Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/EilXdQa5Ii3RlNHjHorh12S0PQo.roa
File:                     EilXdQa5Ii3RlNHjHorh12S0PQo.roa (raw, json)
Hash identifier:          ++m0uZxvU8Bv5l/wat+PeSJF5tqPg212VFts39xWRgU=
Subject key identifier:   12:29:57:75:06:B9:22:2D:D1:94:D1:E3:1E:8A:E1:D7:64:B4:3D:0A
Certificate issuer:       /CN=b4bdc376a159d05e2af97176a3eba8360e60d176
Certificate serial:       0193EC3D996D72F6E8C713993E88C2E771F7
Authority key identifier: B4:BD:C3:76:A1:59:D0:5E:2A:F9:71:76:A3:EB:A8:36:0E:60:D1:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tL3DdqFZ0F4q-XF2o-uoNg5g0XY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/EilXdQa5Ii3RlNHjHorh12S0PQo.roa
Signing time:             Sun 22 Dec 2024 02:41:20 +0000
ROA not before:           Sun 22 Dec 2024 02:41:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50247
IP address blocks:        45.85.184.0/23 maxlen: 24
                          45.85.184.0/24 maxlen: 24
                          45.85.185.0/24 maxlen: 24
                          45.131.33.0/24 maxlen: 24
                          45.131.34.0/24 maxlen: 24
                          91.218.240.0/24 maxlen: 24
                          91.224.142.0/23 maxlen: 24
                          91.224.142.0/24 maxlen: 24
                          91.224.143.0/24 maxlen: 24
                          109.95.88.0/21 maxlen: 21
                          109.196.80.0/20 maxlen: 20
                          109.197.36.0/23 maxlen: 23
                          109.207.103.0/24 maxlen: 24
                          185.178.236.0/22 maxlen: 22
                          2a0a:7080::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:ec:3d:99:6d:72:f6:e8:c7:13:99:3e:88:c2:e7:71:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4bdc376a159d05e2af97176a3eba8360e60d176
        Validity
            Not Before: Dec 22 02:41:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1229577506b9222dd194d1e31e8ae1d764b43d0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b5:42:ea:cf:88:82:21:a5:2f:00:15:38:0c:
                    66:fc:23:55:e8:38:60:56:c5:d7:41:56:c8:3d:e1:
                    d6:5f:6e:6e:6e:43:60:0c:15:94:d6:5b:f4:6e:0f:
                    df:bb:87:99:4e:5e:65:b1:6b:8c:d8:e0:11:d6:25:
                    90:53:84:12:a3:bf:f3:b7:8f:1e:cc:63:70:da:33:
                    b0:ba:50:02:c3:c2:53:ac:31:8b:f5:40:cd:15:a4:
                    b6:ce:af:6e:34:25:b2:a3:ff:5b:9a:ed:19:07:53:
                    64:06:de:5e:b7:27:b9:86:0d:f1:80:2f:ea:b3:e3:
                    9a:8d:0a:4a:ad:6f:f2:f6:9a:a5:52:c1:bd:7d:db:
                    94:7c:f4:5b:0e:d4:60:c3:05:d1:8e:8b:a0:a8:65:
                    31:53:a7:2a:0d:61:4a:63:29:46:2f:5d:1e:5d:bd:
                    5a:ba:84:1a:ba:63:b3:bf:cd:89:a5:9f:71:06:3e:
                    c2:5c:c5:47:b1:52:ec:65:5c:f9:8d:16:24:10:cc:
                    f1:c3:b0:cc:55:26:04:08:ac:73:11:9d:f8:1e:b9:
                    7a:54:8d:aa:7c:fd:61:df:ae:cd:c1:e2:e4:c6:b0:
                    65:72:33:d1:ba:7c:0e:22:d7:ed:a9:08:ef:5c:ad:
                    41:38:3e:12:d5:58:ae:25:45:89:66:6f:0b:8d:e3:
                    ce:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:29:57:75:06:B9:22:2D:D1:94:D1:E3:1E:8A:E1:D7:64:B4:3D:0A
            X509v3 Authority Key Identifier:
                keyid:B4:BD:C3:76:A1:59:D0:5E:2A:F9:71:76:A3:EB:A8:36:0E:60:D1:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tL3DdqFZ0F4q-XF2o-uoNg5g0XY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/EilXdQa5Ii3RlNHjHorh12S0PQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/tL3DdqFZ0F4q-XF2o-uoNg5g0XY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.184.0/23
                  45.131.33.0-45.131.34.255
                  91.218.240.0/24
                  91.224.142.0/23
                  109.95.88.0/21
                  109.196.80.0/20
                  109.197.36.0/23
                  109.207.103.0/24
                  185.178.236.0/22
                IPv6:
                  2a0a:7080::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:7c:61:1d:95:1e:7d:1c:d1:2b:4d:ff:0f:5a:af:4e:49:19:
         92:02:ef:25:2a:6c:d2:f9:2c:44:c0:15:d4:de:0d:e7:8f:01:
         ec:ba:a3:28:1e:88:22:39:3e:9c:68:9c:42:fd:61:4d:48:1a:
         d7:85:5e:33:00:38:7d:e8:e8:46:f4:61:53:60:af:5f:f0:fb:
         7b:90:0b:69:c9:f5:eb:16:5b:fd:dd:dc:45:8d:1a:53:86:2e:
         8a:cf:22:07:9a:3f:1d:ad:6e:68:a9:4f:55:c1:17:b0:3f:c0:
         95:f8:cd:c3:20:95:1c:39:6c:25:a9:00:c5:92:aa:5c:86:16:
         85:8e:5a:66:a1:0a:50:d9:da:72:d5:d6:18:79:33:91:de:39:
         f4:a7:63:a7:65:f2:c5:14:a3:34:08:44:d9:45:ce:96:22:cc:
         1a:92:cf:bb:d4:ec:f2:e7:da:e6:fa:9d:5a:24:14:0f:95:7b:
         6d:66:fe:bc:3f:cb:3b:a8:f1:e2:d5:b4:e5:d4:3c:bf:d5:a2:
         68:93:15:58:5f:47:1b:fa:73:59:e6:41:9c:53:69:bc:3c:bf:
         7d:dd:1d:7f:25:9d:ef:1b:44:74:e8:06:cd:e5:79:64:38:49:
         cf:be:6f:12:83:92:6c:fe:59:cc:f7:45:0f:1e:b1:3b:26:90:
         a1:52:b8:22
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZPsPZltcvboxxOZPojC53H3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0YmRjMzc2YTE1OWQwNWUyYWY5NzE3NmEzZWJhODM2MGU2
MGQxNzYwHhcNMjQxMjIyMDI0MTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjI5NTc3NTA2YjkyMjJkZDE5NGQxZTMxZThhZTFkNzY0YjQzZDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7VC6s+IgiGlLwAVOAxm/CNV6Dhg
VsXXQVbIPeHWX25ubkNgDBWU1lv0bg/fu4eZTl5lsWuM2OAR1iWQU4QSo7/zt48e
zGNw2jOwulACw8JTrDGL9UDNFaS2zq9uNCWyo/9bmu0ZB1NkBt5etye5hg3xgC/q
s+OajQpKrW/y9pqlUsG9fduUfPRbDtRgwwXRjougqGUxU6cqDWFKYylGL10eXb1a
uoQaumOzv82JpZ9xBj7CXMVHsVLsZVz5jRYkEMzxw7DMVSYECKxzEZ34Hrl6VI2q
fP1h367NweLkxrBlcjPRunwOItftqQjvXK1BOD4S1ViuJUWJZm8LjePOEQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFBIpV3UGuSIt0ZTR4x6K4ddktD0KMB8GA1UdIwQY
MBaAFLS9w3ahWdBeKvlxdqPrqDYOYNF2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEwzRGRxRlowRjRxLVhGMm8tdW9OZzVnMFhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy80MGVhMTQtZGM1MC00YWEwLWFhODUt
MjhkMDEwNjAzNTI5LzEvRWlsWGRRYTVJaTNSbE5IakhvcmgxMlMwUFFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy80MGVhMTQtZGM1MC00YWEwLWFhODUtMjhkMDEwNjAzNTI5
LzEvdEwzRGRxRlowRjRxLVhGMm8tdW9OZzVnMFhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBEBAIAATA+AwQBLVW4MAwD
BAAtgyEDBAAtgyIDBABb2vADBAFb4I4DBANtX1gDBARtxFADBAFtxSQDBABtz2cD
BAK5suwwDQQCAAIwBwMFAyoKcIAwDQYJKoZIhvcNAQELBQADggEBAAd8YR2VHn0c
0StN/w9ar05JGZIC7yUqbNL5LETAFdTeDeePAey6oygeiCI5PpxonEL9YU1IGteF
XjMAOH3o6Eb0YVNgr1/w+3uQC2nJ9esWW/3d3EWNGlOGLorPIgeaPx2tbmipT1XB
F7A/wJX4zcMglRw5bCWpAMWSqlyGFoWOWmahClDZ2nLV1hh5M5HeOfSnY6dl8sUU
ozQIRNlFzpYizBqSz7vU7PLn2ub6nVokFA+Ve21m/rw/yzuo8eLVtOXUPL/VomiT
FVhfRxv6c1nmQZxTabw8v33dHX8lne8bRHToBs3leWQ4Sc++bxKDkmz+Wcz3RQ8e
sTsmkKFSuCI=
-----END CERTIFICATE-----