Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/iBm_nleUbu7zG2yhTM8e6MdS9CM.roa
File:                     iBm_nleUbu7zG2yhTM8e6MdS9CM.roa (raw, json)
Hash identifier:          6E9IJHdRNDgzTSIdwSFE5QhmL7tpMyjTB0okAPytvXs=
Subject key identifier:   88:19:BF:9E:57:94:6E:EE:F3:1B:6C:A1:4C:CF:1E:E8:C7:52:F4:23
Certificate issuer:       /CN=aa2a58c697a1449976b0d11d6f126025e14089c6
Certificate serial:       019425215AB5307AB8257E7D6FA2818CFFCF
Authority key identifier: AA:2A:58:C6:97:A1:44:99:76:B0:D1:1D:6F:12:60:25:E1:40:89:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qipYxpehRJl2sNEdbxJgJeFAicY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/iBm_nleUbu7zG2yhTM8e6MdS9CM.roa
Signing time:             Thu 02 Jan 2025 03:48:50 +0000
ROA not before:           Thu 02 Jan 2025 03:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44507
IP address blocks:        5.175.88.0/21 maxlen: 21
                          46.42.0.0/18 maxlen: 18
                          46.42.8.0/21 maxlen: 21
                          46.42.16.0/21 maxlen: 21
                          46.42.24.0/21 maxlen: 21
                          46.42.32.0/21 maxlen: 21
                          46.42.40.0/21 maxlen: 21
                          46.42.48.0/21 maxlen: 21
                          46.42.56.0/21 maxlen: 21
                          46.228.96.0/20 maxlen: 20
                          134.90.152.0/21 maxlen: 21
                          146.247.32.0/21 maxlen: 21
                          178.57.32.0/21 maxlen: 21
                          178.57.40.0/21 maxlen: 21
                          178.57.48.0/21 maxlen: 21
                          185.16.56.0/22 maxlen: 22
                          188.120.48.0/20 maxlen: 20
                          194.58.160.0/21 maxlen: 21
                          194.58.176.0/21 maxlen: 21

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:5a:b5:30:7a:b8:25:7e:7d:6f:a2:81:8c:ff:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa2a58c697a1449976b0d11d6f126025e14089c6
        Validity
            Not Before: Jan  2 03:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8819bf9e57946eeef31b6ca14ccf1ee8c752f423
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:4f:41:b1:81:d9:06:39:32:59:ff:32:95:ab:
                    13:29:da:b0:1b:c8:e6:4e:40:c4:be:2a:2f:b3:4f:
                    62:71:73:17:33:7c:0e:38:d1:fb:34:04:2c:3e:be:
                    c6:a9:12:82:bc:06:42:70:f4:ef:10:0b:80:5a:a2:
                    86:83:c6:63:3f:c3:8c:1b:03:fe:cd:32:ca:32:43:
                    86:1b:a8:3e:0c:6a:b6:83:e9:55:25:d7:44:7f:73:
                    56:a6:fe:c8:0d:91:32:ce:eb:e6:fc:f8:00:f0:5c:
                    dd:83:25:9d:70:12:39:2d:5f:ce:7e:de:ff:6e:4e:
                    b0:b0:c1:97:05:1e:dc:6a:ed:fb:d4:7e:a7:6e:8b:
                    83:d8:0e:68:7b:33:93:c0:81:2f:c8:d5:ea:d2:01:
                    89:b1:ab:28:af:68:27:8e:90:7c:26:b3:75:06:df:
                    c8:56:90:34:91:ce:f6:f5:d5:79:5d:2f:e9:01:b9:
                    a6:21:22:87:5f:05:31:07:d7:38:25:aa:24:92:bb:
                    ad:3c:db:27:51:fc:f6:74:57:6d:d3:d1:07:d2:26:
                    83:a9:cd:ef:2d:b5:db:e1:31:78:ba:c9:fb:f7:c5:
                    99:8c:59:cc:c5:3e:a4:38:ae:2d:97:57:39:a1:bd:
                    2d:c0:71:95:99:55:3e:c3:68:e9:84:3f:03:1c:81:
                    53:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:19:BF:9E:57:94:6E:EE:F3:1B:6C:A1:4C:CF:1E:E8:C7:52:F4:23
            X509v3 Authority Key Identifier:
                keyid:AA:2A:58:C6:97:A1:44:99:76:B0:D1:1D:6F:12:60:25:E1:40:89:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qipYxpehRJl2sNEdbxJgJeFAicY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/iBm_nleUbu7zG2yhTM8e6MdS9CM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/qipYxpehRJl2sNEdbxJgJeFAicY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.88.0/21
                  46.42.0.0/18
                  46.228.96.0/20
                  134.90.152.0/21
                  146.247.32.0/21
                  178.57.32.0-178.57.55.255
                  185.16.56.0/22
                  188.120.48.0/20
                  194.58.160.0/21
                  194.58.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4d:a0:4c:72:1c:b2:0d:b6:75:c9:c8:9a:a2:be:fd:e2:d3:f9:
         1f:cf:5c:92:4b:5f:01:f8:3c:f9:ac:06:8f:d0:26:e8:03:04:
         80:65:1f:7b:ec:db:de:93:78:ee:9d:27:39:6a:73:5f:84:52:
         6f:16:c6:a3:10:33:51:8d:8f:0c:eb:ca:d6:bf:e9:97:1c:39:
         ce:3b:8b:83:27:3b:16:2d:65:c0:b3:f0:69:61:79:23:f4:a3:
         57:6e:0f:04:df:9a:b9:0c:38:1c:da:67:9e:6c:db:af:e5:8d:
         c4:45:20:bf:85:7d:1b:b6:59:c9:7b:44:d1:97:fe:0c:d8:5f:
         3e:9e:82:90:f2:59:29:7a:9f:6c:12:bc:cc:10:3b:42:1f:26:
         7f:9c:0f:0a:f3:4d:67:64:a6:92:ec:94:5f:42:f6:9e:cd:15:
         5d:a0:09:de:4a:2b:4f:dd:42:50:94:f9:47:5c:a2:4d:0a:4f:
         88:df:a4:63:2d:71:6e:9f:c1:d3:1a:56:64:57:e0:7f:cb:1d:
         57:6f:90:f1:45:d0:81:61:84:f2:7d:4f:ab:73:31:f7:11:71:
         47:eb:17:4a:bb:cd:73:37:9b:c9:fa:ea:f8:49:02:c7:ec:5e:
         61:74:2f:73:fb:20:50:56:28:4b:7b:32:c0:3b:8d:69:06:25:
         a5:2e:18:0e
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZQlIVq1MHq4JX59b6KBjP/PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMmE1OGM2OTdhMTQ0OTk3NmIwZDExZDZmMTI2MDI1ZTE0
MDg5YzYwHhcNMjUwMTAyMDM0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODE5YmY5ZTU3OTQ2ZWVlZjMxYjZjYTE0Y2NmMWVlOGM3NTJmNDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmk9BsYHZBjkyWf8ylasTKdqwG8jm
TkDEviovs09icXMXM3wOONH7NAQsPr7GqRKCvAZCcPTvEAuAWqKGg8ZjP8OMGwP+
zTLKMkOGG6g+DGq2g+lVJddEf3NWpv7IDZEyzuvm/PgA8FzdgyWdcBI5LV/Oft7/
bk6wsMGXBR7cau371H6nbouD2A5oezOTwIEvyNXq0gGJsasor2gnjpB8JrN1Bt/I
VpA0kc729dV5XS/pAbmmISKHXwUxB9c4JaokkrutPNsnUfz2dFdt09EH0iaDqc3v
LbXb4TF4usn798WZjFnMxT6kOK4tl1c5ob0twHGVmVU+w2jphD8DHIFTnQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFIgZv55XlG7u8xtsoUzPHujHUvQjMB8GA1UdIwQY
MBaAFKoqWMaXoUSZdrDRHW8SYCXhQInGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWlwWXhwZWhSSmwyc05FZGJ4SmdKZUZBaWNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8zMTQyYTUtZDkyZC00ZDA2LTgyMjgt
YmU2MjJjMzEzMmRmLzEvaUJtX25sZVVidTd6RzJ5aFRNOGU2TWRTOUNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8zMTQyYTUtZDkyZC00ZDA2LTgyMjgtYmU2MjJjMzEzMmRm
LzEvcWlwWXhwZWhSSmwyc05FZGJ4SmdKZUZBaWNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQDBa9YAwQG
LioAAwQELuRgAwQDhlqYAwQDkvcgMAwDBAWyOSADBAOyOTADBAK5EDgDBAS8eDAD
BAPCOqADBAPCOrAwDQYJKoZIhvcNAQELBQADggEBAE2gTHIcsg22dcnImqK+/eLT
+R/PXJJLXwH4PPmsBo/QJugDBIBlH3vs296TeO6dJzlqc1+EUm8WxqMQM1GNjwzr
yta/6ZccOc47i4MnOxYtZcCz8GlheSP0o1duDwTfmrkMOBzaZ55s26/ljcRFIL+F
fRu2Wcl7RNGX/gzYXz6egpDyWSl6n2wSvMwQO0IfJn+cDwrzTWdkppLslF9C9p7N
FV2gCd5KK0/dQlCU+Udcok0KT4jfpGMtcW6fwdMaVmRX4H/LHVdvkPFF0IFhhPJ9
T6tzMfcRcUfrF0q7zXM3m8n66vhJAsfsXmF0L3P7IFBWKEt7MsA7jWkGJaUuGA4=
-----END CERTIFICATE-----