Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/5Xu9ykAhcuzsR5J_5qlD6TLeH0s.roa
File:                     5Xu9ykAhcuzsR5J_5qlD6TLeH0s.roa (raw, json)
Hash identifier:          De0+5F8ryDD0lNui3lCDlh+IEH3Id/sXk2tlU1TN/fg=
Subject key identifier:   E5:7B:BD:CA:40:21:72:EC:EC:47:92:7F:E6:A9:43:E9:32:DE:1F:4B
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       01942369E5B44A7DB671E4B1298CAB98A561
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/5Xu9ykAhcuzsR5J_5qlD6TLeH0s.roa
Signing time:             Wed 01 Jan 2025 19:48:50 +0000
ROA not before:           Wed 01 Jan 2025 19:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        46.3.64.0/20 maxlen: 20
                          46.3.80.0/20 maxlen: 20
                          46.3.80.0/22 maxlen: 22
                          46.3.96.0/19 maxlen: 19
                          46.3.128.0/23 maxlen: 23
                          46.3.160.0/20 maxlen: 20
                          46.3.176.0/20 maxlen: 20
                          46.3.216.0/21 maxlen: 21
                          46.232.0.0/24 maxlen: 24
                          46.232.16.0/22 maxlen: 22
                          46.232.32.0/19 maxlen: 19
                          46.232.64.0/18 maxlen: 18
                          46.232.64.0/19 maxlen: 19
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:e5:b4:4a:7d:b6:71:e4:b1:29:8c:ab:98:a5:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan  1 19:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e57bbdca402172ecec47927fe6a943e932de1f4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:31:f8:66:38:0f:3e:2c:ec:3c:07:29:1d:92:
                    52:77:cd:27:34:5d:9d:80:a7:a2:3a:3e:b8:28:aa:
                    82:14:de:55:7d:23:ab:eb:3c:01:ab:37:f2:1f:de:
                    8e:20:0f:47:49:e6:00:a8:6f:8c:9b:4c:65:35:f3:
                    cb:64:86:5a:cc:07:72:e8:98:44:64:c7:52:94:64:
                    64:57:57:23:26:8b:84:4a:7f:58:8f:d9:b0:61:15:
                    6b:48:2a:c8:fe:7f:08:b8:bf:13:d9:e7:0e:7c:c0:
                    56:6c:24:c3:c1:bd:ad:18:ca:93:4a:6d:00:b9:1e:
                    98:64:84:0f:2f:1a:fa:0a:84:65:eb:10:89:59:f3:
                    fb:ed:6c:dc:a2:3a:08:02:27:d8:d8:bd:54:1c:2c:
                    c2:c8:ba:7e:2c:ef:0c:c5:73:ce:7a:21:5f:e2:d0:
                    ca:46:04:d8:1e:ba:d3:5f:d8:8f:2c:9b:29:92:d1:
                    bf:49:ad:c0:e0:13:a0:1a:93:89:ea:64:68:4c:22:
                    d0:97:db:9f:41:c9:93:4f:0c:c6:6c:2f:b2:db:51:
                    96:29:0d:28:92:15:c2:57:ef:3b:98:d1:08:33:d4:
                    80:f0:45:10:ac:c0:8f:a8:fb:ec:78:33:25:77:7b:
                    bf:3d:51:68:6b:f3:f4:a8:83:42:04:b6:d7:80:95:
                    4b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:7B:BD:CA:40:21:72:EC:EC:47:92:7F:E6:A9:43:E9:32:DE:1F:4B
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/5Xu9ykAhcuzsR5J_5qlD6TLeH0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.3.64.0-46.3.129.255
                  46.3.160.0/19
                  46.3.216.0/21
                  46.232.0.0/24
                  46.232.16.0/22
                  46.232.32.0-46.232.127.255

    Signature Algorithm: sha256WithRSAEncryption
         46:5b:0a:3e:94:0e:3b:4b:09:23:43:05:2c:76:ca:60:c4:eb:
         c7:39:cc:81:04:72:4a:d3:20:d6:e7:b2:3a:22:1c:9e:8c:b7:
         61:23:ff:b7:fa:16:c0:89:ee:d3:88:33:a5:19:d5:1c:33:e3:
         4e:a4:f1:7a:a1:50:b9:dd:88:35:78:41:54:af:58:aa:71:f7:
         2f:e0:67:41:50:7c:7a:fb:65:d7:c9:ac:ea:95:e4:f3:e4:98:
         70:ac:83:5d:8d:65:02:65:64:e0:66:12:0d:95:a0:2b:50:24:
         8d:ed:c0:2e:66:3a:0d:b1:7e:bd:d2:d9:b3:2e:0a:f4:62:46:
         fa:f5:a7:eb:c6:3f:3d:49:78:55:77:26:74:a3:16:95:14:d5:
         7a:90:38:dc:45:ad:e4:f0:01:05:cb:1e:37:f9:8c:68:10:7a:
         98:eb:6a:33:09:0c:18:03:fe:89:b9:4f:27:2e:3b:16:81:ad:
         53:57:be:02:45:63:ca:87:3e:ce:9c:cc:8e:c4:43:93:7b:22:
         3a:f2:8a:e8:f9:a3:4a:e4:ed:58:af:58:02:c5:c1:de:1b:c9:
         c0:9d:83:cb:53:f0:da:68:2a:75:f4:0b:03:14:21:2e:26:8b:
         57:6c:5f:1f:be:b2:4d:e1:9a:52:1f:5a:72:1e:89:10:71:a7:
         9b:35:c4:ca
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZQjaeW0Sn22ceSxKYyrmKVhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjUwMTAxMTk0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTdiYmRjYTQwMjE3MmVjZWM0NzkyN2ZlNmE5NDNlOTMyZGUxZjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7zH4ZjgPPizsPAcpHZJSd80nNF2d
gKeiOj64KKqCFN5VfSOr6zwBqzfyH96OIA9HSeYAqG+Mm0xlNfPLZIZazAdy6JhE
ZMdSlGRkV1cjJouESn9Yj9mwYRVrSCrI/n8IuL8T2ecOfMBWbCTDwb2tGMqTSm0A
uR6YZIQPLxr6CoRl6xCJWfP77WzcojoIAifY2L1UHCzCyLp+LO8MxXPOeiFf4tDK
RgTYHrrTX9iPLJspktG/Sa3A4BOgGpOJ6mRoTCLQl9ufQcmTTwzGbC+y21GWKQ0o
khXCV+87mNEIM9SA8EUQrMCPqPvseDMld3u/PVFoa/P0qINCBLbXgJVLhQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFOV7vcpAIXLs7EeSf+apQ+ky3h9LMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvNVh1OXlrQWhjdXpzUjVKXzVxbEQ2VExlSDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0MAwDBAYuA0AD
BAEuA4ADBAUuA6ADBAMuA9gDBAAu6AADBAIu6BAwDAMEBS7oIAMEBy7oADANBgkq
hkiG9w0BAQsFAAOCAQEARlsKPpQOO0sJI0MFLHbKYMTrxznMgQRyStMg1ueyOiIc
noy3YSP/t/oWwInu04gzpRnVHDPjTqTxeqFQud2INXhBVK9YqnH3L+BnQVB8evtl
18ms6pXk8+SYcKyDXY1lAmVk4GYSDZWgK1Akje3ALmY6DbF+vdLZsy4K9GJG+vWn
68Y/PUl4VXcmdKMWlRTVepA43EWt5PABBcseN/mMaBB6mOtqMwkMGAP+iblPJy47
FoGtU1e+AkVjyoc+zpzMjsRDk3siOvKK6PmjSuTtWK9YAsXB3hvJwJ2Dy1Pw2mgq
dfQLAxQhLiaLV2xfH76yTeGaUh9ach6JEHGnmzXEyg==
-----END CERTIFICATE-----