Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/4BPgPazxL-0_7TACTrAAB2vKcvM.roa
File:                     4BPgPazxL-0_7TACTrAAB2vKcvM.roa (raw, json)
Hash identifier:          ByHJvADYtVUpx6K/7n+qZ80ogn6pFEeZiZMcZkXwguI=
Subject key identifier:   E0:13:E0:3D:AC:F1:2F:ED:3F:ED:30:02:4E:B0:00:07:6B:CA:72:F3
Certificate issuer:       /CN=687726d38fcf2a7fbbb7bfc28d63fe3579ed211d
Certificate serial:       019421444E1DE9B643838C06C7352C125E16
Authority key identifier: 68:77:26:D3:8F:CF:2A:7F:BB:B7:BF:C2:8D:63:FE:35:79:ED:21:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aHcm04_PKn-7t7_CjWP-NXntIR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/4BPgPazxL-0_7TACTrAAB2vKcvM.roa
Signing time:             Wed 01 Jan 2025 09:48:32 +0000
ROA not before:           Wed 01 Jan 2025 09:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48038
IP address blocks:        185.170.88.0/24 maxlen: 24
                          185.170.90.0/24 maxlen: 24
                          193.8.190.0/23 maxlen: 23
                          193.8.190.0/24 maxlen: 24
                          193.8.191.0/24 maxlen: 24
                          193.73.208.0/24 maxlen: 24
                          193.134.94.0/24 maxlen: 24
                          194.11.164.0/24 maxlen: 24
                          194.11.166.0/24 maxlen: 24
                          2001:67c:4f0::/48 maxlen: 48
                          2a09:5f80::/48 maxlen: 48
                          2a09:5f80:2::/48 maxlen: 48
                          2a09:5f80:3::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:4e:1d:e9:b6:43:83:8c:06:c7:35:2c:12:5e:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=687726d38fcf2a7fbbb7bfc28d63fe3579ed211d
        Validity
            Not Before: Jan  1 09:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e013e03dacf12fed3fed30024eb000076bca72f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e2:64:d2:4e:83:3e:55:b5:64:d8:f5:e0:58:
                    ed:09:1f:36:31:04:b2:5d:3b:4e:74:45:c5:15:ee:
                    ad:a4:96:67:55:3b:75:de:e9:2f:fa:ce:ef:6c:8e:
                    28:2a:ec:9b:70:37:9b:c8:01:d8:58:90:bb:05:e1:
                    b0:4e:9b:56:34:fd:65:45:1b:ea:64:3e:28:d7:fb:
                    47:96:63:66:90:58:26:b6:c3:7d:ee:ba:89:e9:2f:
                    b3:6e:92:bf:9c:2a:cd:86:05:24:21:0e:be:30:84:
                    39:77:11:3f:47:b7:04:cd:2b:cf:80:ee:95:a3:90:
                    18:df:1f:3f:7f:1d:65:87:c3:8f:d6:e6:88:9b:d4:
                    84:9e:2e:4e:3c:76:7f:e3:1a:f1:c8:9b:f2:37:65:
                    7e:8c:76:01:d3:95:d2:f6:53:4f:64:72:3d:34:1d:
                    fc:e5:be:d2:c8:55:80:a5:a7:4a:9c:f3:26:48:9f:
                    17:1f:27:07:f9:91:45:c8:a3:a9:19:a8:3f:c4:85:
                    4f:f7:33:4f:c6:f5:e9:61:55:31:72:06:09:1a:40:
                    d0:f2:60:83:90:35:23:62:a3:3f:ec:79:30:23:6a:
                    96:e6:f7:6b:98:20:52:a1:45:6d:a0:10:53:a8:24:
                    7d:ec:f1:92:27:70:fd:42:70:69:f8:af:7d:0f:74:
                    58:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:13:E0:3D:AC:F1:2F:ED:3F:ED:30:02:4E:B0:00:07:6B:CA:72:F3
            X509v3 Authority Key Identifier:
                keyid:68:77:26:D3:8F:CF:2A:7F:BB:B7:BF:C2:8D:63:FE:35:79:ED:21:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aHcm04_PKn-7t7_CjWP-NXntIR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/4BPgPazxL-0_7TACTrAAB2vKcvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/aHcm04_PKn-7t7_CjWP-NXntIR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.88.0/24
                  185.170.90.0/24
                  193.8.190.0/23
                  193.73.208.0/24
                  193.134.94.0/24
                  194.11.164.0/24
                  194.11.166.0/24
                IPv6:
                  2001:67c:4f0::/48
                  2a09:5f80::/48
                  2a09:5f80:2::/47

    Signature Algorithm: sha256WithRSAEncryption
         76:1b:be:40:6e:3f:3c:af:dc:a6:10:df:c1:c0:20:00:a3:6b:
         66:0c:b8:be:53:cd:36:f0:5e:e4:ea:03:c8:9c:37:8b:6a:a0:
         7c:5c:90:4e:ee:c1:7d:b3:93:31:a0:f2:4d:f5:8a:0a:1e:7b:
         38:95:33:11:b1:a2:25:41:8c:02:59:04:b7:6d:df:93:29:cf:
         55:00:d7:e0:8e:10:b6:26:09:5a:e4:08:54:9a:57:a9:c5:8a:
         67:95:27:35:01:93:2a:fd:3c:f8:b7:2b:7f:e8:89:07:74:64:
         5a:a4:5a:44:84:60:91:4b:da:37:e8:91:48:5a:1a:af:b7:16:
         ff:65:a1:9a:2d:00:32:87:f4:e3:73:32:26:65:82:fc:bc:70:
         3d:85:f7:17:e6:7a:12:24:85:a8:3b:d5:11:76:9c:96:ab:04:
         16:7a:4a:58:77:cd:10:1e:4b:17:30:5f:97:83:6f:1c:0e:89:
         26:0e:cb:0f:d8:1a:3c:2b:39:04:bb:77:de:d0:5f:6a:5a:44:
         81:dd:9f:22:82:45:cf:e5:27:82:2e:95:56:6d:4b:f4:5f:81:
         ca:9e:e9:12:da:64:b0:7c:d4:fb:a6:e5:ba:aa:31:a4:93:b7:
         b8:ca:cc:03:a0:8c:a0:ed:c7:86:27:d8:54:63:08:8e:45:32:
         3a:f9:18:da
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZQhRE4d6bZDg4wGxzUsEl4WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4NzcyNmQzOGZjZjJhN2ZiYmI3YmZjMjhkNjNmZTM1Nzll
ZDIxMWQwHhcNMjUwMTAxMDk0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDEzZTAzZGFjZjEyZmVkM2ZlZDMwMDI0ZWIwMDAwNzZiY2E3MmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+Jk0k6DPlW1ZNj14FjtCR82MQSy
XTtOdEXFFe6tpJZnVTt13ukv+s7vbI4oKuybcDebyAHYWJC7BeGwTptWNP1lRRvq
ZD4o1/tHlmNmkFgmtsN97rqJ6S+zbpK/nCrNhgUkIQ6+MIQ5dxE/R7cEzSvPgO6V
o5AY3x8/fx1lh8OP1uaIm9SEni5OPHZ/4xrxyJvyN2V+jHYB05XS9lNPZHI9NB38
5b7SyFWApadKnPMmSJ8XHycH+ZFFyKOpGag/xIVP9zNPxvXpYVUxcgYJGkDQ8mCD
kDUjYqM/7HkwI2qW5vdrmCBSoUVtoBBTqCR97PGSJ3D9QnBp+K99D3RYnQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFOAT4D2s8S/tP+0wAk6wAAdrynLzMB8GA1UdIwQY
MBaAFGh3JtOPzyp/u7e/wo1j/jV57SEdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUhjbTA0X1BLbi03dDdfQ2pXUC1OWG50SVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9lNzFlMjctYzY4Ny00ZmQ3LTgxODAt
NGIyZGExOTdhN2U2LzEvNEJQZ1BhenhMLTBfN1RBQ1RyQUFCMnZLY3ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9lNzFlMjctYzY4Ny00ZmQ3LTgxODAtNGIyZGExOTdhN2U2
LzEvYUhjbTA0X1BLbi03dDdfQ2pXUC1OWG50SVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTAwBAIAATAqAwQAuapYAwQA
uapaAwQBwQi+AwQAwUnQAwQAwYZeAwQAwgukAwQAwgumMCEEAgACMBsDBwAgAQZ8
BPADBwAqCV+AAAADBwEqCV+AAAIwDQYJKoZIhvcNAQELBQADggEBAHYbvkBuPzyv
3KYQ38HAIACja2YMuL5TzTbwXuTqA8icN4tqoHxckE7uwX2zkzGg8k31igoeeziV
MxGxoiVBjAJZBLdt35Mpz1UA1+COELYmCVrkCFSaV6nFimeVJzUBkyr9PPi3K3/o
iQd0ZFqkWkSEYJFL2jfokUhaGq+3Fv9loZotADKH9ONzMiZlgvy8cD2F9xfmehIk
hag71RF2nJarBBZ6Slh3zRAeSxcwX5eDbxwOiSYOyw/YGjwrOQS7d97QX2paRIHd
nyKCRc/lJ4IulVZtS/Rfgcqe6RLaZLB81Pum5bqqMaSTt7jKzAOgjKDtx4Yn2FRj
CI5FMjr5GNo=
-----END CERTIFICATE-----