Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/ZmV3RrHyNbdlPpXWHxyJNKlqz_0.roa
File:                     ZmV3RrHyNbdlPpXWHxyJNKlqz_0.roa (raw, json)
Hash identifier:          duiYNAfkU9vNSfSeoTIVT6MoGsXF5yCoHKwjI4a3RZo=
Subject key identifier:   66:65:77:46:B1:F2:35:B7:65:3E:95:D6:1F:1C:89:34:A9:6A:CF:FD
Certificate issuer:       /CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
Certificate serial:       01942747446A6D5E8EB1553A0DED37C0EECD
Authority key identifier: 05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/ZmV3RrHyNbdlPpXWHxyJNKlqz_0.roa
Signing time:             Thu 02 Jan 2025 13:49:29 +0000
ROA not before:           Thu 02 Jan 2025 13:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42303
IP address blocks:        5.35.184.0/21 maxlen: 21
                          46.182.200.0/24 maxlen: 24
                          46.182.201.0/24 maxlen: 24
                          46.182.202.0/24 maxlen: 24
                          46.182.203.0/24 maxlen: 24
                          46.182.204.0/24 maxlen: 24
                          46.182.205.0/24 maxlen: 24
                          46.182.206.0/24 maxlen: 24
                          77.72.96.0/21 maxlen: 21
                          94.127.32.0/21 maxlen: 21
                          151.236.200.0/21 maxlen: 24
                          185.55.8.0/22 maxlen: 22
                          185.104.14.0/23 maxlen: 24
                          185.153.212.0/22 maxlen: 24
                          193.149.178.0/24 maxlen: 24
                          2a02:470::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:44:6a:6d:5e:8e:b1:55:3a:0d:ed:37:c0:ee:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
        Validity
            Not Before: Jan  2 13:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66657746b1f235b7653e95d61f1c8934a96acffd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1a:c1:81:4b:8b:2d:76:d5:11:dd:ed:ad:4e:
                    d0:2f:4e:0c:0c:c2:be:60:58:b3:a7:59:00:5e:15:
                    c9:24:4b:6e:92:90:e6:d6:c4:dc:2a:44:1e:d6:eb:
                    15:fe:27:a2:97:e5:2b:c9:18:27:db:af:5c:59:b3:
                    37:ea:1b:e7:fd:f5:1b:16:bc:1d:ef:1b:f1:f8:46:
                    d4:61:76:33:41:56:0c:06:04:0b:b9:1b:6f:fd:be:
                    56:28:15:4c:80:cc:34:3c:db:45:0b:91:2b:77:d6:
                    cf:fe:75:39:8e:9a:a5:75:0e:27:b0:9c:52:20:66:
                    61:66:d6:7d:af:29:c3:2f:06:4c:56:c7:57:67:98:
                    0f:80:0a:6b:bb:d5:39:9a:57:00:d8:f5:98:50:29:
                    69:f3:28:64:08:a6:82:6f:ae:7c:6d:a1:4d:74:a9:
                    cd:b7:b1:30:f7:5a:e5:e1:58:d2:7c:5c:e2:b9:81:
                    ac:07:a8:33:4e:57:33:79:b0:f0:61:2f:14:0e:ed:
                    5f:88:3b:57:11:df:7c:99:ef:b7:01:7e:dd:0a:54:
                    26:df:ea:3e:8e:78:8a:da:a2:fb:bd:cd:9f:ff:2f:
                    e1:9a:61:16:e1:fa:4e:26:23:eb:fa:ce:5b:cb:4f:
                    30:d8:b6:95:50:10:a8:72:9c:62:85:64:33:d3:89:
                    f9:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:65:77:46:B1:F2:35:B7:65:3E:95:D6:1F:1C:89:34:A9:6A:CF:FD
            X509v3 Authority Key Identifier:
                keyid:05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/ZmV3RrHyNbdlPpXWHxyJNKlqz_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.35.184.0/21
                  46.182.200.0-46.182.206.255
                  77.72.96.0/21
                  94.127.32.0/21
                  151.236.200.0/21
                  185.55.8.0/22
                  185.104.14.0/23
                  185.153.212.0/22
                  193.149.178.0/24
                IPv6:
                  2a02:470::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:84:41:90:32:16:16:b2:ab:cb:71:7d:03:0b:f7:90:ac:6a:
         8f:c0:77:58:32:1b:32:d5:f6:1c:f9:a8:14:3e:2a:5b:ff:48:
         e5:61:27:f1:5c:c5:e3:cc:2d:e1:2c:9f:51:24:3e:12:9a:91:
         77:a9:fc:e8:6e:08:85:af:ea:7a:d9:ed:27:bf:89:85:6d:43:
         c4:e0:47:20:8d:1b:58:e9:5a:f6:3f:b2:34:eb:3f:f2:e7:be:
         c0:b4:a2:3b:c0:91:1a:95:fd:8a:0b:79:cf:fb:77:a1:87:41:
         81:39:fe:1b:c5:c4:08:5a:bb:c5:8a:a7:3e:2e:d6:0c:9f:6a:
         b8:f3:ea:b8:43:f6:b1:9f:9e:e2:dd:d6:37:55:e5:ad:28:43:
         3f:ca:e9:e5:6e:be:07:7c:58:df:a4:82:07:ea:4d:42:b8:0d:
         81:ea:e4:e7:35:e0:31:04:db:53:0e:f4:0e:e8:20:3a:e5:8d:
         53:17:31:4d:0a:59:87:cb:0f:f3:fe:12:96:04:d1:15:5e:a8:
         ab:72:8b:ef:78:61:bf:66:ed:46:37:94:56:0b:f0:2b:00:41:
         25:ac:e9:25:a3:12:c9:76:85:81:c9:61:aa:6e:a2:74:46:64:
         ad:f8:40:d4:cc:cf:e6:a9:87:39:08:27:24:e4:0d:0b:eb:be:
         04:0d:8b:81
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZQnR0RqbV6OsVU6De03wO7NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NTE2MDViNjc1ZWNlNGUwZmNlNzE3NWFlMzFhOTNmYTgy
NzJiYTYwHhcNMjUwMTAyMTM0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjY1Nzc0NmIxZjIzNWI3NjUzZTk1ZDYxZjFjODkzNGE5NmFjZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohrBgUuLLXbVEd3trU7QL04MDMK+
YFizp1kAXhXJJEtukpDm1sTcKkQe1usV/ieil+UryRgn269cWbM36hvn/fUbFrwd
7xvx+EbUYXYzQVYMBgQLuRtv/b5WKBVMgMw0PNtFC5Erd9bP/nU5jpqldQ4nsJxS
IGZhZtZ9rynDLwZMVsdXZ5gPgApru9U5mlcA2PWYUClp8yhkCKaCb658baFNdKnN
t7Ew91rl4VjSfFziuYGsB6gzTlczebDwYS8UDu1fiDtXEd98me+3AX7dClQm3+o+
jniK2qL7vc2f/y/hmmEW4fpOJiPr+s5by08w2LaVUBCocpxihWQz04n5+wIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFGZld0ax8jW3ZT6V1h8ciTSpas/9MB8GA1UdIwQY
MBaAFAVRYFtnXs5OD85xda4xqT+oJyumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEt
MDc3OWY0OGVjZWEwLzEvWm1WM1JySHlOYmRsUHBYV0h4eUpOS2xxel8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEtMDc3OWY0OGVjZWEw
LzEvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBEBAIAATA+AwQDBSO4MAwD
BAMutsgDBAAuts4DBANNSGADBANefyADBAOX7MgDBAK5NwgDBAG5aA4DBAK5mdQD
BADBlbIwDQQCAAIwBwMFACoCBHAwDQYJKoZIhvcNAQELBQADggEBAEyEQZAyFhay
q8txfQML95Csao/Ad1gyGzLV9hz5qBQ+Klv/SOVhJ/FcxePMLeEsn1EkPhKakXep
/OhuCIWv6nrZ7Se/iYVtQ8TgRyCNG1jpWvY/sjTrP/LnvsC0ojvAkRqV/YoLec/7
d6GHQYE5/hvFxAhau8WKpz4u1gyfarjz6rhD9rGfnuLd1jdV5a0oQz/K6eVuvgd8
WN+kggfqTUK4DYHq5Oc14DEE21MO9A7oIDrljVMXMU0KWYfLD/P+EpYE0RVeqKty
i+94Yb9m7UY3lFYL8CsAQSWs6SWjEsl2hYHJYapuonRGZK34QNTMz+aphzkIJyTk
DQvrvgQNi4E=
-----END CERTIFICATE-----