Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/726123-bfc2-47ea-9b05-570fec29d139/1/OUpskfGQwP1azsM6n4Ec-VCqNso.roa
File:                     OUpskfGQwP1azsM6n4Ec-VCqNso.roa (raw, json)
Hash identifier:          +d2WLz7J+vMS5D/Rs6fGhF8erps5E2C6DQvq3JVrWbY=
Subject key identifier:   39:4A:6C:91:F1:90:C0:FD:5A:CE:C3:3A:9F:81:1C:F9:50:AA:36:CA
Certificate issuer:       /CN=ab0f2d1829d6fb8d247fa4e9658ea17f06c00b05
Certificate serial:       01942143A0AEA2465B97D419426E0750209C
Authority key identifier: AB:0F:2D:18:29:D6:FB:8D:24:7F:A4:E9:65:8E:A1:7F:06:C0:0B:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qw8tGCnW-40kf6TpZY6hfwbACwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/726123-bfc2-47ea-9b05-570fec29d139/1/OUpskfGQwP1azsM6n4Ec-VCqNso.roa
Signing time:             Wed 01 Jan 2025 09:47:47 +0000
ROA not before:           Wed 01 Jan 2025 09:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60636
IP address blocks:        185.27.104.0/22 maxlen: 22
                          185.27.104.0/24 maxlen: 24
                          185.27.105.0/24 maxlen: 24
                          185.27.106.0/24 maxlen: 24
                          185.27.107.0/24 maxlen: 24
                          185.46.76.0/22 maxlen: 22
                          185.46.76.0/24 maxlen: 24
                          185.46.77.0/24 maxlen: 24
                          185.46.78.0/24 maxlen: 24
                          185.46.79.0/24 maxlen: 24
                          185.125.12.0/22 maxlen: 22
                          185.125.12.0/24 maxlen: 24
                          185.125.13.0/24 maxlen: 24
                          185.125.14.0/24 maxlen: 24
                          185.125.15.0/24 maxlen: 24
                          2a10:2c0::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:a0:ae:a2:46:5b:97:d4:19:42:6e:07:50:20:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0f2d1829d6fb8d247fa4e9658ea17f06c00b05
        Validity
            Not Before: Jan  1 09:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=394a6c91f190c0fd5acec33a9f811cf950aa36ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a8:eb:b3:61:fc:9f:9f:e2:15:69:2e:bb:17:
                    dc:fb:41:ab:1c:ff:e0:d9:43:2e:72:41:e8:53:2a:
                    7e:ac:b9:55:d3:a1:40:c4:ce:0e:73:6e:fb:45:73:
                    7e:ec:fa:da:cd:b4:b2:ea:34:31:1f:1a:88:c1:c1:
                    e8:00:68:23:dc:14:20:87:58:f8:77:fd:e4:bc:55:
                    9a:8f:f5:c8:8a:8e:04:fe:0e:42:f4:0c:cf:67:07:
                    e1:39:84:a0:78:b8:65:a3:b9:67:3b:d2:dc:9d:70:
                    17:96:f5:92:a4:bc:8a:a5:a6:e7:ba:4a:44:2f:ab:
                    5b:bc:b1:7e:12:2e:64:3d:14:9a:dd:f6:1a:2e:1d:
                    5a:bd:6a:88:ed:62:b1:12:cf:c7:b9:53:5d:76:53:
                    35:fd:b1:d6:6c:60:18:94:fd:6c:d1:de:78:57:a7:
                    20:b4:23:bc:6b:c6:af:0f:15:0b:40:49:df:3e:ef:
                    62:fb:9f:ca:bd:f9:45:da:ee:7e:88:77:a6:b3:05:
                    28:a0:9b:7b:75:df:08:e1:e2:f3:e6:23:8a:8f:17:
                    5e:82:79:67:0c:94:4f:6b:fc:39:c5:31:55:c8:56:
                    93:2c:0b:22:4f:28:dd:1c:b3:44:9c:09:7b:c7:d0:
                    17:13:3e:2d:28:07:b5:60:79:c6:52:2b:03:f5:03:
                    97:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:4A:6C:91:F1:90:C0:FD:5A:CE:C3:3A:9F:81:1C:F9:50:AA:36:CA
            X509v3 Authority Key Identifier:
                keyid:AB:0F:2D:18:29:D6:FB:8D:24:7F:A4:E9:65:8E:A1:7F:06:C0:0B:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qw8tGCnW-40kf6TpZY6hfwbACwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/726123-bfc2-47ea-9b05-570fec29d139/1/OUpskfGQwP1azsM6n4Ec-VCqNso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/726123-bfc2-47ea-9b05-570fec29d139/1/qw8tGCnW-40kf6TpZY6hfwbACwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.104.0/22
                  185.46.76.0/22
                  185.125.12.0/22
                IPv6:
                  2a10:2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4d:f3:85:7b:eb:62:c1:a6:2b:31:ab:3a:5d:01:d9:fa:3d:07:
         3e:03:08:5b:9a:d9:f1:89:28:ee:dc:7e:fe:60:36:78:e9:f0:
         9b:a9:1b:34:7f:5c:f2:60:d8:7f:85:ef:3c:46:a6:08:9c:b3:
         59:f2:d3:a3:53:24:fd:67:07:9a:ac:36:48:b3:a5:51:1e:1a:
         5f:cd:bc:6f:ef:50:ae:09:f4:e3:43:81:8d:9c:11:45:28:1d:
         d7:21:90:76:a2:72:6d:76:ee:31:83:a1:0c:24:2f:23:43:6d:
         3c:c4:3d:50:1c:7c:92:c7:f4:40:0b:75:fc:3c:03:70:71:45:
         ef:75:f9:cb:3f:77:94:7a:a3:94:a8:7d:81:a2:5a:49:99:e1:
         1a:9d:46:6c:07:f0:f8:94:18:5e:35:55:ba:88:f2:0b:1b:ce:
         fb:47:d4:0e:08:06:13:f1:8c:d1:c1:63:44:38:22:0d:f3:f9:
         55:c5:11:04:b1:df:ee:66:71:d1:6f:3b:29:e0:cf:6a:e1:7f:
         d8:d8:62:a3:a5:e9:c5:8b:a3:e6:be:bb:7c:e0:53:b6:72:69:
         db:f2:e1:50:de:10:66:16:24:f4:62:3d:4f:e7:f8:85:f3:84:
         87:0e:9f:42:18:0a:1f:7d:17:27:d3:32:4e:53:d7:1c:2a:92:
         5c:e1:cd:a8
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQhQ6CuokZbl9QZQm4HUCCcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMGYyZDE4MjlkNmZiOGQyNDdmYTRlOTY1OGVhMTdmMDZj
MDBiMDUwHhcNMjUwMTAxMDk0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTRhNmM5MWYxOTBjMGZkNWFjZWMzM2E5ZjgxMWNmOTUwYWEzNmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKjrs2H8n5/iFWkuuxfc+0GrHP/g
2UMuckHoUyp+rLlV06FAxM4Oc277RXN+7PrazbSy6jQxHxqIwcHoAGgj3BQgh1j4
d/3kvFWaj/XIio4E/g5C9AzPZwfhOYSgeLhlo7lnO9LcnXAXlvWSpLyKpabnukpE
L6tbvLF+Ei5kPRSa3fYaLh1avWqI7WKxEs/HuVNddlM1/bHWbGAYlP1s0d54V6cg
tCO8a8avDxULQEnfPu9i+5/KvflF2u5+iHemswUooJt7dd8I4eLz5iOKjxdegnln
DJRPa/w5xTFVyFaTLAsiTyjdHLNEnAl7x9AXEz4tKAe1YHnGUisD9QOXRQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDlKbJHxkMD9Ws7DOp+BHPlQqjbKMB8GA1UdIwQY
MBaAFKsPLRgp1vuNJH+k6WWOoX8GwAsFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXc4dEdDblctNDBrZjZUcFpZNmhmd2JBQ3dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS83MjYxMjMtYmZjMi00N2VhLTliMDUt
NTcwZmVjMjlkMTM5LzEvT1Vwc2tmR1F3UDFhenNNNm40RWMtVkNxTnNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS83MjYxMjMtYmZjMi00N2VhLTliMDUtNTcwZmVjMjlkMTM5
LzEvcXc4dEdDblctNDBrZjZUcFpZNmhmd2JBQ3dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCuRtoAwQC
uS5MAwQCuX0MMA0EAgACMAcDBQMqEALAMA0GCSqGSIb3DQEBCwUAA4IBAQBN84V7
62LBpisxqzpdAdn6PQc+AwhbmtnxiSju3H7+YDZ46fCbqRs0f1zyYNh/he88RqYI
nLNZ8tOjUyT9ZwearDZIs6VRHhpfzbxv71CuCfTjQ4GNnBFFKB3XIZB2onJtdu4x
g6EMJC8jQ208xD1QHHySx/RAC3X8PANwcUXvdfnLP3eUeqOUqH2BolpJmeEanUZs
B/D4lBheNVW6iPILG877R9QOCAYT8YzRwWNEOCIN8/lVxREEsd/uZnHRbzsp4M9q
4X/Y2GKjpenFi6Pmvrt84FO2cmnb8uFQ3hBmFiT0Yj1P5/iF84SHDp9CGAoffRcn
0zJOU9ccKpJc4c2o
-----END CERTIFICATE-----