Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/LcquefyWWE_O3MUyg9tPk1gGsYI.roa
File:                     LcquefyWWE_O3MUyg9tPk1gGsYI.roa (raw, json)
Hash identifier:          OIsrP1FGn/Z0TR7S9fS5zdakgpEn5qGxqIdsQANsaMY=
Subject key identifier:   2D:CA:AE:79:FC:96:58:4F:CE:DC:C5:32:83:DB:4F:93:58:06:B1:82
Certificate issuer:       /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial:       01970E002BAE8AD751A2555F499B34164407
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/LcquefyWWE_O3MUyg9tPk1gGsYI.roa
Signing time:             Mon 26 May 2025 19:09:41 +0000
ROA not before:           Mon 26 May 2025 19:09:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a06:4381::/32 maxlen: 32
                          2a09:a201::/32 maxlen: 32
                          2a0a:c0c0::/32 maxlen: 32
                          2a0c:9481::/32 maxlen: 32
                          2a0d:f844::/32 maxlen: 32
                          2a0e:7f04::/32 maxlen: 32
                          2a0e:c4c4::/32 maxlen: 32
                          2a0e:eec1::/32 maxlen: 32
                          2a0f:1800::/32 maxlen: 32
                          2a0f:9d05::/32 maxlen: 32
                          2a12:38c1::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0e:00:2b:ae:8a:d7:51:a2:55:5f:49:9b:34:16:44:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
        Validity
            Not Before: May 26 19:09:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2dcaae79fc96584fcedcc53283db4f935806b182
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6e:5f:a8:78:4b:d4:6c:c6:9c:f9:d1:b7:2d:
                    e9:5c:21:5f:62:db:04:48:36:46:53:23:6f:90:86:
                    9c:c0:c3:b5:83:0b:0e:db:15:89:25:3b:83:c9:f3:
                    bb:4c:a9:6a:ef:45:f4:e1:35:b8:6e:2f:3d:68:e3:
                    ec:3d:39:be:a0:76:a4:5c:68:8b:de:92:ea:41:53:
                    cd:6e:23:bc:7f:ae:e4:09:09:2e:16:73:20:32:4d:
                    a6:52:69:50:ce:aa:d8:f4:91:4a:25:1b:95:c4:80:
                    80:46:3b:60:c6:fd:8b:53:4f:33:48:c5:17:72:c5:
                    f1:8d:de:37:74:cf:e1:a8:e4:be:be:72:e2:77:d9:
                    29:0d:c7:18:bf:24:be:3c:ec:c1:3f:e5:de:58:f3:
                    69:c7:90:b0:e2:47:66:a7:c2:12:e8:e4:a9:28:0d:
                    35:1f:26:27:80:40:b8:52:16:3f:3f:4c:26:6e:03:
                    c9:35:32:f9:1e:18:66:12:86:ec:1e:4e:b2:bb:07:
                    23:90:a9:f8:32:b4:12:8d:63:67:7c:4c:47:7b:6b:
                    a6:bc:b3:92:37:00:00:c3:e9:cd:71:22:8f:fe:84:
                    ce:5a:f0:52:32:99:d6:b1:9a:46:3e:b2:49:74:a3:
                    47:fd:57:08:d0:19:a7:9e:87:dc:74:1f:31:18:da:
                    cc:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:CA:AE:79:FC:96:58:4F:CE:DC:C5:32:83:DB:4F:93:58:06:B1:82
            X509v3 Authority Key Identifier:
                keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/LcquefyWWE_O3MUyg9tPk1gGsYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:4381::/32
                  2a09:a201::/32
                  2a0a:c0c0::/32
                  2a0c:9481::/32
                  2a0d:f844::/32
                  2a0e:7f04::/32
                  2a0e:c4c4::/32
                  2a0e:eec1::/32
                  2a0f:1800::/32
                  2a0f:9d05::/32
                  2a12:38c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         b3:11:34:b1:80:ee:a7:71:67:a7:00:87:05:99:53:1e:44:21:
         4e:41:0a:26:e7:64:15:c8:ff:24:27:39:20:b8:07:06:be:3b:
         de:48:04:4e:8c:ee:37:8b:f1:0e:1c:3b:99:d6:20:4b:ee:16:
         d9:8d:ce:2e:10:24:ad:be:b8:d5:d8:f1:16:d4:a2:60:00:68:
         72:10:8f:ca:1d:9c:7d:2f:fa:5a:8d:8e:c1:18:18:3e:20:49:
         32:4e:9d:fa:ab:62:07:68:40:73:ec:9c:ce:ad:1b:31:1a:de:
         e7:c8:17:b0:d6:0d:43:10:e4:7d:a2:bc:d7:62:bc:5c:f7:04:
         9d:ba:de:27:6e:87:a6:f2:a5:e3:a4:bc:7d:77:c6:ee:3a:bb:
         08:12:23:a7:23:21:51:33:66:95:3a:1c:1e:be:f9:25:83:16:
         fb:26:bd:0e:2c:d4:5d:25:e6:fe:47:ae:07:ba:03:65:cc:5c:
         b1:9f:59:dd:57:45:c7:51:d4:01:62:20:71:3b:43:11:31:b6:
         4c:e9:03:12:81:81:1d:35:a1:74:b0:a1:49:1a:c9:24:73:f7:
         a3:b0:29:a0:66:d7:a7:04:49:04:cf:74:d9:fe:59:96:82:66:
         e9:df:54:41:3f:e8:66:b2:f1:7f:33:ae:f8:fd:41:1d:84:93:
         ef:d6:90:3e
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZcOACuuitdRolVfSZs0FkQHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjUwNTI2MTkwOTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGNhYWU3OWZjOTY1ODRmY2VkY2M1MzI4M2RiNGY5MzU4MDZiMTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtW5fqHhL1GzGnPnRty3pXCFfYtsE
SDZGUyNvkIacwMO1gwsO2xWJJTuDyfO7TKlq70X04TW4bi89aOPsPTm+oHakXGiL
3pLqQVPNbiO8f67kCQkuFnMgMk2mUmlQzqrY9JFKJRuVxICARjtgxv2LU08zSMUX
csXxjd43dM/hqOS+vnLid9kpDccYvyS+POzBP+XeWPNpx5Cw4kdmp8IS6OSpKA01
HyYngEC4UhY/P0wmbgPJNTL5HhhmEobsHk6yuwcjkKn4MrQSjWNnfExHe2umvLOS
NwAAw+nNcSKP/oTOWvBSMpnWsZpGPrJJdKNH/VcI0BmnnofcdB8xGNrMbQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFC3Krnn8llhPztzFMoPbT5NYBrGCMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvTGNxdWVmeVdXRV9PM01VeWc5dFBrMWdHc1lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAAjBNAwUAKgZDgQMF
ACoJogEDBQAqCsDAAwUAKgyUgQMFACoN+EQDBQAqDn8EAwUAKg7ExAMFACoO7sED
BQAqDxgAAwUAKg+dBQMFACoSOMEwDQYJKoZIhvcNAQELBQADggEBALMRNLGA7qdx
Z6cAhwWZUx5EIU5BCibnZBXI/yQnOSC4Bwa+O95IBE6M7jeL8Q4cO5nWIEvuFtmN
zi4QJK2+uNXY8RbUomAAaHIQj8odnH0v+lqNjsEYGD4gSTJOnfqrYgdoQHPsnM6t
GzEa3ufIF7DWDUMQ5H2ivNdivFz3BJ263iduh6bypeOkvH13xu46uwgSI6cjIVEz
ZpU6HB6++SWDFvsmvQ4s1F0l5v5Hrge6A2XMXLGfWd1XRcdR1AFiIHE7QxExtkzp
AxKBgR01oXSwoUkaySRz96OwKaBm16cESQTPdNn+WZaCZunfVEE/6Gay8X8zrvj9
QR2Ek+/WkD4=
-----END CERTIFICATE-----