Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/eaea59-919d-4135-9bde-6dcf0c93cbdb/1/4C2DJqzkmogUMCB3rs00AnsVahQ.roa
File:                     4C2DJqzkmogUMCB3rs00AnsVahQ.roa (raw, json)
Hash identifier:          lxzJjQWpUiCF1j7IfR1qyjjFwINVQYCcKBlIUHjCSRY=
Subject key identifier:   E0:2D:83:26:AC:E4:9A:88:14:30:20:77:AE:CD:34:02:7B:15:6A:14
Certificate issuer:       /CN=bffd0f0ad9c784096c5a0fb9e8cf5c2f0440413b
Certificate serial:       018CFE32556BB80B8890B231E420BEA2C2D0
Authority key identifier: BF:FD:0F:0A:D9:C7:84:09:6C:5A:0F:B9:E8:CF:5C:2F:04:40:41:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v_0PCtnHhAlsWg-56M9cLwRAQTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/eaea59-919d-4135-9bde-6dcf0c93cbdb/1/4C2DJqzkmogUMCB3rs00AnsVahQ.roa
Signing time:             Fri 12 Jan 2024 15:02:40 +0000
ROA not before:           Fri 12 Jan 2024 15:02:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44692
IP address blocks:        85.202.96.0/20 maxlen: 20
                          109.125.192.0/19 maxlen: 19
                          109.125.218.0/23 maxlen: 23
                          109.125.220.0/22 maxlen: 22
                          109.125.224.0/23 maxlen: 23
                          78.31.144.0/23 maxlen: 23
                          109.125.226.0/23 maxlen: 23
                          78.31.146.0/23 maxlen: 23
                          109.125.228.0/23 maxlen: 23
                          78.31.148.0/23 maxlen: 23
                          109.125.230.0/23 maxlen: 23
                          78.31.150.0/23 maxlen: 23
                          109.125.232.0/22 maxlen: 22
                          109.125.236.0/22 maxlen: 22
                          109.125.240.0/22 maxlen: 22
                          109.125.244.0/22 maxlen: 22
                          109.125.248.0/22 maxlen: 22
                          109.125.255.0/24 maxlen: 24
                          109.125.254.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:fe:32:55:6b:b8:0b:88:90:b2:31:e4:20:be:a2:c2:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bffd0f0ad9c784096c5a0fb9e8cf5c2f0440413b
        Validity
            Not Before: Jan 12 15:02:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e02d8326ace49a8814302077aecd34027b156a14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:44:63:74:19:3c:8a:bb:fd:bb:41:91:3a:45:
                    25:de:75:4b:21:35:ff:07:fc:5d:4e:cd:d6:b4:e7:
                    33:4b:82:a2:2a:01:17:40:7b:4f:41:d5:21:e7:0b:
                    17:4e:b8:4e:5c:b3:7e:e5:6e:db:b8:66:52:5d:a8:
                    f0:02:cc:ae:23:4d:fd:32:4f:de:51:21:91:dc:d7:
                    95:5b:83:f5:9c:dc:b4:92:0c:e9:05:c0:ea:69:dc:
                    fe:97:8f:cf:0e:96:7d:02:b9:18:c3:ff:f4:b5:2a:
                    f6:b2:e7:31:38:d1:25:87:f2:87:70:20:08:4e:cf:
                    f4:8c:72:9c:96:bd:5f:65:b7:32:f6:21:cd:3d:5f:
                    35:c2:fd:b9:7e:16:c6:cd:3d:3e:d1:10:e3:bd:13:
                    41:50:62:70:d9:c1:8a:17:a1:c3:6c:fb:c3:70:7d:
                    b5:fd:5f:7e:45:ab:49:1d:21:f0:d9:8a:5b:37:31:
                    72:83:22:55:f4:51:ec:34:9c:33:f4:53:15:94:68:
                    2c:2b:c4:74:2a:ba:a2:3c:16:51:6d:42:25:c2:49:
                    b7:b6:80:96:de:8d:da:d5:1e:a7:d8:db:27:2e:56:
                    26:4f:98:08:4a:fb:fe:5c:a6:3e:eb:a0:96:ad:dc:
                    3c:6d:5a:ee:01:b9:1a:62:d4:ea:4d:fc:b5:a9:b5:
                    e7:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:2D:83:26:AC:E4:9A:88:14:30:20:77:AE:CD:34:02:7B:15:6A:14
            X509v3 Authority Key Identifier:
                keyid:BF:FD:0F:0A:D9:C7:84:09:6C:5A:0F:B9:E8:CF:5C:2F:04:40:41:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v_0PCtnHhAlsWg-56M9cLwRAQTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/eaea59-919d-4135-9bde-6dcf0c93cbdb/1/4C2DJqzkmogUMCB3rs00AnsVahQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/eaea59-919d-4135-9bde-6dcf0c93cbdb/1/v_0PCtnHhAlsWg-56M9cLwRAQTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.31.144.0/21
                  85.202.96.0/20
                  109.125.192.0-109.125.251.255
                  109.125.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:bb:6c:4b:ec:32:80:b5:3d:49:f4:ce:94:ba:fc:ba:ee:26:
         ca:ea:79:77:7b:df:c1:54:85:e4:c0:7c:6f:1c:08:25:47:9b:
         ea:36:ae:7e:9d:a6:5e:91:b5:31:10:3f:f3:18:55:e5:b6:6b:
         a2:b2:37:66:57:a6:66:ed:63:c2:0a:fa:fd:fa:7f:07:3e:4d:
         a8:44:49:23:94:a9:f7:e0:ec:1f:e4:16:13:a3:c2:ce:b2:c0:
         43:4a:14:f4:cf:38:6e:e0:14:d8:9c:e2:32:dd:e1:fd:50:87:
         18:0c:39:b5:b5:d1:05:c9:3a:19:38:96:20:7c:66:ef:c4:03:
         cb:65:09:e9:c2:c9:e3:bd:11:9b:b0:9b:20:9d:37:78:c1:fb:
         54:3c:b3:0e:67:54:47:55:b7:75:8a:7a:40:b8:b1:39:b5:6d:
         27:32:94:85:f3:bd:f4:e6:54:7a:3b:a3:1d:25:79:f6:81:3d:
         ae:02:e5:02:a2:a1:a7:73:27:e4:0f:e7:61:b1:ce:93:cb:d3:
         b2:e7:7c:a3:a3:84:f0:19:85:2e:e9:d7:9f:9d:fb:41:f4:5a:
         6e:48:a7:69:7b:95:b7:0f:28:27:43:2c:3c:5b:21:ec:cd:96:
         b8:ad:b1:5c:cb:f9:49:5f:c2:04:50:f5:c0:67:1f:ef:0d:85:
         3e:5e:59:44
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYz+MlVruAuIkLIx5CC+osLQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZmQwZjBhZDljNzg0MDk2YzVhMGZiOWU4Y2Y1YzJmMDQ0
MDQxM2IwHhcNMjQwMTEyMTUwMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDJkODMyNmFjZTQ5YTg4MTQzMDIwNzdhZWNkMzQwMjdiMTU2YTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0RjdBk8irv9u0GROkUl3nVLITX/
B/xdTs3WtOczS4KiKgEXQHtPQdUh5wsXTrhOXLN+5W7buGZSXajwAsyuI039Mk/e
USGR3NeVW4P1nNy0kgzpBcDqadz+l4/PDpZ9ArkYw//0tSr2sucxONElh/KHcCAI
Ts/0jHKclr1fZbcy9iHNPV81wv25fhbGzT0+0RDjvRNBUGJw2cGKF6HDbPvDcH21
/V9+RatJHSHw2YpbNzFygyJV9FHsNJwz9FMVlGgsK8R0KrqiPBZRbUIlwkm3toCW
3o3a1R6n2NsnLlYmT5gISvv+XKY+66CWrdw8bVruAbkaYtTqTfy1qbXnUwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFOAtgyas5JqIFDAgd67NNAJ7FWoUMB8GA1UdIwQY
MBaAFL/9DwrZx4QJbFoPuejPXC8EQEE7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdl8wUEN0bkhoQWxzV2ctNTZNOWNMd1JBUVRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lYWVhNTktOTE5ZC00MTM1LTliZGUt
NmRjZjBjOTNjYmRiLzEvNEMyREpxemttb2dVTUNCM3JzMDBBbnNWYWhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lYWVhNTktOTE5ZC00MTM1LTliZGUtNmRjZjBjOTNjYmRi
LzEvdl8wUEN0bkhoQWxzV2ctNTZNOWNMd1JBUVRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQDTh+QAwQE
VcpgMAwDBAZtfcADBAJtffgDBAFtff4wDQYJKoZIhvcNAQELBQADggEBACO7bEvs
MoC1PUn0zpS6/LruJsrqeXd738FUheTAfG8cCCVHm+o2rn6dpl6RtTEQP/MYVeW2
a6KyN2ZXpmbtY8IK+v36fwc+TahESSOUqffg7B/kFhOjws6ywENKFPTPOG7gFNic
4jLd4f1QhxgMObW10QXJOhk4liB8Zu/EA8tlCenCyeO9EZuwmyCdN3jB+1Q8sw5n
VEdVt3WKekC4sTm1bScylIXzvfTmVHo7ox0lefaBPa4C5QKioadzJ+QP52GxzpPL
07LnfKOjhPAZhS7p15+d+0H0Wm5Ip2l7lbcPKCdDLDxbIezNlritsVzL+UlfwgRQ
9cBnH+8NhT5eWUQ=
-----END CERTIFICATE-----