Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/3D8D9mYxn0kb8mxGwM2Ppc9Ppqc.roa
File:                     3D8D9mYxn0kb8mxGwM2Ppc9Ppqc.roa (raw, json)
Hash identifier:          qnvxSXVxd8JirdBH6zhjkAd4agY1yaWFwHbtF5k/Tyc=
Subject key identifier:   DC:3F:03:F6:66:31:9F:49:1B:F2:6C:46:C0:CD:8F:A5:CF:4F:A6:A7
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       01962495CF4D83CD06F2DDFA1B9005F551F3
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/3D8D9mYxn0kb8mxGwM2Ppc9Ppqc.roa
Signing time:             Fri 11 Apr 2025 11:21:59 +0000
ROA not before:           Fri 11 Apr 2025 11:21:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42794
IP address blocks:        82.103.112.0/24 maxlen: 24
                          88.203.208.0/23 maxlen: 23
                          88.203.210.0/23 maxlen: 23
                          88.203.212.0/24 maxlen: 24
                          88.203.213.0/24 maxlen: 24
                          88.203.214.0/24 maxlen: 24
                          88.203.215.0/24 maxlen: 24
                          88.203.232.0/24 maxlen: 24
                          88.203.233.0/24 maxlen: 24
                          92.247.120.0/22 maxlen: 22
                          92.247.124.0/24 maxlen: 24
                          92.247.125.0/24 maxlen: 24
                          92.247.126.0/24 maxlen: 24
                          92.247.127.0/24 maxlen: 24
                          92.247.128.0/23 maxlen: 23
                          212.36.17.0/24 maxlen: 24
                          2a01:288:4004::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:24:95:cf:4d:83:cd:06:f2:dd:fa:1b:90:05:f5:51:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Apr 11 11:21:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc3f03f666319f491bf26c46c0cd8fa5cf4fa6a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b9:08:f0:03:5b:76:1f:81:0a:9f:1a:7f:02:
                    32:4d:8e:84:57:df:25:e8:4b:f3:97:02:dd:ee:25:
                    48:2a:8f:ba:98:e6:af:1a:05:56:87:0f:0f:35:2b:
                    24:35:90:ec:51:d9:cf:8b:f1:7a:04:4b:28:96:be:
                    cd:26:f7:7d:6d:ac:7e:5e:5d:aa:16:09:15:4b:d0:
                    8f:64:99:2a:ab:ab:76:01:24:1f:2d:3d:d4:26:b8:
                    d7:36:64:25:2b:36:dd:14:f3:24:00:31:af:4e:11:
                    28:d8:a3:ca:55:30:5d:48:af:71:6b:86:9f:7c:22:
                    9a:26:39:d1:dc:3a:3a:1f:15:2f:f0:41:a5:25:35:
                    3c:5c:c2:58:14:9c:d3:c0:1a:e3:e8:bf:13:27:2d:
                    df:39:a6:2a:00:35:51:c7:32:b1:08:dd:ab:9c:e9:
                    2c:c2:a6:e2:a9:be:b7:ce:5e:32:69:46:1d:03:85:
                    fe:df:31:4f:c5:1e:fe:ef:d2:a1:a2:b5:5f:7a:60:
                    87:42:78:44:39:08:a2:a9:1d:95:37:b3:bc:da:c6:
                    9b:4b:ca:1d:67:fe:f6:21:72:c3:72:a0:04:3f:30:
                    bb:f3:78:35:29:17:0a:0e:40:f1:27:25:81:79:60:
                    b3:ce:45:aa:b6:48:56:62:8c:d5:d7:42:2e:06:36:
                    5b:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:3F:03:F6:66:31:9F:49:1B:F2:6C:46:C0:CD:8F:A5:CF:4F:A6:A7
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/3D8D9mYxn0kb8mxGwM2Ppc9Ppqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.103.112.0/24
                  88.203.208.0/21
                  88.203.232.0/23
                  92.247.120.0-92.247.129.255
                  212.36.17.0/24
                IPv6:
                  2a01:288:4004::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:1e:9d:88:44:50:b0:de:c0:59:29:0c:f5:01:4f:2f:d1:5c:
         5d:95:21:53:ae:b6:d0:c3:44:3d:da:db:b1:8f:42:f0:c9:76:
         7a:75:c6:13:c1:1a:15:ec:dc:d6:7a:45:90:a3:be:7d:75:6c:
         e6:11:31:08:87:e5:20:11:e7:f5:a3:7b:0f:c7:0d:d0:56:06:
         ab:3b:8c:56:83:a4:5c:c6:cf:ae:7c:8a:b2:d2:2c:5c:70:e4:
         ee:bb:6a:9a:5d:92:58:ef:9d:98:5c:5c:a5:1e:5b:33:32:b7:
         b6:98:19:49:a5:fe:2b:cd:f3:7d:02:f7:41:1f:47:0c:a2:b0:
         a2:b5:48:16:11:f7:cc:b4:bc:0c:b7:c7:09:5d:0d:26:a3:10:
         a1:3c:6f:a6:c2:83:54:ff:a0:0b:dd:a7:c0:a1:3c:d2:8b:1c:
         03:78:68:be:dd:27:86:d9:09:70:3d:0a:45:56:f1:5b:ce:89:
         77:56:39:24:6b:f3:6b:6a:9c:1e:e6:e0:e3:e5:fd:79:97:19:
         2b:40:40:c1:f1:c9:7d:84:73:c9:56:92:5b:85:3c:f6:7e:6c:
         5d:50:84:30:38:f3:19:d4:ed:61:db:0d:a5:53:1c:97:84:be:
         2e:89:93:7f:c8:fd:40:1f:46:fe:c1:41:e6:4d:c7:3a:1b:70:
         0f:93:8d:72
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAZYklc9Ng80G8t36G5AF9VHzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjUwNDExMTEyMTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzNmMDNmNjY2MzE5ZjQ5MWJmMjZjNDZjMGNkOGZhNWNmNGZhNmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLkI8ANbdh+BCp8afwIyTY6EV98l
6EvzlwLd7iVIKo+6mOavGgVWhw8PNSskNZDsUdnPi/F6BEsolr7NJvd9bax+Xl2q
FgkVS9CPZJkqq6t2ASQfLT3UJrjXNmQlKzbdFPMkADGvThEo2KPKVTBdSK9xa4af
fCKaJjnR3Do6HxUv8EGlJTU8XMJYFJzTwBrj6L8TJy3fOaYqADVRxzKxCN2rnOks
wqbiqb63zl4yaUYdA4X+3zFPxR7+79KhorVfemCHQnhEOQiiqR2VN7O82sabS8od
Z/72IXLDcqAEPzC783g1KRcKDkDxJyWBeWCzzkWqtkhWYozV10IuBjZbtQIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFNw/A/ZmMZ9JG/JsRsDNj6XPT6anMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvM0Q4RDltWXhuMGtiOG14R3dNMlBwYzlQcHFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAsBAIAATAmAwQAUmdwAwQD
WMvQAwQBWMvoMAwDBANc93gDBAFc94ADBADUJBEwDwQCAAIwCQMHACoBAohABDAN
BgkqhkiG9w0BAQsFAAOCAQEAbB6diERQsN7AWSkM9QFPL9FcXZUhU6620MNEPdrb
sY9C8Ml2enXGE8EaFezc1npFkKO+fXVs5hExCIflIBHn9aN7D8cN0FYGqzuMVoOk
XMbPrnyKstIsXHDk7rtqml2SWO+dmFxcpR5bMzK3tpgZSaX+K83zfQL3QR9HDKKw
orVIFhH3zLS8DLfHCV0NJqMQoTxvpsKDVP+gC92nwKE80oscA3hovt0nhtkJcD0K
RVbxW86Jd1Y5JGvza2qcHubg4+X9eZcZK0BAwfHJfYRzyVaSW4U89n5sXVCEMDjz
GdTtYdsNpVMcl4S+LomTf8j9QB9G/sFB5k3HOhtwD5ONcg==
-----END CERTIFICATE-----