Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/46f5b9-6000-4072-89f2-4c82ace72c85/1/AHjefuSfI_Q521j7TkvDOEUNPWE.roa
File:                     AHjefuSfI_Q521j7TkvDOEUNPWE.roa (raw, json)
Hash identifier:          I4QybAHbGTXmpfuNM0l7wLWuLrcH73LsVM6x2d+CcgY=
Subject key identifier:   00:78:DE:7E:E4:9F:23:F4:39:DB:58:FB:4E:4B:C3:38:45:0D:3D:61
Certificate issuer:       /CN=dc44e19e2bb4e7023cc1ba10d49b74ede4bf865c
Certificate serial:       018AB74527D51A4EE346A20C5FE837DB8657
Authority key identifier: DC:44:E1:9E:2B:B4:E7:02:3C:C1:BA:10:D4:9B:74:ED:E4:BF:86:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3EThniu05wI8wboQ1Jt07eS_hlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/46f5b9-6000-4072-89f2-4c82ace72c85/1/AHjefuSfI_Q521j7TkvDOEUNPWE.roa
Signing time:             Thu 21 Sep 2023 10:24:37 +0000
ROA not before:           Thu 21 Sep 2023 10:24:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206747
IP address blocks:        25.129.198.0/23 maxlen: 23
                          25.129.196.0/23 maxlen: 23
                          25.25.25.0/24 maxlen: 24
                          195.130.30.0/24 maxlen: 24
                          195.130.28.0/24 maxlen: 24
                          195.130.29.0/24 maxlen: 24
                          2a08:600:ee::/47 maxlen: 47
                          2a08:600:99::/48 maxlen: 48
                          2a08:600:2::/48 maxlen: 48
                          2a08:600:3::/48 maxlen: 48
                          2a08:600:1::/48 maxlen: 48
                          2a08:600::/48 maxlen: 48
                          2a08:600:e0::/47 maxlen: 47
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b7:45:27:d5:1a:4e:e3:46:a2:0c:5f:e8:37:db:86:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc44e19e2bb4e7023cc1ba10d49b74ede4bf865c
        Validity
            Not Before: Sep 21 10:24:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0078de7ee49f23f439db58fb4e4bc338450d3d61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8b:1a:75:aa:08:0f:59:d2:cb:91:25:71:24:
                    1e:1e:5a:fb:89:8a:44:1b:5c:07:8e:f3:9c:8e:4a:
                    8a:30:cf:ef:14:7d:6c:6f:f8:a1:9c:89:dd:44:68:
                    98:4c:28:2a:37:07:cc:c6:40:bb:84:39:5e:ec:25:
                    e8:d9:21:ef:fe:ec:a4:34:30:98:21:76:66:5f:20:
                    1f:95:c0:97:cd:2c:95:38:90:b2:67:12:9f:34:e8:
                    e1:a2:65:21:6c:a4:96:a6:c0:98:28:79:e5:d4:0e:
                    08:c2:9a:28:99:42:02:79:90:0a:e4:4c:ef:f8:1f:
                    34:be:83:d4:af:7f:6b:6a:c7:4c:ad:c4:c9:84:4c:
                    19:b7:68:5b:a0:4b:a7:3d:d0:2e:16:33:58:38:04:
                    e7:b3:cc:40:e9:d3:f3:46:73:e6:78:fd:60:83:b7:
                    89:94:2f:f8:47:75:fa:0a:a6:76:02:58:ab:2c:ab:
                    2f:8c:a0:b4:5d:95:e4:c7:2d:51:e5:70:3a:c6:82:
                    66:96:82:6a:ed:5d:3d:70:52:4b:da:30:8a:c1:0c:
                    c7:01:22:19:fb:7c:80:87:e5:c2:dc:46:9f:53:91:
                    a8:4e:45:98:6d:96:37:c4:5f:7d:58:dd:4c:8a:d9:
                    56:41:7f:22:05:d1:85:ed:3a:1e:52:57:bd:b0:a0:
                    26:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:78:DE:7E:E4:9F:23:F4:39:DB:58:FB:4E:4B:C3:38:45:0D:3D:61
            X509v3 Authority Key Identifier:
                keyid:DC:44:E1:9E:2B:B4:E7:02:3C:C1:BA:10:D4:9B:74:ED:E4:BF:86:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3EThniu05wI8wboQ1Jt07eS_hlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/46f5b9-6000-4072-89f2-4c82ace72c85/1/AHjefuSfI_Q521j7TkvDOEUNPWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/46f5b9-6000-4072-89f2-4c82ace72c85/1/3EThniu05wI8wboQ1Jt07eS_hlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  25.25.25.0/24
                  25.129.196.0/22
                  195.130.28.0-195.130.30.255
                IPv6:
                  2a08:600::/46
                  2a08:600:99::/48
                  2a08:600:e0::/47
                  2a08:600:ee::/47

    Signature Algorithm: sha256WithRSAEncryption
         ad:eb:d7:fe:94:77:4c:c1:ff:4d:ba:21:22:ac:7d:0b:00:ea:
         db:9d:1b:f7:bb:be:31:d7:f5:3c:98:b0:21:87:d1:3e:dd:fa:
         cd:b9:c3:d0:05:3f:23:a0:be:e1:8f:3e:bc:7c:c9:0c:b3:d1:
         91:bb:47:86:38:5e:4b:28:6c:87:da:54:17:11:cc:0c:ea:2d:
         f5:7c:a2:6e:17:a8:27:92:cd:59:69:92:36:5b:d3:30:b3:46:
         2a:3a:0d:d1:93:f3:5e:1a:f8:3a:d7:12:f5:f1:13:87:df:c7:
         2a:be:80:bc:ee:a0:c5:69:dd:5d:84:27:6f:80:59:87:10:81:
         42:b4:79:41:db:32:47:f5:cb:8d:51:5a:58:c5:2c:21:19:d8:
         5d:68:45:bb:7b:90:cf:f9:d9:4c:c6:56:0e:bd:af:8f:6d:c7:
         bf:50:4f:a2:ba:76:f0:d2:19:76:80:be:4a:bd:f0:c8:c2:ab:
         df:76:89:f8:5a:99:bb:bc:b9:47:39:c7:07:00:de:ed:6a:44:
         49:8e:95:a2:7b:c0:fc:4d:72:bb:29:e8:88:89:28:fc:52:de:
         cb:bf:8a:95:e3:88:0f:57:6c:c7:2d:dd:79:23:ab:63:2b:da:
         88:fc:cd:1f:c0:24:32:e9:6d:2f:d8:cb:77:2c:7b:cc:b2:0d:
         ba:14:e3:9b
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYq3RSfVGk7jRqIMX+g324ZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNDRlMTllMmJiNGU3MDIzY2MxYmExMGQ0OWI3NGVkZTRi
Zjg2NWMwHhcNMjMwOTIxMTAyNDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDc4ZGU3ZWU0OWYyM2Y0MzlkYjU4ZmI0ZTRiYzMzODQ1MGQzZDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYsadaoID1nSy5ElcSQeHlr7iYpE
G1wHjvOcjkqKMM/vFH1sb/ihnIndRGiYTCgqNwfMxkC7hDle7CXo2SHv/uykNDCY
IXZmXyAflcCXzSyVOJCyZxKfNOjhomUhbKSWpsCYKHnl1A4IwpoomUICeZAK5Ezv
+B80voPUr39rasdMrcTJhEwZt2hboEunPdAuFjNYOATns8xA6dPzRnPmeP1gg7eJ
lC/4R3X6CqZ2AlirLKsvjKC0XZXkxy1R5XA6xoJmloJq7V09cFJL2jCKwQzHASIZ
+3yAh+XC3EafU5GoTkWYbZY3xF99WN1MitlWQX8iBdGF7ToeUle9sKAmHQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFAB43n7knyP0OdtY+05LwzhFDT1hMB8GA1UdIwQY
MBaAFNxE4Z4rtOcCPMG6ENSbdO3kv4ZcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0VUaG5pdTA1d0k4d2JvUTFKdDA3ZVNfaGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS80NmY1YjktNjAwMC00MDcyLTg5ZjIt
NGM4MmFjZTcyYzg1LzEvQUhqZWZ1U2ZJX1E1MjFqN1RrdkRPRVVOUFdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS80NmY1YjktNjAwMC00MDcyLTg5ZjItNGM4MmFjZTcyYzg1
LzEvM0VUaG5pdTA1d0k4d2JvUTFKdDA3ZVNfaGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjAgBAIAATAaAwQAGRkZAwQC
GYHEMAwDBALDghwDBADDgh4wKgQCAAIwJAMHAioIBgAAAAMHACoIBgAAmQMHASoI
BgAA4AMHASoIBgAA7jANBgkqhkiG9w0BAQsFAAOCAQEArevX/pR3TMH/TbohIqx9
CwDq250b97u+Mdf1PJiwIYfRPt36zbnD0AU/I6C+4Y8+vHzJDLPRkbtHhjheSyhs
h9pUFxHMDOot9XyibheoJ5LNWWmSNlvTMLNGKjoN0ZPzXhr4OtcS9fETh9/HKr6A
vO6gxWndXYQnb4BZhxCBQrR5QdsyR/XLjVFaWMUsIRnYXWhFu3uQz/nZTMZWDr2v
j23Hv1BPorp28NIZdoC+Sr3wyMKr33aJ+FqZu7y5RznHBwDe7WpESY6VonvA/E1y
uynoiIko/FLey7+KleOID1dsxy3deSOrYyvaiPzNH8AkMultL9jLdyx7zLINuhTj
mw==
-----END CERTIFICATE-----