Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/b666e4-b405-4c07-bb89-59eaa8670ffa/1/SYVN9bD-D6g-q6PSw1lAmEmBCdM.roa
File:                     SYVN9bD-D6g-q6PSw1lAmEmBCdM.roa (raw, json)
Hash identifier:          8y9eU7Dyp9dbN8gBD3TP0Dw1DJ4qk7nK7iHI24q9eEI=
Subject key identifier:   49:85:4D:F5:B0:FE:0F:A8:3E:AB:A3:D2:C3:59:40:98:49:81:09:D3
Certificate issuer:       /CN=a1479239d443985876b0859d33b1a0e7114d1a20
Certificate serial:       01894402A59CEFF4CD2F12A9433796DA5C1B
Authority key identifier: A1:47:92:39:D4:43:98:58:76:B0:85:9D:33:B1:A0:E7:11:4D:1A:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oUeSOdRDmFh2sIWdM7Gg5xFNGiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/b666e4-b405-4c07-bb89-59eaa8670ffa/1/SYVN9bD-D6g-q6PSw1lAmEmBCdM.roa
Signing time:             Tue 11 Jul 2023 08:12:51 +0000
ROA not before:           Tue 11 Jul 2023 08:12:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34993
IP address blocks:        193.25.122.0/23 maxlen: 23
                          185.57.148.0/22 maxlen: 22
                          37.148.252.0/22 maxlen: 22
                          141.98.220.0/22 maxlen: 22
                          193.25.168.0/23 maxlen: 23
                          89.248.208.0/24 maxlen: 24
                          89.248.210.0/23 maxlen: 23
                          185.151.188.0/22 maxlen: 22
                          2a0a:1580::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:44:02:a5:9c:ef:f4:cd:2f:12:a9:43:37:96:da:5c:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1479239d443985876b0859d33b1a0e7114d1a20
        Validity
            Not Before: Jul 11 08:12:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=49854df5b0fe0fa83eaba3d2c3594098498109d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ff:b3:07:53:ad:b1:63:1a:28:d6:23:c5:e4:
                    2f:d9:fc:51:06:15:c0:dc:5e:9f:2b:40:0b:35:16:
                    40:b0:95:7b:a5:1e:15:06:fd:c6:91:c6:fd:45:58:
                    c6:70:b3:fc:ae:5b:e5:08:90:e6:db:f8:d9:14:bb:
                    27:e9:76:96:7f:74:cb:68:0d:0d:2c:63:9e:15:85:
                    1c:66:fd:93:5f:d6:d6:cd:f3:31:9f:07:e8:3b:7f:
                    a2:0d:2d:97:5d:b4:5d:bb:58:95:00:66:26:b1:32:
                    ea:2a:e9:ec:f6:d5:fa:da:2c:df:73:b4:a5:d2:aa:
                    39:60:7c:87:45:26:46:02:78:53:a2:98:84:65:89:
                    c6:31:1c:58:5a:d1:4f:f3:ab:ed:ec:8f:19:ff:1b:
                    56:2d:4a:37:aa:6d:17:f2:6b:50:03:52:ab:ad:12:
                    96:9d:81:4e:32:ba:f6:fc:0b:8a:1a:51:2e:02:ec:
                    ad:27:33:32:15:af:97:ec:c0:09:97:86:36:66:31:
                    89:f0:d4:58:f7:96:ec:bf:88:4a:20:c9:13:87:73:
                    f9:1d:1c:42:7f:1d:43:c2:70:da:da:2b:87:ca:cf:
                    93:2b:9f:b1:6b:4a:4a:28:09:39:f7:e3:ba:f7:21:
                    d1:de:04:42:2e:23:5b:14:90:7d:b1:2f:cf:38:db:
                    ef:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:85:4D:F5:B0:FE:0F:A8:3E:AB:A3:D2:C3:59:40:98:49:81:09:D3
            X509v3 Authority Key Identifier:
                keyid:A1:47:92:39:D4:43:98:58:76:B0:85:9D:33:B1:A0:E7:11:4D:1A:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oUeSOdRDmFh2sIWdM7Gg5xFNGiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/b666e4-b405-4c07-bb89-59eaa8670ffa/1/SYVN9bD-D6g-q6PSw1lAmEmBCdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/b666e4-b405-4c07-bb89-59eaa8670ffa/1/oUeSOdRDmFh2sIWdM7Gg5xFNGiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.148.252.0/22
                  89.248.208.0/24
                  89.248.210.0/23
                  141.98.220.0/22
                  185.57.148.0/22
                  185.151.188.0/22
                  193.25.122.0/23
                  193.25.168.0/23
                IPv6:
                  2a0a:1580::/29

    Signature Algorithm: sha256WithRSAEncryption
         66:d5:e4:8f:42:5e:28:3f:2d:37:fd:7b:72:43:69:94:07:a8:
         99:d3:a1:09:54:52:1e:81:92:b0:3a:7d:42:d1:1e:f0:52:06:
         5e:b3:ba:2e:32:2f:5a:72:df:dc:9d:52:33:3b:f2:28:f0:64:
         4d:04:7c:96:4a:d1:01:03:6a:af:fd:ab:86:b2:04:cb:e2:a2:
         d4:5d:90:af:ad:f7:1f:ce:92:49:2e:7b:b3:64:de:36:f1:c2:
         de:d6:f0:b9:74:b7:b6:4a:43:b6:08:28:9c:07:df:32:ad:00:
         31:94:45:1b:90:cc:52:87:c4:27:92:73:98:79:32:87:ab:12:
         27:25:5e:69:0e:75:90:10:8b:e7:ab:b5:20:e0:4f:e5:cb:de:
         00:a3:b2:fe:7f:26:1c:11:c5:29:28:fa:82:91:4d:49:94:35:
         06:a9:bf:53:95:e4:e7:76:e2:38:b1:8d:9e:18:84:21:7b:b9:
         a7:e0:4f:4b:96:b3:d7:6a:a8:f5:06:56:0b:9f:35:06:51:b2:
         2a:35:11:bf:0c:8a:a3:34:24:f0:d3:8a:52:84:3e:13:1b:8a:
         31:72:30:12:f4:60:a6:80:d8:af:64:46:95:5f:d8:a9:7e:53:
         d6:74:63:24:2d:7e:d5:df:90:7b:fa:d8:c1:a6:db:d3:f5:65:
         37:8d:00:e8
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYlEAqWc7/TNLxKpQzeW2lwbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNDc5MjM5ZDQ0Mzk4NTg3NmIwODU5ZDMzYjFhMGU3MTE0
ZDFhMjAwHhcNMjMwNzExMDgxMjUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTg1NGRmNWIwZmUwZmE4M2VhYmEzZDJjMzU5NDA5ODQ5ODEwOWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/+zB1OtsWMaKNYjxeQv2fxRBhXA
3F6fK0ALNRZAsJV7pR4VBv3Gkcb9RVjGcLP8rlvlCJDm2/jZFLsn6XaWf3TLaA0N
LGOeFYUcZv2TX9bWzfMxnwfoO3+iDS2XXbRdu1iVAGYmsTLqKuns9tX62izfc7Sl
0qo5YHyHRSZGAnhTopiEZYnGMRxYWtFP86vt7I8Z/xtWLUo3qm0X8mtQA1KrrRKW
nYFOMrr2/AuKGlEuAuytJzMyFa+X7MAJl4Y2ZjGJ8NRY95bsv4hKIMkTh3P5HRxC
fx1DwnDa2iuHys+TK5+xa0pKKAk59+O69yHR3gRCLiNbFJB9sS/PONvvnwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFEmFTfWw/g+oPquj0sNZQJhJgQnTMB8GA1UdIwQY
MBaAFKFHkjnUQ5hYdrCFnTOxoOcRTRogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1VlU09kUkRtRmgyc0lXZE03R2c1eEZOR2lBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9iNjY2ZTQtYjQwNS00YzA3LWJiODkt
NTllYWE4NjcwZmZhLzEvU1lWTjliRC1ENmctcTZQU3cxbEFtRW1CQ2RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9iNjY2ZTQtYjQwNS00YzA3LWJiODktNTllYWE4NjcwZmZh
LzEvb1VlU09kUkRtRmgyc0lXZE03R2c1eEZOR2lBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQCJZT8AwQA
WfjQAwQBWfjSAwQCjWLcAwQCuTmUAwQCuZe8AwQBwRl6AwQBwRmoMA0EAgACMAcD
BQMqChWAMA0GCSqGSIb3DQEBCwUAA4IBAQBm1eSPQl4oPy03/XtyQ2mUB6iZ06EJ
VFIegZKwOn1C0R7wUgZes7ouMi9act/cnVIzO/Io8GRNBHyWStEBA2qv/auGsgTL
4qLUXZCvrfcfzpJJLnuzZN428cLe1vC5dLe2SkO2CCicB98yrQAxlEUbkMxSh8Qn
knOYeTKHqxInJV5pDnWQEIvnq7Ug4E/ly94Ao7L+fyYcEcUpKPqCkU1JlDUGqb9T
leTnduI4sY2eGIQhe7mn4E9LlrPXaqj1BlYLnzUGUbIqNRG/DIqjNCTw04pShD4T
G4oxcjAS9GCmgNivZEaVX9ipflPWdGMkLX7V35B7+tjBptvT9WU3jQDo
-----END CERTIFICATE-----