Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/wN38KIesuTmj0VhTYnf66R7aRGs.roa
File:                     wN38KIesuTmj0VhTYnf66R7aRGs.roa (raw, json)
Hash identifier:          BHWGJU1hslSu+73+D1D8OPXTiUn1TCww0Wy3SxJIu2Y=
Subject key identifier:   C0:DD:FC:28:87:AC:B9:39:A3:D1:58:53:62:77:FA:E9:1E:DA:44:6B
Certificate issuer:       /CN=4b48cf146b4c73d274096d705708d24b729329f8
Certificate serial:       01961FF3C6EF6AC0D434DFCCF72009B247B7
Authority key identifier: 4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/wN38KIesuTmj0VhTYnf66R7aRGs.roa
Signing time:             Thu 10 Apr 2025 13:46:32 +0000
ROA not before:           Thu 10 Apr 2025 13:46:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34305
IP address blocks:        85.12.26.0/24 maxlen: 24
                          85.12.27.0/24 maxlen: 24
                          85.12.28.0/22 maxlen: 24
                          85.12.32.0/20 maxlen: 20
                          85.12.48.0/21 maxlen: 21
                          85.12.58.0/23 maxlen: 24
                          85.12.60.0/22 maxlen: 22
                          91.148.208.0/20 maxlen: 20
                          185.91.28.0/24 maxlen: 24
                          193.138.220.0/24 maxlen: 24
                          195.200.84.0/24 maxlen: 24
                          195.200.85.0/24 maxlen: 24
                          2a01:788::/32 maxlen: 48
                          2a01:788:1000::/48 maxlen: 48
                          2a01:788:aaaa::/48 maxlen: 48
                          2a01:788:aaab::/48 maxlen: 48
                          2a01:788:aaac::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1f:f3:c6:ef:6a:c0:d4:34:df:cc:f7:20:09:b2:47:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b48cf146b4c73d274096d705708d24b729329f8
        Validity
            Not Before: Apr 10 13:46:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0ddfc2887acb939a3d158536277fae91eda446b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:92:94:fe:7c:ae:c9:ee:cc:c2:4f:0c:10:57:
                    0d:e0:8e:b4:23:0f:b3:90:6f:5a:40:42:be:6f:dc:
                    77:84:06:ed:47:a1:1a:0b:b8:58:17:7a:63:1c:d0:
                    65:28:d8:30:19:ec:ee:92:13:13:db:39:71:a3:87:
                    49:f0:20:f8:64:28:49:ee:26:d1:25:9f:ba:82:43:
                    4c:18:f9:07:8e:6a:1c:62:a9:63:c3:67:8e:e4:65:
                    b0:fd:81:c4:ce:41:65:54:5b:a6:12:9a:45:67:54:
                    8b:e3:9d:48:e2:90:48:20:04:e4:f3:40:bb:1d:d5:
                    80:ba:82:25:d2:c4:36:b0:3c:3a:a5:ac:6c:01:77:
                    e3:f6:a4:4b:71:6a:86:c5:8a:d6:7a:0a:5a:4b:59:
                    71:f9:06:d8:3a:8d:9f:c2:10:a6:4f:07:6e:21:1e:
                    15:e6:ed:5d:48:77:df:72:09:04:d3:70:4f:3e:7c:
                    c3:39:e2:e4:ec:61:44:c6:33:bc:e5:0b:02:ac:c7:
                    ca:aa:64:1b:c3:c6:ef:3e:78:ff:91:e2:0c:0d:30:
                    46:7c:0c:16:c3:ae:ab:8a:32:8a:7b:94:2a:ae:8b:
                    e2:ea:9c:85:f5:a8:6f:49:5d:9f:fa:8f:8a:8f:08:
                    ab:15:b7:5f:4b:ea:cb:04:22:46:56:f6:5b:6b:9a:
                    a8:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:DD:FC:28:87:AC:B9:39:A3:D1:58:53:62:77:FA:E9:1E:DA:44:6B
            X509v3 Authority Key Identifier:
                keyid:4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/wN38KIesuTmj0VhTYnf66R7aRGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.12.26.0-85.12.55.255
                  85.12.58.0-85.12.63.255
                  91.148.208.0/20
                  185.91.28.0/24
                  193.138.220.0/24
                  195.200.84.0/23
                IPv6:
                  2a01:788::/32

    Signature Algorithm: sha256WithRSAEncryption
         b2:84:b2:c9:bb:e0:56:47:74:84:7d:b1:f5:cb:f8:17:34:bf:
         bf:f2:f8:11:f2:d8:ea:d9:19:af:3b:2f:a0:72:af:e8:1c:d9:
         3e:20:a0:16:b2:0b:6e:c7:e0:ac:91:3b:b5:3e:1e:57:79:0c:
         f2:16:71:f3:de:1d:27:7e:09:c7:5f:48:60:58:3a:05:36:b7:
         45:4e:73:f3:39:44:78:d3:9b:46:2d:d2:66:78:e6:9d:b1:b9:
         83:f4:2c:89:ab:e3:ab:6b:47:94:23:72:ae:04:72:b1:6f:f0:
         3c:b6:b4:2b:bb:04:79:af:bc:ce:80:4c:91:c9:4e:9f:56:59:
         ae:fa:62:dd:3a:33:bc:96:df:7a:a3:9e:c2:b9:82:1e:02:67:
         4e:14:03:23:88:53:00:29:74:fe:71:27:66:84:6f:93:58:61:
         25:23:2c:2a:68:62:2a:bd:04:87:6d:eb:a8:b7:59:7a:46:d5:
         c1:bf:2c:52:52:b2:dd:3e:2e:93:19:e9:73:84:4c:77:ed:38:
         af:9e:ff:b0:30:86:b6:7d:b4:af:6a:e1:b6:26:94:1d:2e:56:
         ac:03:f0:3a:22:2a:06:ed:61:81:8c:dd:aa:d2:fc:86:39:73:
         4a:54:0e:52:7c:6c:d7:a4:c6:c6:4d:9c:9d:63:29:75:c7:78:
         56:5e:e8:77
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAZYf88bvasDUNN/M9yAJske3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNDhjZjE0NmI0YzczZDI3NDA5NmQ3MDU3MDhkMjRiNzI5
MzI5ZjgwHhcNMjUwNDEwMTM0NjMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGRkZmMyODg3YWNiOTM5YTNkMTU4NTM2Mjc3ZmFlOTFlZGE0NDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5KU/nyuye7Mwk8MEFcN4I60Iw+z
kG9aQEK+b9x3hAbtR6EaC7hYF3pjHNBlKNgwGezukhMT2zlxo4dJ8CD4ZChJ7ibR
JZ+6gkNMGPkHjmocYqljw2eO5GWw/YHEzkFlVFumEppFZ1SL451I4pBIIATk80C7
HdWAuoIl0sQ2sDw6paxsAXfj9qRLcWqGxYrWegpaS1lx+QbYOo2fwhCmTwduIR4V
5u1dSHffcgkE03BPPnzDOeLk7GFExjO85QsCrMfKqmQbw8bvPnj/keIMDTBGfAwW
w66rijKKe5Qqrovi6pyF9ahvSV2f+o+KjwirFbdfS+rLBCJGVvZba5qobQIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFMDd/CiHrLk5o9FYU2J3+uke2kRrMB8GA1UdIwQY
MBaAFEtIzxRrTHPSdAltcFcI0ktykyn4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMt
NjRhNmEwNWI5OTA1LzEvd04zOEtJZXN1VG1qMFZoVFluZjY2UjdhUkdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMtNjRhNmEwNWI5OTA1
LzEvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzA6BAIAATA0MAwDBAFVDBoD
BANVDDAwDAMEAVUMOgMEBlUMAAMEBFuU0AMEALlbHAMEAMGK3AMEAcPIVDANBAIA
AjAHAwUAKgEHiDANBgkqhkiG9w0BAQsFAAOCAQEAsoSyybvgVkd0hH2x9cv4FzS/
v/L4EfLY6tkZrzsvoHKv6BzZPiCgFrILbsfgrJE7tT4eV3kM8hZx894dJ34Jx19I
YFg6BTa3RU5z8zlEeNObRi3SZnjmnbG5g/Qsiavjq2tHlCNyrgRysW/wPLa0K7sE
ea+8zoBMkclOn1ZZrvpi3TozvJbfeqOewrmCHgJnThQDI4hTACl0/nEnZoRvk1hh
JSMsKmhiKr0Eh23rqLdZekbVwb8sUlKy3T4ukxnpc4RMd+04r57/sDCGtn20r2rh
tiaUHS5WrAPwOiIqBu1hgYzdqtL8hjlzSlQOUnxs16TGxk2cnWMpdcd4Vl7odw==
-----END CERTIFICATE-----