Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/s5u3KU8k9JbksaPJDdfc7EckgXg.roa
File:                     s5u3KU8k9JbksaPJDdfc7EckgXg.roa (raw, json)
Hash identifier:          XOV+NbvMxcNjtnRLgx/k4rTU8FBIKRqgvNXKEViVmRw=
Subject key identifier:   B3:9B:B7:29:4F:24:F4:96:E4:B1:A3:C9:0D:D7:DC:EC:47:24:81:78
Certificate issuer:       /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial:       0197470F0CCC4ED7B23F8314D4FFEEEEAFED
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/s5u3KU8k9JbksaPJDdfc7EckgXg.roa
Signing time:             Fri 06 Jun 2025 21:04:17 +0000
ROA not before:           Fri 06 Jun 2025 21:04:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
                          2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
                          2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
                          2001:67c:64:ffff:0:197:353f:be91/128 maxlen: 128
                          2001:67c:64:ffff:0:197:470e:ef03/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:47:0f:0c:cc:4e:d7:b2:3f:83:14:d4:ff:ee:ee:af:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
        Validity
            Not Before: Jun  6 21:04:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b39bb7294f24f496e4b1a3c90dd7dcec47248178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b5:0e:61:8e:a6:50:e4:85:1f:79:78:c4:fc:
                    c9:08:c1:2d:71:c0:38:d2:eb:6b:14:1f:26:ae:8f:
                    2d:48:2f:3b:e0:c5:46:17:e5:ea:3a:87:3f:b4:ca:
                    98:34:0b:dd:a5:85:29:14:d3:40:0d:c9:1f:77:e3:
                    04:da:07:84:45:33:97:b4:58:f2:e6:92:d4:06:8e:
                    6f:30:75:dd:c1:62:22:b1:b1:62:7d:9b:68:00:d8:
                    92:fb:99:ac:d7:a9:28:d5:b2:7e:c3:f7:9c:f9:ec:
                    0c:d5:59:01:d1:74:a7:73:32:d0:24:2c:85:73:63:
                    ac:a3:63:cc:b1:16:28:64:ba:ec:a8:68:ac:a4:54:
                    24:7c:08:8e:8f:98:de:89:57:fa:30:72:af:76:ea:
                    6e:8c:9b:b3:62:d3:0e:58:bb:00:fb:3f:12:85:1c:
                    da:d2:80:9d:60:51:cc:96:3f:fd:ef:2a:3d:06:7b:
                    d0:64:dc:95:9b:40:fc:23:65:8e:26:ef:a6:95:3f:
                    20:94:04:7d:5a:3a:0f:d6:9d:e8:2e:9b:99:8f:10:
                    00:9f:47:04:da:87:d3:81:ae:83:38:ef:2f:be:67:
                    86:fa:c2:0e:3f:96:fc:5b:c4:a6:6a:42:0c:8c:ab:
                    18:d1:60:f2:72:71:46:71:e6:38:0c:f6:9b:39:8d:
                    f0:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:9B:B7:29:4F:24:F4:96:E4:B1:A3:C9:0D:D7:DC:EC:47:24:81:78
            X509v3 Authority Key Identifier:
                keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/s5u3KU8k9JbksaPJDdfc7EckgXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:64:ffff:0:196:ed5d:8c28/128
                  2001:67c:64:ffff:0:197:108e:927e/128
                  2001:67c:64:ffff:0:197:15eb:6226/128
                  2001:67c:64:ffff:0:197:353f:be91/128
                  2001:67c:64:ffff:0:197:470e:ef03/128

    Signature Algorithm: sha256WithRSAEncryption
         15:cf:20:c8:c4:c3:8d:d7:85:de:8f:de:43:3e:85:21:54:3c:
         98:93:e5:61:b4:55:12:bc:fb:14:74:06:a3:f9:7a:76:a4:4e:
         06:79:bc:72:21:42:32:b0:49:28:1a:19:d8:f2:85:0d:3e:9d:
         27:26:f8:35:f7:57:39:2c:85:8a:70:53:03:d3:60:83:d9:c7:
         6d:09:af:42:b2:eb:f4:ce:b8:a0:d6:46:14:46:40:5c:5e:d1:
         ba:16:5a:6e:b1:f8:2f:06:59:37:cc:5c:ac:c9:d2:ca:88:51:
         08:1a:11:ac:4c:de:21:89:3f:e7:83:ed:89:0e:10:93:4c:a7:
         85:50:96:a9:0a:66:cd:d9:ba:ac:ba:37:0e:25:ef:3f:c9:b6:
         1e:ac:8e:d4:5d:db:4a:53:cb:68:46:51:33:57:ce:c6:96:0f:
         a8:df:74:5d:5c:cd:7c:5f:5b:c2:3d:9b:18:50:74:18:cd:92:
         a3:4e:59:37:b1:4b:98:09:67:eb:3a:43:66:c4:3e:92:b1:33:
         db:6d:89:13:d5:b1:ac:37:7c:b1:bc:7d:ec:40:af:25:54:cc:
         ad:b8:c4:67:5b:8b:5a:0b:15:17:a0:64:a7:84:fd:10:0f:10:
         ce:0a:db:59:17:8e:b6:b9:ad:e6:18:da:90:c1:fa:4b:ad:eb:
         5d:40:3c:7a
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAZdHDwzMTteyP4MU1P/u7q/tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjA2MjEwNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzliYjcyOTRmMjRmNDk2ZTRiMWEzYzkwZGQ3ZGNlYzQ3MjQ4MTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7UOYY6mUOSFH3l4xPzJCMEtccA4
0utrFB8mro8tSC874MVGF+XqOoc/tMqYNAvdpYUpFNNADckfd+ME2geERTOXtFjy
5pLUBo5vMHXdwWIisbFifZtoANiS+5ms16ko1bJ+w/ec+ewM1VkB0XSnczLQJCyF
c2Oso2PMsRYoZLrsqGispFQkfAiOj5jeiVf6MHKvdupujJuzYtMOWLsA+z8ShRza
0oCdYFHMlj/97yo9BnvQZNyVm0D8I2WOJu+mlT8glAR9WjoP1p3oLpuZjxAAn0cE
2ofTga6DOO8vvmeG+sIOP5b8W8SmakIMjKsY0WDycnFGceY4DPabOY3whQIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFLObtylPJPSW5LGjyQ3X3OxHJIF4MB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEvczV1M0tVOGs5SmJrc2FQSkRkZmM3RWNrZ1hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBlBAIAAjBfAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXNT++kQMRACABBnwAZP//AAABl0cO7wMwDQYJKoZIhvcN
AQELBQADggEBABXPIMjEw43Xhd6P3kM+hSFUPJiT5WG0VRK8+xR0BqP5enakTgZ5
vHIhQjKwSSgaGdjyhQ0+nScm+DX3VzkshYpwUwPTYIPZx20Jr0Ky6/TOuKDWRhRG
QFxe0boWWm6x+C8GWTfMXKzJ0sqIUQgaEaxM3iGJP+eD7YkOEJNMp4VQlqkKZs3Z
uqy6Nw4l7z/Jth6sjtRd20pTy2hGUTNXzsaWD6jfdF1czXxfW8I9mxhQdBjNkqNO
WTexS5gJZ+s6Q2bEPpKxM9ttiRPVsaw3fLG8fexAryVUzK24xGdbi1oLFRegZKeE
/RAPEM4K21kXjra5reYY2pDB+kut611APHo=
-----END CERTIFICATE-----