Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/b9cea0-6928-4584-b321-7d7f4b634849/1/B9qoW7Rw1bwHI5OnoVFGnY7dCC0.roa
File:                     B9qoW7Rw1bwHI5OnoVFGnY7dCC0.roa (raw, json)
Hash identifier:          dnQFrmE1H0uR6RoEg9JFXR2814JwsnO0cWfn2TxCRik=
Subject key identifier:   07:DA:A8:5B:B4:70:D5:BC:07:23:93:A7:A1:51:46:9D:8E:DD:08:2D
Certificate issuer:       /CN=797a48cc13e200e2d3f38af83318d1bcaf6f6331
Certificate serial:       0193924EADC5D0CA295168183BFB8EAAB896
Authority key identifier: 79:7A:48:CC:13:E2:00:E2:D3:F3:8A:F8:33:18:D1:BC:AF:6F:63:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXpIzBPiAOLT84r4MxjRvK9vYzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/b9cea0-6928-4584-b321-7d7f4b634849/1/B9qoW7Rw1bwHI5OnoVFGnY7dCC0.roa
Signing time:             Wed 04 Dec 2024 15:34:10 +0000
ROA not before:           Wed 04 Dec 2024 15:34:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41678
IP address blocks:        89.185.128.0/21 maxlen: 21
                          89.185.129.0/24 maxlen: 24
                          89.185.136.0/21 maxlen: 21
                          89.185.143.0/24 maxlen: 24
                          89.185.144.0/20 maxlen: 20
                          89.185.154.0/24 maxlen: 24
                          89.185.157.0/24 maxlen: 24
                          194.46.0.0/19 maxlen: 19
                          194.46.112.0/21 maxlen: 21
                          194.46.112.0/22 maxlen: 22
                          194.46.132.0/22 maxlen: 22
                          194.46.152.0/22 maxlen: 22
                          194.46.160.0/24 maxlen: 24
                          194.46.161.0/24 maxlen: 24
                          194.46.164.0/22 maxlen: 22
                          212.108.64.0/20 maxlen: 20
                          212.108.77.0/24 maxlen: 24
                          212.108.92.0/22 maxlen: 22
                          212.108.94.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:92:4e:ad:c5:d0:ca:29:51:68:18:3b:fb:8e:aa:b8:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=797a48cc13e200e2d3f38af83318d1bcaf6f6331
        Validity
            Not Before: Dec  4 15:34:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07daa85bb470d5bc072393a7a151469d8edd082d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d0:25:f3:d5:3c:84:38:67:1e:e2:4e:85:ff:
                    ee:ed:b3:a7:52:c8:8c:c2:fa:af:ae:8e:8e:8e:1f:
                    b6:00:8c:8c:05:1b:09:78:00:c8:25:d6:31:1d:0d:
                    6f:dc:90:a6:b8:7b:d2:32:bb:b6:65:3d:fd:e2:40:
                    83:4b:05:31:13:c9:eb:63:7f:31:e5:e6:e0:60:aa:
                    33:8f:0d:a9:65:d7:dc:40:46:22:f9:30:0f:6c:d0:
                    72:6b:fb:ac:36:c3:d4:ac:3d:9e:ef:35:5c:cc:db:
                    6d:01:f9:72:3d:76:37:70:55:0c:61:ba:ac:0c:af:
                    e3:33:80:6d:b8:2b:b7:23:57:76:71:69:df:dd:20:
                    c1:dc:59:89:99:cd:c8:e4:1a:09:83:c5:73:8a:08:
                    5e:13:7b:0b:9a:b6:bc:a3:fc:e6:6b:2a:b5:8d:29:
                    c4:ec:b8:c2:41:06:d1:4e:6c:18:59:a3:e0:5a:b7:
                    26:2c:23:34:f2:af:15:17:e6:ef:78:66:7a:66:ad:
                    dd:9a:66:f3:81:5f:69:d2:ba:9e:59:43:82:49:a6:
                    23:f3:14:b1:0b:c9:21:d6:a6:52:56:fb:2c:da:9c:
                    84:d4:4d:84:f5:0d:6c:58:b3:62:9f:d5:c1:18:5d:
                    34:a4:cb:9d:6e:64:ce:ed:7f:f3:0d:fa:16:4e:a6:
                    67:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:DA:A8:5B:B4:70:D5:BC:07:23:93:A7:A1:51:46:9D:8E:DD:08:2D
            X509v3 Authority Key Identifier:
                keyid:79:7A:48:CC:13:E2:00:E2:D3:F3:8A:F8:33:18:D1:BC:AF:6F:63:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXpIzBPiAOLT84r4MxjRvK9vYzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b9cea0-6928-4584-b321-7d7f4b634849/1/B9qoW7Rw1bwHI5OnoVFGnY7dCC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b9cea0-6928-4584-b321-7d7f4b634849/1/eXpIzBPiAOLT84r4MxjRvK9vYzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.185.128.0/19
                  194.46.0.0/19
                  194.46.112.0/21
                  194.46.132.0/22
                  194.46.152.0/22
                  194.46.160.0/23
                  194.46.164.0/22
                  212.108.64.0/20
                  212.108.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:99:80:55:46:df:16:c9:df:01:4f:6e:3a:e3:8f:18:c5:75:
         c6:e6:1f:56:7e:ad:3e:f7:01:a5:94:25:72:e4:4e:f9:2b:ac:
         73:fe:e1:9a:5f:f4:f5:47:2a:32:3f:37:d8:2e:19:f4:57:c7:
         2a:52:c1:49:25:bd:b3:8b:91:de:e1:c2:5f:bc:39:a4:86:7e:
         94:70:65:c8:04:63:b4:4a:92:b2:50:7f:d0:93:e3:18:ae:76:
         16:9a:c6:74:a0:a8:b1:ec:91:a7:c3:10:09:f3:b6:0d:5f:a4:
         2d:c8:e9:56:18:29:f3:22:a3:8a:f9:a8:18:68:81:70:8e:ae:
         97:5c:28:3f:8d:65:d7:20:71:a9:3f:eb:bc:54:e0:8d:eb:ac:
         77:c2:85:b7:55:77:2b:f6:79:de:a3:2b:40:61:3d:af:e1:ce:
         a1:87:a7:e4:f6:34:8e:e9:89:39:8b:90:fb:be:48:c6:6b:11:
         b5:be:aa:00:55:8a:b1:5f:81:55:49:2b:c0:cb:19:4d:89:03:
         61:3c:4d:95:7a:fd:61:69:71:b3:6f:5b:da:73:bf:e1:f6:d6:
         d2:e5:b1:01:1b:ec:2a:2a:a9:55:03:f0:ed:b3:12:41:fe:4b:
         06:14:07:36:ba:23:8b:7e:29:b1:60:38:8c:f2:d0:8c:97:87:
         db:dd:d3:10
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZOSTq3F0MopUWgYO/uOqriWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5N2E0OGNjMTNlMjAwZTJkM2YzOGFmODMzMThkMWJjYWY2
ZjYzMzEwHhcNMjQxMjA0MTUzNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2RhYTg1YmI0NzBkNWJjMDcyMzkzYTdhMTUxNDY5ZDhlZGQwODJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNAl89U8hDhnHuJOhf/u7bOnUsiM
wvqvro6Ojh+2AIyMBRsJeADIJdYxHQ1v3JCmuHvSMru2ZT394kCDSwUxE8nrY38x
5ebgYKozjw2pZdfcQEYi+TAPbNBya/usNsPUrD2e7zVczNttAflyPXY3cFUMYbqs
DK/jM4BtuCu3I1d2cWnf3SDB3FmJmc3I5BoJg8VzigheE3sLmra8o/zmayq1jSnE
7LjCQQbRTmwYWaPgWrcmLCM08q8VF+bveGZ6Zq3dmmbzgV9p0rqeWUOCSaYj8xSx
C8kh1qZSVvss2pyE1E2E9Q1sWLNin9XBGF00pMudbmTO7X/zDfoWTqZnPwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFAfaqFu0cNW8ByOTp6FRRp2O3QgtMB8GA1UdIwQY
MBaAFHl6SMwT4gDi0/OK+DMY0byvb2MxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhwSXpCUGlBT0xUODRyNE14alJ2Szl2WXpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9iOWNlYTAtNjkyOC00NTg0LWIzMjEt
N2Q3ZjRiNjM0ODQ5LzEvQjlxb1c3UncxYndISTVPbm9WRkduWTdkQ0MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9iOWNlYTAtNjkyOC00NTg0LWIzMjEtN2Q3ZjRiNjM0ODQ5
LzEvZVhwSXpCUGlBT0xUODRyNE14alJ2Szl2WXpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQFWbmAAwQF
wi4AAwQDwi5wAwQCwi6EAwQCwi6YAwQBwi6gAwQCwi6kAwQE1GxAAwQC1GxcMA0G
CSqGSIb3DQEBCwUAA4IBAQA4mYBVRt8Wyd8BT246448YxXXG5h9Wfq0+9wGllCVy
5E75K6xz/uGaX/T1RyoyPzfYLhn0V8cqUsFJJb2zi5He4cJfvDmkhn6UcGXIBGO0
SpKyUH/Qk+MYrnYWmsZ0oKix7JGnwxAJ87YNX6QtyOlWGCnzIqOK+agYaIFwjq6X
XCg/jWXXIHGpP+u8VOCN66x3woW3VXcr9nneoytAYT2v4c6hh6fk9jSO6Yk5i5D7
vkjGaxG1vqoAVYqxX4FVSSvAyxlNiQNhPE2Vev1haXGzb1vac7/h9tbS5bEBG+wq
KqlVA/DtsxJB/ksGFAc2uiOLfimxYDiM8tCMl4fb3dMQ
-----END CERTIFICATE-----