Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/600aea-9ea5-4c67-a602-ab1a87ecdf1b/1/BrQq7YEFajNSVsBn6S_XP8bHPLY.roa
File:                     BrQq7YEFajNSVsBn6S_XP8bHPLY.roa (raw, json)
Hash identifier:          egGSnJVF4ZpifdFK3Q0Rkj8+zW1UTdDs4D8hficQgOQ=
Subject key identifier:   06:B4:2A:ED:81:05:6A:33:52:56:C0:67:E9:2F:D7:3F:C6:C7:3C:B6
Certificate issuer:       /CN=48e06a351a5189bcdc44840948dbfb40abf58be5
Certificate serial:       01942746D20986880FF335D8EA3DBAF3185C
Authority key identifier: 48:E0:6A:35:1A:51:89:BC:DC:44:84:09:48:DB:FB:40:AB:F5:8B:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SOBqNRpRibzcRIQJSNv7QKv1i-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/600aea-9ea5-4c67-a602-ab1a87ecdf1b/1/BrQq7YEFajNSVsBn6S_XP8bHPLY.roa
Signing time:             Thu 02 Jan 2025 13:49:00 +0000
ROA not before:           Thu 02 Jan 2025 13:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57811
IP address blocks:        185.73.211.0/24 maxlen: 24
                          188.64.80.0/23 maxlen: 23
                          188.64.82.0/24 maxlen: 24
                          188.64.83.0/24 maxlen: 24
                          188.64.84.0/24 maxlen: 24
                          188.64.85.0/24 maxlen: 24
                          188.64.86.0/24 maxlen: 24
                          188.64.87.0/24 maxlen: 24
                          2a00:8dc0::/32 maxlen: 48
                          2a00:8dc0::/40 maxlen: 40
                          2a00:8dc0:1000::/40 maxlen: 40
                          2a00:8dc0:1100::/40 maxlen: 40
                          2a00:8dc0:1200::/40 maxlen: 40
                          2a00:8dc0:1300::/40 maxlen: 40
                          2a00:8dc0:1400::/40 maxlen: 40
                          2a00:8dc0:1500::/40 maxlen: 40
                          2a00:8dc0:1600::/40 maxlen: 40
                          2a00:8dc0:aa00::/48 maxlen: 48
                          2a00:8dc0:b000::/40 maxlen: 40

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:d2:09:86:88:0f:f3:35:d8:ea:3d:ba:f3:18:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48e06a351a5189bcdc44840948dbfb40abf58be5
        Validity
            Not Before: Jan  2 13:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06b42aed81056a335256c067e92fd73fc6c73cb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:d5:1c:a2:4f:ba:1d:11:90:03:d5:21:d0:6e:
                    74:3b:11:19:3f:2b:ce:46:a2:86:40:25:ae:d2:45:
                    dd:89:e1:0e:cf:f3:cc:28:b4:72:15:17:26:6b:d5:
                    d6:ab:78:af:54:16:5f:9c:21:80:ce:a9:1c:a9:be:
                    e9:63:eb:64:8d:bf:cc:ec:df:95:2b:55:6b:25:d8:
                    42:85:0f:58:42:f7:61:64:f8:04:45:08:4a:95:29:
                    31:47:52:fd:c3:5e:b1:4f:d0:7c:c2:e2:0b:d1:c1:
                    09:80:f5:02:ce:47:a4:11:3b:11:5a:cc:9a:ab:1d:
                    26:96:83:fb:e0:c4:e7:1b:d6:dd:4d:3c:cf:2d:e5:
                    95:e7:fc:f1:15:05:e8:4e:db:76:41:6f:b7:25:56:
                    c2:cb:df:4f:7b:68:b1:50:ba:c6:77:53:37:aa:69:
                    e8:97:8d:d8:3c:dc:f9:74:b0:69:34:0a:72:13:e7:
                    72:57:f1:0f:d3:b5:7c:7b:de:2d:d0:23:d4:50:a7:
                    0d:4d:b3:9f:55:4a:a9:37:ff:4a:62:6f:5a:e3:8a:
                    14:30:08:b6:85:6d:49:46:86:b5:5d:18:19:b6:e1:
                    08:33:c9:63:fc:c8:fb:38:ad:09:a1:cd:28:af:d8:
                    40:05:08:d2:b3:84:ba:ef:84:c7:ad:f8:4a:8a:91:
                    6c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:B4:2A:ED:81:05:6A:33:52:56:C0:67:E9:2F:D7:3F:C6:C7:3C:B6
            X509v3 Authority Key Identifier:
                keyid:48:E0:6A:35:1A:51:89:BC:DC:44:84:09:48:DB:FB:40:AB:F5:8B:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SOBqNRpRibzcRIQJSNv7QKv1i-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/600aea-9ea5-4c67-a602-ab1a87ecdf1b/1/BrQq7YEFajNSVsBn6S_XP8bHPLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/600aea-9ea5-4c67-a602-ab1a87ecdf1b/1/SOBqNRpRibzcRIQJSNv7QKv1i-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.211.0/24
                  188.64.80.0/21
                IPv6:
                  2a00:8dc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         26:b7:0d:42:9c:8a:94:0a:71:03:87:4b:53:90:32:3d:be:06:
         f5:da:d9:93:4f:77:93:a7:b1:93:26:5d:b4:01:bb:f1:b2:f4:
         d0:90:bf:4f:7d:aa:1a:bf:92:d8:aa:53:e6:1e:c7:29:dd:7e:
         4c:0b:13:85:f9:25:88:1b:00:58:8e:85:5f:da:d3:c2:b7:1c:
         03:79:ec:57:37:db:9b:30:9e:b7:0c:de:0e:79:67:c9:50:ca:
         0c:0a:bd:19:3f:6c:b3:ba:80:ec:54:84:4d:a5:47:f6:fa:5b:
         6a:4b:96:94:cb:23:e0:05:24:24:a0:f8:ca:50:40:5b:28:71:
         bc:7c:90:62:ea:b0:8b:0d:52:8e:f3:64:1a:c8:15:a1:e8:48:
         66:6b:31:a0:2a:18:a0:df:1a:d4:4d:b7:09:bf:16:61:f4:bc:
         5a:64:85:dd:98:28:52:fe:42:c4:04:ff:66:6d:3c:cd:d7:32:
         1a:16:05:34:9a:bb:bd:d0:54:a8:9e:87:44:cb:d2:63:91:f6:
         d6:46:7d:4d:31:4f:60:b7:30:0a:bc:22:8c:74:2b:32:a2:1c:
         6b:35:23:ad:f6:0b:17:8e:c9:18:11:4f:ac:82:4e:68:51:6d:
         98:ce:0c:6b:bb:74:24:30:f7:05:68:b2:51:3e:10:b0:53:97:
         88:ae:1e:c2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQnRtIJhogP8zXY6j268xhcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4ZTA2YTM1MWE1MTg5YmNkYzQ0ODQwOTQ4ZGJmYjQwYWJm
NThiZTUwHhcNMjUwMTAyMTM0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmI0MmFlZDgxMDU2YTMzNTI1NmMwNjdlOTJmZDczZmM2YzczY2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1dUcok+6HRGQA9Uh0G50OxEZPyvO
RqKGQCWu0kXdieEOz/PMKLRyFRcma9XWq3ivVBZfnCGAzqkcqb7pY+tkjb/M7N+V
K1VrJdhChQ9YQvdhZPgERQhKlSkxR1L9w16xT9B8wuIL0cEJgPUCzkekETsRWsya
qx0mloP74MTnG9bdTTzPLeWV5/zxFQXoTtt2QW+3JVbCy99Pe2ixULrGd1M3qmno
l43YPNz5dLBpNApyE+dyV/EP07V8e94t0CPUUKcNTbOfVUqpN/9KYm9a44oUMAi2
hW1JRoa1XRgZtuEIM8lj/Mj7OK0Joc0or9hABQjSs4S674THrfhKipFsJwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAa0Ku2BBWozUlbAZ+kv1z/Gxzy2MB8GA1UdIwQY
MBaAFEjgajUaUYm83ESECUjb+0Cr9YvlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU09CcU5ScFJpYnpjUklRSlNOdjdRS3YxaS1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82MDBhZWEtOWVhNS00YzY3LWE2MDIt
YWIxYTg3ZWNkZjFiLzEvQnJRcTdZRUZhak5TVnNCbjZTX1hQOGJIUExZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82MDBhZWEtOWVhNS00YzY3LWE2MDItYWIxYTg3ZWNkZjFi
LzEvU09CcU5ScFJpYnpjUklRSlNOdjdRS3YxaS1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuUnTAwQD
vEBQMA0EAgACMAcDBQAqAI3AMA0GCSqGSIb3DQEBCwUAA4IBAQAmtw1CnIqUCnED
h0tTkDI9vgb12tmTT3eTp7GTJl20AbvxsvTQkL9Pfaoav5LYqlPmHscp3X5MCxOF
+SWIGwBYjoVf2tPCtxwDeexXN9ubMJ63DN4OeWfJUMoMCr0ZP2yzuoDsVIRNpUf2
+ltqS5aUyyPgBSQkoPjKUEBbKHG8fJBi6rCLDVKO82QayBWh6EhmazGgKhig3xrU
TbcJvxZh9LxaZIXdmChS/kLEBP9mbTzN1zIaFgU0mru90FSonodEy9JjkfbWRn1N
MU9gtzAKvCKMdCsyohxrNSOt9gsXjskYEU+sgk5oUW2Yzgxru3QkMPcFaLJRPhCw
U5eIrh7C
-----END CERTIFICATE-----