Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/4956df-91dc-4490-8333-1ad61ede0a4a/1/NcqRg7UrtJE68j0DY1PSHwYSu_4.roa
File:                     NcqRg7UrtJE68j0DY1PSHwYSu_4.roa (raw, json)
Hash identifier:          O3F0k70QFpKk+LVxYcWwtpQ0YuG4zUsaxS4NlfXzPQ0=
Subject key identifier:   35:CA:91:83:B5:2B:B4:91:3A:F2:3D:03:63:53:D2:1F:06:12:BB:FE
Certificate issuer:       /CN=41e42d830eca98a533f4372da169c9c792c393b2
Certificate serial:       019422FC3380ACC51581558CD2ECEC2AB7D5
Authority key identifier: 41:E4:2D:83:0E:CA:98:A5:33:F4:37:2D:A1:69:C9:C7:92:C3:93:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QeQtgw7KmKUz9DctoWnJx5LDk7I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/4956df-91dc-4490-8333-1ad61ede0a4a/1/NcqRg7UrtJE68j0DY1PSHwYSu_4.roa
Signing time:             Wed 01 Jan 2025 17:49:01 +0000
ROA not before:           Wed 01 Jan 2025 17:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200548
IP address blocks:        45.87.188.0/22 maxlen: 22
                          45.87.189.0/24 maxlen: 24
                          45.87.190.0/24 maxlen: 24
                          45.87.191.0/24 maxlen: 24
                          91.230.22.0/24 maxlen: 24
                          130.0.92.0/22 maxlen: 22
                          185.159.120.0/22 maxlen: 24
                          185.159.122.0/24 maxlen: 24
                          185.159.123.0/24 maxlen: 24
                          185.174.72.0/22 maxlen: 24
                          185.189.220.0/22 maxlen: 22
                          185.189.220.0/24 maxlen: 24
                          185.189.221.0/24 maxlen: 24
                          185.189.222.0/24 maxlen: 24
                          185.189.223.0/24 maxlen: 24
                          192.76.138.0/24 maxlen: 24
                          2a0b:f880::/29 maxlen: 29
                          2a0b:f880::/32 maxlen: 32
                          2a0b:fb00::/29 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:33:80:ac:c5:15:81:55:8c:d2:ec:ec:2a:b7:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41e42d830eca98a533f4372da169c9c792c393b2
        Validity
            Not Before: Jan  1 17:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35ca9183b52bb4913af23d036353d21f0612bbfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e5:c1:51:a5:53:4b:71:21:7d:19:9d:b2:eb:
                    15:23:88:f7:fa:33:81:dc:48:02:f6:a6:2c:3e:c7:
                    0f:60:61:5c:91:c4:78:48:b4:2f:97:07:be:bd:76:
                    82:12:00:01:f6:ea:d1:a4:59:67:83:1a:3a:b6:b0:
                    d4:f0:cb:0b:81:17:06:75:2d:8f:60:a3:6e:7a:17:
                    c4:f7:98:77:aa:f8:16:52:87:dc:87:4c:f7:81:72:
                    b1:a2:45:da:22:53:6b:40:4b:d2:1c:ef:bb:66:c3:
                    db:15:d4:1a:84:5b:02:e7:4d:86:09:1e:8e:19:5d:
                    b9:9d:94:c5:e6:f6:b3:64:57:01:5f:e6:eb:f3:23:
                    00:5d:63:3f:fb:ba:32:9a:94:cc:92:c4:db:4d:ac:
                    6d:27:c7:c7:7c:f2:6c:c4:3f:9b:c0:a9:c6:4c:d6:
                    e5:ce:95:87:b1:bb:c7:65:df:0c:68:52:c8:6c:92:
                    3a:96:1f:aa:38:4e:22:2c:c0:e0:2b:b9:c6:39:07:
                    48:76:e0:da:fc:4a:c9:35:9f:92:38:c9:12:90:44:
                    d6:21:7a:4b:42:3d:e2:0a:a0:40:62:3d:45:d0:5f:
                    d3:4e:4a:44:7a:e5:1b:fc:8d:a4:7c:eb:d3:4f:90:
                    3f:a4:6e:a9:a3:03:fe:45:b2:2b:7a:24:22:cd:10:
                    0c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:CA:91:83:B5:2B:B4:91:3A:F2:3D:03:63:53:D2:1F:06:12:BB:FE
            X509v3 Authority Key Identifier:
                keyid:41:E4:2D:83:0E:CA:98:A5:33:F4:37:2D:A1:69:C9:C7:92:C3:93:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QeQtgw7KmKUz9DctoWnJx5LDk7I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/4956df-91dc-4490-8333-1ad61ede0a4a/1/NcqRg7UrtJE68j0DY1PSHwYSu_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/4956df-91dc-4490-8333-1ad61ede0a4a/1/QeQtgw7KmKUz9DctoWnJx5LDk7I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.188.0/22
                  91.230.22.0/24
                  130.0.92.0/22
                  185.159.120.0/22
                  185.174.72.0/22
                  185.189.220.0/22
                  192.76.138.0/24
                IPv6:
                  2a0b:f880::/29
                  2a0b:fb00::/29

    Signature Algorithm: sha256WithRSAEncryption
         4c:9a:b8:fe:5e:d9:f1:c8:02:8b:73:ce:ca:a7:89:b9:6b:ac:
         05:2a:8a:6b:a5:41:f0:01:c6:15:c3:82:02:99:b2:31:0d:5b:
         d8:34:df:45:7d:e2:16:a5:17:2e:f9:07:f0:44:3b:d2:ea:94:
         42:72:a5:1a:f5:d5:73:fe:d7:eb:90:c9:fd:03:7d:85:43:12:
         a1:b5:db:a3:3d:27:69:dd:ef:01:ae:23:4c:87:0c:b5:9e:e5:
         04:42:9f:ef:f2:db:39:71:5f:f7:5a:b4:5a:36:e8:f7:89:3b:
         64:96:74:e0:c3:9b:ef:4d:ab:df:5d:88:62:de:de:2e:fb:b7:
         dc:be:2b:43:e4:58:ed:7c:ef:fd:1a:dc:71:64:14:ab:8c:f2:
         a2:37:12:52:79:59:f1:90:b5:77:29:35:cf:74:a9:cc:bb:46:
         a9:30:d9:02:21:41:07:14:18:8f:b3:31:71:18:f0:6f:74:21:
         dc:3b:db:e9:d9:c1:5d:51:94:03:d9:58:83:e2:9d:87:82:69:
         60:f4:5b:f3:7d:b5:e6:86:54:28:3b:d9:2c:1b:86:23:8f:70:
         95:2d:3f:18:d3:01:ed:72:bb:e4:fb:e4:4f:c0:6b:15:ba:23:
         91:3c:dc:c7:45:48:0d:3b:af:d0:ff:10:d6:0d:c4:07:20:de:
         76:bd:d7:5f
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZQi/DOArMUVgVWM0uzsKrfVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZTQyZDgzMGVjYTk4YTUzM2Y0MzcyZGExNjljOWM3OTJj
MzkzYjIwHhcNMjUwMTAxMTc0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWNhOTE4M2I1MmJiNDkxM2FmMjNkMDM2MzUzZDIxZjA2MTJiYmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOXBUaVTS3EhfRmdsusVI4j3+jOB
3EgC9qYsPscPYGFckcR4SLQvlwe+vXaCEgAB9urRpFlngxo6trDU8MsLgRcGdS2P
YKNuehfE95h3qvgWUofch0z3gXKxokXaIlNrQEvSHO+7ZsPbFdQahFsC502GCR6O
GV25nZTF5vazZFcBX+br8yMAXWM/+7oympTMksTbTaxtJ8fHfPJsxD+bwKnGTNbl
zpWHsbvHZd8MaFLIbJI6lh+qOE4iLMDgK7nGOQdIduDa/ErJNZ+SOMkSkETWIXpL
Qj3iCqBAYj1F0F/TTkpEeuUb/I2kfOvTT5A/pG6powP+RbIreiQizRAMbwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFDXKkYO1K7SROvI9A2NT0h8GErv+MB8GA1UdIwQY
MBaAFEHkLYMOypilM/Q3LaFpyceSw5OyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWVRdGd3N0ttS1V6OURjdG9Xbkp4NUxEazdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC80OTU2ZGYtOTFkYy00NDkwLTgzMzMt
MWFkNjFlZGUwYTRhLzEvTmNxUmc3VXJ0SkU2OGowRFkxUFNId1lTdV80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC80OTU2ZGYtOTFkYy00NDkwLTgzMzMtMWFkNjFlZGUwYTRh
LzEvUWVRdGd3N0ttS1V6OURjdG9Xbkp4NUxEazdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQCLVe8AwQA
W+YWAwQCggBcAwQCuZ94AwQCua5IAwQCub3cAwQAwEyKMBQEAgACMA4DBQMqC/iA
AwUDKgv7ADANBgkqhkiG9w0BAQsFAAOCAQEATJq4/l7Z8cgCi3POyqeJuWusBSqK
a6VB8AHGFcOCApmyMQ1b2DTfRX3iFqUXLvkH8EQ70uqUQnKlGvXVc/7X65DJ/QN9
hUMSobXboz0nad3vAa4jTIcMtZ7lBEKf7/LbOXFf91q0Wjbo94k7ZJZ04MOb702r
312IYt7eLvu33L4rQ+RY7Xzv/RrccWQUq4zyojcSUnlZ8ZC1dyk1z3SpzLtGqTDZ
AiFBBxQYj7MxcRjwb3Qh3Dvb6dnBXVGUA9lYg+Kdh4JpYPRb83215oZUKDvZLBuG
I49wlS0/GNMB7XK75PvkT8BrFbojkTzcx0VIDTuv0P8Q1g3EByDedr3XXw==
-----END CERTIFICATE-----