Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/V0Sp0TtSbp08bch-dMvX-f8oa2o.roa
File:                     V0Sp0TtSbp08bch-dMvX-f8oa2o.roa (raw, json)
Hash identifier:          JjHFR/Br8lLNxd0wBIShn4KBf2iV68ca7V3XI/Bh6Lc=
Subject key identifier:   57:44:A9:D1:3B:52:6E:9D:3C:6D:C8:7E:74:CB:D7:F9:FF:28:6B:6A
Certificate issuer:       /CN=e2e8f56bc1f5010291681bc2d8c02f9acbf714a0
Certificate serial:       0195964F3B5082E4014BE7522E86ADD993DC
Authority key identifier: E2:E8:F5:6B:C1:F5:01:02:91:68:1B:C2:D8:C0:2F:9A:CB:F7:14:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4uj1a8H1AQKRaBvC2MAvmsv3FKA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/V0Sp0TtSbp08bch-dMvX-f8oa2o.roa
Signing time:             Fri 14 Mar 2025 20:18:49 +0000
ROA not before:           Fri 14 Mar 2025 20:18:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12618
IP address blocks:        46.238.192.0/19 maxlen: 24
                          46.238.224.0/22 maxlen: 22
                          46.238.228.0/22 maxlen: 22
                          46.238.232.0/24 maxlen: 24
                          46.238.234.0/23 maxlen: 23
                          46.238.239.0/24 maxlen: 24
                          46.238.248.0/21 maxlen: 21
                          46.239.144.0/20 maxlen: 20
                          46.239.160.0/20 maxlen: 20
                          89.191.144.0/20 maxlen: 24
                          94.141.128.0/19 maxlen: 19
                          212.122.216.0/22 maxlen: 22
                          212.122.220.0/22 maxlen: 22
                          2001:90c::/30 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:96:4f:3b:50:82:e4:01:4b:e7:52:2e:86:ad:d9:93:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2e8f56bc1f5010291681bc2d8c02f9acbf714a0
        Validity
            Not Before: Mar 14 20:18:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5744a9d13b526e9d3c6dc87e74cbd7f9ff286b6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1c:ea:c1:3e:41:c6:af:a6:16:a7:2d:78:5c:
                    ea:2e:6b:af:82:99:d2:48:9f:6c:2f:30:fa:be:64:
                    d1:26:52:44:8a:f3:32:d0:39:ef:d2:be:fd:1a:b3:
                    c1:d6:a2:c7:ca:17:9e:39:eb:11:6c:a1:d0:79:64:
                    30:2b:d0:12:a6:73:45:f4:ea:52:88:0a:5a:fc:4d:
                    63:f4:3a:d4:20:a2:88:5f:a8:3f:37:f9:64:d9:d9:
                    3a:86:42:09:1f:d4:cb:84:4e:2f:73:bc:f3:c5:4c:
                    f9:60:59:d6:35:66:33:b0:6c:c7:83:c8:33:6e:e5:
                    53:28:bc:6d:38:ea:32:a2:82:76:32:42:7b:82:fc:
                    09:39:cd:ba:ce:07:3c:5b:33:da:ba:cd:b1:5b:3c:
                    0c:8a:ee:7c:ca:0b:8d:c3:42:9c:4e:0e:c6:fa:42:
                    40:ff:96:ab:6d:7d:a1:ca:2f:46:ae:1e:61:6d:61:
                    e1:53:2c:13:88:15:69:59:59:71:cc:9c:16:62:df:
                    7e:74:ac:d7:0f:4c:90:8c:68:8e:11:7a:ef:95:13:
                    d9:bc:96:11:0a:4e:85:2c:7a:1f:9b:bc:12:51:eb:
                    fb:82:38:92:50:4d:d7:22:c1:71:0a:9b:c3:27:66:
                    7a:86:43:4f:db:7f:e4:12:88:22:10:b1:1e:a1:66:
                    7f:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:44:A9:D1:3B:52:6E:9D:3C:6D:C8:7E:74:CB:D7:F9:FF:28:6B:6A
            X509v3 Authority Key Identifier:
                keyid:E2:E8:F5:6B:C1:F5:01:02:91:68:1B:C2:D8:C0:2F:9A:CB:F7:14:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4uj1a8H1AQKRaBvC2MAvmsv3FKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/V0Sp0TtSbp08bch-dMvX-f8oa2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/4uj1a8H1AQKRaBvC2MAvmsv3FKA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.238.192.0-46.238.232.255
                  46.238.234.0/23
                  46.238.239.0/24
                  46.238.248.0/21
                  46.239.144.0-46.239.175.255
                  89.191.144.0/20
                  94.141.128.0/19
                  212.122.216.0/21
                IPv6:
                  2001:90c::/30

    Signature Algorithm: sha256WithRSAEncryption
         31:d9:7f:e9:19:fe:b2:f3:63:25:ed:bb:b7:56:da:69:ee:66:
         8d:5f:0c:be:87:c3:ee:01:4b:8d:21:46:d9:2a:d3:f3:2d:0d:
         e4:1e:26:2c:85:2b:ce:c5:c0:e2:3f:19:e6:eb:3e:4f:3e:16:
         86:c8:58:fc:14:48:05:77:23:64:c2:58:4f:e9:34:e9:91:24:
         6d:54:dc:64:68:62:50:b0:8a:81:c9:bb:a7:3d:b9:21:ba:1e:
         8a:e1:c5:4a:f6:55:a2:43:34:b5:6f:de:18:0d:89:76:b3:7a:
         2c:28:35:78:c3:1d:3a:19:c6:74:49:52:cc:4f:7a:ea:4b:f7:
         a3:63:11:3b:93:13:87:dc:ff:1d:92:1b:c9:67:90:c3:41:a0:
         d0:5c:1c:7d:5e:03:dc:b5:d4:96:74:11:fe:66:5d:ed:a9:3c:
         c4:bc:48:be:54:e8:1e:6b:62:5a:e5:ce:6d:28:24:1c:4b:b2:
         0e:7a:70:39:73:01:f5:99:c3:bb:30:d6:39:12:94:a8:50:9d:
         58:0d:a6:48:8b:51:e4:dd:f5:2f:98:55:4a:86:c4:3c:21:0f:
         a2:9b:46:bb:7e:54:64:3d:b9:2b:93:a1:a4:61:c4:be:64:af:
         19:f9:25:8d:d6:0e:2a:43:20:fe:f0:7f:50:a8:de:05:c0:41:
         a1:26:71:d8
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAZWWTztQguQBS+dSLoat2ZPcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZThmNTZiYzFmNTAxMDI5MTY4MWJjMmQ4YzAyZjlhY2Jm
NzE0YTAwHhcNMjUwMzE0MjAxODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzQ0YTlkMTNiNTI2ZTlkM2M2ZGM4N2U3NGNiZDdmOWZmMjg2YjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthzqwT5Bxq+mFqcteFzqLmuvgpnS
SJ9sLzD6vmTRJlJEivMy0Dnv0r79GrPB1qLHyheeOesRbKHQeWQwK9ASpnNF9OpS
iApa/E1j9DrUIKKIX6g/N/lk2dk6hkIJH9TLhE4vc7zzxUz5YFnWNWYzsGzHg8gz
buVTKLxtOOoyooJ2MkJ7gvwJOc26zgc8WzPaus2xWzwMiu58yguNw0KcTg7G+kJA
/5arbX2hyi9Grh5hbWHhUywTiBVpWVlxzJwWYt9+dKzXD0yQjGiOEXrvlRPZvJYR
Ck6FLHofm7wSUev7gjiSUE3XIsFxCpvDJ2Z6hkNP23/kEogiELEeoWZ/JwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFFdEqdE7Um6dPG3IfnTL1/n/KGtqMB8GA1UdIwQY
MBaAFOLo9WvB9QECkWgbwtjAL5rL9xSgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHVqMWE4SDFBUUtSYUJ2QzJNQXZtc3YzRktBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC84MDQyYmYtNzFiYS00ZmJkLTllMTct
NDQ3ZWRjNGY5YWY2LzEvVjBTcDBUdFNicDA4YmNoLWRNdlgtZjhvYTJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC84MDQyYmYtNzFiYS00ZmJkLTllMTctNDQ3ZWRjNGY5YWY2
LzEvNHVqMWE4SDFBUUtSYUJ2QzJNQXZtc3YzRktBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAMAwDBAYu7sAD
BAAu7ugDBAEu7uoDBAAu7u8DBAMu7vgwDAMEBC7vkAMEBC7voAMEBFm/kAMEBV6N
gAMEA9R62DANBAIAAjAHAwUCIAEJDDANBgkqhkiG9w0BAQsFAAOCAQEAMdl/6Rn+
svNjJe27t1baae5mjV8MvofD7gFLjSFG2SrT8y0N5B4mLIUrzsXA4j8Z5us+Tz4W
hshY/BRIBXcjZMJYT+k06ZEkbVTcZGhiULCKgcm7pz25IboeiuHFSvZVokM0tW/e
GA2JdrN6LCg1eMMdOhnGdElSzE966kv3o2MRO5MTh9z/HZIbyWeQw0Gg0FwcfV4D
3LXUlnQR/mZd7ak8xLxIvlToHmtiWuXObSgkHEuyDnpwOXMB9ZnDuzDWORKUqFCd
WA2mSItR5N31L5hVSobEPCEPoptGu35UZD25K5OhpGHEvmSvGfkljdYOKkMg/vB/
UKjeBcBBoSZx2A==
-----END CERTIFICATE-----