Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/286d47-6434-41bd-9aa2-09ff79308bbe/1/JZBToS-O_vrT2aeKBSNggNB5se0.roa
File:                     JZBToS-O_vrT2aeKBSNggNB5se0.roa (raw, json)
Hash identifier:          D8kzrex63NBxCoEgyWN4HyqVj2eRzOdT3Da1FU0u+nI=
Subject key identifier:   25:90:53:A1:2F:8E:FE:FA:D3:D9:A7:8A:05:23:60:80:D0:79:B1:ED
Certificate issuer:       /CN=e3f70706f6c0cfbd9c73a7f3d83023240a42f50d
Certificate serial:       019423D7224DC9568779C3840F8AE5245E41
Authority key identifier: E3:F7:07:06:F6:C0:CF:BD:9C:73:A7:F3:D8:30:23:24:0A:42:F5:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4_cHBvbAz72cc6fz2DAjJApC9Q0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/286d47-6434-41bd-9aa2-09ff79308bbe/1/JZBToS-O_vrT2aeKBSNggNB5se0.roa
Signing time:             Wed 01 Jan 2025 21:48:09 +0000
ROA not before:           Wed 01 Jan 2025 21:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15594
IP address blocks:        82.116.96.0/19 maxlen: 25
                          95.174.128.0/19 maxlen: 25
                          212.9.32.0/19 maxlen: 25
                          217.10.64.0/20 maxlen: 25
                          217.116.112.0/20 maxlen: 25
                          2001:ab0::/29 maxlen: 48
                          2001:ab0::/36 maxlen: 49
                          2001:ab7::/36 maxlen: 49
                          2001:ab7:1000::/36 maxlen: 49
                          2001:ab7:2000::/36 maxlen: 49
                          2001:ab7:3000::/36 maxlen: 49
                          2001:ab7:4000::/36 maxlen: 49
                          2001:ab7:f000::/36 maxlen: 49
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:22:4d:c9:56:87:79:c3:84:0f:8a:e5:24:5e:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3f70706f6c0cfbd9c73a7f3d83023240a42f50d
        Validity
            Not Before: Jan  1 21:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=259053a12f8efefad3d9a78a05236080d079b1ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:cd:14:8f:73:b2:33:7c:d0:92:6c:96:48:98:
                    12:31:94:f7:63:5e:1d:e1:ed:e1:d4:96:b6:04:73:
                    86:17:cb:77:ac:31:38:91:ae:1f:9b:8b:ea:ae:73:
                    8a:83:30:df:73:07:fc:e3:cc:19:02:63:ad:3a:1f:
                    5f:7a:ca:a8:69:67:e9:2a:59:0b:e8:f9:61:67:fc:
                    17:84:4d:17:c2:8c:9a:4d:3b:a7:aa:f7:23:61:d4:
                    bf:dc:1a:fb:71:16:c6:6e:17:8d:34:ef:65:78:69:
                    cb:96:ea:f5:0b:71:c0:1e:75:df:b1:8a:82:55:11:
                    fc:42:91:3e:a5:df:99:de:03:7e:12:5d:1b:b4:f8:
                    ef:6b:27:8b:d9:c4:b8:94:fa:af:bf:61:a7:f4:1b:
                    31:71:fe:9d:11:91:11:3a:59:2d:cc:bf:70:ca:39:
                    d4:44:3a:d0:aa:01:10:57:8e:a7:de:23:0e:3b:c9:
                    cc:69:f6:15:0b:ba:30:fb:75:37:d1:a5:65:1a:d7:
                    b8:72:c0:e2:61:69:01:db:35:7e:df:14:43:ec:bf:
                    9a:93:b7:ee:50:75:79:8f:1c:01:ea:5c:26:45:33:
                    42:85:99:c0:9b:33:3c:e4:34:6a:70:72:ac:6a:9a:
                    d6:97:3a:7b:e4:ea:a9:2a:05:f5:76:62:36:51:14:
                    0d:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:90:53:A1:2F:8E:FE:FA:D3:D9:A7:8A:05:23:60:80:D0:79:B1:ED
            X509v3 Authority Key Identifier:
                keyid:E3:F7:07:06:F6:C0:CF:BD:9C:73:A7:F3:D8:30:23:24:0A:42:F5:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4_cHBvbAz72cc6fz2DAjJApC9Q0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/286d47-6434-41bd-9aa2-09ff79308bbe/1/JZBToS-O_vrT2aeKBSNggNB5se0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/286d47-6434-41bd-9aa2-09ff79308bbe/1/4_cHBvbAz72cc6fz2DAjJApC9Q0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.116.96.0/19
                  95.174.128.0/19
                  212.9.32.0/19
                  217.10.64.0/20
                  217.116.112.0/20
                IPv6:
                  2001:ab0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:c2:9b:8a:b6:42:81:71:85:d7:8e:36:8a:61:8a:c4:6e:51:
         e1:70:aa:20:47:02:aa:64:db:ec:9f:ed:e4:8b:8c:67:7f:c6:
         04:a5:fc:89:29:37:83:6a:bd:3c:ba:4c:67:ba:a1:7c:fb:75:
         17:b7:a0:cd:47:44:20:d5:cb:a6:28:70:29:f1:ce:ea:b2:06:
         d2:2f:25:5f:cf:dd:03:1d:46:1c:2a:55:f6:74:69:72:e2:22:
         62:2b:9e:0f:95:fe:09:f9:b1:24:9a:ae:aa:89:bf:5c:9a:f8:
         38:a6:ef:5a:e1:5f:26:3a:d2:c2:d5:f9:bd:f0:ec:7a:b5:1c:
         25:0e:06:d6:10:00:95:64:65:33:79:98:b1:3d:9b:0c:c7:c8:
         e2:3c:bf:b2:73:9f:23:dc:2f:89:50:96:45:58:cb:b2:18:47:
         70:28:4e:39:71:07:54:b4:82:c4:c2:52:1b:89:9b:a9:f9:66:
         40:7e:a0:99:d7:a8:5f:5e:1d:fd:e6:a6:e7:45:8e:09:32:7d:
         01:71:66:cc:ae:97:0b:83:fb:33:e9:f7:b1:28:d0:5e:94:40:
         89:40:de:c8:64:5c:49:b2:c6:88:4f:92:9b:4f:9e:ce:ce:ab:
         dc:c1:fc:74:f2:33:86:00:28:a0:39:08:2c:e9:e9:f3:4b:ec:
         4a:15:5d:57
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQj1yJNyVaHecOED4rlJF5BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZjcwNzA2ZjZjMGNmYmQ5YzczYTdmM2Q4MzAyMzI0MGE0
MmY1MGQwHhcNMjUwMTAxMjE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTkwNTNhMTJmOGVmZWZhZDNkOWE3OGEwNTIzNjA4MGQwNzliMWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAms0Uj3OyM3zQkmyWSJgSMZT3Y14d
4e3h1Ja2BHOGF8t3rDE4ka4fm4vqrnOKgzDfcwf848wZAmOtOh9fesqoaWfpKlkL
6PlhZ/wXhE0XwoyaTTunqvcjYdS/3Br7cRbGbheNNO9leGnLlur1C3HAHnXfsYqC
VRH8QpE+pd+Z3gN+El0btPjvayeL2cS4lPqvv2Gn9Bsxcf6dEZEROlktzL9wyjnU
RDrQqgEQV46n3iMOO8nMafYVC7ow+3U30aVlGte4csDiYWkB2zV+3xRD7L+ak7fu
UHV5jxwB6lwmRTNChZnAmzM85DRqcHKsaprWlzp75OqpKgX1dmI2URQNRQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFCWQU6Evjv7609mnigUjYIDQebHtMB8GA1UdIwQY
MBaAFOP3Bwb2wM+9nHOn89gwIyQKQvUNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNF9jSEJ2YkF6NzJjYzZmejJEQWpKQXBDOVEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC8yODZkNDctNjQzNC00MWJkLTlhYTIt
MDlmZjc5MzA4YmJlLzEvSlpCVG9TLU9fdnJUMmFlS0JTTmdnTkI1c2UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC8yODZkNDctNjQzNC00MWJkLTlhYTItMDlmZjc5MzA4YmJl
LzEvNF9jSEJ2YkF6NzJjYzZmejJEQWpKQXBDOVEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQFUnRgAwQF
X66AAwQF1AkgAwQE2QpAAwQE2XRwMA0EAgACMAcDBQMgAQqwMA0GCSqGSIb3DQEB
CwUAA4IBAQBtwpuKtkKBcYXXjjaKYYrEblHhcKogRwKqZNvsn+3ki4xnf8YEpfyJ
KTeDar08ukxnuqF8+3UXt6DNR0Qg1cumKHAp8c7qsgbSLyVfz90DHUYcKlX2dGly
4iJiK54Plf4J+bEkmq6qib9cmvg4pu9a4V8mOtLC1fm98Ox6tRwlDgbWEACVZGUz
eZixPZsMx8jiPL+yc58j3C+JUJZFWMuyGEdwKE45cQdUtILEwlIbiZup+WZAfqCZ
16hfXh395qbnRY4JMn0BcWbMrpcLg/sz6fexKNBelECJQN7IZFxJssaIT5KbT57O
zqvcwfx08jOGACigOQgs6enzS+xKFV1X
-----END CERTIFICATE-----