Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/HvYUm5LP2S0LXXYX-humbutnuI8.roa
File:                     HvYUm5LP2S0LXXYX-humbutnuI8.roa (raw, json)
Hash identifier:          4/iqtYVYllKBFPX1CqHXtWzhqM/KxGDaEeavinI0Y1o=
Subject key identifier:   1E:F6:14:9B:92:CF:D9:2D:0B:5D:76:17:FA:1B:A6:6E:EB:67:B8:8F
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       019591369BA2763AB2E9F981E5A2EA7FE5C8
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/HvYUm5LP2S0LXXYX-humbutnuI8.roa
Signing time:             Thu 13 Mar 2025 20:33:49 +0000
ROA not before:           Thu 13 Mar 2025 20:33:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212165
IP address blocks:        45.87.245.0/24 maxlen: 24
                          185.224.212.0/24 maxlen: 24
                          2a10:9680::/32 maxlen: 32
                          2a10:9684::/32 maxlen: 32
                          2a10:9685::/32 maxlen: 32
                          2a11:e140::/32 maxlen: 32
                          2a12:6c40::/29 maxlen: 29
                          2a12:7f40::/29 maxlen: 29
                          2a12:92c0::/29 maxlen: 29
                          2a12:b3c0:ffff::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:91:36:9b:a2:76:3a:b2:e9:f9:81:e5:a2:ea:7f:e5:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Mar 13 20:33:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ef6149b92cfd92d0b5d7617fa1ba66eeb67b88f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:4f:cb:cb:60:4c:0e:1e:10:8c:5c:d9:60:3f:
                    80:8e:e9:60:a8:d0:80:fc:31:cb:aa:18:de:5e:2f:
                    c0:9b:c4:97:cc:e5:20:d3:6b:53:fc:85:fd:ac:65:
                    e2:7e:6b:71:7a:92:74:5c:dd:8d:b5:19:8c:5e:1b:
                    de:2d:78:1f:05:a9:7f:14:26:03:56:96:01:a2:2a:
                    94:53:80:31:c2:d5:54:8d:b6:55:a7:d5:16:4b:64:
                    d8:d8:af:1a:63:f5:d8:f9:75:26:54:36:64:f5:64:
                    0e:1d:e2:14:0a:13:a8:5f:51:5e:b9:74:82:fa:c1:
                    a5:49:d2:3a:fd:cb:b9:08:b2:6e:20:5b:d2:ec:5e:
                    84:29:cd:64:e9:b9:bc:d5:23:0d:0b:df:c7:32:9e:
                    ac:7a:08:a8:f2:81:b1:31:83:1e:35:dd:cb:71:0b:
                    a5:5b:3e:c0:f1:23:ae:e9:3b:b6:84:26:ab:1f:a3:
                    37:f5:ba:21:53:52:c2:08:93:0e:c0:da:86:f7:93:
                    b0:78:58:81:d7:65:d0:83:3c:9d:7b:3e:28:55:a5:
                    f4:df:17:4c:eb:61:91:70:87:d5:77:33:de:d5:1f:
                    0d:8f:fa:eb:6a:bf:30:ad:99:cb:20:dc:ae:5f:69:
                    54:f1:68:53:38:ec:fe:e3:db:11:b7:e0:26:36:0b:
                    8d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:F6:14:9B:92:CF:D9:2D:0B:5D:76:17:FA:1B:A6:6E:EB:67:B8:8F
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/HvYUm5LP2S0LXXYX-humbutnuI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.245.0/24
                  185.224.212.0/24
                IPv6:
                  2a10:9680::/32
                  2a10:9684::/31
                  2a11:e140::/32
                  2a12:6c40::/29
                  2a12:7f40::/29
                  2a12:92c0::/29
                  2a12:b3c0:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:06:4a:59:b8:4d:7b:5f:37:6d:57:ba:66:e1:ba:c0:c3:e2:
         71:0d:3a:dc:a0:7a:7d:a5:60:d1:75:4e:85:bb:68:15:27:2b:
         e8:30:48:df:7d:81:b4:8b:6f:90:54:30:bc:51:e6:62:f6:a2:
         2f:dc:bc:25:95:0f:9d:71:c7:77:7e:40:c8:af:88:d3:9b:fc:
         a5:71:62:47:bd:3d:92:b6:c1:6b:1c:d8:56:1f:c1:2e:07:29:
         f0:c7:49:08:fa:0e:6c:4b:7e:c9:73:d1:ae:37:33:33:d4:98:
         96:cc:ff:d7:3f:9d:08:32:58:8a:73:0f:15:fc:32:af:8c:af:
         8e:23:cb:c8:4e:26:9c:7c:0d:0e:3b:29:28:9c:97:d0:b3:43:
         cf:93:65:20:1b:f5:e0:c6:5b:a7:98:09:b9:24:c0:75:db:da:
         73:04:dc:64:02:dd:e3:51:e9:c4:a8:0e:23:b3:4d:a1:de:b6:
         27:7a:9a:b4:81:2e:5f:5b:6f:ca:e3:c1:80:b3:54:12:13:a1:
         9f:9b:09:96:0d:c6:22:20:fe:28:87:3d:ec:d7:cc:80:01:3b:
         59:89:a5:fa:b1:7d:14:13:27:94:6e:9d:33:25:9f:9c:f5:75:
         25:eb:f6:f2:8c:a8:b5:5b:70:15:da:c0:0f:a7:0a:f9:4a:05:
         65:a1:5b:87
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZWRNpuidjqy6fmB5aLqf+XIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjUwMzEzMjAzMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWY2MTQ5YjkyY2ZkOTJkMGI1ZDc2MTdmYTFiYTY2ZWViNjdiODhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4k/Ly2BMDh4QjFzZYD+AjulgqNCA
/DHLqhjeXi/Am8SXzOUg02tT/IX9rGXifmtxepJ0XN2NtRmMXhveLXgfBal/FCYD
VpYBoiqUU4AxwtVUjbZVp9UWS2TY2K8aY/XY+XUmVDZk9WQOHeIUChOoX1FeuXSC
+sGlSdI6/cu5CLJuIFvS7F6EKc1k6bm81SMNC9/HMp6segio8oGxMYMeNd3LcQul
Wz7A8SOu6Tu2hCarH6M39bohU1LCCJMOwNqG95OweFiB12XQgzydez4oVaX03xdM
62GRcIfVdzPe1R8Nj/rrar8wrZnLINyuX2lU8WhTOOz+49sRt+AmNguN0QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFB72FJuSz9ktC112F/obpm7rZ7iPMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvSHZZVW01TFAyUzBMWFhZWC1odW1idXRudUk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzASBAIAATAMAwQALVf1AwQA
ueDUMDkEAgACMDMDBQAqEJaAAwUBKhCWhAMFACoR4UADBQMqEmxAAwUDKhJ/QAMF
AyoSksADBwAqErPA//8wDQYJKoZIhvcNAQELBQADggEBAGcGSlm4TXtfN21Xumbh
usDD4nENOtygen2lYNF1ToW7aBUnK+gwSN99gbSLb5BUMLxR5mL2oi/cvCWVD51x
x3d+QMiviNOb/KVxYke9PZK2wWsc2FYfwS4HKfDHSQj6DmxLfslz0a43MzPUmJbM
/9c/nQgyWIpzDxX8Mq+Mr44jy8hOJpx8DQ47KSicl9CzQ8+TZSAb9eDGW6eYCbkk
wHXb2nME3GQC3eNR6cSoDiOzTaHetid6mrSBLl9bb8rjwYCzVBIToZ+bCZYNxiIg
/iiHPezXzIABO1mJpfqxfRQTJ5RunTMln5z1dSXr9vKMqLVbcBXawA+nCvlKBWWh
W4c=
-----END CERTIFICATE-----