Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/0sZ1hP3qERpyAvLPr3REH0spaBw.roa
File:                     0sZ1hP3qERpyAvLPr3REH0spaBw.roa (raw, json)
Hash identifier:          yOyJKhWQJvUxiS/JR4DvPhX4eVZvCOTgDhsb4ezI89w=
Subject key identifier:   D2:C6:75:84:FD:EA:11:1A:72:02:F2:CF:AF:74:44:1F:4B:29:68:1C
Certificate issuer:       /CN=61b534437503668815add93cd17d0ad3e1b1a877
Certificate serial:       0193CEC206DF972F52AC70CF2EB9522A6310
Authority key identifier: 61:B5:34:43:75:03:66:88:15:AD:D9:3C:D1:7D:0A:D3:E1:B1:A8:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbU0Q3UDZogVrdk80X0K0-GxqHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/0sZ1hP3qERpyAvLPr3REH0spaBw.roa
Signing time:             Mon 16 Dec 2024 09:17:22 +0000
ROA not before:           Mon 16 Dec 2024 09:17:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15670
IP address blocks:        62.177.128.0/17 maxlen: 24
                          62.177.128.0/24 maxlen: 24
                          62.177.133.0/24 maxlen: 24
                          62.177.136.0/22 maxlen: 24
                          62.177.144.0/24 maxlen: 24
                          62.177.146.0/23 maxlen: 24
                          62.177.148.0/24 maxlen: 24
                          62.177.150.0/23 maxlen: 24
                          62.177.152.0/21 maxlen: 24
                          62.177.160.0/21 maxlen: 24
                          62.177.168.0/24 maxlen: 24
                          62.177.170.0/23 maxlen: 24
                          62.177.172.0/22 maxlen: 24
                          62.177.176.0/20 maxlen: 24
                          62.177.192.0/18 maxlen: 24
                          82.204.0.0/17 maxlen: 24
                          82.204.0.0/18 maxlen: 24
                          82.204.10.0/24 maxlen: 24
                          82.204.28.0/22 maxlen: 24
                          82.204.48.0/20 maxlen: 24
                          82.204.64.0/19 maxlen: 24
                          82.204.68.0/23 maxlen: 24
                          82.204.120.0/22 maxlen: 24
                          82.204.126.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:ce:c2:06:df:97:2f:52:ac:70:cf:2e:b9:52:2a:63:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b534437503668815add93cd17d0ad3e1b1a877
        Validity
            Not Before: Dec 16 09:17:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2c67584fdea111a7202f2cfaf74441f4b29681c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8e:ae:c9:33:29:29:b2:97:98:a5:b6:2f:8a:
                    e0:43:05:5a:74:92:4c:76:ee:2c:99:95:ab:4a:3a:
                    47:7c:48:52:21:6d:67:f4:bc:d6:31:a9:bb:08:84:
                    34:9f:9f:7e:f8:7e:4d:5f:f7:4f:94:6f:85:a6:57:
                    fd:a9:54:79:a0:3b:e6:6d:c2:49:ea:1e:93:ec:96:
                    0c:78:85:f9:e7:2b:a9:68:23:4d:2f:8d:5f:40:f5:
                    5d:7f:b6:73:c7:12:8a:a0:f8:c0:82:1f:77:70:66:
                    1a:9e:83:40:b5:23:49:6f:e1:dc:90:f4:d6:94:02:
                    19:6c:9c:e1:dd:ef:a0:cc:8d:61:61:f2:1b:49:d4:
                    f6:1e:7f:3d:13:15:4e:83:ab:ec:80:b2:7d:51:0e:
                    67:9d:63:74:b3:57:d2:db:41:8b:d0:e3:35:0f:a5:
                    b6:61:ac:2e:86:33:dd:14:0a:d5:6d:8d:dc:03:42:
                    08:7c:c3:a7:85:c4:e4:f8:9d:06:2c:8b:e4:da:ef:
                    e3:08:f8:d6:65:bb:05:b5:d7:10:d6:15:49:b9:fc:
                    2f:8a:b9:08:12:49:fe:91:5f:14:29:e5:e5:4d:46:
                    20:d9:32:95:3c:82:9f:00:f0:77:fd:d9:c5:f8:60:
                    98:61:b4:16:1c:85:8a:75:48:cd:a8:90:22:eb:67:
                    ea:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:C6:75:84:FD:EA:11:1A:72:02:F2:CF:AF:74:44:1F:4B:29:68:1C
            X509v3 Authority Key Identifier:
                keyid:61:B5:34:43:75:03:66:88:15:AD:D9:3C:D1:7D:0A:D3:E1:B1:A8:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbU0Q3UDZogVrdk80X0K0-GxqHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/0sZ1hP3qERpyAvLPr3REH0spaBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/YbU0Q3UDZogVrdk80X0K0-GxqHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.177.128.0/17
                  82.204.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         2e:b9:d5:4b:b5:c5:54:1e:87:03:b3:f5:49:52:72:c5:ff:7f:
         52:44:82:cd:0a:1b:b2:7d:87:c1:f3:3e:e2:a3:ad:66:22:80:
         71:b5:88:bf:f0:07:10:49:02:38:c2:f8:14:6a:44:42:51:ce:
         f3:cc:e3:44:3d:8d:fd:7d:1c:11:b5:45:28:30:b3:a8:9c:5c:
         45:79:33:87:11:98:0d:12:50:99:98:ac:31:f9:b0:cb:8e:fd:
         58:f4:21:88:35:4b:bc:95:ae:fb:27:34:94:de:76:7a:04:15:
         68:bf:69:2b:22:40:a9:26:ca:5d:93:07:bf:b5:1a:f4:f6:22:
         8b:5d:a9:3f:80:cc:22:8e:24:59:9d:85:33:33:40:73:60:36:
         03:e5:ba:63:43:d2:52:76:86:97:6c:cb:a2:b3:28:5c:28:4e:
         37:df:5b:08:bd:3c:e6:9b:60:ae:e1:24:2b:5c:4f:eb:e3:1e:
         2b:bf:7a:77:f6:cc:38:81:ed:e0:43:ed:ae:d6:5c:86:23:16:
         dc:f6:65:94:78:8c:f7:da:46:82:14:6c:28:ae:3a:60:8c:36:
         9d:23:a1:fc:72:fb:b0:11:96:26:b4:6e:aa:5a:82:dc:42:dc:
         2b:fd:5a:5b:a7:f0:ab:b0:5c:7a:ac:00:07:f3:30:33:5d:80:
         1e:53:4d:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZPOwgbfly9SrHDPLrlSKmMQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjUzNDQzNzUwMzY2ODgxNWFkZDkzY2QxN2QwYWQzZTFi
MWE4NzcwHhcNMjQxMjE2MDkxNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmM2NzU4NGZkZWExMTFhNzIwMmYyY2ZhZjc0NDQxZjRiMjk2ODFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu46uyTMpKbKXmKW2L4rgQwVadJJM
du4smZWrSjpHfEhSIW1n9LzWMam7CIQ0n59++H5NX/dPlG+Fplf9qVR5oDvmbcJJ
6h6T7JYMeIX55yupaCNNL41fQPVdf7ZzxxKKoPjAgh93cGYanoNAtSNJb+HckPTW
lAIZbJzh3e+gzI1hYfIbSdT2Hn89ExVOg6vsgLJ9UQ5nnWN0s1fS20GL0OM1D6W2
YawuhjPdFArVbY3cA0IIfMOnhcTk+J0GLIvk2u/jCPjWZbsFtdcQ1hVJufwvirkI
Ekn+kV8UKeXlTUYg2TKVPIKfAPB3/dnF+GCYYbQWHIWKdUjNqJAi62fqtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNLGdYT96hEacgLyz690RB9LKWgcMB8GA1UdIwQY
MBaAFGG1NEN1A2aIFa3ZPNF9CtPhsah3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJVMFEzVURab2dWcmRrODBYMEswLUd4cUhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9jMWFjZDYtMjMwYS00ZTM2LWE1OGYt
ZjU1NWUyZTY4YTEwLzEvMHNaMWhQM3FFUnB5QXZMUHIzUkVIMHNwYUJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9jMWFjZDYtMjMwYS00ZTM2LWE1OGYtZjU1NWUyZTY4YTEw
LzEvWWJVMFEzVURab2dWcmRrODBYMEswLUd4cUhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQHPrGAAwQH
UswAMA0GCSqGSIb3DQEBCwUAA4IBAQAuudVLtcVUHocDs/VJUnLF/39SRILNChuy
fYfB8z7io61mIoBxtYi/8AcQSQI4wvgUakRCUc7zzONEPY39fRwRtUUoMLOonFxF
eTOHEZgNElCZmKwx+bDLjv1Y9CGINUu8la77JzSU3nZ6BBVov2krIkCpJspdkwe/
tRr09iKLXak/gMwijiRZnYUzM0BzYDYD5bpjQ9JSdoaXbMuisyhcKE4331sIvTzm
m2Cu4SQrXE/r4x4rv3p39sw4ge3gQ+2u1lyGIxbc9mWUeIz32kaCFGworjpgjDad
I6H8cvuwEZYmtG6qWoLcQtwr/Vpbp/CrsFx6rAAH8zAzXYAeU00o
-----END CERTIFICATE-----