Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/uOBV_yap9J8b20jAu19bXFPXQUo.roa
File:                     uOBV_yap9J8b20jAu19bXFPXQUo.roa (raw, json)
Hash identifier:          el9qABVjydg6z9BEhRKqwDNEtlywuysS2kQ0otqQSt8=
Subject key identifier:   B8:E0:55:FF:26:A9:F4:9F:1B:DB:48:C0:BB:5F:5B:5C:53:D7:41:4A
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       01954CEC2818049C09F9990505CACF42DEB1
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/uOBV_yap9J8b20jAu19bXFPXQUo.roa
Signing time:             Fri 28 Feb 2025 14:18:19 +0000
ROA not before:           Fri 28 Feb 2025 14:18:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44654
IP address blocks:        37.252.208.0/23 maxlen: 23
                          37.252.208.0/24 maxlen: 24
                          37.252.209.0/24 maxlen: 24
                          37.252.210.0/23 maxlen: 23
                          37.252.210.0/24 maxlen: 24
                          37.252.211.0/24 maxlen: 24
                          37.252.212.0/23 maxlen: 23
                          37.252.212.0/24 maxlen: 24
                          37.252.213.0/24 maxlen: 24
                          37.252.215.0/24 maxlen: 24
                          109.205.8.0/21 maxlen: 24
                          185.36.124.0/22 maxlen: 24
                          185.36.124.0/23 maxlen: 23
                          2a02:d8::/32 maxlen: 48
                          2a02:d8:8::/48 maxlen: 48
                          2a02:d8:9::/48 maxlen: 48
                          2a02:d8:a::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:4c:ec:28:18:04:9c:09:f9:99:05:05:ca:cf:42:de:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Feb 28 14:18:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b8e055ff26a9f49f1bdb48c0bb5f5b5c53d7414a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b1:fa:7b:7a:84:01:7d:0b:0a:ec:eb:8f:bd:
                    8b:c6:21:fa:3f:19:29:49:c2:fb:ec:f3:0a:96:9a:
                    ef:50:02:53:fd:b1:83:f9:43:98:bc:d6:1d:e0:e8:
                    20:df:55:f3:7f:52:71:48:fc:fd:6d:49:3c:a2:ba:
                    a8:a3:e4:91:5c:e1:d4:8a:be:38:66:51:29:1a:24:
                    4a:c6:04:92:b8:8c:ff:36:da:5e:36:d2:52:fa:9c:
                    52:fc:e8:00:19:d5:17:7c:73:a3:38:be:12:9e:9f:
                    7f:83:95:e0:d5:de:e1:11:b3:ef:13:92:72:39:46:
                    e0:50:e0:4b:43:92:78:93:d5:e6:51:d7:76:4c:65:
                    bb:46:be:79:dd:f4:a1:fc:27:75:0a:bd:2a:97:6b:
                    ed:73:21:55:8d:e0:23:9f:4f:bd:67:7c:ae:97:a4:
                    8e:c5:e7:a3:a9:a1:ff:4b:03:ff:d4:08:b6:d1:34:
                    a7:1e:2e:46:a7:02:cd:65:c4:14:d5:8e:f3:41:fe:
                    19:b9:88:c5:e7:f5:bc:19:12:fe:c8:2b:d7:cd:5c:
                    45:66:7e:a5:80:a4:66:3d:c8:d5:40:fa:f4:90:f8:
                    50:73:4a:c4:32:24:aa:e5:27:51:4d:0a:43:70:b2:
                    00:65:73:76:14:0e:dd:bd:91:de:95:65:ef:78:1f:
                    8d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:E0:55:FF:26:A9:F4:9F:1B:DB:48:C0:BB:5F:5B:5C:53:D7:41:4A
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/uOBV_yap9J8b20jAu19bXFPXQUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.208.0-37.252.213.255
                  37.252.215.0/24
                  109.205.8.0/21
                  185.36.124.0/22
                IPv6:
                  2a02:d8::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:47:5e:e5:f4:52:6b:01:33:ec:0c:6a:64:b2:a8:78:dc:b3:
         ef:01:e8:31:53:9e:80:f1:59:93:e0:51:34:9d:48:c3:7c:ba:
         a9:07:40:b0:30:97:8f:58:af:de:35:13:af:57:ae:bd:2c:a5:
         17:d2:1c:d4:be:33:9b:8b:ca:26:af:b9:1d:4a:80:6f:2a:81:
         2b:47:a8:d7:b4:ee:58:48:1c:af:2a:b4:35:f0:1d:7e:91:6d:
         99:3e:dc:bb:a1:f7:0a:d4:da:bc:a3:da:c4:bc:30:13:7d:85:
         3a:4d:ce:6e:d0:0f:4d:8b:85:57:7b:ea:67:24:39:02:29:83:
         d6:9a:61:c9:a1:b3:c7:29:44:30:45:83:d7:cf:f1:1c:05:e1:
         d9:e6:71:11:0a:4e:14:21:7f:87:68:1b:45:ab:97:9c:c4:c0:
         c3:47:72:2c:b9:0f:fd:bf:1d:48:5c:ca:c4:d8:5d:a7:1d:7e:
         1a:ef:7e:2e:98:55:71:10:f1:d2:1a:04:60:f8:00:8f:35:42:
         ce:91:86:d6:47:5c:eb:bf:5b:79:33:66:91:58:c9:c4:53:39:
         86:fe:0f:57:5d:d1:0e:57:9e:1b:03:8e:38:1d:fe:82:a1:bb:
         95:00:13:19:3b:46:22:ec:24:51:0b:25:00:7b:18:1b:fc:cd:
         a1:d2:1a:c6
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZVM7CgYBJwJ+ZkFBcrPQt6xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjUwMjI4MTQxODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGUwNTVmZjI2YTlmNDlmMWJkYjQ4YzBiYjVmNWI1YzUzZDc0MTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7H6e3qEAX0LCuzrj72LxiH6Pxkp
ScL77PMKlprvUAJT/bGD+UOYvNYd4Ogg31Xzf1JxSPz9bUk8orqoo+SRXOHUir44
ZlEpGiRKxgSSuIz/NtpeNtJS+pxS/OgAGdUXfHOjOL4Snp9/g5Xg1d7hEbPvE5Jy
OUbgUOBLQ5J4k9XmUdd2TGW7Rr553fSh/Cd1Cr0ql2vtcyFVjeAjn0+9Z3yul6SO
xeejqaH/SwP/1Ai20TSnHi5GpwLNZcQU1Y7zQf4ZuYjF5/W8GRL+yCvXzVxFZn6l
gKRmPcjVQPr0kPhQc0rEMiSq5SdRTQpDcLIAZXN2FA7dvZHelWXveB+N3wIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFLjgVf8mqfSfG9tIwLtfW1xT10FKMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvdU9CVl95YXA5SjhiMjBqQXUxOWJYRlBYUVVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgMAwDBAQl/NAD
BAEl/NQDBAAl/NcDBANtzQgDBAK5JHwwDQQCAAIwBwMFACoCANgwDQYJKoZIhvcN
AQELBQADggEBABlHXuX0UmsBM+wMamSyqHjcs+8B6DFTnoDxWZPgUTSdSMN8uqkH
QLAwl49Yr941E69Xrr0spRfSHNS+M5uLyiavuR1KgG8qgStHqNe07lhIHK8qtDXw
HX6RbZk+3Luh9wrU2ryj2sS8MBN9hTpNzm7QD02LhVd76mckOQIpg9aaYcmhs8cp
RDBFg9fP8RwF4dnmcREKThQhf4doG0Wrl5zEwMNHciy5D/2/HUhcysTYXacdfhrv
fi6YVXEQ8dIaBGD4AI81Qs6RhtZHXOu/W3kzZpFYycRTOYb+D1dd0Q5XnhsDjjgd
/oKhu5UAExk7RiLsJFELJQB7GBv8zaHSGsY=
-----END CERTIFICATE-----