Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/rre3W4Iglfh1qM3eVieRRtusCmo.roa
File:                     rre3W4Iglfh1qM3eVieRRtusCmo.roa (raw, json)
Hash identifier:          5VZfan/uFY8AVZvzikC2R0YmSS6soH7r8PdgIi5FL3w=
Subject key identifier:   AE:B7:B7:5B:82:20:95:F8:75:A8:CD:DE:56:27:91:46:DB:AC:0A:6A
Certificate issuer:       /CN=e2e8f56bc1f5010291681bc2d8c02f9acbf714a0
Certificate serial:       019424B29325B7ABD877279D23BB0ED8E9AE
Authority key identifier: E2:E8:F5:6B:C1:F5:01:02:91:68:1B:C2:D8:C0:2F:9A:CB:F7:14:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4uj1a8H1AQKRaBvC2MAvmsv3FKA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/rre3W4Iglfh1qM3eVieRRtusCmo.roa
Signing time:             Thu 02 Jan 2025 01:47:50 +0000
ROA not before:           Thu 02 Jan 2025 01:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12618
IP address blocks:        46.238.192.0/19 maxlen: 24
                          46.238.224.0/22 maxlen: 22
                          46.238.228.0/22 maxlen: 22
                          46.238.232.0/24 maxlen: 24
                          46.238.234.0/23 maxlen: 23
                          46.238.239.0/24 maxlen: 24
                          46.238.248.0/21 maxlen: 21
                          46.239.144.0/20 maxlen: 20
                          46.239.160.0/20 maxlen: 20
                          89.191.144.0/20 maxlen: 24
                          94.141.128.0/19 maxlen: 19
                          212.122.216.0/22 maxlen: 22
                          212.122.220.0/22 maxlen: 22
                          2001:90c::/31 maxlen: 31
                          2001:90e::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:93:25:b7:ab:d8:77:27:9d:23:bb:0e:d8:e9:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2e8f56bc1f5010291681bc2d8c02f9acbf714a0
        Validity
            Not Before: Jan  2 01:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aeb7b75b822095f875a8cdde56279146dbac0a6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:58:95:64:05:2e:8a:84:5b:b2:44:e5:d2:bd:
                    02:61:d2:44:29:c3:ac:f3:66:de:a2:e2:af:21:6c:
                    87:48:44:11:6c:97:13:bc:01:3a:8e:cf:47:9d:39:
                    ae:37:e8:a7:b9:fb:0e:7a:53:da:ab:7f:81:70:57:
                    3d:d2:72:25:75:55:2d:cd:ca:e3:75:2b:95:56:45:
                    44:45:1d:2c:e4:f3:b3:02:a8:9d:3c:1a:23:a4:ce:
                    31:e5:e9:2f:b2:f7:37:c1:c2:90:7d:18:77:80:f7:
                    6f:aa:62:3e:b0:61:40:df:ba:cc:89:4f:dd:55:b2:
                    ea:7b:44:8c:9f:33:c7:de:2b:3b:7d:34:4c:dc:3d:
                    66:9f:9b:93:ba:d3:d6:b9:b5:79:d7:d3:0b:ad:79:
                    0e:50:33:72:d3:28:a6:df:bd:fe:37:1b:8b:a5:91:
                    ea:0e:2b:e6:48:26:df:e3:ef:5a:f7:50:7a:38:18:
                    d1:7e:56:36:6d:f7:c9:84:bf:58:5b:68:e8:39:4e:
                    86:d3:44:6b:f5:04:df:ce:dc:bf:e9:31:ee:59:b9:
                    ce:92:0a:37:78:61:be:d5:c7:ba:6c:fb:61:fa:59:
                    35:d9:6b:ba:83:5f:a7:b8:52:9b:58:81:d6:3f:a7:
                    4f:d2:ac:06:46:31:bf:6b:04:c6:ef:6a:2e:64:6c:
                    98:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:B7:B7:5B:82:20:95:F8:75:A8:CD:DE:56:27:91:46:DB:AC:0A:6A
            X509v3 Authority Key Identifier:
                keyid:E2:E8:F5:6B:C1:F5:01:02:91:68:1B:C2:D8:C0:2F:9A:CB:F7:14:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4uj1a8H1AQKRaBvC2MAvmsv3FKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/rre3W4Iglfh1qM3eVieRRtusCmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/4uj1a8H1AQKRaBvC2MAvmsv3FKA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.238.192.0-46.238.232.255
                  46.238.234.0/23
                  46.238.239.0/24
                  46.238.248.0/21
                  46.239.144.0-46.239.175.255
                  89.191.144.0/20
                  94.141.128.0/19
                  212.122.216.0/21
                IPv6:
                  2001:90c::-2001:90e:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         75:d0:d4:c4:c8:4c:95:5d:0c:10:15:4f:3b:73:ca:94:35:7f:
         81:c0:db:11:20:b7:b5:6d:cd:02:12:41:f5:ac:b0:94:82:de:
         09:ee:80:5f:22:11:4c:42:68:43:79:64:45:fc:84:1e:7b:64:
         59:af:f9:96:97:db:0a:4b:4f:3e:21:e2:fe:a8:86:38:c7:89:
         66:28:8b:04:18:8f:fb:1e:16:22:b5:f4:2a:79:ed:5d:99:74:
         1f:dc:b8:42:e9:73:ae:4e:a0:70:9a:4a:15:8c:bd:a3:2f:c1:
         6d:61:e1:b5:cc:83:91:17:cb:38:1d:a7:a0:d1:a6:52:9d:9e:
         8c:16:b6:74:fa:32:bc:20:d2:c8:29:5c:29:62:2a:dd:9f:f1:
         39:39:7a:ab:cd:fa:b3:c8:08:39:78:08:38:63:3b:05:49:30:
         51:6b:b8:17:4a:c3:b6:44:cd:c1:b1:3f:e5:45:86:64:46:57:
         be:df:48:60:a2:69:2f:fb:de:1e:9f:cd:69:0e:2f:ad:4d:83:
         87:d0:8b:07:7a:1f:32:b3:49:e8:39:9e:91:3d:11:f7:21:a9:
         b0:d4:a3:e3:9f:a5:99:5d:c2:c4:96:a6:a5:41:0c:53:be:9e:
         70:ed:c5:ae:d3:90:74:d9:f6:cc:36:c2:26:12:61:b4:83:d7:
         6f:df:7f:02
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAZQkspMlt6vYdyedI7sO2OmuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZThmNTZiYzFmNTAxMDI5MTY4MWJjMmQ4YzAyZjlhY2Jm
NzE0YTAwHhcNMjUwMTAyMDE0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWI3Yjc1YjgyMjA5NWY4NzVhOGNkZGU1NjI3OTE0NmRiYWMwYTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArViVZAUuioRbskTl0r0CYdJEKcOs
82beouKvIWyHSEQRbJcTvAE6js9HnTmuN+inufsOelPaq3+BcFc90nIldVUtzcrj
dSuVVkVERR0s5POzAqidPBojpM4x5ekvsvc3wcKQfRh3gPdvqmI+sGFA37rMiU/d
VbLqe0SMnzPH3is7fTRM3D1mn5uTutPWubV519MLrXkOUDNy0yim373+NxuLpZHq
DivmSCbf4+9a91B6OBjRflY2bffJhL9YW2joOU6G00Rr9QTfzty/6THuWbnOkgo3
eGG+1ce6bPth+lk12Wu6g1+nuFKbWIHWP6dP0qwGRjG/awTG72ouZGyYlQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFK63t1uCIJX4dajN3lYnkUbbrApqMB8GA1UdIwQY
MBaAFOLo9WvB9QECkWgbwtjAL5rL9xSgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHVqMWE4SDFBUUtSYUJ2QzJNQXZtc3YzRktBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC84MDQyYmYtNzFiYS00ZmJkLTllMTct
NDQ3ZWRjNGY5YWY2LzEvcnJlM1c0SWdsZmgxcU0zZVZpZVJSdHVzQ21vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC84MDQyYmYtNzFiYS00ZmJkLTllMTctNDQ3ZWRjNGY5YWY2
LzEvNHVqMWE4SDFBUUtSYUJ2QzJNQXZtc3YzRktBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBGBAIAATBAMAwDBAYu7sAD
BAAu7ugDBAEu7uoDBAAu7u8DBAMu7vgwDAMEBC7vkAMEBC7voAMEBFm/kAMEBV6N
gAMEA9R62DAWBAIAAjAQMA4DBQIgAQkMAwUAIAEJDjANBgkqhkiG9w0BAQsFAAOC
AQEAddDUxMhMlV0MEBVPO3PKlDV/gcDbESC3tW3NAhJB9aywlILeCe6AXyIRTEJo
Q3lkRfyEHntkWa/5lpfbCktPPiHi/qiGOMeJZiiLBBiP+x4WIrX0KnntXZl0H9y4
Qulzrk6gcJpKFYy9oy/BbWHhtcyDkRfLOB2noNGmUp2ejBa2dPoyvCDSyClcKWIq
3Z/xOTl6q836s8gIOXgIOGM7BUkwUWu4F0rDtkTNwbE/5UWGZEZXvt9IYKJpL/ve
Hp/NaQ4vrU2Dh9CLB3ofMrNJ6DmekT0R9yGpsNSj45+lmV3CxJampUEMU76ecO3F
rtOQdNn2zDbCJhJhtIPXb99/Ag==
-----END CERTIFICATE-----