Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/50a4c4-91d1-4311-b67b-e45fa64d4d2d/1/5g85T8wtsU9KQN9mQ3PzcRzIz0g.roa
File:                     5g85T8wtsU9KQN9mQ3PzcRzIz0g.roa (raw, json)
Hash identifier:          jk7ABMj+Yqrl8ZCZd+pnYEYqoK3gUBxv5XC/YllO77E=
Subject key identifier:   E6:0F:39:4F:CC:2D:B1:4F:4A:40:DF:66:43:73:F3:71:1C:C8:CF:48
Certificate issuer:       /CN=edb04a943332768017266f4e5f56c006d98ebbb4
Certificate serial:       019420D6384E948E49EE32F4D86A09C7DB99
Authority key identifier: ED:B0:4A:94:33:32:76:80:17:26:6F:4E:5F:56:C0:06:D9:8E:BB:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7bBKlDMydoAXJm9OX1bABtmOu7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/50a4c4-91d1-4311-b67b-e45fa64d4d2d/1/5g85T8wtsU9KQN9mQ3PzcRzIz0g.roa
Signing time:             Wed 01 Jan 2025 07:48:17 +0000
ROA not before:           Wed 01 Jan 2025 07:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396253
IP address blocks:        2a03:b8c0:15::/48 maxlen: 48
                          2a03:b8c0:19::/48 maxlen: 48
                          2a03:b8c0:1a::/48 maxlen: 48
                          2a03:b8c0:1b::/48 maxlen: 48
                          2a03:b8c0:1c::/48 maxlen: 48
                          2a03:b8c0:1e::/48 maxlen: 48
                          2a03:b8c0:20::/48 maxlen: 48
                          2a03:b8c0:21::/48 maxlen: 48
                          2a03:b8c0:22::/48 maxlen: 48
                          2a03:b8c0:24::/48 maxlen: 48
                          2a03:b8c0:29::/48 maxlen: 48
                          2a03:b8c0:2a::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:38:4e:94:8e:49:ee:32:f4:d8:6a:09:c7:db:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edb04a943332768017266f4e5f56c006d98ebbb4
        Validity
            Not Before: Jan  1 07:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e60f394fcc2db14f4a40df664373f3711cc8cf48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:36:32:3d:81:e8:a3:a1:5b:d7:a1:ef:b1:13:
                    e2:18:13:3f:73:ae:1d:d7:c1:5e:db:f5:b7:c0:02:
                    34:c1:d3:48:53:9a:b2:4a:a5:af:d5:64:42:93:2d:
                    2b:7f:cb:09:d0:a4:16:19:ab:0b:0a:25:4d:76:8b:
                    76:2b:46:f8:0d:3a:68:19:40:11:ed:d8:dc:5b:ef:
                    82:b5:ad:bb:92:82:17:b0:b4:e5:3b:33:1a:5f:e0:
                    f2:96:56:e7:ef:f4:e2:e5:22:e1:68:48:d3:d4:39:
                    70:d1:48:22:c1:d0:fe:03:d2:a0:ed:76:fa:5e:6c:
                    fd:38:7b:5a:8e:cd:29:e0:dd:35:27:c4:79:db:b8:
                    2c:ee:e7:f3:64:97:cf:26:59:ce:65:10:30:28:1a:
                    06:26:03:09:1d:bd:25:47:03:06:1c:fb:b9:3d:79:
                    ac:82:2e:e7:f7:e1:83:66:23:0e:8e:66:66:04:d5:
                    b3:3d:20:9a:c5:41:a2:ad:ea:0d:53:94:b4:92:36:
                    7b:7d:af:e5:21:76:6d:38:92:ac:ef:c0:9e:1a:a2:
                    8c:5d:8d:80:44:b6:23:39:34:bc:01:70:98:ce:b8:
                    ca:55:68:8d:a9:b3:20:21:0b:0e:6d:dc:ff:76:19:
                    0a:66:85:81:b4:06:2c:98:38:49:e8:fc:5c:80:ff:
                    c6:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:0F:39:4F:CC:2D:B1:4F:4A:40:DF:66:43:73:F3:71:1C:C8:CF:48
            X509v3 Authority Key Identifier:
                keyid:ED:B0:4A:94:33:32:76:80:17:26:6F:4E:5F:56:C0:06:D9:8E:BB:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7bBKlDMydoAXJm9OX1bABtmOu7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/50a4c4-91d1-4311-b67b-e45fa64d4d2d/1/5g85T8wtsU9KQN9mQ3PzcRzIz0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/50a4c4-91d1-4311-b67b-e45fa64d4d2d/1/7bBKlDMydoAXJm9OX1bABtmOu7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:b8c0:15::/48
                  2a03:b8c0:19::-2a03:b8c0:1c:ffff:ffff:ffff:ffff:ffff
                  2a03:b8c0:1e::/48
                  2a03:b8c0:20::-2a03:b8c0:22:ffff:ffff:ffff:ffff:ffff
                  2a03:b8c0:24::/48
                  2a03:b8c0:29::-2a03:b8c0:2a:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         81:01:2a:65:11:d0:f1:d4:32:63:59:08:79:7d:f4:dc:9e:ff:
         e9:fb:bd:09:a1:fa:96:4b:9d:89:03:88:a6:b8:ce:00:c9:58:
         18:fd:c3:cc:bd:84:33:57:f1:2e:cd:6a:f9:c5:c8:7e:40:5c:
         87:0e:6b:86:a5:4b:28:d0:36:21:c8:7a:b0:08:a5:ec:35:a9:
         81:40:9f:f1:76:9a:62:7f:f0:ba:0e:bd:a7:c4:3f:e5:d2:54:
         0b:ed:a0:eb:48:61:50:19:00:22:01:b0:34:cd:23:1c:f9:7a:
         90:46:ab:a6:2d:97:22:d2:86:87:49:77:61:3e:dc:bb:1a:1a:
         51:55:9d:a4:4f:44:d2:42:7c:02:fd:3a:fc:d4:bb:f9:94:bb:
         60:6f:b6:93:62:3c:2e:b7:eb:11:fb:5f:85:c7:fb:1f:10:c9:
         1d:29:3e:a0:df:27:02:2c:17:4d:14:f9:45:60:6b:4a:e1:72:
         fe:38:51:31:56:ad:34:71:73:b8:09:9b:8a:b5:81:7d:7e:d2:
         af:cd:b0:1d:ef:05:c2:e1:86:dc:2b:48:28:8d:3c:d9:ad:7f:
         2b:d4:66:8f:73:5e:7e:1f:1b:7a:0e:74:36:a0:24:8f:6a:ae:
         8a:a3:4e:4a:da:9d:76:d0:ea:4e:35:3e:6e:94:2b:e2:64:f4:
         72:4d:b2:59
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAZQg1jhOlI5J7jL02GoJx9uZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkYjA0YTk0MzMzMjc2ODAxNzI2NmY0ZTVmNTZjMDA2ZDk4
ZWJiYjQwHhcNMjUwMTAxMDc0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjBmMzk0ZmNjMmRiMTRmNGE0MGRmNjY0MzczZjM3MTFjYzhjZjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDYyPYHoo6Fb16HvsRPiGBM/c64d
18Fe2/W3wAI0wdNIU5qySqWv1WRCky0rf8sJ0KQWGasLCiVNdot2K0b4DTpoGUAR
7djcW++Cta27koIXsLTlOzMaX+Dyllbn7/Ti5SLhaEjT1Dlw0UgiwdD+A9Kg7Xb6
Xmz9OHtajs0p4N01J8R527gs7ufzZJfPJlnOZRAwKBoGJgMJHb0lRwMGHPu5PXms
gi7n9+GDZiMOjmZmBNWzPSCaxUGireoNU5S0kjZ7fa/lIXZtOJKs78CeGqKMXY2A
RLYjOTS8AXCYzrjKVWiNqbMgIQsObdz/dhkKZoWBtAYsmDhJ6PxcgP/GvQIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFOYPOU/MLbFPSkDfZkNz83EcyM9IMB8GA1UdIwQY
MBaAFO2wSpQzMnaAFyZvTl9WwAbZjru0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2JCS2xETXlkb0FYSm05T1gxYkFCdG1PdTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC81MGE0YzQtOTFkMS00MzExLWI2N2It
ZTQ1ZmE2NGQ0ZDJkLzEvNWc4NVQ4d3RzVTlLUU45bVEzUHpjUnpJejBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC81MGE0YzQtOTFkMS00MzExLWI2N2ItZTQ1ZmE2NGQ0ZDJk
LzEvN2JCS2xETXlkb0FYSm05T1gxYkFCdG1PdTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBdBAIAAjBXAwcAKgO4wAAV
MBIDBwAqA7jAABkDBwAqA7jAABwDBwAqA7jAAB4wEgMHBSoDuMAAIAMHACoDuMAA
IgMHACoDuMAAJDASAwcAKgO4wAApAwcAKgO4wAAqMA0GCSqGSIb3DQEBCwUAA4IB
AQCBASplEdDx1DJjWQh5ffTcnv/p+70JofqWS52JA4imuM4AyVgY/cPMvYQzV/Eu
zWr5xch+QFyHDmuGpUso0DYhyHqwCKXsNamBQJ/xdppif/C6Dr2nxD/l0lQL7aDr
SGFQGQAiAbA0zSMc+XqQRqumLZci0oaHSXdhPty7GhpRVZ2kT0TSQnwC/Tr81Lv5
lLtgb7aTYjwut+sR+1+Fx/sfEMkdKT6g3ycCLBdNFPlFYGtK4XL+OFExVq00cXO4
CZuKtYF9ftKvzbAd7wXC4YbcK0gojTzZrX8r1GaPc15+Hxt6DnQ2oCSPaq6Ko05K
2p120OpONT5ulCviZPRyTbJZ
-----END CERTIFICATE-----