Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/af5078-2243-4fdb-ab2b-2d847a3f7d2f/1/4MlBcLkACtQP09DCmTzQOZzBiyU.roa
File:                     4MlBcLkACtQP09DCmTzQOZzBiyU.roa (raw, json)
Hash identifier:          VC+StI3JXPJWvc2fZQnaWQlAtRDc6F/BQhSkSjXucPs=
Subject key identifier:   E0:C9:41:70:B9:00:0A:D4:0F:D3:D0:C2:99:3C:D0:39:9C:C1:8B:25
Certificate issuer:       /CN=0f47dc7ff485b8413be38f5bee80917330b31738
Certificate serial:       019421B21A368304197FE6F3D652D640E369
Authority key identifier: 0F:47:DC:7F:F4:85:B8:41:3B:E3:8F:5B:EE:80:91:73:30:B3:17:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D0fcf_SFuEE7449b7oCRczCzFzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/af5078-2243-4fdb-ab2b-2d847a3f7d2f/1/4MlBcLkACtQP09DCmTzQOZzBiyU.roa
Signing time:             Wed 01 Jan 2025 11:48:27 +0000
ROA not before:           Wed 01 Jan 2025 11:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44858
IP address blocks:        93.95.0.0/21 maxlen: 21
                          93.95.0.0/24 maxlen: 24
                          93.95.1.0/24 maxlen: 24
                          93.95.2.0/24 maxlen: 24
                          93.95.3.0/24 maxlen: 24
                          93.95.4.0/24 maxlen: 24
                          93.95.5.0/24 maxlen: 24
                          93.95.6.0/24 maxlen: 24
                          93.95.7.0/24 maxlen: 24
                          2a03:5d80::/32 maxlen: 32
                          2a03:5d80::/36 maxlen: 36
                          2a03:5d80:1000::/36 maxlen: 36
                          2a03:5d80:2000::/36 maxlen: 36
                          2a03:5d80:3000::/36 maxlen: 36
                          2a03:5d80:4000::/36 maxlen: 36
                          2a03:5d80:5000::/36 maxlen: 36
                          2a03:5d80:6000::/36 maxlen: 36
                          2a03:5d80:7000::/36 maxlen: 36
                          2a03:5d80:8000::/36 maxlen: 36
                          2a03:5d80:9000::/36 maxlen: 36
                          2a03:5d80:a000::/36 maxlen: 36
                          2a03:5d80:b000::/36 maxlen: 36
                          2a03:5d80:c000::/36 maxlen: 36
                          2a03:5d80:d000::/36 maxlen: 36
                          2a03:5d80:e000::/36 maxlen: 36
                          2a03:5d80:f000::/36 maxlen: 36

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:1a:36:83:04:19:7f:e6:f3:d6:52:d6:40:e3:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f47dc7ff485b8413be38f5bee80917330b31738
        Validity
            Not Before: Jan  1 11:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0c94170b9000ad40fd3d0c2993cd0399cc18b25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a9:51:84:26:fd:8f:5a:06:ca:2f:e8:b6:2b:
                    4f:b3:e2:2b:1b:53:5e:68:31:6d:bf:a3:6a:c4:5c:
                    1b:0b:83:e9:e1:ec:81:5a:cd:e1:f3:43:27:19:d4:
                    6b:58:86:27:a5:97:19:d8:c8:33:c2:cc:57:ac:e9:
                    79:b4:7d:61:c6:48:8f:d8:e3:5c:c2:6a:e6:83:93:
                    d9:00:c1:2f:be:ec:21:10:a2:51:8f:2c:49:e1:71:
                    cd:6b:19:f9:6f:cb:b2:61:4b:82:58:ea:02:18:12:
                    b0:70:8c:19:1d:14:90:00:ba:34:41:68:71:3f:73:
                    cf:b4:a3:fb:c6:e5:66:ff:a4:e5:f3:e7:ce:e6:5a:
                    cf:bd:9a:9a:56:cc:cc:67:0f:ee:ba:31:2b:31:b9:
                    1d:c4:f8:fd:9c:c0:5d:34:80:3d:7b:9a:e7:df:1e:
                    0c:e1:e4:0e:77:3c:2d:83:eb:b2:4c:63:72:43:7d:
                    bc:ee:e3:80:f1:cc:a0:77:78:5c:81:04:ea:3d:aa:
                    9a:4a:bf:42:40:c1:ee:1a:26:cb:9f:24:8a:d2:9c:
                    bd:fe:e3:53:5b:9e:f8:b4:6e:a6:dd:63:5d:5d:f1:
                    ad:7c:08:86:b7:20:f5:27:7a:28:76:52:f6:0b:9b:
                    40:b9:b0:1b:3c:a7:e0:dd:74:17:0c:11:a6:50:00:
                    d8:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:C9:41:70:B9:00:0A:D4:0F:D3:D0:C2:99:3C:D0:39:9C:C1:8B:25
            X509v3 Authority Key Identifier:
                keyid:0F:47:DC:7F:F4:85:B8:41:3B:E3:8F:5B:EE:80:91:73:30:B3:17:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D0fcf_SFuEE7449b7oCRczCzFzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/af5078-2243-4fdb-ab2b-2d847a3f7d2f/1/4MlBcLkACtQP09DCmTzQOZzBiyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/af5078-2243-4fdb-ab2b-2d847a3f7d2f/1/D0fcf_SFuEE7449b7oCRczCzFzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.0.0/21
                IPv6:
                  2a03:5d80::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:c3:62:ce:74:d7:5f:f0:46:f4:f8:f4:9a:57:0b:c0:5f:52:
         d2:b6:3a:a9:07:3b:f9:1c:69:1f:dc:d1:93:a1:33:4b:50:6b:
         d4:35:b0:5b:f0:95:41:00:7d:b9:24:89:6f:79:e4:ca:51:e9:
         3c:07:28:10:56:23:e2:c8:28:ec:06:06:51:f3:34:6d:dd:e3:
         7e:25:9c:15:af:72:e0:34:3a:5f:91:ba:a8:13:cc:d9:66:a8:
         43:96:2c:39:04:d1:63:5f:ce:c0:27:19:18:a6:16:d1:e3:49:
         56:e6:76:64:a5:d3:bd:00:a3:8c:82:24:28:a3:04:38:ef:88:
         36:f0:4a:d1:2e:7a:6c:8f:3f:51:89:d4:cf:2d:4d:51:53:4f:
         ec:5d:d0:b2:bf:90:2b:0b:ae:77:40:d0:f8:60:dc:6f:4c:7f:
         4a:a2:d1:a8:51:13:13:10:4a:e4:50:27:cb:46:86:6d:70:0f:
         83:da:9c:8c:6a:b7:ec:66:0e:61:06:04:32:98:15:9e:f7:2d:
         4b:b9:7b:6c:2f:9b:43:60:b1:48:ac:fc:38:ac:72:3b:ba:7f:
         25:1f:d2:00:fd:34:9a:af:d1:e7:46:26:0d:49:cc:2e:ca:df:
         0c:77:c5:84:a5:a0:30:c4:a6:97:0d:19:e2:dd:08:4c:21:45:
         33:bf:06:82
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhsho2gwQZf+bz1lLWQONpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNDdkYzdmZjQ4NWI4NDEzYmUzOGY1YmVlODA5MTczMzBi
MzE3MzgwHhcNMjUwMTAxMTE0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGM5NDE3MGI5MDAwYWQ0MGZkM2QwYzI5OTNjZDAzOTljYzE4YjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqlRhCb9j1oGyi/otitPs+IrG1Ne
aDFtv6NqxFwbC4Pp4eyBWs3h80MnGdRrWIYnpZcZ2MgzwsxXrOl5tH1hxkiP2ONc
wmrmg5PZAMEvvuwhEKJRjyxJ4XHNaxn5b8uyYUuCWOoCGBKwcIwZHRSQALo0QWhx
P3PPtKP7xuVm/6Tl8+fO5lrPvZqaVszMZw/uujErMbkdxPj9nMBdNIA9e5rn3x4M
4eQOdzwtg+uyTGNyQ3287uOA8cygd3hcgQTqPaqaSr9CQMHuGibLnySK0py9/uNT
W574tG6m3WNdXfGtfAiGtyD1J3oodlL2C5tAubAbPKfg3XQXDBGmUADY3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFODJQXC5AArUD9PQwpk80DmcwYslMB8GA1UdIwQY
MBaAFA9H3H/0hbhBO+OPW+6AkXMwsxc4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDBmY2ZfU0Z1RUU3NDQ5YjdvQ1JjekN6RnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9hZjUwNzgtMjI0My00ZmRiLWFiMmIt
MmQ4NDdhM2Y3ZDJmLzEvNE1sQmNMa0FDdFFQMDlEQ21UelFPWnpCaXlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9hZjUwNzgtMjI0My00ZmRiLWFiMmItMmQ4NDdhM2Y3ZDJm
LzEvRDBmY2ZfU0Z1RUU3NDQ5YjdvQ1JjekN6RnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDXV8AMA0E
AgACMAcDBQAqA12AMA0GCSqGSIb3DQEBCwUAA4IBAQBSw2LOdNdf8Eb0+PSaVwvA
X1LStjqpBzv5HGkf3NGToTNLUGvUNbBb8JVBAH25JIlveeTKUek8BygQViPiyCjs
BgZR8zRt3eN+JZwVr3LgNDpfkbqoE8zZZqhDliw5BNFjX87AJxkYphbR40lW5nZk
pdO9AKOMgiQoowQ474g28ErRLnpsjz9RidTPLU1RU0/sXdCyv5ArC653QND4YNxv
TH9KotGoURMTEErkUCfLRoZtcA+D2pyMarfsZg5hBgQymBWe9y1LuXtsL5tDYLFI
rPw4rHI7un8lH9IA/TSar9HnRiYNScwuyt8Md8WEpaAwxKaXDRni3QhMIUUzvwaC
-----END CERTIFICATE-----