Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/K0PX8tAD77x55aOB4lGVD3Te4QM.roa
File:                     K0PX8tAD77x55aOB4lGVD3Te4QM.roa (raw, json)
Hash identifier:          UD1F2ZNVLCoZ48JUjpO0xFjx7uROUMFlQ4rjADgkheg=
Subject key identifier:   2B:43:D7:F2:D0:03:EF:BC:79:E5:A3:81:E2:51:95:0F:74:DE:E1:03
Certificate issuer:       /CN=5a43e9e267956e7f262c17f0089f0f60ba7abefb
Certificate serial:       019425FD81823865E2B33532993CEFAB6EC6
Authority key identifier: 5A:43:E9:E2:67:95:6E:7F:26:2C:17:F0:08:9F:0F:60:BA:7A:BE:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WkPp4meVbn8mLBfwCJ8PYLp6vvs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/K0PX8tAD77x55aOB4lGVD3Te4QM.roa
Signing time:             Thu 02 Jan 2025 07:49:18 +0000
ROA not before:           Thu 02 Jan 2025 07:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43987
IP address blocks:        46.49.132.0/24 maxlen: 24
                          46.49.135.0/24 maxlen: 24
                          46.49.140.0/24 maxlen: 24
                          46.49.143.0/24 maxlen: 24
                          46.49.144.0/24 maxlen: 24
                          46.49.173.0/24 maxlen: 24
                          46.49.210.0/24 maxlen: 24
                          95.177.148.0/24 maxlen: 24
                          95.177.149.0/24 maxlen: 24
                          95.177.156.0/23 maxlen: 23
                          95.177.192.0/19 maxlen: 19
                          95.177.192.0/20 maxlen: 20
                          95.177.224.0/19 maxlen: 19
                          2a02:df5::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:81:82:38:65:e2:b3:35:32:99:3c:ef:ab:6e:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a43e9e267956e7f262c17f0089f0f60ba7abefb
        Validity
            Not Before: Jan  2 07:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b43d7f2d003efbc79e5a381e251950f74dee103
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:bf:89:41:ab:4d:1d:a9:a1:e9:69:69:f2:05:
                    31:7f:d0:73:4f:43:e0:06:8d:39:76:f6:40:c7:d3:
                    df:62:7f:74:c6:6d:4d:c4:c2:48:33:d0:d8:47:bb:
                    0e:ba:4a:76:e7:17:13:a7:ef:d4:2a:c7:07:0a:34:
                    79:93:9e:2b:b3:ae:df:d1:c3:a0:17:23:73:c1:4f:
                    8d:4e:f0:98:2b:92:35:f1:11:d7:ea:a9:ba:54:21:
                    87:03:64:2b:1d:2f:36:d0:df:34:ef:c6:69:7c:77:
                    1f:0d:13:28:1f:49:e4:fb:b7:2b:02:a4:93:8f:f4:
                    dc:1f:08:86:3a:6e:bc:3a:e0:b7:ff:f7:f8:f5:2f:
                    ab:a9:be:7d:5f:7b:ff:32:d5:98:08:25:c4:90:85:
                    b5:39:07:0e:5f:4e:a1:f7:6f:21:a7:af:9e:b1:ee:
                    a6:28:3e:6b:c5:96:58:c5:64:1a:ac:d2:75:74:af:
                    11:9e:65:7d:de:d8:d7:00:14:2b:bb:b3:6e:f3:30:
                    22:c7:19:42:9a:b4:ff:54:63:66:6d:83:e4:9e:61:
                    ce:90:0d:5a:1e:53:a0:75:c7:fa:83:b9:72:2d:c6:
                    6e:ef:85:4b:17:6d:d4:fa:c8:17:bb:44:e9:3b:09:
                    cc:73:cb:15:4a:00:d1:cc:6f:1b:93:79:30:22:d3:
                    3e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:43:D7:F2:D0:03:EF:BC:79:E5:A3:81:E2:51:95:0F:74:DE:E1:03
            X509v3 Authority Key Identifier:
                keyid:5A:43:E9:E2:67:95:6E:7F:26:2C:17:F0:08:9F:0F:60:BA:7A:BE:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WkPp4meVbn8mLBfwCJ8PYLp6vvs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/K0PX8tAD77x55aOB4lGVD3Te4QM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/WkPp4meVbn8mLBfwCJ8PYLp6vvs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.49.132.0/24
                  46.49.135.0/24
                  46.49.140.0/24
                  46.49.143.0-46.49.144.255
                  46.49.173.0/24
                  46.49.210.0/24
                  95.177.148.0/23
                  95.177.156.0/23
                  95.177.192.0/18
                IPv6:
                  2a02:df5::/32

    Signature Algorithm: sha256WithRSAEncryption
         37:a4:28:f6:61:b7:30:31:f0:f9:38:11:86:4d:65:e0:7b:c9:
         1f:96:3e:99:94:0b:0f:66:88:26:6d:f4:e0:26:b8:fa:5a:8a:
         0c:81:75:b3:4b:bb:05:65:51:3e:b7:cd:71:72:eb:6a:d6:70:
         90:43:57:bf:f4:50:2c:33:87:af:b9:2d:4d:99:0f:88:59:70:
         be:fb:0e:c4:db:69:a4:38:c2:8b:e3:4e:29:40:6f:ed:ad:c0:
         ad:28:f8:c5:57:d0:fa:44:65:4e:39:52:7e:96:62:d3:ca:7a:
         1c:0e:09:6c:29:fe:f8:9c:e4:68:fe:af:6d:c2:61:9d:3e:5f:
         37:9f:d3:85:e9:01:10:28:37:a6:b8:53:97:21:7e:67:ae:ba:
         d4:3c:3c:b5:c2:95:dc:fb:f3:5c:b2:eb:13:be:18:f3:3b:12:
         80:32:5b:be:a3:b1:08:c9:48:09:09:89:27:db:90:a9:ee:b7:
         35:a1:fe:f8:f8:91:0d:0e:5e:09:c2:81:d4:af:24:90:6d:50:
         56:31:9e:b3:3f:41:eb:24:27:8f:81:4a:76:01:2b:19:72:00:
         32:e3:eb:6a:55:d4:9f:c7:0e:6c:21:21:68:c0:9f:36:ee:a3:
         a3:d9:0e:7a:9d:01:32:8b:8f:f0:92:b0:1f:99:ad:2f:65:f5:
         08:39:88:34
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZQl/YGCOGXiszUymTzvq27GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNDNlOWUyNjc5NTZlN2YyNjJjMTdmMDA4OWYwZjYwYmE3
YWJlZmIwHhcNMjUwMTAyMDc0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjQzZDdmMmQwMDNlZmJjNzllNWEzODFlMjUxOTUwZjc0ZGVlMTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzL+JQatNHamh6Wlp8gUxf9BzT0Pg
Bo05dvZAx9PfYn90xm1NxMJIM9DYR7sOukp25xcTp+/UKscHCjR5k54rs67f0cOg
FyNzwU+NTvCYK5I18RHX6qm6VCGHA2QrHS820N8078ZpfHcfDRMoH0nk+7crAqST
j/TcHwiGOm68OuC3//f49S+rqb59X3v/MtWYCCXEkIW1OQcOX06h928hp6+ese6m
KD5rxZZYxWQarNJ1dK8RnmV93tjXABQru7Nu8zAixxlCmrT/VGNmbYPknmHOkA1a
HlOgdcf6g7lyLcZu74VLF23U+sgXu0TpOwnMc8sVSgDRzG8bk3kwItM+/wIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFCtD1/LQA++8eeWjgeJRlQ903uEDMB8GA1UdIwQY
MBaAFFpD6eJnlW5/JiwX8AifD2C6er77MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2tQcDRtZVZibjhtTEJmd0NKOFBZTHA2dnZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8wNjQ0NGMtOWQ5Yi00YzZiLTk1MGIt
NzljODk4N2E4YjFjLzEvSzBQWDh0QUQ3N3g1NWFPQjRsR1ZEM1RlNFFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8wNjQ0NGMtOWQ5Yi00YzZiLTk1MGItNzljODk4N2E4YjFj
LzEvV2tQcDRtZVZibjhtTEJmd0NKOFBZTHA2dnZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBEBAIAATA+AwQALjGEAwQA
LjGHAwQALjGMMAwDBAAuMY8DBAAuMZADBAAuMa0DBAAuMdIDBAFfsZQDBAFfsZwD
BAZfscAwDQQCAAIwBwMFACoCDfUwDQYJKoZIhvcNAQELBQADggEBADekKPZhtzAx
8Pk4EYZNZeB7yR+WPpmUCw9miCZt9OAmuPpaigyBdbNLuwVlUT63zXFy62rWcJBD
V7/0UCwzh6+5LU2ZD4hZcL77DsTbaaQ4wovjTilAb+2twK0o+MVX0PpEZU45Un6W
YtPKehwOCWwp/vic5Gj+r23CYZ0+Xzef04XpARAoN6a4U5chfmeuutQ8PLXCldz7
81yy6xO+GPM7EoAyW76jsQjJSAkJiSfbkKnutzWh/vj4kQ0OXgnCgdSvJJBtUFYx
nrM/QeskJ4+BSnYBKxlyADLj62pV1J/HDmwhIWjAnzbuo6PZDnqdATKLj/CSsB+Z
rS9l9Qg5iDQ=
-----END CERTIFICATE-----