Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/pPYYG56VOORuxgT5M_ZuhSvmRfg.roa
File:                     pPYYG56VOORuxgT5M_ZuhSvmRfg.roa (raw, json)
Hash identifier:          UBXy6znS5i9dvxzfkJnX+PZpKfrnJ0My4xHbPC9KdaQ=
Subject key identifier:   A4:F6:18:1B:9E:95:38:E4:6E:C6:04:F9:33:F6:6E:85:2B:E6:45:F8
Certificate issuer:       /CN=4b98127943e7175734964010c89ef821416a31b3
Certificate serial:       01942748050B29A84676C0FCA2123C7C7D5B
Authority key identifier: 4B:98:12:79:43:E7:17:57:34:96:40:10:C8:9E:F8:21:41:6A:31:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S5gSeUPnF1c0lkAQyJ74IUFqMbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/pPYYG56VOORuxgT5M_ZuhSvmRfg.roa
Signing time:             Thu 02 Jan 2025 13:50:18 +0000
ROA not before:           Thu 02 Jan 2025 13:50:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5400
IP address blocks:        31.95.0.0/16 maxlen: 16
                          31.95.0.0/21 maxlen: 21
                          31.95.14.0/23 maxlen: 23
                          31.95.16.0/20 maxlen: 20
                          31.95.48.0/21 maxlen: 21
                          31.95.56.0/24 maxlen: 24
                          31.95.58.0/23 maxlen: 23
                          31.95.64.0/21 maxlen: 21
                          31.95.72.0/22 maxlen: 22
                          31.95.80.0/22 maxlen: 22
                          31.95.96.0/19 maxlen: 19
                          31.95.128.0/20 maxlen: 20
                          31.95.160.0/20 maxlen: 20
                          31.95.176.0/22 maxlen: 22
                          31.95.184.0/21 maxlen: 21
                          31.95.208.0/21 maxlen: 21
                          31.95.218.0/23 maxlen: 23
                          31.95.220.0/22 maxlen: 22
                          31.95.228.0/22 maxlen: 22
                          31.95.232.0/22 maxlen: 22
                          31.95.238.0/23 maxlen: 23
                          31.95.240.0/22 maxlen: 22
                          31.95.246.0/23 maxlen: 23
                          31.95.248.0/22 maxlen: 22
                          31.95.254.0/23 maxlen: 23

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:05:0b:29:a8:46:76:c0:fc:a2:12:3c:7c:7d:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b98127943e7175734964010c89ef821416a31b3
        Validity
            Not Before: Jan  2 13:50:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4f6181b9e9538e46ec604f933f66e852be645f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:cf:15:5e:8b:a5:ee:9d:38:66:d6:10:01:8a:
                    6c:51:3d:87:e5:f8:ba:60:b3:6d:31:d7:74:ac:6c:
                    a6:f2:44:0b:3f:ac:eb:16:67:b3:1d:d9:da:20:54:
                    a6:09:07:54:e9:67:4b:0b:a3:99:1b:fa:3f:56:2f:
                    82:5e:f2:d7:4b:ad:e1:31:2a:9a:fb:25:18:a8:29:
                    03:ba:6c:97:46:77:65:3d:5e:f5:8e:0a:97:31:4f:
                    23:e7:a8:4d:82:f0:0a:e4:84:cb:26:9f:e6:ec:79:
                    50:36:3f:e9:22:05:cb:88:3b:41:fd:80:89:f6:47:
                    6d:2c:99:f5:22:c8:22:b4:d7:4b:76:6e:c1:70:e0:
                    50:1d:79:dc:0f:61:03:62:14:00:92:89:a0:a1:17:
                    93:a2:ec:ee:9d:31:da:c9:6f:0f:9e:86:f7:4a:e9:
                    e6:0b:74:b7:cc:20:ab:e1:a5:80:cd:52:1c:7d:04:
                    b0:13:8b:b9:6a:63:a0:1a:09:1b:12:35:3b:45:74:
                    92:5a:6b:89:3b:35:e1:fe:61:99:dd:0f:dc:a4:74:
                    08:20:82:80:8c:23:bd:d2:c6:b4:10:ae:57:f5:27:
                    02:d9:53:aa:b3:2e:d7:13:ed:ad:0e:94:3f:13:45:
                    55:24:b4:6c:85:19:22:18:8b:18:90:cf:8a:cc:dd:
                    3f:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F6:18:1B:9E:95:38:E4:6E:C6:04:F9:33:F6:6E:85:2B:E6:45:F8
            X509v3 Authority Key Identifier:
                keyid:4B:98:12:79:43:E7:17:57:34:96:40:10:C8:9E:F8:21:41:6A:31:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5gSeUPnF1c0lkAQyJ74IUFqMbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/pPYYG56VOORuxgT5M_ZuhSvmRfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/S5gSeUPnF1c0lkAQyJ74IUFqMbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.95.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         43:66:4a:a7:ab:b4:9f:08:8f:8e:36:64:80:cc:a2:6c:c6:ea:
         90:d2:85:50:d0:ce:7d:13:2a:73:4a:4f:bd:26:aa:fc:5b:94:
         e7:46:cc:a8:b6:34:99:9b:15:46:17:c3:0f:93:60:ee:ae:72:
         dc:c1:f3:84:f7:f7:2f:51:a6:e5:7d:08:04:d0:94:61:7c:a4:
         16:3c:1c:d7:89:1e:12:87:46:7c:34:46:e9:45:cc:5f:06:c8:
         2f:ca:6e:4e:4d:53:65:ff:2e:65:23:b2:79:07:ef:7a:f1:ec:
         58:ff:78:31:9b:05:73:13:6f:2d:76:3e:f4:f5:32:e4:1a:95:
         74:70:47:2a:4f:bf:2f:06:47:c5:19:ee:8a:31:fd:86:9f:34:
         11:fa:08:e2:0b:3d:d5:cf:1e:74:81:36:d2:4e:12:23:23:2e:
         f5:b2:43:3c:08:b9:35:b9:21:fb:86:10:c4:48:b4:c8:b0:91:
         7a:74:d8:6d:bd:c5:d4:e4:59:25:4e:4b:e6:1f:6d:27:1f:fd:
         0c:a4:6b:0e:8d:ec:69:af:9a:25:f4:13:c7:3b:c8:24:bd:e7:
         64:a3:8f:b4:09:1a:f5:53:10:51:29:31:41:39:52:36:3f:d9:
         b4:f1:c4:bb:f9:43:6a:36:bb:10:e9:84:9a:cd:78:3d:01:51:
         da:08:71:a0
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQnSAULKahGdsD8ohI8fH1bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTgxMjc5NDNlNzE3NTczNDk2NDAxMGM4OWVmODIxNDE2
YTMxYjMwHhcNMjUwMTAyMTM1MDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGY2MTgxYjllOTUzOGU0NmVjNjA0ZjkzM2Y2NmU4NTJiZTY0NWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6s8VXoul7p04ZtYQAYpsUT2H5fi6
YLNtMdd0rGym8kQLP6zrFmezHdnaIFSmCQdU6WdLC6OZG/o/Vi+CXvLXS63hMSqa
+yUYqCkDumyXRndlPV71jgqXMU8j56hNgvAK5ITLJp/m7HlQNj/pIgXLiDtB/YCJ
9kdtLJn1IsgitNdLdm7BcOBQHXncD2EDYhQAkomgoReTouzunTHayW8Pnob3Sunm
C3S3zCCr4aWAzVIcfQSwE4u5amOgGgkbEjU7RXSSWmuJOzXh/mGZ3Q/cpHQIIIKA
jCO90sa0EK5X9ScC2VOqsy7XE+2tDpQ/E0VVJLRshRkiGIsYkM+KzN0/cQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFKT2GBuelTjkbsYE+TP2boUr5kX4MB8GA1UdIwQY
MBaAFEuYEnlD5xdXNJZAEMie+CFBajGzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVnU2VVUG5GMWMwbGtBUXlKNzRJVUZxTWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9mMjBkZjMtMjc1My00MzUzLWE2Njgt
NjIxNzkyZjdlNTZhLzEvcFBZWUc1NlZPT1J1eGdUNU1fWnVoU3ZtUmZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9mMjBkZjMtMjc1My00MzUzLWE2NjgtNjIxNzkyZjdlNTZh
LzEvUzVnU2VVUG5GMWMwbGtBUXlKNzRJVUZxTWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAH18wDQYJ
KoZIhvcNAQELBQADggEBAENmSqertJ8Ij442ZIDMomzG6pDShVDQzn0TKnNKT70m
qvxblOdGzKi2NJmbFUYXww+TYO6uctzB84T39y9RpuV9CATQlGF8pBY8HNeJHhKH
Rnw0RulFzF8GyC/Kbk5NU2X/LmUjsnkH73rx7Fj/eDGbBXMTby12PvT1MuQalXRw
RypPvy8GR8UZ7oox/YafNBH6COILPdXPHnSBNtJOEiMjLvWyQzwIuTW5IfuGEMRI
tMiwkXp02G29xdTkWSVOS+YfbScf/Qykaw6N7GmvmiX0E8c7yCS952Sjj7QJGvVT
EFEpMUE5UjY/2bTxxLv5Q2o2uxDphJrNeD0BUdoIcaA=
-----END CERTIFICATE-----