Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/ODd8DeYWJ-4Rccerl7KrPsJeiT0.roa
File:                     ODd8DeYWJ-4Rccerl7KrPsJeiT0.roa (raw, json)
Hash identifier:          qyclr/AJ0nkC6PlEZyk0lP0gJBzTP7J+CIFN+QfMzqg=
Subject key identifier:   38:37:7C:0D:E6:16:27:EE:11:71:C7:AB:97:B2:AB:3E:C2:5E:89:3D
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       019417E481DCD99E3DCB9AB0905819EA23E3
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/ODd8DeYWJ-4Rccerl7KrPsJeiT0.roa
Signing time:             Mon 30 Dec 2024 14:07:18 +0000
ROA not before:           Mon 30 Dec 2024 14:07:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        194.64.89.0/24 maxlen: 24
                          194.163.68.0/24 maxlen: 24
                          194.163.80.0/22 maxlen: 24
                          194.163.92.0/24 maxlen: 24
                          194.233.31.0/24 maxlen: 24
                          194.233.148.0/24 maxlen: 24
                          194.233.149.0/24 maxlen: 24
                          194.233.151.0/24 maxlen: 24
                          195.180.128.0/22 maxlen: 24
                          195.180.149.0/24 maxlen: 24
                          195.252.175.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:17:e4:81:dc:d9:9e:3d:cb:9a:b0:90:58:19:ea:23:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Dec 30 14:07:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38377c0de61627ee1171c7ab97b2ab3ec25e893d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c7:1a:23:f6:df:ac:bb:5b:75:0d:e8:23:8e:
                    36:c6:44:9a:1d:79:ce:a3:dd:83:ca:90:00:d9:93:
                    ab:a1:ff:dc:50:6b:02:83:84:1e:32:ef:5f:bc:e1:
                    2b:f3:9f:2d:37:b7:8e:31:35:ff:4d:42:3d:5b:ab:
                    7e:07:c5:f7:50:48:ca:f7:18:c8:90:b7:34:88:25:
                    68:66:de:dc:69:30:7f:27:05:dc:ae:7a:2d:8e:ec:
                    14:32:43:6a:6a:27:af:c0:45:e2:55:0b:4e:94:c1:
                    71:61:62:ca:4f:d5:cd:cb:af:43:25:fe:ae:00:18:
                    b0:0f:40:e5:14:02:9d:80:bd:e2:36:71:ba:2a:02:
                    58:c9:94:b2:77:72:79:68:d5:1d:6a:9a:93:45:56:
                    d9:dc:c4:2a:4e:e3:ca:47:5e:e5:1b:4d:cb:87:52:
                    2e:66:12:ed:cd:8d:90:d8:7b:01:21:75:41:e3:7b:
                    49:86:9d:68:53:b8:9e:6f:97:0a:88:2b:f8:ff:0c:
                    7d:f5:c5:20:30:73:4d:94:11:c1:e3:ec:d0:58:ac:
                    d0:67:db:75:e6:89:4c:4b:a6:ae:62:8d:c1:31:72:
                    12:14:f1:5d:1e:ef:1c:11:39:c5:2b:7e:9c:5f:ea:
                    9b:38:fe:80:17:4b:bd:0e:2a:55:bf:6e:26:09:8b:
                    ed:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:37:7C:0D:E6:16:27:EE:11:71:C7:AB:97:B2:AB:3E:C2:5E:89:3D
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/ODd8DeYWJ-4Rccerl7KrPsJeiT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.64.89.0/24
                  194.163.68.0/24
                  194.163.80.0/22
                  194.163.92.0/24
                  194.233.31.0/24
                  194.233.148.0/23
                  194.233.151.0/24
                  195.180.128.0/22
                  195.180.149.0/24
                  195.252.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:24:75:2f:ab:2e:0f:5c:6e:a5:7a:b6:47:91:0f:27:58:f8:
         86:4a:e0:c4:e3:4c:0c:81:be:d3:ee:22:1c:d3:1c:66:49:4a:
         e2:47:40:31:ee:88:4f:ee:9c:de:5d:48:27:0b:23:ae:18:b7:
         9f:31:8e:35:be:64:35:9b:cc:dc:ef:62:a0:9d:68:4a:ea:0f:
         46:20:d9:c9:b1:55:3c:c5:54:7b:26:6b:0f:13:26:2d:f4:c0:
         5e:d5:ab:92:6e:4a:55:06:54:10:04:8e:bc:91:b0:ae:d5:f9:
         2f:8b:21:7c:c5:8a:f8:c3:e5:c5:73:41:31:88:9a:6b:ca:e6:
         2b:f2:3a:08:51:8a:72:e7:02:07:56:55:ca:f9:3c:be:5e:48:
         42:dd:b6:39:11:af:27:6f:bc:eb:06:44:51:fe:fa:02:61:11:
         8a:33:85:34:ee:53:af:d1:56:90:65:cc:fd:f1:be:36:a2:9e:
         e6:7c:dc:2a:b9:3d:b0:17:dc:da:01:01:80:ae:2a:23:3b:ac:
         9c:17:f2:30:98:c4:b7:a2:e2:3b:39:b8:1c:f5:af:b3:a4:5b:
         2f:4f:35:ce:e5:2b:82:ae:9e:53:48:b6:7b:cd:a4:ae:42:65:
         9a:49:a3:27:9f:d2:cb:a9:46:81:cf:85:72:33:a5:dd:62:92:
         dc:6a:a1:54
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZQX5IHc2Z49y5qwkFgZ6iPjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjQxMjMwMTQwNzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODM3N2MwZGU2MTYyN2VlMTE3MWM3YWI5N2IyYWIzZWMyNWU4OTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoccaI/bfrLtbdQ3oI442xkSaHXnO
o92DypAA2ZOrof/cUGsCg4QeMu9fvOEr858tN7eOMTX/TUI9W6t+B8X3UEjK9xjI
kLc0iCVoZt7caTB/JwXcrnotjuwUMkNqaievwEXiVQtOlMFxYWLKT9XNy69DJf6u
ABiwD0DlFAKdgL3iNnG6KgJYyZSyd3J5aNUdapqTRVbZ3MQqTuPKR17lG03Lh1Iu
ZhLtzY2Q2HsBIXVB43tJhp1oU7ieb5cKiCv4/wx99cUgMHNNlBHB4+zQWKzQZ9t1
5olMS6auYo3BMXISFPFdHu8cETnFK36cX+qbOP6AF0u9DipVv24mCYvthwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFDg3fA3mFifuEXHHq5eyqz7CXok9MB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvT0RkOERlWVdKLTRSY2Nlcmw3S3JQc0plaVQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAwkBZAwQA
wqNEAwQCwqNQAwQAwqNcAwQAwukfAwQBwumUAwQAwumXAwQCw7SAAwQAw7SVAwQA
w/yvMA0GCSqGSIb3DQEBCwUAA4IBAQALJHUvqy4PXG6lerZHkQ8nWPiGSuDE40wM
gb7T7iIc0xxmSUriR0Ax7ohP7pzeXUgnCyOuGLefMY41vmQ1m8zc72KgnWhK6g9G
INnJsVU8xVR7JmsPEyYt9MBe1auSbkpVBlQQBI68kbCu1fkviyF8xYr4w+XFc0Ex
iJpryuYr8joIUYpy5wIHVlXK+Ty+XkhC3bY5Ea8nb7zrBkRR/voCYRGKM4U07lOv
0VaQZcz98b42op7mfNwquT2wF9zaAQGAriojO6ycF/IwmMS3ouI7Obgc9a+zpFsv
TzXO5SuCrp5TSLZ7zaSuQmWaSaMnn9LLqUaBz4VyM6XdYpLcaqFU
-----END CERTIFICATE-----