Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/4ca0b4-1c7e-4707-8ca6-03602e8d5ad4/1/REjfMWSEIhEISY9B4aUc4fZtqEk.roa
File:                     REjfMWSEIhEISY9B4aUc4fZtqEk.roa (raw, json)
Hash identifier:          BuLbDeKhww5L7RWWCBBziFZh4pMd8TLnCTyTTlaZpms=
Subject key identifier:   44:48:DF:31:64:84:22:11:08:49:8F:41:E1:A5:1C:E1:F6:6D:A8:49
Certificate issuer:       /CN=9f7f36ecc13e633010f64d123b6315899c61afe9
Certificate serial:       01856DDD3E32DA5EB08AD654C8E49E2633DA
Authority key identifier: 9F:7F:36:EC:C1:3E:63:30:10:F6:4D:12:3B:63:15:89:9C:61:AF:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n3827ME-YzAQ9k0SO2MViZxhr-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/4ca0b4-1c7e-4707-8ca6-03602e8d5ad4/1/REjfMWSEIhEISY9B4aUc4fZtqEk.roa
Signing time:             Sun 01 Jan 2023 15:04:53 +0000
ROA not before:           Sun 01 Jan 2023 15:04:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51960
IP address blocks:        193.9.123.0/24 maxlen: 24
                          193.84.1.0/24 maxlen: 24
                          193.84.11.0/24 maxlen: 24
                          193.84.6.0/24 maxlen: 24
                          193.84.16.0/24 maxlen: 24
                          195.242.108.0/23 maxlen: 23
                          185.78.74.0/24 maxlen: 24
                          185.78.73.0/24 maxlen: 24
                          185.78.72.0/24 maxlen: 24
                          195.206.116.0/22 maxlen: 22
                          91.222.24.0/22 maxlen: 22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:dd:3e:32:da:5e:b0:8a:d6:54:c8:e4:9e:26:33:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f7f36ecc13e633010f64d123b6315899c61afe9
        Validity
            Not Before: Jan  1 15:04:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4448df316484221108498f41e1a51ce1f66da849
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:80:62:1d:1c:39:27:86:b6:1f:b9:48:7b:44:
                    3d:ab:74:bd:bf:36:32:78:57:db:59:8d:2d:ec:5b:
                    b6:f6:a5:96:d8:c1:b5:8e:b7:fb:de:86:5d:15:13:
                    cc:74:46:c5:d4:7b:28:2d:94:e6:bc:94:ce:3f:7d:
                    dd:a9:59:df:c8:c4:15:6a:40:ca:41:b9:77:2a:3e:
                    1f:79:0e:91:30:d2:83:75:3d:5f:18:d1:99:7d:41:
                    78:cc:1b:c6:30:c8:a9:07:41:b4:3a:03:9e:08:07:
                    60:88:e0:cd:76:39:53:71:01:aa:ac:76:aa:ed:d4:
                    34:d8:10:cb:76:f0:ed:c3:07:61:ca:66:09:19:b0:
                    15:b9:b5:e9:c0:d1:3d:6d:3b:d8:75:15:7d:73:ff:
                    e6:52:79:7d:97:8a:b9:ca:cc:3b:af:83:30:bf:37:
                    83:05:82:f8:a3:db:66:25:e2:44:df:95:ab:1c:f4:
                    5d:42:03:7c:e8:e7:a9:8a:85:ef:40:c4:de:c8:03:
                    5e:c9:28:79:3e:cd:35:ac:d7:d7:8c:f5:16:ff:96:
                    d8:23:fd:c0:7c:ac:23:c0:7f:60:65:2f:a2:91:41:
                    d4:6d:58:ef:71:63:06:40:ac:9b:ee:a1:6a:ef:82:
                    f2:44:f5:f9:01:c7:15:fa:22:44:d0:c2:04:a9:0b:
                    45:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:48:DF:31:64:84:22:11:08:49:8F:41:E1:A5:1C:E1:F6:6D:A8:49
            X509v3 Authority Key Identifier:
                keyid:9F:7F:36:EC:C1:3E:63:30:10:F6:4D:12:3B:63:15:89:9C:61:AF:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n3827ME-YzAQ9k0SO2MViZxhr-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/4ca0b4-1c7e-4707-8ca6-03602e8d5ad4/1/REjfMWSEIhEISY9B4aUc4fZtqEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/4ca0b4-1c7e-4707-8ca6-03602e8d5ad4/1/n3827ME-YzAQ9k0SO2MViZxhr-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.24.0/22
                  185.78.72.0-185.78.74.255
                  193.9.123.0/24
                  193.84.1.0/24
                  193.84.6.0/24
                  193.84.11.0/24
                  193.84.16.0/24
                  195.206.116.0/22
                  195.242.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:f1:00:2d:9e:f2:2c:fe:ed:30:1d:ae:01:13:ef:28:91:53:
         67:e7:5e:85:30:92:7e:98:56:b7:2c:c5:d5:bd:b1:c2:73:13:
         e9:c9:8c:16:fb:08:0e:be:7c:f8:bf:0c:d5:e6:38:3f:f8:7b:
         12:2e:eb:50:60:32:d9:dd:34:47:bc:c0:f6:0f:f8:7c:29:02:
         69:da:cf:ab:0d:b2:1e:72:f6:21:3f:85:58:ec:56:ba:19:64:
         2d:73:72:8d:39:5b:46:76:b6:d0:3b:e7:ee:38:6d:22:04:bf:
         1c:a3:8a:c8:08:49:83:58:17:e6:41:d9:21:60:be:a0:79:62:
         62:e2:0a:49:70:06:b1:e7:1f:19:e6:a4:06:4c:1f:df:44:5c:
         a3:5e:c3:24:99:39:41:d0:45:fe:57:17:1a:f6:4d:83:e8:9d:
         08:56:95:0e:86:61:cf:ed:7d:9d:4d:e3:a2:5a:3c:9b:fb:57:
         53:29:97:e6:2b:f6:b3:e8:66:d8:e2:f6:bf:54:f9:39:e4:dc:
         6a:14:cb:71:14:34:db:bb:d2:95:7d:e8:51:1f:87:36:3f:71:
         ba:93:0d:b2:15:1b:c2:58:1e:75:55:c5:89:b0:11:24:66:f1:
         3b:de:33:7a:ca:88:eb:55:cc:70:e2:53:03:51:fe:08:9c:d7:
         7f:ab:ac:14
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYVt3T4y2l6witZUyOSeJjPaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmN2YzNmVjYzEzZTYzMzAxMGY2NGQxMjNiNjMxNTg5OWM2
MWFmZTkwHhcNMjMwMTAxMTUwNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDQ4ZGYzMTY0ODQyMjExMDg0OThmNDFlMWE1MWNlMWY2NmRhODQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzYBiHRw5J4a2H7lIe0Q9q3S9vzYy
eFfbWY0t7Fu29qWW2MG1jrf73oZdFRPMdEbF1HsoLZTmvJTOP33dqVnfyMQVakDK
Qbl3Kj4feQ6RMNKDdT1fGNGZfUF4zBvGMMipB0G0OgOeCAdgiODNdjlTcQGqrHaq
7dQ02BDLdvDtwwdhymYJGbAVubXpwNE9bTvYdRV9c//mUnl9l4q5ysw7r4MwvzeD
BYL4o9tmJeJE35WrHPRdQgN86OepioXvQMTeyANeySh5Ps01rNfXjPUW/5bYI/3A
fKwjwH9gZS+ikUHUbVjvcWMGQKyb7qFq74LyRPX5AccV+iJE0MIEqQtFeQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFERI3zFkhCIRCEmPQeGlHOH2bahJMB8GA1UdIwQY
MBaAFJ9/NuzBPmMwEPZNEjtjFYmcYa/pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjM4MjdNRS1ZekFROWswU08yTVZpWnhoci1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC80Y2EwYjQtMWM3ZS00NzA3LThjYTYt
MDM2MDJlOGQ1YWQ0LzEvUkVqZk1XU0VJaEVJU1k5QjRhVWM0Zlp0cUVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC80Y2EwYjQtMWM3ZS00NzA3LThjYTYtMDM2MDJlOGQ1YWQ0
LzEvbjM4MjdNRS1ZekFROWswU08yTVZpWnhoci1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQCW94YMAwD
BAO5TkgDBAC5TkoDBADBCXsDBADBVAEDBADBVAYDBADBVAsDBADBVBADBALDznQD
BAHD8mwwDQYJKoZIhvcNAQELBQADggEBAF/xAC2e8iz+7TAdrgET7yiRU2fnXoUw
kn6YVrcsxdW9scJzE+nJjBb7CA6+fPi/DNXmOD/4exIu61BgMtndNEe8wPYP+Hwp
Amnaz6sNsh5y9iE/hVjsVroZZC1zco05W0Z2ttA75+44bSIEvxyjisgISYNYF+ZB
2SFgvqB5YmLiCklwBrHnHxnmpAZMH99EXKNewySZOUHQRf5XFxr2TYPonQhWlQ6G
Yc/tfZ1N46JaPJv7V1Mpl+Yr9rPoZtji9r9U+Tnk3GoUy3EUNNu70pV96FEfhzY/
cbqTDbIVG8JYHnVVxYmwESRm8TveM3rKiOtVzHDiUwNR/gic13+rrBQ=
-----END CERTIFICATE-----