Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/pkrI6iaUdda-z9WYMFjdcxpmXjo.roa
File:                     pkrI6iaUdda-z9WYMFjdcxpmXjo.roa (raw, json)
Hash identifier:          hMCs1gjsYAVaOoAjArkJ6N1TgykfFMKnI+aiOTGukGc=
Subject key identifier:   A6:4A:C8:EA:26:94:75:D6:BE:CF:D5:98:30:58:DD:73:1A:66:5E:3A
Certificate issuer:       /CN=0b1870c96ef09723811fb89250eea6eba963c0df
Certificate serial:       0194D63E6395FB81061F2F7770EA61476D75
Authority key identifier: 0B:18:70:C9:6E:F0:97:23:81:1F:B8:92:50:EE:A6:EB:A9:63:C0:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CxhwyW7wlyOBH7iSUO6m66ljwN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/pkrI6iaUdda-z9WYMFjdcxpmXjo.roa
Signing time:             Wed 05 Feb 2025 13:13:20 +0000
ROA not before:           Wed 05 Feb 2025 13:13:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        132.64.1.0/24 maxlen: 24
                          132.64.2.0/24 maxlen: 24
                          132.64.3.0/24 maxlen: 24
                          132.64.5.0/24 maxlen: 24
                          132.64.6.0/24 maxlen: 24
                          132.64.7.0/24 maxlen: 24
                          132.64.16.0/24 maxlen: 24
                          132.64.17.0/24 maxlen: 24
                          132.64.24.0/22 maxlen: 22
                          132.64.40.0/24 maxlen: 24
                          132.64.43.0/24 maxlen: 24
                          132.64.44.0/24 maxlen: 24
                          132.64.45.0/24 maxlen: 24
                          132.64.254.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:d6:3e:63:95:fb:81:06:1f:2f:77:70:ea:61:47:6d:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b1870c96ef09723811fb89250eea6eba963c0df
        Validity
            Not Before: Feb  5 13:13:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a64ac8ea269475d6becfd5983058dd731a665e3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:60:cf:88:45:e0:09:b3:30:61:f4:a3:8a:15:
                    62:81:78:55:43:ae:bd:25:22:55:ef:46:71:09:cf:
                    4d:1d:18:a1:c4:50:9c:21:a9:69:26:18:82:b3:5f:
                    2d:f3:4a:50:96:96:2f:fd:57:01:d2:4a:fd:74:31:
                    bd:77:fc:00:30:30:67:ec:f4:5d:2a:bd:cc:3a:76:
                    a9:fd:23:55:c0:65:ed:57:96:6e:0e:a8:91:e5:68:
                    41:87:20:14:54:d6:58:15:ad:f2:c2:31:3c:28:93:
                    21:a0:e2:c3:9b:f2:ec:66:64:d8:c2:21:3f:f5:97:
                    16:6f:18:82:ef:b7:8a:be:6d:ec:9f:dc:b1:7e:21:
                    4d:f2:d7:8e:ee:61:9f:7f:fe:7e:d9:74:02:de:1a:
                    32:ea:9e:9d:09:ee:c9:de:45:93:06:6f:14:e9:6b:
                    43:e1:3d:8d:28:da:60:08:ef:09:76:fa:99:99:12:
                    72:74:1e:9c:17:94:9f:a9:8b:11:89:a1:11:e1:08:
                    b1:62:ab:36:6e:3c:c5:c4:83:4b:6b:6e:ef:60:ef:
                    cf:97:40:98:fc:b7:e2:c1:61:6a:52:97:5f:54:94:
                    3e:77:98:94:0c:be:09:9f:78:bc:a6:b1:a0:f9:80:
                    d1:1e:10:d8:a0:12:97:1c:bf:0f:f0:0b:31:17:7e:
                    29:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:4A:C8:EA:26:94:75:D6:BE:CF:D5:98:30:58:DD:73:1A:66:5E:3A
            X509v3 Authority Key Identifier:
                keyid:0B:18:70:C9:6E:F0:97:23:81:1F:B8:92:50:EE:A6:EB:A9:63:C0:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CxhwyW7wlyOBH7iSUO6m66ljwN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/pkrI6iaUdda-z9WYMFjdcxpmXjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/CxhwyW7wlyOBH7iSUO6m66ljwN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.64.1.0-132.64.3.255
                  132.64.5.0-132.64.7.255
                  132.64.16.0/23
                  132.64.24.0/22
                  132.64.40.0/24
                  132.64.43.0-132.64.45.255
                  132.64.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:d1:a8:21:00:05:fc:d7:e1:12:60:ed:01:99:af:94:b7:8d:
         f5:02:23:5a:4e:63:86:ac:2f:83:1f:1d:bf:63:df:4b:a8:33:
         ba:ef:81:f8:9e:ed:3a:8a:5c:34:b9:29:7b:22:ad:fe:35:5d:
         7b:85:c6:18:f1:c6:80:0d:1b:cd:d6:51:36:6d:fa:35:cc:12:
         bc:39:b5:77:d4:93:3a:c1:c3:ba:f5:00:0e:ac:f7:c7:15:db:
         92:ea:1e:f6:20:14:a6:d9:df:b2:fb:0d:b0:c7:fc:db:ef:c0:
         55:92:5d:a0:dd:02:00:20:6e:b4:5e:28:88:24:fa:0d:36:ed:
         ef:be:6b:72:74:a0:5d:2f:4d:5d:a9:fc:d4:75:61:29:79:07:
         1b:c5:9d:19:01:8f:5c:af:58:6b:b6:41:62:6b:85:9d:dc:62:
         2e:ff:47:09:9f:33:64:6f:71:18:8a:7c:9b:4b:2e:7e:f9:4b:
         6f:69:ce:7a:2c:72:60:c2:8c:d4:2a:6f:f2:7f:e9:4b:05:9d:
         62:f4:a8:5a:07:32:4f:eb:56:6a:a3:66:15:eb:c0:af:20:07:
         2d:d4:dc:8d:fa:9b:7e:c1:08:56:a7:5b:56:ea:79:45:52:4a:
         71:c0:ab:5a:22:e0:c5:b1:79:43:70:4c:39:2e:b1:a7:e5:31:
         ab:2d:89:82
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZTWPmOV+4EGHy93cOphR211MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMTg3MGM5NmVmMDk3MjM4MTFmYjg5MjUwZWVhNmViYTk2
M2MwZGYwHhcNMjUwMjA1MTMxMzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjRhYzhlYTI2OTQ3NWQ2YmVjZmQ1OTgzMDU4ZGQ3MzFhNjY1ZTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA62DPiEXgCbMwYfSjihVigXhVQ669
JSJV70ZxCc9NHRihxFCcIalpJhiCs18t80pQlpYv/VcB0kr9dDG9d/wAMDBn7PRd
Kr3MOnap/SNVwGXtV5ZuDqiR5WhBhyAUVNZYFa3ywjE8KJMhoOLDm/LsZmTYwiE/
9ZcWbxiC77eKvm3sn9yxfiFN8teO7mGff/5+2XQC3hoy6p6dCe7J3kWTBm8U6WtD
4T2NKNpgCO8JdvqZmRJydB6cF5SfqYsRiaER4QixYqs2bjzFxINLa27vYO/Pl0CY
/LfiwWFqUpdfVJQ+d5iUDL4Jn3i8prGg+YDRHhDYoBKXHL8P8AsxF34pmQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFKZKyOomlHXWvs/VmDBY3XMaZl46MB8GA1UdIwQY
MBaAFAsYcMlu8JcjgR+4klDupuupY8DfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3hod3lXN3dseU9CSDdpU1VPNm02Nmxqd044LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny84NzcwMmEtM2FmNi00NmM3LWExMjMt
YTJlMjRmOTgwYjNmLzEvcGtySTZpYVVkZGEtejlXWU1GamRjeHBtWGpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny84NzcwMmEtM2FmNi00NmM3LWExMjMtYTJlMjRmOTgwYjNm
LzEvQ3hod3lXN3dseU9CSDdpU1VPNm02Nmxqd044LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCMAwDBACEQAED
BAKEQAAwDAMEAIRABQMEA4RAAAMEAYRAEAMEAoRAGAMEAIRAKDAMAwQAhEArAwQB
hEAsAwQAhED+MA0GCSqGSIb3DQEBCwUAA4IBAQCs0aghAAX81+ESYO0Bma+Ut431
AiNaTmOGrC+DHx2/Y99LqDO674H4nu06ilw0uSl7Iq3+NV17hcYY8caADRvN1lE2
bfo1zBK8ObV31JM6wcO69QAOrPfHFduS6h72IBSm2d+y+w2wx/zb78BVkl2g3QIA
IG60XiiIJPoNNu3vvmtydKBdL01dqfzUdWEpeQcbxZ0ZAY9cr1hrtkFia4Wd3GIu
/0cJnzNkb3EYinybSy5++Utvac56LHJgwozUKm/yf+lLBZ1i9KhaBzJP61Zqo2YV
68CvIAct1NyN+pt+wQhWp1tW6nlFUkpxwKtaIuDFsXlDcEw5LrGn5TGrLYmC
-----END CERTIFICATE-----