Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/cf2d83-6f29-432f-82e4-00d4c3b3fbf9/1/rdlMtBI7UFfXTYKojp0aRkryhck.roa
File:                     rdlMtBI7UFfXTYKojp0aRkryhck.roa (raw, json)
Hash identifier:          Gh4mNz+ueahbVxfos/TqZ5xWaAV0ceUFdEPheUw2o4E=
Subject key identifier:   AD:D9:4C:B4:12:3B:50:57:D7:4D:82:A8:8E:9D:1A:46:4A:F2:85:C9
Certificate issuer:       /CN=a114ffd8531b239e6f0f73e6f6de63845145facd
Certificate serial:       0A5CCA2B
Authority key identifier: A1:14:FF:D8:53:1B:23:9E:6F:0F:73:E6:F6:DE:63:84:51:45:FA:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oRT_2FMbI55vD3Pm9t5jhFFF-s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/cf2d83-6f29-432f-82e4-00d4c3b3fbf9/1/rdlMtBI7UFfXTYKojp0aRkryhck.roa
Signing time:             Fri 29 Apr 2022 11:56:10 +0000
ROA not before:           Fri 29 Apr 2022 11:56:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50941
IP address blocks:        178.18.192.0/24 maxlen: 24
                          178.18.195.0/24 maxlen: 24
                          178.18.194.0/24 maxlen: 24
                          178.18.193.0/24 maxlen: 24
                          178.18.199.0/24 maxlen: 24
                          178.18.198.0/24 maxlen: 24
                          178.18.197.0/24 maxlen: 24
                          178.18.196.0/24 maxlen: 24
                          178.18.202.0/24 maxlen: 24
                          178.18.201.0/24 maxlen: 24
                          178.18.200.0/24 maxlen: 24
                          178.18.206.0/24 maxlen: 24
                          178.18.205.0/24 maxlen: 24
                          178.18.204.0/24 maxlen: 24
                          178.18.203.0/24 maxlen: 24
                          178.18.207.0/24 maxlen: 24
                          185.88.132.0/24 maxlen: 24
                          185.21.4.0/24 maxlen: 24
                          185.21.7.0/24 maxlen: 24
                          185.21.6.0/24 maxlen: 24
                          2a00:54a0::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 173853227 (0xa5cca2b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a114ffd8531b239e6f0f73e6f6de63845145facd
        Validity
            Not Before: Apr 29 11:56:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=add94cb4123b5057d74d82a88e9d1a464af285c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:53:62:c5:c2:0f:10:1b:b7:d0:23:e0:57:88:
                    ea:c6:f0:52:32:da:29:47:9f:ce:49:03:ea:f0:29:
                    e2:9f:4a:96:bf:76:bf:37:aa:33:f2:4b:38:d3:e5:
                    75:ae:61:af:c9:b6:c5:b9:40:94:2a:25:2e:25:71:
                    3c:74:6e:2b:d5:9d:25:a6:05:d7:6c:c2:7c:ce:6b:
                    a7:0e:1a:2a:11:a2:f1:8e:2d:08:44:3e:9a:56:24:
                    67:9b:fb:9f:a3:66:df:92:7f:f9:da:ee:bc:2f:de:
                    ea:37:07:32:5e:fa:d2:8a:73:e8:0e:94:0a:0b:69:
                    33:63:62:0d:c2:dd:8d:b8:5a:e9:2f:37:23:cd:33:
                    8d:d7:15:84:be:69:d5:9b:f9:25:c2:82:7d:48:32:
                    0f:65:a9:0c:4b:c4:ea:ed:c0:b7:9a:e0:91:ca:54:
                    8a:92:3a:81:18:df:6f:af:0e:ac:23:c3:64:b2:fc:
                    48:5c:a1:e9:81:99:98:57:f2:19:63:13:6c:57:96:
                    df:ed:e7:c6:00:b7:08:46:9f:75:78:f9:dd:10:2a:
                    18:5b:15:f8:0c:8a:c6:ed:24:62:75:72:1b:36:8d:
                    90:4e:ea:8a:9e:4e:3b:0c:b8:cc:d0:23:bf:af:d3:
                    bd:62:52:d3:05:30:1b:86:fb:aa:81:73:37:0d:d7:
                    78:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:D9:4C:B4:12:3B:50:57:D7:4D:82:A8:8E:9D:1A:46:4A:F2:85:C9
            X509v3 Authority Key Identifier:
                keyid:A1:14:FF:D8:53:1B:23:9E:6F:0F:73:E6:F6:DE:63:84:51:45:FA:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oRT_2FMbI55vD3Pm9t5jhFFF-s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/cf2d83-6f29-432f-82e4-00d4c3b3fbf9/1/rdlMtBI7UFfXTYKojp0aRkryhck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/cf2d83-6f29-432f-82e4-00d4c3b3fbf9/1/oRT_2FMbI55vD3Pm9t5jhFFF-s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.18.192.0/20
                  185.21.4.0/24
                  185.21.6.0/23
                  185.88.132.0/24
                IPv6:
                  2a00:54a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         83:a3:54:71:ea:03:a4:41:30:fe:59:33:32:25:be:75:5e:0a:
         83:f4:d5:0b:43:c4:28:00:d4:55:74:47:38:0c:de:93:60:13:
         47:ef:f4:b6:00:9f:09:10:63:90:a2:28:52:ad:a8:58:02:7c:
         4d:91:6b:94:f0:b1:d3:92:d9:c7:0c:f6:d0:c4:8e:38:0e:af:
         e9:d9:df:27:f5:f3:38:77:45:4b:e2:16:ec:4c:62:24:f7:99:
         2e:11:6f:b6:fa:10:21:c5:85:1f:dc:2b:32:f2:01:e3:db:55:
         27:a2:ed:4a:bc:76:29:f0:33:35:3a:0e:eb:37:b0:df:00:d8:
         d9:74:78:21:82:ab:02:da:a5:d7:fb:dd:86:09:23:a9:10:a2:
         66:c6:c6:11:e3:85:e5:97:23:f5:de:d2:05:0e:6d:8b:b4:99:
         7a:2d:49:09:07:c3:6a:a5:45:dc:14:10:1a:11:7b:34:3f:2a:
         6e:42:3e:41:6b:d8:3f:97:35:76:76:08:ee:c5:06:96:05:d8:
         50:1d:05:80:e6:88:4f:be:75:6d:4b:1a:5a:8d:08:89:5b:e3:
         8d:db:5c:70:91:70:c2:6e:47:b1:8e:d0:59:f3:16:10:cc:88:
         83:9f:f0:3b:e8:1a:37:45:59:1c:06:65:fc:e0:a2:7e:35:54:
         81:eb:a0:9a
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEClzKKzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
MTE0ZmZkODUzMWIyMzllNmYwZjczZTZmNmRlNjM4NDUxNDVmYWNkMB4XDTIyMDQy
OTExNTYxMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWRkOTRjYjQxMjNi
NTA1N2Q3NGQ4MmE4OGU5ZDFhNDY0YWYyODVjOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMRTYsXCDxAbt9Aj4FeI6sbwUjLaKUefzkkD6vAp4p9Klr92
vzeqM/JLONPlda5hr8m2xblAlColLiVxPHRuK9WdJaYF12zCfM5rpw4aKhGi8Y4t
CEQ+mlYkZ5v7n6Nm35J/+druvC/e6jcHMl760opz6A6UCgtpM2NiDcLdjbha6S83
I80zjdcVhL5p1Zv5JcKCfUgyD2WpDEvE6u3At5rgkcpUipI6gRjfb68OrCPDZLL8
SFyh6YGZmFfyGWMTbFeW3+3nxgC3CEafdXj53RAqGFsV+AyKxu0kYnVyGzaNkE7q
ip5OOwy4zNAjv6/TvWJS0wUwG4b7qoFzNw3XeJ0CAwEAAaOCAiowggImMB0GA1Ud
DgQWBBSt2Uy0EjtQV9dNgqiOnRpGSvKFyTAfBgNVHSMEGDAWgBShFP/YUxsjnm8P
c+b23mOEUUX6zTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L29SVF8yRk1iSTU1dkQzUG05dDVqaEZGRi1zMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNmQvY2YyZDgzLTZmMjktNDMyZi04MmU0LTAwZDRjM2IzZmJmOS8x
L3JkbE10Qkk3VUZmWFRZS29qcDBhUmtyeWhjay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmQv
Y2YyZDgzLTZmMjktNDMyZi04MmU0LTAwZDRjM2IzZmJmOS8xL29SVF8yRk1iSTU1
dkQzUG05dDVqaEZGRi1zMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEBLISwAMEALkVBAMEAbkVBgMEALlY
hDANBAIAAjAHAwUAKgBUoDANBgkqhkiG9w0BAQsFAAOCAQEAg6NUceoDpEEw/lkz
MiW+dV4Kg/TVC0PEKADUVXRHOAzek2ATR+/0tgCfCRBjkKIoUq2oWAJ8TZFrlPCx
05LZxwz20MSOOA6v6dnfJ/XzOHdFS+IW7ExiJPeZLhFvtvoQIcWFH9wrMvIB49tV
J6LtSrx2KfAzNToO6zew3wDY2XR4IYKrAtql1/vdhgkjqRCiZsbGEeOF5Zcj9d7S
BQ5ti7SZei1JCQfDaqVF3BQQGhF7ND8qbkI+QWvYP5c1dnYI7sUGlgXYUB0FgOaI
T751bUsaWo0IiVvjjdtccJFwwm5HsY7QWfMWEMyIg5/wO+gaN0VZHAZl/OCifjVU
geugmg==
-----END CERTIFICATE-----