Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/1-UpcvmqP2Zg3P8iZnI5Q3VL3YyQ.roa
File:                     1-UpcvmqP2Zg3P8iZnI5Q3VL3YyQ.roa (raw, json)
Hash identifier:          w6NaQBf+M0GNbwP5MhanHHVSHAGunr4TXTZDdJP4gEo=
Subject key identifier:   F9:4A:5C:BE:6A:8F:D9:98:37:3F:C8:99:9C:8E:50:DD:52:F7:63:24
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019424B2F5B1BE19EF20DD808EE024619F9B
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/1-UpcvmqP2Zg3P8iZnI5Q3VL3YyQ.roa
Signing time:             Thu 02 Jan 2025 01:48:15 +0000
ROA not before:           Thu 02 Jan 2025 01:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59993
IP address blocks:        159.148.73.0/24 maxlen: 24
                          159.148.74.0/24 maxlen: 24
                          159.148.77.0/24 maxlen: 24
                          159.148.98.0/24 maxlen: 24
                          159.148.121.0/24 maxlen: 24
                          159.148.129.0/24 maxlen: 24
                          159.148.159.0/24 maxlen: 24
                          159.148.182.0/24 maxlen: 24
                          159.148.183.0/24 maxlen: 24
                          159.148.185.0/24 maxlen: 24
                          159.148.204.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:f5:b1:be:19:ef:20:dd:80:8e:e0:24:61:9f:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 01:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f94a5cbe6a8fd998373fc8999c8e50dd52f76324
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e3:89:a8:51:99:25:29:0d:9f:db:02:64:fe:
                    e2:52:6b:fd:24:cf:c8:56:d4:cc:e2:6c:f5:d0:e4:
                    c8:e0:ad:50:b1:d5:3b:a5:ac:8f:92:0d:9d:ba:11:
                    e1:12:d1:d3:24:76:69:f7:16:93:27:59:c3:f8:c0:
                    58:ba:8e:8e:8a:e3:43:fa:42:31:3d:a2:5e:1c:9d:
                    91:8d:6d:69:e7:87:4b:cd:c7:ff:c3:e5:b5:eb:7d:
                    b5:0f:aa:8f:98:a2:e4:c8:cb:5a:42:11:19:36:0d:
                    ad:6c:b0:c4:ba:e0:06:c0:48:6c:0d:fa:fb:ad:41:
                    97:a4:2f:f0:6c:a8:5c:52:ee:2c:67:bd:cc:5e:20:
                    c4:99:00:72:ea:25:2b:2f:aa:73:fe:1e:75:04:b3:
                    16:b3:db:53:38:27:82:dc:6c:60:0d:67:56:e5:2f:
                    7f:a5:09:69:34:e8:c6:a1:16:66:2b:5a:c4:01:4e:
                    95:e1:fc:9e:1a:32:e3:17:1c:ef:66:58:1c:27:59:
                    41:0b:a9:eb:e0:35:24:23:42:c4:2a:c6:6e:ef:29:
                    84:12:c6:e4:73:98:f0:ca:da:55:44:2a:76:15:28:
                    8a:6e:3d:0e:2b:42:1b:7d:30:dd:e2:25:67:24:e4:
                    c7:29:55:95:e5:d8:19:86:41:3b:a0:6d:0a:0f:76:
                    68:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:4A:5C:BE:6A:8F:D9:98:37:3F:C8:99:9C:8E:50:DD:52:F7:63:24
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/1-UpcvmqP2Zg3P8iZnI5Q3VL3YyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.73.0-159.148.74.255
                  159.148.77.0/24
                  159.148.98.0/24
                  159.148.121.0/24
                  159.148.129.0/24
                  159.148.159.0/24
                  159.148.182.0/23
                  159.148.185.0/24
                  159.148.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:66:39:28:bc:4f:f0:25:3a:0e:52:af:b1:12:3b:f5:a2:ce:
         b0:ae:dd:9c:07:6b:08:ef:cd:53:1e:c8:71:09:71:90:f9:c1:
         de:06:21:d4:da:23:50:aa:91:50:37:fd:9e:c9:85:94:90:02:
         a3:9f:2d:4b:9c:0a:ad:d9:45:1c:1d:91:62:87:be:c3:90:5f:
         12:08:73:03:cf:24:fb:ea:b8:87:07:66:40:cd:e8:cb:92:e7:
         2a:75:e6:e3:e3:f3:ee:a5:ef:2f:62:cd:41:1e:ed:27:80:44:
         73:94:29:f1:45:66:d8:72:23:ad:97:0b:66:8b:a8:75:67:d7:
         30:0d:5e:85:f3:e0:f3:85:f8:ef:92:c7:29:ce:95:f3:2c:f7:
         51:f8:13:47:69:d5:ed:47:05:19:70:78:06:91:57:5c:d1:89:
         14:08:70:27:b4:b5:4a:2c:80:ee:3a:9d:34:c9:cf:a1:d7:c4:
         19:54:21:94:ef:ff:45:6b:e0:5d:cb:85:95:5a:8a:56:31:b5:
         b8:95:aa:02:90:32:40:19:df:bd:21:63:1b:9c:91:16:a1:d4:
         01:40:5e:d0:e8:cd:3e:ce:d1:29:a4:61:b8:f1:b7:4a:f2:c4:
         23:cf:3c:b4:d6:11:14:73:e1:f6:55:5e:0d:69:80:78:2f:19:
         2f:c4:c1:4e
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZQksvWxvhnvIN2AjuAkYZ+bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjUwMTAyMDE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTRhNWNiZTZhOGZkOTk4MzczZmM4OTk5YzhlNTBkZDUyZjc2MzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzeOJqFGZJSkNn9sCZP7iUmv9JM/I
VtTM4mz10OTI4K1QsdU7payPkg2duhHhEtHTJHZp9xaTJ1nD+MBYuo6OiuND+kIx
PaJeHJ2RjW1p54dLzcf/w+W16321D6qPmKLkyMtaQhEZNg2tbLDEuuAGwEhsDfr7
rUGXpC/wbKhcUu4sZ73MXiDEmQBy6iUrL6pz/h51BLMWs9tTOCeC3GxgDWdW5S9/
pQlpNOjGoRZmK1rEAU6V4fyeGjLjFxzvZlgcJ1lBC6nr4DUkI0LEKsZu7ymEEsbk
c5jwytpVRCp2FSiKbj0OK0IbfTDd4iVnJOTHKVWV5dgZhkE7oG0KD3ZoFQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFPlKXL5qj9mYNz/ImZyOUN1S92MkMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvMS1VcGN2bXFQMlpnM1A4aVpuSTVRM1ZMM1l5US5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGUvMzU1NWZlLTEyY2QtNDAyYS1hODEwLTU1NTRkNmUxNjg2
Zi8xL3F3bFN5THFOcmJIVFRlYkdxVGhrcGduOFFldy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBXBggrBgEFBQcBBwEB/wRIMEYwRAQCAAEwPjAMAwQAn5RJ
AwQAn5RKAwQAn5RNAwQAn5RiAwQAn5R5AwQAn5SBAwQAn5SfAwQBn5S2AwQAn5S5
AwQAn5TMMA0GCSqGSIb3DQEBCwUAA4IBAQCYZjkovE/wJToOUq+xEjv1os6wrt2c
B2sI781THshxCXGQ+cHeBiHU2iNQqpFQN/2eyYWUkAKjny1LnAqt2UUcHZFih77D
kF8SCHMDzyT76riHB2ZAzejLkucqdebj4/Pupe8vYs1BHu0ngERzlCnxRWbYciOt
lwtmi6h1Z9cwDV6F8+DzhfjvkscpzpXzLPdR+BNHadXtRwUZcHgGkVdc0YkUCHAn
tLVKLIDuOp00yc+h18QZVCGU7/9Fa+Bdy4WVWopWMbW4laoCkDJAGd+9IWMbnJEW
odQBQF7Q6M0+ztEppGG48bdK8sQjzzy01hEUc+H2VV4NaYB4LxkvxMFO
-----END CERTIFICATE-----