Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/cf2d83-6f29-432f-82e4-00d4c3b3fbf9/1/lnfrttFL81Q_ZvT-LoMY396ig_c.roa
File:                     lnfrttFL81Q_ZvT-LoMY396ig_c.roa (raw, json)
Hash identifier:          eI9yX/Ke3d8win+AFCaQGXy0g0k/cC4YdAHaS+cSxJM=
Subject key identifier:   96:77:EB:B6:D1:4B:F3:54:3F:66:F4:FE:2E:83:18:DF:DE:A2:83:F7
Certificate issuer:       /CN=a114ffd8531b239e6f0f73e6f6de63845145facd
Certificate serial:       018CC348D1421C1BD14D8C454E97C1757FA1
Authority key identifier: A1:14:FF:D8:53:1B:23:9E:6F:0F:73:E6:F6:DE:63:84:51:45:FA:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oRT_2FMbI55vD3Pm9t5jhFFF-s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/cf2d83-6f29-432f-82e4-00d4c3b3fbf9/1/lnfrttFL81Q_ZvT-LoMY396ig_c.roa
Signing time:             Mon 01 Jan 2024 04:29:38 +0000
ROA not before:           Mon 01 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50941
IP address blocks:        178.18.192.0/24 maxlen: 24
                          178.18.195.0/24 maxlen: 24
                          178.18.194.0/24 maxlen: 24
                          178.18.193.0/24 maxlen: 24
                          178.18.199.0/24 maxlen: 24
                          178.18.198.0/24 maxlen: 24
                          178.18.197.0/24 maxlen: 24
                          178.18.196.0/24 maxlen: 24
                          178.18.202.0/24 maxlen: 24
                          178.18.201.0/24 maxlen: 24
                          178.18.200.0/24 maxlen: 24
                          178.18.206.0/24 maxlen: 24
                          178.18.205.0/24 maxlen: 24
                          178.18.204.0/24 maxlen: 24
                          178.18.203.0/24 maxlen: 24
                          178.18.207.0/24 maxlen: 24
                          185.88.132.0/24 maxlen: 24
                          185.21.4.0/24 maxlen: 24
                          185.21.7.0/24 maxlen: 24
                          185.21.6.0/24 maxlen: 24
                          2a00:54a0::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d1:42:1c:1b:d1:4d:8c:45:4e:97:c1:75:7f:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a114ffd8531b239e6f0f73e6f6de63845145facd
        Validity
            Not Before: Jan  1 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9677ebb6d14bf3543f66f4fe2e8318dfdea283f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f6:04:49:df:5f:d4:b0:09:ee:61:93:cd:60:
                    95:fb:e0:1f:f5:46:45:6d:02:86:79:d1:56:49:39:
                    51:9e:bc:69:2b:50:eb:40:9c:81:a9:ed:a0:ee:d1:
                    8c:e7:07:2e:4c:5b:8d:21:e7:40:7b:49:d1:1f:b6:
                    fd:2b:67:62:a6:81:66:3d:da:df:62:78:9a:d7:53:
                    61:7b:11:34:6b:22:1f:05:c6:3e:d9:d2:a9:0e:90:
                    e9:f0:6b:0f:ee:cb:41:fb:ae:ee:ae:c6:61:84:ca:
                    36:fe:12:f0:86:6e:99:b5:0a:40:8c:e4:4f:00:3f:
                    71:38:05:5a:6e:4e:ff:61:a0:6f:79:14:e4:8e:3a:
                    62:9a:fa:f2:67:9b:03:e4:ed:7a:1a:fd:88:f9:3c:
                    c9:d7:25:fd:99:1b:a2:a4:4c:f0:8b:24:56:6c:b9:
                    8d:4b:a8:ee:a6:a4:d6:e0:54:6d:d2:9f:86:29:e8:
                    a9:6a:e0:22:b2:f7:4d:8c:cd:5f:42:67:ab:98:b7:
                    75:ec:4a:02:b4:f8:67:cd:8f:12:58:ff:a1:c4:70:
                    a0:73:36:37:02:66:2b:66:2d:72:42:21:ca:15:78:
                    c6:b1:24:b2:da:e6:4c:dc:56:4e:aa:a7:0c:ec:a6:
                    a9:8e:1f:39:84:87:30:9b:70:9b:76:f7:00:12:df:
                    2d:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:77:EB:B6:D1:4B:F3:54:3F:66:F4:FE:2E:83:18:DF:DE:A2:83:F7
            X509v3 Authority Key Identifier:
                keyid:A1:14:FF:D8:53:1B:23:9E:6F:0F:73:E6:F6:DE:63:84:51:45:FA:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oRT_2FMbI55vD3Pm9t5jhFFF-s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/cf2d83-6f29-432f-82e4-00d4c3b3fbf9/1/lnfrttFL81Q_ZvT-LoMY396ig_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/cf2d83-6f29-432f-82e4-00d4c3b3fbf9/1/oRT_2FMbI55vD3Pm9t5jhFFF-s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.18.192.0/20
                  185.21.4.0/24
                  185.21.6.0/23
                  185.88.132.0/24
                IPv6:
                  2a00:54a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:5d:2d:73:aa:b9:ff:6b:a8:4c:fd:d7:08:d6:64:8e:3f:5c:
         19:0b:41:97:85:a8:21:e7:2d:7e:af:0b:2d:38:0c:f9:17:f3:
         a5:9f:f6:30:ba:f2:4d:a8:a4:33:01:d3:95:e1:10:79:32:18:
         56:0e:c1:93:44:31:ca:06:17:fa:47:d1:c9:ee:da:5e:f5:ee:
         33:54:3a:20:66:79:c4:03:3f:17:c7:b0:c1:fd:11:6e:f3:ef:
         15:22:43:43:9d:40:f9:42:65:bd:5b:d9:aa:bf:11:2a:a2:47:
         51:d3:be:85:40:e0:25:1c:a9:3c:ca:a2:f1:22:ff:58:d0:bc:
         47:a8:bf:17:0e:db:88:e3:4c:3f:68:91:f2:c6:9f:88:f0:97:
         ff:3f:2b:10:89:f0:de:ad:39:94:eb:b7:f0:40:70:b0:ba:a8:
         a1:89:ab:3b:dd:f6:b3:41:b2:31:8b:16:be:39:6d:60:1e:9e:
         6f:d2:8e:c7:f9:7e:69:ee:bf:a8:38:c3:50:36:d8:17:69:8d:
         18:76:8d:a5:88:9e:23:9c:ba:6c:82:60:e9:85:e7:6c:44:9b:
         1d:21:d8:d6:9f:a0:18:3a:55:3e:84:4c:18:d6:69:d7:58:ee:
         ce:03:29:0d:5e:54:ed:95:00:8d:9f:7a:31:de:a9:8d:67:56:
         21:85:98:bf
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzDSNFCHBvRTYxFTpfBdX+hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExMTRmZmQ4NTMxYjIzOWU2ZjBmNzNlNmY2ZGU2Mzg0NTE0
NWZhY2QwHhcNMjQwMTAxMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Njc3ZWJiNmQxNGJmMzU0M2Y2NmY0ZmUyZTgzMThkZmRlYTI4M2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPYESd9f1LAJ7mGTzWCV++Af9UZF
bQKGedFWSTlRnrxpK1DrQJyBqe2g7tGM5wcuTFuNIedAe0nRH7b9K2dipoFmPdrf
Ynia11NhexE0ayIfBcY+2dKpDpDp8GsP7stB+67ursZhhMo2/hLwhm6ZtQpAjORP
AD9xOAVabk7/YaBveRTkjjpimvryZ5sD5O16Gv2I+TzJ1yX9mRuipEzwiyRWbLmN
S6jupqTW4FRt0p+GKeipauAisvdNjM1fQmermLd17EoCtPhnzY8SWP+hxHCgczY3
AmYrZi1yQiHKFXjGsSSy2uZM3FZOqqcM7Kapjh85hIcwm3CbdvcAEt8tRQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFJZ367bRS/NUP2b0/i6DGN/eooP3MB8GA1UdIwQY
MBaAFKEU/9hTGyOebw9z5vbeY4RRRfrNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1JUXzJGTWJJNTV2RDNQbTl0NWpoRkZGLXMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9jZjJkODMtNmYyOS00MzJmLTgyZTQt
MDBkNGMzYjNmYmY5LzEvbG5mcnR0Rkw4MVFfWnZULUxvTVkzOTZpZ19jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9jZjJkODMtNmYyOS00MzJmLTgyZTQtMDBkNGMzYjNmYmY5
LzEvb1JUXzJGTWJJNTV2RDNQbTl0NWpoRkZGLXMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEshLAAwQA
uRUEAwQBuRUGAwQAuViEMA0EAgACMAcDBQAqAFSgMA0GCSqGSIb3DQEBCwUAA4IB
AQALXS1zqrn/a6hM/dcI1mSOP1wZC0GXhagh5y1+rwstOAz5F/Oln/YwuvJNqKQz
AdOV4RB5MhhWDsGTRDHKBhf6R9HJ7tpe9e4zVDogZnnEAz8Xx7DB/RFu8+8VIkND
nUD5QmW9W9mqvxEqokdR076FQOAlHKk8yqLxIv9Y0LxHqL8XDtuI40w/aJHyxp+I
8Jf/PysQifDerTmU67fwQHCwuqihias73fazQbIxixa+OW1gHp5v0o7H+X5p7r+o
OMNQNtgXaY0Ydo2liJ4jnLpsgmDphedsRJsdIdjWn6AYOlU+hEwY1mnXWO7OAykN
XlTtlQCNn3ox3qmNZ1YhhZi/
-----END CERTIFICATE-----