Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/RL1wLq44Bf2ikyDTpOd16y5e10g.roa
File:                     RL1wLq44Bf2ikyDTpOd16y5e10g.roa (raw, json)
Hash identifier:          X39FqUvCzgp1Twm8EXglBTxwVJ18DwP2RWSMPjQDYfw=
Subject key identifier:   44:BD:70:2E:AE:38:05:FD:A2:93:20:D3:A4:E7:75:EB:2E:5E:D7:48
Certificate issuer:       /CN=7445ddeedfbd72d313e9ee8cceeae8403cc34146
Certificate serial:       019423D6CABCF06415FE3E33611069C5A5BF
Authority key identifier: 74:45:DD:EE:DF:BD:72:D3:13:E9:EE:8C:CE:EA:E8:40:3C:C3:41:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/RL1wLq44Bf2ikyDTpOd16y5e10g.roa
Signing time:             Wed 01 Jan 2025 21:47:46 +0000
ROA not before:           Wed 01 Jan 2025 21:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        83.151.192.0/24 maxlen: 24
                          83.151.193.0/24 maxlen: 24
                          83.151.194.0/24 maxlen: 24
                          83.151.195.0/24 maxlen: 24
                          88.202.208.0/23 maxlen: 23
                          88.202.208.0/24 maxlen: 24
                          88.202.209.0/24 maxlen: 24
                          88.202.210.0/24 maxlen: 24
                          88.202.211.0/24 maxlen: 24
                          88.212.156.0/24 maxlen: 24
                          88.212.157.0/24 maxlen: 24
                          88.212.158.0/24 maxlen: 24
                          88.212.159.0/24 maxlen: 24
                          185.8.132.0/24 maxlen: 24
                          185.8.133.0/24 maxlen: 24
                          185.8.134.0/24 maxlen: 24
                          185.8.135.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:ca:bc:f0:64:15:fe:3e:33:61:10:69:c5:a5:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7445ddeedfbd72d313e9ee8cceeae8403cc34146
        Validity
            Not Before: Jan  1 21:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44bd702eae3805fda29320d3a4e775eb2e5ed748
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:91:91:fd:29:e7:c5:f3:d8:cb:d6:7d:4d:1f:
                    53:a0:78:d5:bf:f1:94:d6:87:f6:64:8b:9e:8e:42:
                    51:f8:e5:15:14:b1:8d:d5:68:ed:a3:bb:7b:67:01:
                    42:76:2c:9d:e4:19:6d:da:9c:7e:3e:38:e0:d0:fc:
                    8d:e4:a1:82:67:15:0c:9a:c1:1b:77:9e:d0:68:bc:
                    1e:04:06:56:43:0e:ef:b8:75:46:0a:dc:6e:27:78:
                    be:15:11:d5:ff:30:be:bc:a7:00:8a:ac:e2:9f:12:
                    f2:08:4f:fd:e1:34:ff:09:28:2c:32:3c:b4:c8:54:
                    64:38:5e:b3:80:55:dc:0d:f6:4a:aa:5a:39:c2:25:
                    7e:0a:45:ee:b7:ac:1a:20:a8:9e:85:4f:70:4e:3d:
                    74:99:47:43:b4:a4:45:5a:77:7a:5a:66:25:3f:cc:
                    45:b8:44:08:e2:79:93:11:a7:5b:7e:4e:89:42:6b:
                    9b:61:a2:a0:5c:b5:fc:ab:67:54:92:7c:e4:4b:f1:
                    97:2b:c5:d9:4a:a5:f6:3e:a9:ab:88:60:3b:6b:ca:
                    58:b4:53:0c:42:94:5f:73:f4:c4:76:8f:aa:32:5c:
                    93:f2:d9:44:a5:b7:ae:29:38:21:cc:54:b3:c2:d8:
                    35:f1:7d:bf:20:81:91:ad:2a:d2:5f:10:58:a0:aa:
                    a1:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:BD:70:2E:AE:38:05:FD:A2:93:20:D3:A4:E7:75:EB:2E:5E:D7:48
            X509v3 Authority Key Identifier:
                keyid:74:45:DD:EE:DF:BD:72:D3:13:E9:EE:8C:CE:EA:E8:40:3C:C3:41:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/RL1wLq44Bf2ikyDTpOd16y5e10g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/dEXd7t-9ctMT6e6MzuroQDzDQUY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.151.192.0/22
                  88.202.208.0/22
                  88.212.156.0/22
                  185.8.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:7f:f9:62:52:b0:96:56:20:1d:ea:4f:b7:e3:2a:10:e6:b6:
         47:f6:72:69:10:80:99:a5:9d:a6:d1:f0:3b:bf:1a:20:3a:b1:
         5a:09:c0:9e:d0:6a:45:7c:f4:c4:d7:26:d3:c2:50:d7:39:be:
         d6:a5:1d:4d:55:2e:6e:ae:46:08:3e:ad:bb:a3:8b:7c:02:64:
         3f:f1:58:a1:09:6d:41:66:e8:0a:a7:c0:ea:40:fd:32:f5:4e:
         25:5d:2e:12:f2:51:99:65:a8:b2:8f:a8:5e:70:b3:0d:2d:3f:
         79:bc:61:4f:77:f4:d8:5b:dd:d2:f1:a6:c9:64:16:6d:f1:72:
         3b:8e:ad:34:56:84:c3:69:69:a1:3d:b7:e8:bd:df:7b:6d:5a:
         dd:bc:8e:49:7e:0a:b6:cd:8d:4f:f7:c0:be:57:4d:ea:05:fc:
         39:92:b9:db:34:1f:06:29:cc:9f:a1:fe:49:8d:c0:b9:0c:7f:
         e9:e8:f3:67:68:51:92:1d:af:9e:66:b0:d4:27:70:81:28:06:
         3d:1c:d8:14:a5:05:a3:bf:57:99:7a:65:79:4d:78:b8:06:f1:
         d9:75:20:d2:02:0b:e5:d2:36:b1:f4:e9:2f:3e:39:78:d1:ac:
         93:56:53:9f:11:88:fd:a2:a1:bd:94:02:52:c6:af:28:1b:68:
         1e:2e:da:15
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQj1sq88GQV/j4zYRBpxaW/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NDVkZGVlZGZiZDcyZDMxM2U5ZWU4Y2NlZWFlODQwM2Nj
MzQxNDYwHhcNMjUwMTAxMjE0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGJkNzAyZWFlMzgwNWZkYTI5MzIwZDNhNGU3NzVlYjJlNWVkNzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZGR/SnnxfPYy9Z9TR9ToHjVv/GU
1of2ZIuejkJR+OUVFLGN1Wjto7t7ZwFCdiyd5Blt2px+Pjjg0PyN5KGCZxUMmsEb
d57QaLweBAZWQw7vuHVGCtxuJ3i+FRHV/zC+vKcAiqzinxLyCE/94TT/CSgsMjy0
yFRkOF6zgFXcDfZKqlo5wiV+CkXut6waIKiehU9wTj10mUdDtKRFWnd6WmYlP8xF
uEQI4nmTEadbfk6JQmubYaKgXLX8q2dUknzkS/GXK8XZSqX2PqmriGA7a8pYtFMM
QpRfc/TEdo+qMlyT8tlEpbeuKTghzFSzwtg18X2/IIGRrSrSXxBYoKqh6wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFES9cC6uOAX9opMg06TndesuXtdIMB8GA1UdIwQY
MBaAFHRF3e7fvXLTE+nujM7q6EA8w0FGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEVYZDd0LTljdE1UNmU2TXp1cm9RRHpEUVVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9jMTc2NWItZTNhNS00MTBjLTljZDMt
NmNhMzQwZmE3NDkzLzEvUkwxd0xxNDRCZjJpa3lEVHBPZDE2eTVlMTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9jMTc2NWItZTNhNS00MTBjLTljZDMtNmNhMzQwZmE3NDkz
LzEvZEVYZDd0LTljdE1UNmU2TXp1cm9RRHpEUVVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCU5fAAwQC
WMrQAwQCWNScAwQCuQiEMA0GCSqGSIb3DQEBCwUAA4IBAQCgf/liUrCWViAd6k+3
4yoQ5rZH9nJpEICZpZ2m0fA7vxogOrFaCcCe0GpFfPTE1ybTwlDXOb7WpR1NVS5u
rkYIPq27o4t8AmQ/8VihCW1BZugKp8DqQP0y9U4lXS4S8lGZZaiyj6hecLMNLT95
vGFPd/TYW93S8abJZBZt8XI7jq00VoTDaWmhPbfovd97bVrdvI5Jfgq2zY1P98C+
V03qBfw5krnbNB8GKcyfof5JjcC5DH/p6PNnaFGSHa+eZrDUJ3CBKAY9HNgUpQWj
v1eZemV5TXi4BvHZdSDSAgvl0jax9OkvPjl40ayTVlOfEYj9oqG9lAJSxq8oG2ge
LtoV
-----END CERTIFICATE-----