Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/lJl9Wdf0TZSKM5_83j0RlH6RdPQ.roa
File:                     lJl9Wdf0TZSKM5_83j0RlH6RdPQ.roa (raw, json)
Hash identifier:          +Zm8oh5/P9KNWP0bY0zW3bC1IQqfg4P5gZr4FjWzSL4=
Subject key identifier:   94:99:7D:59:D7:F4:4D:94:8A:33:9F:FC:DE:3D:11:94:7E:91:74:F4
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       01914C263BCDD288780FB85DA5DAA0C4F9AD
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/lJl9Wdf0TZSKM5_83j0RlH6RdPQ.roa
Signing time:             Tue 13 Aug 2024 14:30:59 +0000
ROA not before:           Tue 13 Aug 2024 14:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46573
IP address blocks:        89.249.192.0/24 maxlen: 24
                          89.249.193.0/24 maxlen: 24
                          89.249.194.0/24 maxlen: 24
                          89.249.195.0/24 maxlen: 24
                          212.42.192.0/24 maxlen: 24
                          212.42.193.0/24 maxlen: 24
                          212.42.194.0/24 maxlen: 24
                          212.42.195.0/24 maxlen: 24
                          212.42.196.0/24 maxlen: 24
                          212.42.199.0/24 maxlen: 24
                          212.42.200.0/24 maxlen: 24
                          212.42.203.0/24 maxlen: 24
                          212.42.206.0/24 maxlen: 24
                          212.42.207.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4c:26:3b:cd:d2:88:78:0f:b8:5d:a5:da:a0:c4:f9:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Aug 13 14:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94997d59d7f44d948a339ffcde3d11947e9174f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:37:b9:d0:22:ca:cb:cc:a4:c3:b5:13:c8:b8:
                    b8:a2:f5:a1:0c:a0:6e:be:21:9f:09:b1:ce:7e:a6:
                    01:e9:2f:08:2e:13:2a:00:61:56:16:4f:0e:33:62:
                    ba:91:08:88:87:18:d8:90:a7:b2:66:21:70:d2:6d:
                    10:66:8a:95:1b:8c:18:39:2f:6e:20:ff:d1:f2:91:
                    03:a3:66:9c:55:dd:8f:92:41:8c:82:cd:c8:1d:cf:
                    64:52:4e:41:68:eb:b3:5f:65:d4:12:f7:b5:c8:91:
                    15:9a:2a:36:b0:79:1c:35:a7:e1:b0:82:a4:d6:6f:
                    af:ec:46:05:63:a1:17:52:83:5a:3d:21:03:c1:8d:
                    23:07:e4:10:a2:e0:91:01:16:e2:20:ec:cb:61:89:
                    8e:2e:ee:a9:5c:a9:10:bb:da:39:12:5f:b0:7a:41:
                    e6:84:cb:ec:96:41:24:0f:dc:c4:c5:c0:98:0f:c6:
                    2b:f5:ba:08:79:ba:63:45:76:5b:2e:10:7e:9d:9e:
                    45:1f:75:27:c3:d5:af:4b:83:4b:cf:89:98:1b:be:
                    98:19:69:3b:42:45:9a:f0:26:b4:01:29:60:dd:5a:
                    c2:22:b3:95:74:ad:c6:40:37:3e:2e:cf:30:3a:67:
                    2a:69:bc:40:90:7f:5e:95:53:e6:1c:19:27:60:3b:
                    d0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:99:7D:59:D7:F4:4D:94:8A:33:9F:FC:DE:3D:11:94:7E:91:74:F4
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/lJl9Wdf0TZSKM5_83j0RlH6RdPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.192.0/22
                  212.42.192.0-212.42.196.255
                  212.42.199.0-212.42.200.255
                  212.42.203.0/24
                  212.42.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         e3:00:d1:8e:a7:68:2c:37:20:d1:f5:f4:e4:68:7f:e1:35:d6:
         ef:99:5d:1d:d6:2f:9d:db:42:ed:da:94:4c:6f:9f:b6:9b:eb:
         70:9a:ab:fb:c5:bf:98:65:d8:1b:58:2a:2a:4a:a9:fc:ae:9b:
         33:09:22:43:65:9f:71:9e:ae:d0:5e:a6:8d:65:29:2a:1b:74:
         47:b0:85:b8:b6:f7:5d:59:fe:82:49:c8:d6:dc:e3:8e:41:40:
         bb:01:11:d2:d2:26:91:e2:a9:f3:12:ce:1a:f7:1b:e0:8c:d0:
         91:cc:25:bb:0b:3a:a2:0e:f4:2b:c6:ad:45:bb:19:a9:9d:b8:
         0e:2c:53:f7:05:98:c9:8c:cb:de:6b:66:cf:0a:21:37:5a:18:
         45:d7:e0:45:b7:40:ca:15:2a:05:74:44:82:3b:7b:5c:12:23:
         36:c3:35:6b:6d:d3:b4:da:82:39:e4:9a:cf:70:07:6d:9b:75:
         73:0a:a1:0c:02:55:83:11:59:02:65:bf:c3:a8:1d:4b:b1:22:
         9c:4e:4c:1f:0a:1b:05:ab:f9:eb:f4:3f:e2:7e:0f:f9:06:8e:
         36:d2:f0:35:de:5a:fb:d1:e1:ef:75:e6:ec:89:c4:cf:42:7b:
         1f:57:d5:fc:6b:95:58:55:53:00:17:b1:b1:06:d4:88:f3:5c:
         81:e4:84:da
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZFMJjvN0oh4D7hdpdqgxPmtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjQwODEzMTQzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDk5N2Q1OWQ3ZjQ0ZDk0OGEzMzlmZmNkZTNkMTE5NDdlOTE3NGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvje50CLKy8ykw7UTyLi4ovWhDKBu
viGfCbHOfqYB6S8ILhMqAGFWFk8OM2K6kQiIhxjYkKeyZiFw0m0QZoqVG4wYOS9u
IP/R8pEDo2acVd2PkkGMgs3IHc9kUk5BaOuzX2XUEve1yJEVmio2sHkcNafhsIKk
1m+v7EYFY6EXUoNaPSEDwY0jB+QQouCRARbiIOzLYYmOLu6pXKkQu9o5El+wekHm
hMvslkEkD9zExcCYD8Yr9boIebpjRXZbLhB+nZ5FH3Unw9WvS4NLz4mYG76YGWk7
QkWa8Ca0ASlg3VrCIrOVdK3GQDc+Ls8wOmcqabxAkH9elVPmHBknYDvQmQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFJSZfVnX9E2UijOf/N49EZR+kXT0MB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvbEpsOVdkZjBUWlNLTTVfODNqMFJsSDZSZFBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQCWfnAMAwD
BAbUKsADBADUKsQwDAMEANQqxwMEANQqyAMEANQqywMEAdQqzjANBgkqhkiG9w0B
AQsFAAOCAQEA4wDRjqdoLDcg0fX05Gh/4TXW75ldHdYvndtC7dqUTG+ftpvrcJqr
+8W/mGXYG1gqKkqp/K6bMwkiQ2WfcZ6u0F6mjWUpKht0R7CFuLb3XVn+gknI1tzj
jkFAuwER0tImkeKp8xLOGvcb4IzQkcwluws6og70K8atRbsZqZ24DixT9wWYyYzL
3mtmzwohN1oYRdfgRbdAyhUqBXREgjt7XBIjNsM1a23TtNqCOeSaz3AHbZt1cwqh
DAJVgxFZAmW/w6gdS7EinE5MHwobBav56/Q/4n4P+QaONtLwNd5a+9Hh73Xm7InE
z0J7H1fV/GuVWFVTABexsQbUiPNcgeSE2g==
-----END CERTIFICATE-----