Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/4d089e-5d1c-4e34-9465-fa6348f695b5/1/QzP1aoGPXGxJycT8WgKApOj77l0.roa
File:                     QzP1aoGPXGxJycT8WgKApOj77l0.roa (raw, json)
Hash identifier:          V7t4vTx6viAWD2iCQY/J3lBZgTlKZ4hL2/EnpmHNbk4=
Subject key identifier:   43:33:F5:6A:81:8F:5C:6C:49:C9:C4:FC:5A:02:80:A4:E8:FB:EE:5D
Certificate issuer:       /CN=e4b1306101cc9ec9fce985280c1db0f37c135a3a
Certificate serial:       01942143A8372B846C83FBA1D531279D8C56
Authority key identifier: E4:B1:30:61:01:CC:9E:C9:FC:E9:85:28:0C:1D:B0:F3:7C:13:5A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5LEwYQHMnsn86YUoDB2w83wTWjo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/4d089e-5d1c-4e34-9465-fa6348f695b5/1/QzP1aoGPXGxJycT8WgKApOj77l0.roa
Signing time:             Wed 01 Jan 2025 09:47:49 +0000
ROA not before:           Wed 01 Jan 2025 09:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47165
IP address blocks:        46.233.192.0/18 maxlen: 18
                          62.182.192.0/21 maxlen: 21
                          94.137.0.0/20 maxlen: 20
                          94.137.16.0/20 maxlen: 20
                          94.137.32.0/20 maxlen: 20
                          94.137.48.0/20 maxlen: 20
                          109.120.0.0/20 maxlen: 20
                          109.120.16.0/20 maxlen: 20
                          109.120.32.0/20 maxlen: 20
                          109.120.48.0/20 maxlen: 20
                          176.62.64.0/18 maxlen: 18
                          178.74.64.0/18 maxlen: 18
                          185.13.176.0/22 maxlen: 22
                          217.25.208.0/20 maxlen: 20
                          2a02:ddc0::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:a8:37:2b:84:6c:83:fb:a1:d5:31:27:9d:8c:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4b1306101cc9ec9fce985280c1db0f37c135a3a
        Validity
            Not Before: Jan  1 09:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4333f56a818f5c6c49c9c4fc5a0280a4e8fbee5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:54:60:53:b8:46:e0:f4:a2:88:e2:16:c8:4f:
                    3e:eb:12:8c:76:24:4b:87:b5:c4:d9:83:ec:19:3c:
                    e0:ce:6c:8b:7b:8a:af:c0:92:e5:ac:7c:58:b2:b5:
                    b4:17:92:3c:be:10:0b:6a:10:ba:2c:71:0d:ad:5d:
                    15:ef:16:2f:d0:54:b1:25:bf:4c:bb:77:17:61:8d:
                    dd:5d:13:a4:97:7f:a4:fc:e6:7d:2d:81:c0:7c:fa:
                    a2:36:04:d2:1f:de:b1:41:65:07:de:f5:ec:76:68:
                    2e:4f:2f:52:69:a0:39:2d:ec:c7:72:59:17:a5:63:
                    26:c3:c2:e7:f1:c5:0b:37:08:9c:d1:44:ae:a9:1c:
                    2f:5a:5c:2e:0b:29:00:89:49:47:2f:d2:95:f9:53:
                    a0:5a:8e:32:1f:85:5e:87:1c:be:c8:43:ff:d7:9e:
                    fd:61:3b:a4:f4:a9:61:99:e5:ee:33:f6:76:dd:02:
                    cc:c0:0b:55:b5:33:a3:d9:ae:db:10:d2:de:d0:8b:
                    6d:ea:b6:11:a7:c2:ae:7c:20:79:f3:26:a2:66:6f:
                    15:40:2c:c3:d1:b1:5e:80:7a:7f:2d:bc:07:37:15:
                    f8:86:8f:b3:58:54:43:81:10:a4:2b:21:e1:19:67:
                    ec:4f:df:2a:91:11:68:23:8f:a8:d5:1a:83:58:3d:
                    ee:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:33:F5:6A:81:8F:5C:6C:49:C9:C4:FC:5A:02:80:A4:E8:FB:EE:5D
            X509v3 Authority Key Identifier:
                keyid:E4:B1:30:61:01:CC:9E:C9:FC:E9:85:28:0C:1D:B0:F3:7C:13:5A:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5LEwYQHMnsn86YUoDB2w83wTWjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4d089e-5d1c-4e34-9465-fa6348f695b5/1/QzP1aoGPXGxJycT8WgKApOj77l0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4d089e-5d1c-4e34-9465-fa6348f695b5/1/5LEwYQHMnsn86YUoDB2w83wTWjo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.192.0/18
                  62.182.192.0/21
                  94.137.0.0/18
                  109.120.0.0/18
                  176.62.64.0/18
                  178.74.64.0/18
                  185.13.176.0/22
                  217.25.208.0/20
                IPv6:
                  2a02:ddc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:61:f8:ca:40:b6:84:f7:1c:ab:3d:b1:b3:19:93:b1:c5:dd:
         f3:12:84:21:7d:da:1c:66:1c:67:3c:a2:e6:cf:fc:6e:7e:f1:
         96:65:5e:f2:f3:a4:df:a1:f6:2c:00:29:65:dc:ec:e1:54:4a:
         8b:fe:b4:e7:5e:fd:5f:18:e4:cf:d2:e8:52:29:fb:bf:68:c5:
         48:b5:23:e6:d0:ed:52:19:45:8b:d6:f7:f8:24:ad:77:0e:7a:
         43:af:98:49:88:28:1c:3c:84:6c:48:d8:c4:4d:e5:fe:49:b1:
         8c:b1:6d:b9:3a:dc:56:12:a5:65:81:3f:1a:09:b0:38:e7:92:
         9e:3c:2a:d1:76:a1:4f:7c:ea:23:be:69:70:08:1c:b3:8f:c5:
         f0:75:cf:e8:bb:68:11:5c:b3:a1:26:16:41:02:d1:a7:55:01:
         10:75:c4:dd:31:e7:f1:54:e3:1d:db:6f:34:da:2a:84:3a:c0:
         35:af:06:0a:eb:75:71:d5:41:de:16:df:0a:99:20:25:e1:82:
         87:72:0f:a8:33:b9:c5:b5:a5:b2:80:df:54:07:80:dc:ff:93:
         52:44:a9:57:51:0b:4e:0c:0a:12:01:30:7b:b7:e5:8f:81:40:
         7a:46:c6:22:61:03:31:2d:49:e4:2f:3b:40:76:3b:c9:52:c7:
         20:e8:2f:d0
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZQhQ6g3K4Rsg/uh1TEnnYxWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YjEzMDYxMDFjYzllYzlmY2U5ODUyODBjMWRiMGYzN2Mx
MzVhM2EwHhcNMjUwMTAxMDk0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzMzZjU2YTgxOGY1YzZjNDljOWM0ZmM1YTAyODBhNGU4ZmJlZTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVRgU7hG4PSiiOIWyE8+6xKMdiRL
h7XE2YPsGTzgzmyLe4qvwJLlrHxYsrW0F5I8vhALahC6LHENrV0V7xYv0FSxJb9M
u3cXYY3dXROkl3+k/OZ9LYHAfPqiNgTSH96xQWUH3vXsdmguTy9SaaA5LezHclkX
pWMmw8Ln8cULNwic0USuqRwvWlwuCykAiUlHL9KV+VOgWo4yH4Vehxy+yEP/1579
YTuk9KlhmeXuM/Z23QLMwAtVtTOj2a7bENLe0Itt6rYRp8KufCB58yaiZm8VQCzD
0bFegHp/LbwHNxX4ho+zWFRDgRCkKyHhGWfsT98qkRFoI4+o1RqDWD3umQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFEMz9WqBj1xsScnE/FoCgKTo++5dMB8GA1UdIwQY
MBaAFOSxMGEBzJ7J/OmFKAwdsPN8E1o6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUxFd1lRSE1uc244NllVb0RCMnc4M3dUV2pvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS80ZDA4OWUtNWQxYy00ZTM0LTk0NjUt
ZmE2MzQ4ZjY5NWI1LzEvUXpQMWFvR1BYR3hKeWNUOFdnS0FwT2o3N2wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS80ZDA4OWUtNWQxYy00ZTM0LTk0NjUtZmE2MzQ4ZjY5NWI1
LzEvNUxFd1lRSE1uc244NllVb0RCMnc4M3dUV2pvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQGLunAAwQD
PrbAAwQGXokAAwQGbXgAAwQGsD5AAwQGskpAAwQCuQ2wAwQE2RnQMA0EAgACMAcD
BQMqAt3AMA0GCSqGSIb3DQEBCwUAA4IBAQBVYfjKQLaE9xyrPbGzGZOxxd3zEoQh
fdocZhxnPKLmz/xufvGWZV7y86TfofYsACll3OzhVEqL/rTnXv1fGOTP0uhSKfu/
aMVItSPm0O1SGUWL1vf4JK13DnpDr5hJiCgcPIRsSNjETeX+SbGMsW25OtxWEqVl
gT8aCbA455KePCrRdqFPfOojvmlwCByzj8Xwdc/ou2gRXLOhJhZBAtGnVQEQdcTd
MefxVOMd22802iqEOsA1rwYK63Vx1UHeFt8KmSAl4YKHcg+oM7nFtaWygN9UB4Dc
/5NSRKlXUQtODAoSATB7t+WPgUB6RsYiYQMxLUnkLztAdjvJUscg6C/Q
-----END CERTIFICATE-----