Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS14618.roa
File:                     AS14618.roa (raw, json)
Hash identifier:          hEUEGjB0VrfgPkHg275CTn1CTTrCPCnoiP1CzccoHyc=
Subject key identifier:   09:3E:E3:30:22:BD:FB:90:F3:42:2B:C2:7F:D3:80:DB:B8:EB:35:BA
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       4F8B2222B1A07740E982CA7DFF56039958F5CB91
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS14618.roa
Signing time:             Sat 05 Apr 2025 00:01:54 +0000
ROA not before:           Fri 04 Apr 2025 23:56:54 +0000
ROA not after:            Sat 04 Apr 2026 00:01:54 +0000
asID:                     14618
IP address blocks:        91.124.131.0/24 maxlen: 24
                          91.124.133.0/24 maxlen: 24
                          91.124.217.0/24 maxlen: 24
                          92.112.51.0/24 maxlen: 24
                          92.112.61.0/24 maxlen: 24
                          92.112.63.0/24 maxlen: 24
                          92.112.74.0/24 maxlen: 24
                          92.112.75.0/24 maxlen: 24
                          92.113.49.0/24 maxlen: 24
                          92.113.50.0/24 maxlen: 24
                          92.113.51.0/24 maxlen: 24
                          92.113.52.0/24 maxlen: 24
                          92.113.53.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:8b:22:22:b1:a0:77:40:e9:82:ca:7d:ff:56:03:99:58:f5:cb:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr  4 23:56:54 2025 GMT
            Not After : Apr  4 00:01:54 2026 GMT
        Subject: CN=093EE33022BDFB90F3422BC27FD380DBB8EB35BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ae:fc:58:42:1c:d4:88:92:27:43:57:1a:1d:
                    c1:c6:c1:e0:ce:37:bf:0d:d7:a3:b0:85:02:60:99:
                    f4:a2:d4:d8:65:b1:59:a0:9f:1b:c2:9c:79:01:c5:
                    31:35:6a:d2:15:1f:6f:84:e3:b1:65:d7:6e:f7:ba:
                    f1:98:02:58:6d:3e:3a:77:d7:27:2c:ee:56:0f:98:
                    3f:cf:dd:57:15:9c:bd:f9:d1:b5:53:fe:f7:73:f3:
                    37:0b:3b:e0:a3:8a:cf:96:68:f0:c9:37:a3:77:84:
                    a0:20:0b:97:08:9a:8b:ea:99:51:b1:c7:d0:f0:1a:
                    77:e9:f6:43:59:56:94:74:5a:63:81:5b:bd:cd:3d:
                    af:aa:e0:7d:e9:96:86:a5:08:5f:9b:2a:96:98:35:
                    f7:6f:73:47:dc:d1:e6:ca:19:62:f6:8f:72:51:da:
                    4b:97:87:dd:ec:9d:62:7a:02:be:b4:ea:9e:b7:32:
                    70:1f:27:46:fa:d9:52:04:29:fc:15:ee:c5:a6:38:
                    13:4b:9d:0a:14:92:39:4a:eb:06:82:b9:d6:3f:cd:
                    8e:5d:a0:55:1a:4c:e0:7d:09:a1:dc:f3:c1:74:ef:
                    8d:5f:3f:89:22:8d:bd:e2:3a:73:a5:5d:ef:42:62:
                    4c:1c:3f:34:8f:de:17:67:75:00:0b:58:85:2b:1c:
                    af:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:3E:E3:30:22:BD:FB:90:F3:42:2B:C2:7F:D3:80:DB:B8:EB:35:BA
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS14618.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.131.0/24
                  91.124.133.0/24
                  91.124.217.0/24
                  92.112.51.0/24
                  92.112.61.0/24
                  92.112.63.0/24
                  92.112.74.0/23
                  92.113.49.0-92.113.53.255

    Signature Algorithm: sha256WithRSAEncryption
         2c:08:34:d8:14:0e:15:61:7e:82:70:ac:20:db:cb:03:93:3e:
         5a:c0:03:e4:95:72:d6:5b:dc:02:31:b4:f3:6d:9f:3e:62:5a:
         1a:4d:95:df:3a:f2:b5:48:2d:b7:4e:ec:2d:9a:f5:0b:7e:0a:
         aa:71:7f:28:b8:e4:35:b0:49:fc:61:b9:c6:eb:ef:63:3d:b1:
         3c:6e:e9:25:b7:cc:26:3a:1b:05:d0:c7:cf:d5:2c:c5:d6:a3:
         b5:e7:ad:d3:2c:13:67:ba:39:d4:99:fa:e3:71:58:71:6c:2f:
         25:17:7e:a2:b9:8e:4f:9c:01:78:90:d3:7b:64:f1:7b:f4:89:
         db:35:7f:b7:cf:66:e2:c8:71:4d:97:19:bb:76:69:c3:a5:de:
         c3:09:5e:95:a7:c3:43:5b:ee:86:0a:aa:4a:98:87:8e:e0:99:
         d8:ec:c2:51:14:6e:18:65:0f:85:c2:20:9f:e4:92:92:22:9e:
         c7:3d:b3:2a:59:a4:9b:8f:19:e3:18:95:42:ae:b3:68:44:78:
         10:53:e8:78:23:6c:25:c9:32:20:c9:7a:8d:b5:43:0f:0d:2f:
         0c:48:2d:6c:b8:cc:3b:ab:51:f5:c5:dd:ea:ad:27:86:54:52:
         18:ad:26:80:78:ab:cf:25:26:22:15:d9:83:f1:7a:f0:30:d5:
         be:b2:33:c0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUT4siIrGgd0Dpgsp9/1YDmVj1y5EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA0MDQyMzU2NTRaFw0yNjA0MDQwMDAxNTRaMDMxMTAvBgNV
BAMTKDA5M0VFMzMwMjJCREZCOTBGMzQyMkJDMjdGRDM4MERCQjhFQjM1QkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMrvxYQhzUiJInQ1caHcHGweDO
N78N16OwhQJgmfSi1NhlsVmgnxvCnHkBxTE1atIVH2+E47Fl1273uvGYAlhtPjp3
1ycs7lYPmD/P3VcVnL350bVT/vdz8zcLO+Cjis+WaPDJN6N3hKAgC5cImovqmVGx
x9DwGnfp9kNZVpR0WmOBW73NPa+q4H3ploalCF+bKpaYNfdvc0fc0ebKGWL2j3JR
2kuXh93snWJ6Ar606p63MnAfJ0b62VIEKfwV7sWmOBNLnQoUkjlK6waCudY/zY5d
oFUaTOB9CaHc88F0741fP4kijb3iOnOlXe9CYkwcPzSP3hdndQALWIUrHK/7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUCT7jMCK9+5DzQivCf9OA27jrNbowHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTQ2MTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwUQYIKwYBBQUHAQcBAf8EQjBAMD4EAgABMDgDBABbfIMD
BABbfIUDBABbfNkDBABccDMDBABccD0DBABccD8DBAFccEowDAMEAFxxMQMEAVxx
NDANBgkqhkiG9w0BAQsFAAOCAQEALAg02BQOFWF+gnCsINvLA5M+WsAD5JVy1lvc
AjG0822fPmJaGk2V3zrytUgtt07sLZr1C34KqnF/KLjkNbBJ/GG5xuvvYz2xPG7p
JbfMJjobBdDHz9Usxdajteet0ywTZ7o51Jn643FYcWwvJRd+ormOT5wBeJDTe2Tx
e/SJ2zV/t89m4shxTZcZu3Zpw6XewwlelafDQ1vuhgqqSpiHjuCZ2OzCURRuGGUP
hcIgn+SSkiKexz2zKlmkm48Z4xiVQq6zaER4EFPoeCNsJckyIMl6jbVDDw0vDEgt
bLjMO6tR9cXd6q0nhlRSGK0mgHirzyUmIhXZg/F68DDVvrIzwA==
-----END CERTIFICATE-----