Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/OhA3htW2ZRxKPIGSUQJwCA8k7y8.roa
File:                     OhA3htW2ZRxKPIGSUQJwCA8k7y8.roa (raw, json)
Hash identifier:          uWzDK0Zci3NmjlDEeoZWCsLbRjDEeHWh8zsxb+shBe8=
Subject key identifier:   3A:10:37:86:D5:B6:65:1C:4A:3C:81:92:51:02:70:08:0F:24:EF:2F
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A2169335096D73BE09B8803768C55
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/OhA3htW2ZRxKPIGSUQJwCA8k7y8.roa
Signing time:             Wed 01 Jan 2025 19:49:05 +0000
ROA not before:           Wed 01 Jan 2025 19:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        163.5.25.0/24 maxlen: 24
                          163.5.33.0/24 maxlen: 24
                          163.5.40.0/24 maxlen: 24
                          163.5.110.0/24 maxlen: 24
                          163.5.111.0/24 maxlen: 24
                          163.5.126.0/24 maxlen: 24
                          163.5.128.0/24 maxlen: 24
                          163.5.145.0/24 maxlen: 24
                          163.5.165.0/24 maxlen: 24
                          163.5.250.0/24 maxlen: 24
                          163.5.253.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:21:69:33:50:96:d7:3b:e0:9b:88:03:76:8c:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a103786d5b6651c4a3c8192510270080f24ef2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:7f:2a:f1:3f:70:66:dd:73:21:22:9a:7d:60:
                    b5:68:cb:45:77:99:93:1e:40:a2:49:69:97:b8:df:
                    74:3a:48:a4:98:ca:c9:5b:3a:aa:0a:ad:ba:d1:a0:
                    55:89:60:fa:d8:23:82:dd:90:f0:c0:92:4d:6a:ca:
                    7a:a5:e9:71:77:5c:e1:6a:af:fc:0d:dd:3c:5a:4b:
                    82:68:3a:3b:78:86:cd:ba:d9:d7:c5:05:64:9b:71:
                    6a:0e:f7:c1:ee:82:8d:51:27:54:7a:8d:9f:64:3a:
                    69:02:b5:6c:43:9f:1d:15:18:e0:f8:95:2e:75:53:
                    4a:22:f3:9f:66:5b:17:e7:99:4a:bc:5e:68:86:af:
                    86:9f:ae:53:1a:a6:4d:72:4f:d2:25:41:eb:65:a8:
                    bf:09:e6:a4:18:64:32:cc:5a:f2:b9:7b:e4:71:8f:
                    52:9d:9f:62:51:89:ef:83:eb:7b:a6:43:be:e8:6f:
                    96:b0:41:ba:f6:fd:e8:52:15:05:01:2f:5b:37:0c:
                    bd:84:61:39:64:9c:06:7f:bf:ff:17:31:41:df:7c:
                    b5:ff:61:37:33:8c:d0:1c:f6:b7:9e:e2:ed:4b:f3:
                    72:38:39:f4:a1:ff:01:6d:e6:59:c0:d8:9c:22:79:
                    5e:f9:92:1a:46:f7:5b:e1:6c:01:20:95:7b:d5:e6:
                    3c:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:10:37:86:D5:B6:65:1C:4A:3C:81:92:51:02:70:08:0F:24:EF:2F
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/OhA3htW2ZRxKPIGSUQJwCA8k7y8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.25.0/24
                  163.5.33.0/24
                  163.5.40.0/24
                  163.5.110.0/23
                  163.5.126.0/24
                  163.5.128.0/24
                  163.5.145.0/24
                  163.5.165.0/24
                  163.5.250.0/24
                  163.5.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:94:94:3b:88:cb:83:63:90:1c:2a:50:20:b0:26:33:73:7d:
         76:25:ca:cc:92:57:b3:54:02:8d:9d:06:f5:2b:a9:8c:9e:d9:
         10:63:ee:4a:2c:d4:9d:14:56:b9:54:8c:2a:8b:c9:4a:10:1d:
         df:47:3e:ae:8e:a7:ce:96:b0:83:33:4e:db:5a:98:85:ef:a0:
         40:98:18:4e:ad:7b:50:5c:61:1a:24:57:43:8a:6d:38:75:8a:
         4b:7b:8f:a6:23:58:05:9e:28:5e:5a:ba:cb:93:8e:ac:4a:2b:
         f5:7d:02:a0:13:9e:ed:41:a2:e7:20:8f:27:ca:1d:9f:8a:b2:
         3f:f7:a2:70:c9:16:b9:e3:f5:e0:9c:fb:ce:44:94:ae:e1:ac:
         97:b6:80:be:db:b7:10:92:6f:5a:8d:50:9c:35:ab:18:e4:e2:
         fe:cf:1e:5c:7a:35:79:76:ce:52:cd:64:b3:35:2a:a4:b7:38:
         cf:ca:41:16:2d:24:b7:f1:3c:05:66:fe:aa:df:f8:ed:7a:ec:
         fa:78:73:56:93:70:df:8a:9e:83:db:1f:d3:3b:74:b9:52:87:
         aa:5d:ec:3e:3e:69:4d:be:be:55:a0:c5:3a:60:19:56:a3:47:
         5c:80:1d:23:e3:74:f3:6f:c3:43:b0:a7:8c:21:eb:60:3a:59:
         63:04:95:4b
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZQjaiFpM1CW1zvgm4gDdoxVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTEwMzc4NmQ1YjY2NTFjNGEzYzgxOTI1MTAyNzAwODBmMjRlZjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1n8q8T9wZt1zISKafWC1aMtFd5mT
HkCiSWmXuN90OkikmMrJWzqqCq260aBViWD62COC3ZDwwJJNasp6pelxd1zhaq/8
Dd08WkuCaDo7eIbNutnXxQVkm3FqDvfB7oKNUSdUeo2fZDppArVsQ58dFRjg+JUu
dVNKIvOfZlsX55lKvF5ohq+Gn65TGqZNck/SJUHrZai/CeakGGQyzFryuXvkcY9S
nZ9iUYnvg+t7pkO+6G+WsEG69v3oUhUFAS9bNwy9hGE5ZJwGf7//FzFB33y1/2E3
M4zQHPa3nuLtS/NyODn0of8BbeZZwNicInle+ZIaRvdb4WwBIJV71eY8rQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFDoQN4bVtmUcSjyBklECcAgPJO8vMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvT2hBM2h0VzJaUnhLUElHU1VRSndDQThrN3k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAowUZAwQA
owUhAwQAowUoAwQBowVuAwQAowV+AwQAowWAAwQAowWRAwQAowWlAwQAowX6AwQA
owX9MA0GCSqGSIb3DQEBCwUAA4IBAQCslJQ7iMuDY5AcKlAgsCYzc312JcrMklez
VAKNnQb1K6mMntkQY+5KLNSdFFa5VIwqi8lKEB3fRz6ujqfOlrCDM07bWpiF76BA
mBhOrXtQXGEaJFdDim04dYpLe4+mI1gFniheWrrLk46sSiv1fQKgE57tQaLnII8n
yh2firI/96JwyRa54/XgnPvORJSu4ayXtoC+27cQkm9ajVCcNasY5OL+zx5cejV5
ds5SzWSzNSqktzjPykEWLSS38TwFZv6q3/jteuz6eHNWk3Dfip6D2x/TO3S5Uoeq
Xew+PmlNvr5VoMU6YBlWo0dcgB0j43Tzb8NDsKeMIetgOlljBJVL
-----END CERTIFICATE-----