Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/qrOg6i90WrnCVlfW9INbWoGV71g.roa
File:                     qrOg6i90WrnCVlfW9INbWoGV71g.roa (raw, json)
Hash identifier:          Zv0iuscFgOyE/3TCwB+AnMmsbOd3DfZKWg/Y/MggCuM=
Subject key identifier:   AA:B3:A0:EA:2F:74:5A:B9:C2:56:57:D6:F4:83:5B:5A:81:95:EF:58
Certificate issuer:       /CN=2b8966d0f14fd59993ca4878e774fa4779036694
Certificate serial:       018C44060713E78718EDDCAEA6A48643AC06
Authority key identifier: 2B:89:66:D0:F1:4F:D5:99:93:CA:48:78:E7:74:FA:47:79:03:66:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K4lm0PFP1ZmTykh453T6R3kDZpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/qrOg6i90WrnCVlfW9INbWoGV71g.roa
Signing time:             Thu 07 Dec 2023 11:24:54 +0000
ROA not before:           Thu 07 Dec 2023 11:24:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35625
IP address blocks:        195.74.80.0/24 maxlen: 24
                          45.138.192.0/22 maxlen: 22
                          37.16.78.0/24 maxlen: 24
                          185.161.44.0/22 maxlen: 22
                          194.126.178.0/24 maxlen: 24
                          185.252.156.0/22 maxlen: 22
                          37.235.88.0/21 maxlen: 21
                          46.29.120.0/21 maxlen: 21
                          185.117.18.0/24 maxlen: 24
                          185.75.140.0/22 maxlen: 22
                          2a01:6600:2e00::/40 maxlen: 40
                          2a02:21c8::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:44:06:07:13:e7:87:18:ed:dc:ae:a6:a4:86:43:ac:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b8966d0f14fd59993ca4878e774fa4779036694
        Validity
            Not Before: Dec  7 11:24:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aab3a0ea2f745ab9c25657d6f4835b5a8195ef58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f8:5a:c5:ea:0f:bd:6e:2a:dc:35:48:0a:cc:
                    6f:f1:06:6b:bf:84:26:ec:a0:4f:7f:28:14:da:e8:
                    69:85:3b:14:4e:ba:44:59:3c:53:46:72:59:ff:cd:
                    c6:21:a4:7f:5a:50:0f:a4:c7:a4:bb:ff:90:c3:29:
                    5a:38:85:15:5a:03:eb:bb:49:12:55:fb:3d:c3:42:
                    a5:ef:1a:71:91:b1:76:2f:18:f2:16:09:48:7e:fb:
                    9c:93:aa:06:6a:35:8d:7f:4a:89:4e:6a:e1:fb:d4:
                    ef:92:df:cb:ed:12:49:b4:11:5f:99:07:ae:19:8d:
                    64:f0:da:86:d7:42:37:17:e1:90:c6:16:a3:00:1c:
                    c0:0e:ac:80:34:f5:26:6a:37:c3:fd:84:ce:07:2f:
                    19:7e:80:09:6a:82:8e:6d:92:07:f7:67:ae:33:98:
                    18:cb:6b:75:73:41:c3:b5:95:6c:2c:1e:eb:9a:1f:
                    09:7e:06:32:4b:c4:b2:3d:48:d4:aa:7f:94:34:37:
                    9e:db:34:e3:e0:63:98:8b:8e:31:50:f6:a6:3d:ac:
                    ab:a7:59:e7:b2:4b:c8:e0:12:21:d5:35:89:ec:df:
                    ce:76:69:9c:fb:8d:9b:61:61:2b:8b:cb:33:23:54:
                    b7:b7:39:1e:c8:39:53:c6:a5:c7:73:5a:c8:70:e4:
                    bf:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:B3:A0:EA:2F:74:5A:B9:C2:56:57:D6:F4:83:5B:5A:81:95:EF:58
            X509v3 Authority Key Identifier:
                keyid:2B:89:66:D0:F1:4F:D5:99:93:CA:48:78:E7:74:FA:47:79:03:66:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K4lm0PFP1ZmTykh453T6R3kDZpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/qrOg6i90WrnCVlfW9INbWoGV71g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/K4lm0PFP1ZmTykh453T6R3kDZpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.16.78.0/24
                  37.235.88.0/21
                  45.138.192.0/22
                  46.29.120.0/21
                  185.75.140.0/22
                  185.117.18.0/24
                  185.161.44.0/22
                  185.252.156.0/22
                  194.126.178.0/24
                  195.74.80.0/24
                IPv6:
                  2a01:6600:2e00::/40
                  2a02:21c8::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:8f:42:4d:83:5e:0a:5a:d2:25:80:f1:1c:b4:4f:c6:75:21:
         0c:11:24:86:80:1a:f3:63:dc:fb:9c:1f:5f:a0:ea:2b:29:7d:
         37:c5:c5:fb:56:59:7e:45:91:b3:0f:e3:51:5c:61:33:86:01:
         39:79:9c:5e:f6:f3:91:ff:8d:05:30:f2:3f:1a:cb:36:b7:ee:
         60:e6:3c:9c:eb:a2:f3:40:76:2b:7b:12:86:b9:be:9c:f8:96:
         04:3d:6f:5b:6d:48:e0:df:75:15:d2:7f:f3:69:01:d8:d0:22:
         0c:3a:97:1e:b5:a0:cf:84:45:5d:0b:22:11:83:86:46:d3:3a:
         a0:49:dc:76:48:a9:51:7d:a2:4d:e3:28:27:b1:53:88:87:c4:
         18:f8:1b:cd:31:ec:1e:cb:e1:b0:fa:12:59:a4:b8:fe:fa:03:
         76:2c:0b:eb:2e:f6:fa:c7:ef:7b:01:bd:74:ae:a6:ce:a5:56:
         c0:57:33:3b:cf:76:c4:f1:16:8e:4d:92:37:af:1c:04:ac:98:
         79:06:8d:26:65:48:76:a7:a3:9d:f7:84:0d:e7:49:c1:fd:f4:
         74:05:24:9b:4c:60:3c:3c:40:f5:2f:2e:61:6d:bb:f9:73:37:
         48:41:30:61:03:03:08:6f:32:53:87:6f:7f:53:3a:c9:85:c1:
         48:94:2b:88
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYxEBgcT54cY7dyupqSGQ6wGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiODk2NmQwZjE0ZmQ1OTk5M2NhNDg3OGU3NzRmYTQ3Nzkw
MzY2OTQwHhcNMjMxMjA3MTEyNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWIzYTBlYTJmNzQ1YWI5YzI1NjU3ZDZmNDgzNWI1YTgxOTVlZjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPhaxeoPvW4q3DVICsxv8QZrv4Qm
7KBPfygU2uhphTsUTrpEWTxTRnJZ/83GIaR/WlAPpMeku/+QwylaOIUVWgPru0kS
Vfs9w0Kl7xpxkbF2LxjyFglIfvuck6oGajWNf0qJTmrh+9Tvkt/L7RJJtBFfmQeu
GY1k8NqG10I3F+GQxhajABzADqyANPUmajfD/YTOBy8ZfoAJaoKObZIH92euM5gY
y2t1c0HDtZVsLB7rmh8JfgYyS8SyPUjUqn+UNDee2zTj4GOYi44xUPamPayrp1nn
skvI4BIh1TWJ7N/Odmmc+42bYWEri8szI1S3tzkeyDlTxqXHc1rIcOS/VQIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFKqzoOovdFq5wlZX1vSDW1qBle9YMB8GA1UdIwQY
MBaAFCuJZtDxT9WZk8pIeOd0+kd5A2aUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzRsbTBQRlAxWm1UeWtoNDUzVDZSM2tEWnBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9jZjdmNmQtYjIyNS00YmRmLTk1MDQt
ODM4ZWJmNDEyYTYxLzEvcXJPZzZpOTBXcm5DVmxmVzlJTmJXb0dWNzFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9jZjdmNmQtYjIyNS00YmRmLTk1MDQtODM4ZWJmNDEyYTYx
LzEvSzRsbTBQRlAxWm1UeWtoNDUzVDZSM2tEWnBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBCBAIAATA8AwQAJRBOAwQD
JetYAwQCLYrAAwQDLh14AwQCuUuMAwQAuXUSAwQCuaEsAwQCufycAwQAwn6yAwQA
w0pQMBUEAgACMA8DBgAqAWYALgMFACoCIcgwDQYJKoZIhvcNAQELBQADggEBABSP
Qk2DXgpa0iWA8Ry0T8Z1IQwRJIaAGvNj3PucH1+g6ispfTfFxftWWX5FkbMP41Fc
YTOGATl5nF7285H/jQUw8j8ayza37mDmPJzrovNAdit7Eoa5vpz4lgQ9b1ttSODf
dRXSf/NpAdjQIgw6lx61oM+ERV0LIhGDhkbTOqBJ3HZIqVF9ok3jKCexU4iHxBj4
G80x7B7L4bD6ElmkuP76A3YsC+su9vrH73sBvXSups6lVsBXMzvPdsTxFo5Nkjev
HASsmHkGjSZlSHano533hA3nScH99HQFJJtMYDw8QPUvLmFtu/lzN0hBMGEDAwhv
MlOHb39TOsmFwUiUK4g=
-----END CERTIFICATE-----