Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4748c7-cd9e-401e-a8a4-0d48e6895f12/1/KHb23MM5QgtmjFZhriQMEbKybfc.roa
File:                     KHb23MM5QgtmjFZhriQMEbKybfc.roa (raw, json)
Hash identifier:          4OdqXEves/Lc8dfYWajkBqvPyxjrXPVX/i9wGwSSoNM=
Subject key identifier:   28:76:F6:DC:C3:39:42:0B:66:8C:56:61:AE:24:0C:11:B2:B2:6D:F7
Certificate issuer:       /CN=b630b73b51cbc5380dd4adb3d5aaff4d7a334c5e
Certificate serial:       0192FC7B71B550C4AA0FFC2F75E6398D4920
Authority key identifier: B6:30:B7:3B:51:CB:C5:38:0D:D4:AD:B3:D5:AA:FF:4D:7A:33:4C:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tjC3O1HLxTgN1K2z1ar_TXozTF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/4748c7-cd9e-401e-a8a4-0d48e6895f12/1/KHb23MM5QgtmjFZhriQMEbKybfc.roa
Signing time:             Tue 05 Nov 2024 13:20:01 +0000
ROA not before:           Tue 05 Nov 2024 13:20:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47952
IP address blocks:        45.139.220.0/24 maxlen: 24
                          45.139.221.0/24 maxlen: 24
                          45.139.223.0/24 maxlen: 24
                          45.145.21.0/24 maxlen: 24
                          45.145.22.0/24 maxlen: 24
                          45.145.23.0/24 maxlen: 24
                          91.194.52.0/24 maxlen: 24
                          91.194.54.0/24 maxlen: 24
                          185.82.220.0/24 maxlen: 24
                          185.82.221.0/24 maxlen: 24
                          185.82.222.0/24 maxlen: 24
                          185.82.223.0/24 maxlen: 24
                          185.201.212.0/24 maxlen: 24
                          185.201.213.0/24 maxlen: 24
                          185.201.214.0/24 maxlen: 24
                          185.201.215.0/24 maxlen: 24
                          2a0a:c4c0::/48 maxlen: 48
                          2a0a:c4c0:1::/48 maxlen: 48
                          2a0a:c4c0:100::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fc:7b:71:b5:50:c4:aa:0f:fc:2f:75:e6:39:8d:49:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b630b73b51cbc5380dd4adb3d5aaff4d7a334c5e
        Validity
            Not Before: Nov  5 13:20:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2876f6dcc339420b668c5661ae240c11b2b26df7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a5:85:ff:51:aa:cf:80:0b:06:ee:fe:d4:5a:
                    3e:47:b3:19:4d:b3:fc:d6:6a:61:dc:6d:5e:cb:3d:
                    24:76:95:2b:d3:f6:5e:b8:67:b2:e5:24:7a:f4:2c:
                    d2:ed:53:93:fd:3a:d4:e5:b6:e0:86:7d:7c:1b:8a:
                    f3:35:e3:95:05:c5:86:1f:c6:09:9c:9d:1f:35:99:
                    92:6c:73:16:ff:31:6c:0c:47:ee:b5:8c:1a:f0:d9:
                    c3:d9:38:40:3e:db:17:d7:52:fe:6f:57:8c:16:18:
                    df:db:14:59:1c:fd:7e:d9:0c:8d:a6:54:63:17:42:
                    ed:86:a5:9a:82:9f:4d:f3:bf:ce:3a:bb:ce:40:fc:
                    d1:9b:1c:25:47:0e:fd:d7:c9:79:cb:29:30:d6:4c:
                    2d:64:9e:e6:ff:fc:a7:7a:74:e8:4c:31:2c:4c:bf:
                    89:d8:d0:f3:54:ad:d9:44:91:06:8c:ee:16:47:c6:
                    12:fa:81:55:be:22:3e:0c:4f:25:16:42:bd:29:bf:
                    ed:cf:f1:66:3f:d2:3b:fa:91:34:fc:05:ed:b4:85:
                    ee:18:42:dc:3b:9b:2f:07:90:58:3a:d3:e8:77:33:
                    01:83:77:bc:4d:57:e0:64:01:96:1e:c6:0b:9e:7e:
                    6f:91:64:d6:b8:ab:28:ca:c1:d1:a6:25:51:89:79:
                    54:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:76:F6:DC:C3:39:42:0B:66:8C:56:61:AE:24:0C:11:B2:B2:6D:F7
            X509v3 Authority Key Identifier:
                keyid:B6:30:B7:3B:51:CB:C5:38:0D:D4:AD:B3:D5:AA:FF:4D:7A:33:4C:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tjC3O1HLxTgN1K2z1ar_TXozTF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4748c7-cd9e-401e-a8a4-0d48e6895f12/1/KHb23MM5QgtmjFZhriQMEbKybfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4748c7-cd9e-401e-a8a4-0d48e6895f12/1/tjC3O1HLxTgN1K2z1ar_TXozTF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.220.0/23
                  45.139.223.0/24
                  45.145.21.0-45.145.23.255
                  91.194.52.0/24
                  91.194.54.0/24
                  185.82.220.0/22
                  185.201.212.0/22
                IPv6:
                  2a0a:c4c0::/47
                  2a0a:c4c0:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:c1:ae:a2:8f:15:76:2b:cc:c9:08:71:13:e7:52:c2:b1:a3:
         18:de:ef:1a:1f:f0:17:9b:82:07:d6:41:bc:fd:72:e2:b0:09:
         d7:f6:4d:2c:e3:a3:a6:fd:da:e0:4c:1a:dd:5a:84:23:97:00:
         19:13:b8:54:7e:90:b3:c5:0b:b3:62:53:4c:a7:96:a3:fa:3a:
         1d:ce:78:05:39:7d:75:1a:e8:ec:44:72:18:f6:21:8e:78:29:
         54:dd:fd:60:03:13:2b:e0:4b:28:f5:86:d4:2a:11:79:0b:4f:
         34:f7:6f:9c:1b:6c:65:d8:68:ab:88:78:b5:60:d9:90:df:72:
         e7:74:ee:2e:59:57:e3:6f:4f:e2:34:ed:74:5f:b0:09:0f:fd:
         01:c0:a3:63:1f:a8:a5:6a:5b:bb:56:43:0f:eb:f4:f2:b6:14:
         79:7c:c9:ff:d4:bf:25:99:15:59:90:c6:a8:04:44:cf:8b:04:
         22:09:b3:cb:cc:de:bb:96:38:0d:61:78:6a:2b:74:83:b7:55:
         32:f4:85:92:0c:3d:84:f4:5b:b5:3e:0c:23:39:70:71:d5:25:
         dc:f7:3d:2f:e0:9c:5f:30:ec:a5:fa:89:15:bc:82:14:2b:bb:
         bf:7a:62:aa:12:25:5c:cf:4d:3d:f2:d4:32:59:30:5f:e4:91:
         bc:c9:78:31
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZL8e3G1UMSqD/wvdeY5jUkgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MzBiNzNiNTFjYmM1MzgwZGQ0YWRiM2Q1YWFmZjRkN2Ez
MzRjNWUwHhcNMjQxMTA1MTMyMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODc2ZjZkY2MzMzk0MjBiNjY4YzU2NjFhZTI0MGMxMWIyYjI2ZGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6WF/1Gqz4ALBu7+1Fo+R7MZTbP8
1mph3G1eyz0kdpUr0/ZeuGey5SR69CzS7VOT/TrU5bbghn18G4rzNeOVBcWGH8YJ
nJ0fNZmSbHMW/zFsDEfutYwa8NnD2ThAPtsX11L+b1eMFhjf2xRZHP1+2QyNplRj
F0LthqWagp9N87/OOrvOQPzRmxwlRw7918l5yykw1kwtZJ7m//ynenToTDEsTL+J
2NDzVK3ZRJEGjO4WR8YS+oFVviI+DE8lFkK9Kb/tz/FmP9I7+pE0/AXttIXuGELc
O5svB5BYOtPodzMBg3e8TVfgZAGWHsYLnn5vkWTWuKsoysHRpiVRiXlUhQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFCh29tzDOUILZoxWYa4kDBGysm33MB8GA1UdIwQY
MBaAFLYwtztRy8U4DdSts9Wq/016M0xeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGpDM08xSEx4VGdOMUsyejFhcl9UWG96VEY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC80NzQ4YzctY2Q5ZS00MDFlLWE4YTQt
MGQ0OGU2ODk1ZjEyLzEvS0hiMjNNTTVRZ3RtakZaaHJpUU1FYkt5YmZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC80NzQ4YzctY2Q5ZS00MDFlLWE4YTQtMGQ0OGU2ODk1ZjEy
LzEvdGpDM08xSEx4VGdOMUsyejFhcl9UWG96VEY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA4BAIAATAyAwQBLYvcAwQA
LYvfMAwDBAAtkRUDBAMtkRADBABbwjQDBABbwjYDBAK5UtwDBAK5ydQwGAQCAAIw
EgMHASoKxMAAAAMHACoKxMABADANBgkqhkiG9w0BAQsFAAOCAQEApMGuoo8VdivM
yQhxE+dSwrGjGN7vGh/wF5uCB9ZBvP1y4rAJ1/ZNLOOjpv3a4Ewa3VqEI5cAGRO4
VH6Qs8ULs2JTTKeWo/o6Hc54BTl9dRro7ERyGPYhjngpVN39YAMTK+BLKPWG1CoR
eQtPNPdvnBtsZdhoq4h4tWDZkN9y53TuLllX429P4jTtdF+wCQ/9AcCjYx+opWpb
u1ZDD+v08rYUeXzJ/9S/JZkVWZDGqAREz4sEIgmzy8zeu5Y4DWF4ait0g7dVMvSF
kgw9hPRbtT4MIzlwcdUl3Pc9L+CcXzDspfqJFbyCFCu7v3piqhIlXM9NPfLUMlkw
X+SRvMl4MQ==
-----END CERTIFICATE-----