-----