Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/n3TmmWETd6610xi_yPmZrVn_u10.roa
File:                     n3TmmWETd6610xi_yPmZrVn_u10.roa (raw, json)
Hash identifier:          vFqnx/wE/fOT9dcc1195MakzcC3IWX2PMXrTHwg2qSA=
Subject key identifier:   9F:74:E6:99:61:13:77:AE:B5:D3:18:BF:C8:F9:99:AD:59:FF:BB:5D
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       018F8543CF36C359DE1B5039B46AEA3A8A39
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/n3TmmWETd6610xi_yPmZrVn_u10.roa
Signing time:             Fri 17 May 2024 06:36:04 +0000
ROA not before:           Fri 17 May 2024 06:36:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        194.64.89.0/24 maxlen: 24
                          194.163.68.0/24 maxlen: 24
                          194.163.92.0/24 maxlen: 24
                          194.233.31.0/24 maxlen: 24
                          194.233.148.0/24 maxlen: 24
                          194.233.149.0/24 maxlen: 24
                          194.233.151.0/24 maxlen: 24
                          195.180.128.0/22 maxlen: 24
                          195.180.157.0/24 maxlen: 24
                          195.252.175.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:85:43:cf:36:c3:59:de:1b:50:39:b4:6a:ea:3a:8a:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: May 17 06:36:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f74e699611377aeb5d318bfc8f999ad59ffbb5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:f8:18:62:5b:ef:e6:e5:b8:98:b2:ba:7e:cc:
                    c5:ce:4c:fa:75:fb:c7:e6:5b:80:de:d0:a0:80:0e:
                    48:64:c8:c8:b6:6a:d9:c2:10:88:ce:6b:0f:5f:94:
                    13:2d:b0:cc:74:a4:19:a8:6a:fc:59:8c:e4:20:d8:
                    1e:2f:43:f4:6a:4d:8e:78:a4:52:ed:17:01:e1:dd:
                    f7:35:ce:87:7d:60:5f:0d:3b:2b:30:23:7f:58:a0:
                    11:65:93:60:fa:18:5b:36:ef:96:fd:d7:23:33:6a:
                    29:32:9e:c1:44:05:6e:c2:a0:42:c5:d0:a0:08:8b:
                    62:7f:72:d6:c6:37:ac:61:9e:be:94:62:dc:01:a1:
                    fa:05:8f:e9:3d:17:67:78:8e:47:bc:15:2f:f9:08:
                    8b:61:93:eb:64:3e:88:87:2e:be:4b:e3:8c:f0:c0:
                    2d:62:32:4d:b1:35:1f:69:d4:86:e7:c9:cd:88:10:
                    d9:21:34:f4:5c:ba:9e:15:37:f9:ee:17:b6:45:5f:
                    a0:01:05:91:6d:ed:1d:1f:3b:09:e1:fb:d5:2e:6c:
                    57:de:ef:1e:8a:c9:20:5f:74:d8:27:7c:82:05:c3:
                    62:ec:8e:59:d8:33:22:63:b7:6d:44:69:d7:aa:87:
                    f3:cb:ae:36:da:e3:6c:c9:fe:78:c6:62:ce:dd:b9:
                    c8:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:74:E6:99:61:13:77:AE:B5:D3:18:BF:C8:F9:99:AD:59:FF:BB:5D
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/n3TmmWETd6610xi_yPmZrVn_u10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.64.89.0/24
                  194.163.68.0/24
                  194.163.92.0/24
                  194.233.31.0/24
                  194.233.148.0/23
                  194.233.151.0/24
                  195.180.128.0/22
                  195.180.157.0/24
                  195.252.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:51:bc:2c:47:9f:b8:2b:94:ec:6f:32:14:8e:f1:81:14:f2:
         f4:ed:e3:00:71:7f:f6:27:21:ff:6b:05:85:ca:19:19:e5:c5:
         5b:a7:b4:f2:6a:6f:4a:05:3c:51:68:77:b7:9e:60:88:9e:cf:
         58:93:8d:fb:36:a6:fb:8b:05:cf:c0:65:3c:ea:22:ce:ef:4a:
         7e:14:a1:15:bd:a6:52:5c:05:b9:1d:03:1c:cb:1a:69:af:d0:
         9c:63:27:f3:90:55:43:2d:c0:bf:fd:30:94:98:d7:92:8e:51:
         5b:d3:39:d9:7c:20:b0:df:36:45:d1:a1:a3:ac:a7:70:d6:6e:
         ec:98:24:72:fa:7a:a5:8b:21:45:fe:0c:5c:e4:a1:64:23:f4:
         e1:5c:2b:a8:a0:84:e9:df:e3:5e:db:ba:43:47:72:4e:a7:ca:
         34:72:81:55:28:9f:c7:57:09:d1:34:73:bb:35:28:08:75:1c:
         bc:97:2c:49:ca:5c:19:7e:d3:9d:44:8e:62:8f:fe:99:b4:e9:
         04:5f:09:a0:99:92:d7:66:5b:cb:93:6a:64:7d:ef:91:b8:b8:
         7d:1a:d1:9d:96:4f:73:81:a1:df:26:4d:c6:eb:90:1d:60:c3:
         8b:a0:4b:d7:0e:4a:14:c6:10:df:5f:13:b1:52:62:5a:2e:82:
         d2:00:fe:18
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY+FQ882w1neG1A5tGrqOoo5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjQwNTE3MDYzNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjc0ZTY5OTYxMTM3N2FlYjVkMzE4YmZjOGY5OTlhZDU5ZmZiYjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/gYYlvv5uW4mLK6fszFzkz6dfvH
5luA3tCggA5IZMjItmrZwhCIzmsPX5QTLbDMdKQZqGr8WYzkINgeL0P0ak2OeKRS
7RcB4d33Nc6HfWBfDTsrMCN/WKARZZNg+hhbNu+W/dcjM2opMp7BRAVuwqBCxdCg
CItif3LWxjesYZ6+lGLcAaH6BY/pPRdneI5HvBUv+QiLYZPrZD6Ihy6+S+OM8MAt
YjJNsTUfadSG58nNiBDZITT0XLqeFTf57he2RV+gAQWRbe0dHzsJ4fvVLmxX3u8e
iskgX3TYJ3yCBcNi7I5Z2DMiY7dtRGnXqofzy6422uNsyf54xmLO3bnI5QIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFJ905plhE3eutdMYv8j5ma1Z/7tdMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvbjNUbW1XRVRkNjYxMHhpX3lQbVpyVm5fdTEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAwkBZAwQA
wqNEAwQAwqNcAwQAwukfAwQBwumUAwQAwumXAwQCw7SAAwQAw7SdAwQAw/yvMA0G
CSqGSIb3DQEBCwUAA4IBAQCTUbwsR5+4K5TsbzIUjvGBFPL07eMAcX/2JyH/awWF
yhkZ5cVbp7Tyam9KBTxRaHe3nmCIns9Yk437Nqb7iwXPwGU86iLO70p+FKEVvaZS
XAW5HQMcyxppr9CcYyfzkFVDLcC//TCUmNeSjlFb0znZfCCw3zZF0aGjrKdw1m7s
mCRy+nqliyFF/gxc5KFkI/ThXCuooITp3+Ne27pDR3JOp8o0coFVKJ/HVwnRNHO7
NSgIdRy8lyxJylwZftOdRI5ij/6ZtOkEXwmgmZLXZlvLk2pkfe+RuLh9GtGdlk9z
gaHfJk3G65AdYMOLoEvXDkoUxhDfXxOxUmJaLoLSAP4Y
-----END CERTIFICATE-----