Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/zd-TK4uTWZUW6oeBr-vXOGKHrek.roa
File:                     zd-TK4uTWZUW6oeBr-vXOGKHrek.roa (raw, json)
Hash identifier:          4L12qOIoWFYQkROcGT+X1fB7VdFoqNgJwyULfKP7aF8=
Subject key identifier:   CD:DF:93:2B:8B:93:59:95:16:EA:87:81:AF:EB:D7:38:62:87:AD:E9
Certificate issuer:       /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial:       019750122D48C341AF4F6C5B5E5275C553B6
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/zd-TK4uTWZUW6oeBr-vXOGKHrek.roa
Signing time:             Sun 08 Jun 2025 15:04:17 +0000
ROA not before:           Sun 08 Jun 2025 15:04:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
                          2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
                          2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
                          2001:67c:64:ffff:0:197:353f:be91/128 maxlen: 128
                          2001:67c:64:ffff:0:197:5012:f06/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:50:12:2d:48:c3:41:af:4f:6c:5b:5e:52:75:c5:53:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
        Validity
            Not Before: Jun  8 15:04:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cddf932b8b93599516ea8781afebd7386287ade9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:de:ed:e8:2a:dc:71:da:55:f3:3b:9a:2a:43:
                    ef:a4:78:fb:48:28:47:57:c0:43:fb:58:aa:10:1d:
                    97:86:47:64:63:e3:ec:43:f7:c3:fd:a5:4b:f1:86:
                    2a:6e:b9:fb:65:69:7d:5e:a4:d6:4b:ce:f2:2b:7c:
                    c2:85:b9:1f:05:df:55:ca:27:4e:e6:c4:93:67:6a:
                    6b:04:6c:60:c0:a2:33:3f:43:29:b6:14:e3:25:88:
                    22:67:3f:bf:ce:cf:e2:1a:00:cf:8a:af:dc:13:2b:
                    f8:37:fe:75:64:e4:74:e6:93:7d:8d:c8:90:d2:14:
                    12:f2:c2:61:34:5e:c4:23:aa:e6:e8:93:30:df:21:
                    ca:6f:48:42:82:6b:ad:08:6c:9c:eb:87:c2:79:02:
                    9c:5b:43:bf:03:4d:a2:3c:cd:1f:df:f1:82:23:61:
                    74:9a:9d:70:6a:cf:52:3f:0e:be:ef:c0:34:21:64:
                    4d:ee:3a:37:89:f4:ac:bb:c2:67:67:70:3b:fa:37:
                    b5:16:87:4d:aa:bd:d9:72:a1:27:72:72:e0:ef:2d:
                    c5:7d:2c:95:21:c3:69:6e:f7:d1:1c:d8:9e:29:0b:
                    91:7b:70:64:c2:7c:81:01:8f:f5:30:8c:6e:9c:ee:
                    9d:2c:57:86:5d:44:27:f0:6b:e6:db:8b:a1:f0:4b:
                    84:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:DF:93:2B:8B:93:59:95:16:EA:87:81:AF:EB:D7:38:62:87:AD:E9
            X509v3 Authority Key Identifier:
                keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/zd-TK4uTWZUW6oeBr-vXOGKHrek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:64:ffff:0:196:ed5d:8c28/128
                  2001:67c:64:ffff:0:197:108e:927e/128
                  2001:67c:64:ffff:0:197:15eb:6226/128
                  2001:67c:64:ffff:0:197:353f:be91/128
                  2001:67c:64:ffff:0:197:5012:f06/128

    Signature Algorithm: sha256WithRSAEncryption
         bc:3d:c3:d0:fa:61:e0:f1:8a:49:2d:40:f7:76:59:0c:92:9d:
         42:f4:c1:94:5c:51:9a:12:9c:81:e0:92:67:39:0b:7c:e7:70:
         cb:dd:7d:fb:22:e2:2b:0a:a4:a0:08:0f:0b:33:95:6c:55:f1:
         ab:d6:d1:83:c2:47:94:fb:c3:00:98:9a:e1:ec:07:03:9c:d0:
         07:11:64:a5:d9:6a:fe:b2:20:71:49:da:8a:bc:e4:74:d5:2f:
         3b:0e:a3:0c:4a:9c:f4:d6:f9:24:09:05:0a:e5:b8:72:8a:b9:
         b6:f8:3a:55:c8:32:8e:c3:aa:63:a0:ad:3e:19:9d:49:9f:15:
         26:3d:14:53:37:98:f3:c4:72:d9:c5:9b:d1:9b:d9:b1:98:48:
         d9:dc:4e:a7:26:8a:e1:ca:79:6d:1f:d7:6e:0f:39:5f:e1:bc:
         cb:27:e4:6a:96:b1:01:cd:1d:71:8e:9d:c5:e4:bc:81:94:37:
         b6:61:4f:7a:5c:f8:81:47:11:90:55:cf:2d:ad:84:ee:67:86:
         e7:2e:ec:79:f0:3c:ea:c0:69:54:2b:e6:d3:2c:3a:8b:b3:7a:
         61:81:e5:16:ec:e1:0d:a6:da:47:28:e3:fc:fb:77:27:47:55:
         3e:45:4f:93:d9:12:98:2d:f5:ec:7b:d6:1b:88:f2:6c:36:c7:
         75:67:40:27
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAZdQEi1Iw0GvT2xbXlJ1xVO2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjA4MTUwNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGRmOTMyYjhiOTM1OTk1MTZlYTg3ODFhZmViZDczODYyODdhZGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1d7t6CrccdpV8zuaKkPvpHj7SChH
V8BD+1iqEB2XhkdkY+PsQ/fD/aVL8YYqbrn7ZWl9XqTWS87yK3zChbkfBd9VyidO
5sSTZ2prBGxgwKIzP0MpthTjJYgiZz+/zs/iGgDPiq/cEyv4N/51ZOR05pN9jciQ
0hQS8sJhNF7EI6rm6JMw3yHKb0hCgmutCGyc64fCeQKcW0O/A02iPM0f3/GCI2F0
mp1was9SPw6+78A0IWRN7jo3ifSsu8JnZ3A7+je1FodNqr3ZcqEncnLg7y3FfSyV
IcNpbvfRHNieKQuRe3BkwnyBAY/1MIxunO6dLFeGXUQn8Gvm24uh8EuEpwIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFM3fkyuLk1mVFuqHga/r1zhih63pMB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEvemQtVEs0dVRXWlVXNm9lQnItdlhPR0tIcmVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBlBAIAAjBfAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXNT++kQMRACABBnwAZP//AAABl1ASDwYwDQYJKoZIhvcN
AQELBQADggEBALw9w9D6YeDxikktQPd2WQySnUL0wZRcUZoSnIHgkmc5C3zncMvd
ffsi4isKpKAIDwszlWxV8avW0YPCR5T7wwCYmuHsBwOc0AcRZKXZav6yIHFJ2oq8
5HTVLzsOowxKnPTW+SQJBQrluHKKubb4OlXIMo7DqmOgrT4ZnUmfFSY9FFM3mPPE
ctnFm9Gb2bGYSNncTqcmiuHKeW0f124POV/hvMsn5GqWsQHNHXGOncXkvIGUN7Zh
T3pc+IFHEZBVzy2thO5nhucu7HnwPOrAaVQr5tMsOouzemGB5Rbs4Q2m2kco4/z7
dydHVT5FT5PZEpgt9ex71huI8mw2x3VnQCc=
-----END CERTIFICATE-----