Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/53741e-9392-4d19-99d2-ced29650a280/1/MNtx-M1QVv5z_3qcN6vxhaOotfc.roa
File:                     MNtx-M1QVv5z_3qcN6vxhaOotfc.roa (raw, json)
Hash identifier:          px53xNqq/MugnV+199J7ZDHhE5FdBcLFsMKgKSEziic=
Subject key identifier:   30:DB:71:F8:CD:50:56:FE:73:FF:7A:9C:37:AB:F1:85:A3:A8:B5:F7
Certificate issuer:       /CN=0da3cbf1e0e856ea4c53b5abae86594ec9933982
Certificate serial:       01942144424BF390D4A81F34B7AE1C4574EF
Authority key identifier: 0D:A3:CB:F1:E0:E8:56:EA:4C:53:B5:AB:AE:86:59:4E:C9:93:39:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DaPL8eDoVupMU7WrroZZTsmTOYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/53741e-9392-4d19-99d2-ced29650a280/1/MNtx-M1QVv5z_3qcN6vxhaOotfc.roa
Signing time:             Wed 01 Jan 2025 09:48:28 +0000
ROA not before:           Wed 01 Jan 2025 09:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208545
IP address blocks:        82.215.65.0/24 maxlen: 24
                          178.175.180.0/23 maxlen: 23
                          178.175.180.0/24 maxlen: 24
                          178.175.181.0/24 maxlen: 24
                          2a12:be40::/29 maxlen: 29
                          2a12:be40::/48 maxlen: 48
                          2a12:be40:1::/48 maxlen: 48
                          2a12:be40:2::/48 maxlen: 48
                          2a12:be40:3::/48 maxlen: 48
                          2a12:be40:4::/48 maxlen: 48
                          2a12:be40:5::/48 maxlen: 48
                          2a12:be40:6::/48 maxlen: 48
                          2a12:be40:7::/48 maxlen: 48
                          2a12:be40:8::/48 maxlen: 48
                          2a12:be40:9::/48 maxlen: 48
                          2a12:be40:a::/48 maxlen: 48
                          2a12:be40:b::/48 maxlen: 48
                          2a12:be40:c::/48 maxlen: 48
                          2a12:be40:d::/48 maxlen: 48
                          2a12:be40:e::/48 maxlen: 48
                          2a12:be40:f::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:42:4b:f3:90:d4:a8:1f:34:b7:ae:1c:45:74:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0da3cbf1e0e856ea4c53b5abae86594ec9933982
        Validity
            Not Before: Jan  1 09:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30db71f8cd5056fe73ff7a9c37abf185a3a8b5f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:c5:c0:cc:b7:71:26:8c:ea:29:dd:7d:25:b7:
                    3d:85:46:63:82:19:2d:80:21:92:f2:b9:81:76:a0:
                    c8:bd:7b:ee:0e:41:b7:cc:3e:8e:80:0f:fc:84:20:
                    0f:71:15:28:43:01:25:4a:8d:42:4b:39:1a:44:2b:
                    89:f4:2d:fb:c9:ff:16:f2:10:a1:91:73:c1:87:a1:
                    67:89:a5:6b:81:50:fc:0c:c2:83:e0:9c:9b:64:6d:
                    1b:d3:15:09:3d:76:7f:fa:d9:77:0f:0e:75:a7:14:
                    db:54:5c:1a:72:d4:4d:b9:71:e0:f1:a6:a0:05:36:
                    89:71:d8:2a:d8:23:76:d3:4a:2f:5f:32:ef:a6:45:
                    0e:10:18:ce:f9:1a:64:18:11:e2:74:d2:62:e1:57:
                    ab:06:aa:ce:82:b1:94:12:3e:79:ee:50:f1:35:8c:
                    4e:2a:0a:ed:b1:f5:7d:b8:fb:dd:7a:23:76:50:5c:
                    a7:30:b7:ee:61:96:c2:2d:c0:e6:d8:ec:e7:54:56:
                    44:57:bf:04:47:01:5a:64:c0:0c:e8:bb:d7:32:01:
                    18:da:65:b6:ad:9c:bc:23:3d:84:e1:f1:38:e7:d0:
                    5f:4e:f8:b5:c4:5e:b3:1e:2a:d0:d4:cd:e7:bd:ce:
                    7e:4b:1c:56:d3:e6:3e:cc:0a:8c:b3:58:34:a2:ae:
                    cb:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:DB:71:F8:CD:50:56:FE:73:FF:7A:9C:37:AB:F1:85:A3:A8:B5:F7
            X509v3 Authority Key Identifier:
                keyid:0D:A3:CB:F1:E0:E8:56:EA:4C:53:B5:AB:AE:86:59:4E:C9:93:39:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DaPL8eDoVupMU7WrroZZTsmTOYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/53741e-9392-4d19-99d2-ced29650a280/1/MNtx-M1QVv5z_3qcN6vxhaOotfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/53741e-9392-4d19-99d2-ced29650a280/1/DaPL8eDoVupMU7WrroZZTsmTOYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.215.65.0/24
                  178.175.180.0/23
                IPv6:
                  2a12:be40::/29

    Signature Algorithm: sha256WithRSAEncryption
         75:69:39:a5:9e:54:01:b3:43:c9:44:b3:33:2d:43:ab:d7:9d:
         a2:cd:0b:4f:c1:cb:e6:3a:64:13:f4:b2:3a:f1:9d:8c:34:fb:
         5b:ca:49:59:2c:34:dc:e2:54:9e:a0:89:dd:17:18:c4:27:c6:
         68:6c:05:76:9d:e5:2a:36:63:b5:b1:43:06:7e:ac:7c:16:7d:
         2e:6a:d2:0b:46:f5:64:84:31:2d:a4:78:f9:2b:6d:d6:78:13:
         e9:dd:36:65:31:2c:aa:3d:07:16:ce:f7:df:cb:6d:a3:6d:1b:
         05:c1:11:80:70:64:58:69:3b:d6:4c:8e:bb:41:e8:6a:68:1c:
         8f:1a:6c:d3:d1:27:ef:00:8a:e6:3c:02:3b:31:ec:52:93:5e:
         dd:ef:2b:7f:1a:40:90:83:9e:69:76:39:85:c7:ec:3b:92:01:
         ad:15:9a:17:10:79:0a:68:bc:e7:83:b7:9e:87:f2:a3:2b:09:
         02:ef:87:54:6f:0a:8d:d2:27:22:90:a6:81:21:00:d0:c6:80:
         7a:27:49:76:6d:1b:51:60:bf:21:0f:78:07:10:48:94:ea:da:
         28:e0:f5:c4:51:09:0a:6b:53:de:c0:c9:9b:9c:69:f8:16:b7:
         47:4c:90:6d:c6:77:67:d0:1b:0a:4b:0e:2d:79:03:40:45:ab:
         5b:9d:1f:00
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhREJL85DUqB80t64cRXTvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYTNjYmYxZTBlODU2ZWE0YzUzYjVhYmFlODY1OTRlYzk5
MzM5ODIwHhcNMjUwMTAxMDk0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGRiNzFmOGNkNTA1NmZlNzNmZjdhOWMzN2FiZjE4NWEzYThiNWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3MXAzLdxJozqKd19Jbc9hUZjghkt
gCGS8rmBdqDIvXvuDkG3zD6OgA/8hCAPcRUoQwElSo1CSzkaRCuJ9C37yf8W8hCh
kXPBh6FniaVrgVD8DMKD4JybZG0b0xUJPXZ/+tl3Dw51pxTbVFwactRNuXHg8aag
BTaJcdgq2CN200ovXzLvpkUOEBjO+RpkGBHidNJi4VerBqrOgrGUEj557lDxNYxO
KgrtsfV9uPvdeiN2UFynMLfuYZbCLcDm2OznVFZEV78ERwFaZMAM6LvXMgEY2mW2
rZy8Iz2E4fE459BfTvi1xF6zHirQ1M3nvc5+SxxW0+Y+zAqMs1g0oq7LIQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDDbcfjNUFb+c/96nDer8YWjqLX3MB8GA1UdIwQY
MBaAFA2jy/Hg6FbqTFO1q66GWU7JkzmCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGFQTDhlRG9WdXBNVTdXcnJvWlpUc21UT1lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC81Mzc0MWUtOTM5Mi00ZDE5LTk5ZDIt
Y2VkMjk2NTBhMjgwLzEvTU50eC1NMVFWdjV6XzNxY042dnhoYU9vdGZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC81Mzc0MWUtOTM5Mi00ZDE5LTk5ZDItY2VkMjk2NTBhMjgw
LzEvRGFQTDhlRG9WdXBNVTdXcnJvWlpUc21UT1lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAUtdBAwQB
sq+0MA0EAgACMAcDBQMqEr5AMA0GCSqGSIb3DQEBCwUAA4IBAQB1aTmlnlQBs0PJ
RLMzLUOr152izQtPwcvmOmQT9LI68Z2MNPtbyklZLDTc4lSeoIndFxjEJ8ZobAV2
neUqNmO1sUMGfqx8Fn0uatILRvVkhDEtpHj5K23WeBPp3TZlMSyqPQcWzvffy22j
bRsFwRGAcGRYaTvWTI67QehqaByPGmzT0SfvAIrmPAI7MexSk17d7yt/GkCQg55p
djmFx+w7kgGtFZoXEHkKaLzng7eeh/KjKwkC74dUbwqN0icikKaBIQDQxoB6J0l2
bRtRYL8hD3gHEEiU6too4PXEUQkKa1PewMmbnGn4FrdHTJBtxndn0BsKSw4teQNA
RatbnR8A
-----END CERTIFICATE-----