Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/HNB1sDrF9WUErSCuLUa0aVt_L3Y.roa
File:                     HNB1sDrF9WUErSCuLUa0aVt_L3Y.roa (raw, json)
Hash identifier:          EEUhMDLd8LaCLpdh0d8yAfmLAD7g/8SwACNlTGSymQI=
Subject key identifier:   1C:D0:75:B0:3A:C5:F5:65:04:AD:20:AE:2D:46:B4:69:5B:7F:2F:76
Certificate issuer:       /CN=07fa540a25432e2aa4dca057845c359d214886f7
Certificate serial:       019423D7EF243A2C7A0F3F16EADCE13CE179
Authority key identifier: 07:FA:54:0A:25:43:2E:2A:A4:DC:A0:57:84:5C:35:9D:21:48:86:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_pUCiVDLiqk3KBXhFw1nSFIhvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/HNB1sDrF9WUErSCuLUa0aVt_L3Y.roa
Signing time:             Wed 01 Jan 2025 21:49:01 +0000
ROA not before:           Wed 01 Jan 2025 21:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196922
IP address blocks:        46.232.184.0/21 maxlen: 24
                          46.232.184.0/24 maxlen: 24
                          46.232.185.0/24 maxlen: 24
                          46.232.186.0/24 maxlen: 24
                          46.232.187.0/24 maxlen: 24
                          46.232.188.0/24 maxlen: 24
                          46.232.189.0/24 maxlen: 24
                          46.232.190.0/24 maxlen: 24
                          46.232.191.0/24 maxlen: 24
                          178.248.240.0/21 maxlen: 24
                          178.248.240.0/24 maxlen: 24
                          178.248.241.0/24 maxlen: 24
                          178.248.242.0/24 maxlen: 24
                          178.248.243.0/24 maxlen: 24
                          178.248.244.0/24 maxlen: 24
                          178.248.245.0/24 maxlen: 24
                          178.248.246.0/24 maxlen: 24
                          178.248.247.0/24 maxlen: 24
                          185.115.24.0/22 maxlen: 24
                          185.115.24.0/23 maxlen: 23
                          185.115.26.0/23 maxlen: 23
                          185.115.26.128/27 maxlen: 27
                          2a02:1308::/29 maxlen: 32
                          2a02:1308::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:ef:24:3a:2c:7a:0f:3f:16:ea:dc:e1:3c:e1:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07fa540a25432e2aa4dca057845c359d214886f7
        Validity
            Not Before: Jan  1 21:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1cd075b03ac5f56504ad20ae2d46b4695b7f2f76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:8d:05:bc:5e:14:8b:00:ef:3a:38:f1:ab:f0:
                    15:b0:4b:83:60:ce:7e:53:4c:ae:76:48:9f:c2:df:
                    84:f7:36:60:ab:ef:be:69:4b:f7:e0:e4:c4:21:47:
                    d9:91:6e:9e:a5:d4:35:7e:82:6a:15:7e:af:e9:0d:
                    94:97:ef:6b:e2:d8:32:5d:ae:1d:16:3e:7f:80:b1:
                    3a:28:55:c5:ef:52:3e:5f:5a:23:e6:9b:83:cb:0c:
                    33:cb:45:1a:fb:4a:c6:a5:17:d0:33:e8:21:36:a1:
                    cb:15:5a:cd:af:6d:ab:98:87:37:3e:47:fc:5f:a0:
                    26:2a:06:f5:83:28:a7:03:e2:e3:f0:42:e8:99:86:
                    69:a4:95:e2:30:83:25:ec:e1:92:8a:7d:2a:b5:bd:
                    b9:a9:b9:ad:d2:3d:2c:34:aa:b7:6a:fc:e5:3c:03:
                    56:e2:f2:98:79:84:26:f4:3b:77:41:e9:ac:05:08:
                    de:84:a2:45:1f:67:08:1b:ab:4b:5d:35:0d:68:1b:
                    41:22:59:97:c0:84:0f:17:e0:1a:d8:d1:b5:47:ce:
                    50:80:a8:ee:d1:a4:c1:c3:95:f1:cb:61:b6:10:f3:
                    17:16:ce:7f:cd:5b:fe:57:f7:e9:23:7e:03:02:9d:
                    4c:88:cb:ab:21:54:ba:50:ca:b7:3f:d2:dd:ec:24:
                    1c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:D0:75:B0:3A:C5:F5:65:04:AD:20:AE:2D:46:B4:69:5B:7F:2F:76
            X509v3 Authority Key Identifier:
                keyid:07:FA:54:0A:25:43:2E:2A:A4:DC:A0:57:84:5C:35:9D:21:48:86:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_pUCiVDLiqk3KBXhFw1nSFIhvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/HNB1sDrF9WUErSCuLUa0aVt_L3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/B_pUCiVDLiqk3KBXhFw1nSFIhvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.232.184.0/21
                  178.248.240.0/21
                  185.115.24.0/22
                IPv6:
                  2a02:1308::/29

    Signature Algorithm: sha256WithRSAEncryption
         b5:30:6b:40:f4:9b:93:0a:73:d1:af:30:4c:fd:e0:bc:7f:4d:
         d1:66:dd:9f:19:46:40:a6:80:b1:ce:95:9d:a5:ed:19:ab:c3:
         02:2b:b5:b5:5a:7b:04:df:81:c2:ea:1b:83:e7:3b:ec:fd:82:
         bb:90:d8:a7:71:7e:8b:95:a2:8e:18:db:33:1f:26:cf:48:71:
         87:c7:ba:bd:fd:ac:94:87:82:11:fc:11:d2:6c:f4:78:1f:e8:
         f0:cc:42:3e:e5:e0:0e:b7:99:29:d4:be:db:a4:be:d4:c2:d2:
         ac:a5:07:c9:67:b2:a0:18:e9:fe:b0:5b:af:8d:0b:b7:9d:e2:
         4b:01:77:64:2f:00:32:cc:8a:6b:81:2f:b6:a3:8d:d3:fe:c2:
         f2:1a:38:06:b8:4e:93:d9:ac:b4:af:6b:51:b2:50:e5:79:10:
         01:5f:24:d2:54:de:e4:9f:5b:7d:22:7c:56:a2:70:07:91:6d:
         7a:94:92:63:f9:71:7c:ff:c4:22:ca:59:6a:f1:7c:5f:e0:74:
         71:b9:02:d4:e9:b8:c5:4b:b6:59:fa:21:77:40:e6:c7:41:83:
         44:8c:b5:52:5e:b4:d1:07:16:bc:ba:08:e3:fd:ae:2f:3e:f7:
         12:7d:44:e5:c2:f7:eb:5f:25:bb:5c:cd:84:7c:f6:2b:1a:65:
         5a:80:d6:b7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQj1+8kOix6Dz8W6tzhPOF5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZmE1NDBhMjU0MzJlMmFhNGRjYTA1Nzg0NWMzNTlkMjE0
ODg2ZjcwHhcNMjUwMTAxMjE0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2QwNzViMDNhYzVmNTY1MDRhZDIwYWUyZDQ2YjQ2OTViN2YyZjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAro0FvF4UiwDvOjjxq/AVsEuDYM5+
U0yudkifwt+E9zZgq+++aUv34OTEIUfZkW6epdQ1foJqFX6v6Q2Ul+9r4tgyXa4d
Fj5/gLE6KFXF71I+X1oj5puDywwzy0Ua+0rGpRfQM+ghNqHLFVrNr22rmIc3Pkf8
X6AmKgb1gyinA+Lj8ELomYZppJXiMIMl7OGSin0qtb25qbmt0j0sNKq3avzlPANW
4vKYeYQm9Dt3QemsBQjehKJFH2cIG6tLXTUNaBtBIlmXwIQPF+Aa2NG1R85QgKju
0aTBw5Xxy2G2EPMXFs5/zVv+V/fpI34DAp1MiMurIVS6UMq3P9Ld7CQcEwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFBzQdbA6xfVlBK0gri1GtGlbfy92MB8GA1UdIwQY
MBaAFAf6VAolQy4qpNygV4RcNZ0hSIb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9wVUNpVkRMaXFrM0tCWGhGdzFuU0ZJaHZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80MzA3ZDEtYjYwOC00NTgxLTk5MmMt
NzUzNzQxYTgwZTk0LzEvSE5CMXNEckY5V1VFclNDdUxVYTBhVnRfTDNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80MzA3ZDEtYjYwOC00NTgxLTk5MmMtNzUzNzQxYTgwZTk0
LzEvQl9wVUNpVkRMaXFrM0tCWGhGdzFuU0ZJaHZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDLui4AwQD
svjwAwQCuXMYMA0EAgACMAcDBQMqAhMIMA0GCSqGSIb3DQEBCwUAA4IBAQC1MGtA
9JuTCnPRrzBM/eC8f03RZt2fGUZApoCxzpWdpe0Zq8MCK7W1WnsE34HC6huD5zvs
/YK7kNincX6LlaKOGNszHybPSHGHx7q9/ayUh4IR/BHSbPR4H+jwzEI+5eAOt5kp
1L7bpL7UwtKspQfJZ7KgGOn+sFuvjQu3neJLAXdkLwAyzIprgS+2o43T/sLyGjgG
uE6T2ay0r2tRslDleRABXyTSVN7kn1t9InxWonAHkW16lJJj+XF8/8Qiyllq8Xxf
4HRxuQLU6bjFS7ZZ+iF3QObHQYNEjLVSXrTRBxa8ugjj/a4vPvcSfUTlwvfrXyW7
XM2EfPYrGmVagNa3
-----END CERTIFICATE-----