Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/clnaMm-gMiwsEYseD9VB3Kwt084.roa
File:                     clnaMm-gMiwsEYseD9VB3Kwt084.roa (raw, json)
Hash identifier:          NpN0ynwsyxvDm6R0XnAuzGI9A3Dr8XC3OEWiSMbZf5Y=
Subject key identifier:   72:59:DA:32:6F:A0:32:2C:2C:11:8B:1E:0F:D5:41:DC:AC:2D:D3:CE
Certificate issuer:       /CN=1da97cae7de6b29e56f0259af53c95926034a502
Certificate serial:       019424B3FB573DF577098116A8F4A3F389A7
Authority key identifier: 1D:A9:7C:AE:7D:E6:B2:9E:56:F0:25:9A:F5:3C:95:92:60:34:A5:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hal8rn3msp5W8CWa9TyVkmA0pQI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/clnaMm-gMiwsEYseD9VB3Kwt084.roa
Signing time:             Thu 02 Jan 2025 01:49:22 +0000
ROA not before:           Thu 02 Jan 2025 01:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3399
IP address blocks:        45.141.108.0/22 maxlen: 22
                          178.132.72.0/21 maxlen: 21
                          185.86.104.0/22 maxlen: 22
                          185.147.236.0/22 maxlen: 22
                          185.242.228.0/22 maxlen: 22
                          195.128.240.0/23 maxlen: 23
                          195.128.254.0/23 maxlen: 23
                          2a03:8600::/32 maxlen: 32
                          2a07:5cc0::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:fb:57:3d:f5:77:09:81:16:a8:f4:a3:f3:89:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1da97cae7de6b29e56f0259af53c95926034a502
        Validity
            Not Before: Jan  2 01:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7259da326fa0322c2c118b1e0fd541dcac2dd3ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:90:97:a0:77:21:7b:70:45:ca:54:3a:a0:16:
                    67:aa:b4:b7:72:9a:02:93:43:1d:e1:e1:de:64:50:
                    ec:04:80:df:13:34:cf:a1:38:58:04:b5:08:04:c7:
                    4e:77:97:4b:af:1d:3b:94:63:f0:f9:1f:c5:8b:1e:
                    5d:11:15:84:a3:ea:b0:c1:85:48:c6:96:7f:c0:62:
                    2b:e3:a8:5a:e1:5e:21:8c:fd:af:b7:7e:d3:91:d1:
                    a4:cb:f7:9a:56:62:30:87:0d:1e:5d:03:44:f2:15:
                    95:16:d4:ca:e7:68:e4:9a:ae:74:b0:15:55:76:0b:
                    ee:56:65:db:10:53:6b:d7:64:28:07:2f:fb:b4:5f:
                    70:40:5e:b5:8e:a7:13:b3:81:28:fd:69:9c:cc:a2:
                    5c:b3:01:83:56:6b:d7:a9:43:b2:4e:b9:28:07:3a:
                    9f:e5:0f:42:82:25:a7:03:cc:28:fe:56:49:8a:52:
                    ff:9d:ae:3e:3a:ba:de:46:db:35:46:e0:a6:b1:34:
                    65:12:d1:fa:35:c8:73:2a:b2:a1:f2:74:3e:61:15:
                    54:6f:9e:1b:31:85:3c:b1:10:ec:b6:f2:de:7b:38:
                    8b:cb:36:9c:5c:03:5e:c8:7b:b0:76:40:f3:c5:e2:
                    55:18:12:e6:68:78:b4:3e:6f:c8:61:c2:52:30:a0:
                    35:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:59:DA:32:6F:A0:32:2C:2C:11:8B:1E:0F:D5:41:DC:AC:2D:D3:CE
            X509v3 Authority Key Identifier:
                keyid:1D:A9:7C:AE:7D:E6:B2:9E:56:F0:25:9A:F5:3C:95:92:60:34:A5:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hal8rn3msp5W8CWa9TyVkmA0pQI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/clnaMm-gMiwsEYseD9VB3Kwt084.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/Hal8rn3msp5W8CWa9TyVkmA0pQI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.108.0/22
                  178.132.72.0/21
                  185.86.104.0/22
                  185.147.236.0/22
                  185.242.228.0/22
                  195.128.240.0/23
                  195.128.254.0/23
                IPv6:
                  2a03:8600::/32
                  2a07:5cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:0b:10:63:a3:9d:47:63:bf:61:dd:8f:8e:ab:fe:71:19:e1:
         a7:80:9d:5e:8a:89:9a:8b:18:1b:fa:a1:69:34:2e:12:2f:81:
         08:98:05:d0:7f:91:90:7e:0b:b3:0a:76:77:d0:7a:33:9e:5a:
         58:7f:c8:91:4b:ef:93:60:1c:91:c2:3d:e1:61:d7:6f:bc:c7:
         0c:30:65:b1:4f:33:de:77:fb:e8:45:33:47:b7:17:07:a1:04:
         df:02:85:00:1b:eb:91:85:bc:c2:36:67:a2:5c:1e:5c:63:2f:
         79:0b:4c:76:19:fb:33:17:9f:41:92:96:af:88:32:29:6e:65:
         e5:fe:71:21:1d:52:4d:16:ad:5d:88:a6:8f:76:52:a3:07:2e:
         71:f6:2d:e8:68:9d:7a:d4:0f:69:94:98:e0:6d:76:24:9e:b9:
         3c:0f:8d:a6:02:3a:0a:fb:27:dc:2f:4b:93:93:a7:c6:5c:99:
         d0:7a:03:67:a6:d6:43:85:66:3a:82:a7:6e:00:15:13:45:40:
         8a:ca:ec:07:90:52:dc:c7:94:93:fd:4e:64:a1:35:92:56:a9:
         02:35:cd:bc:32:04:05:93:e1:1a:fe:1e:4d:4b:a7:ec:3f:94:
         e6:1a:cb:97:82:d5:a1:ff:51:81:9b:ee:eb:ec:d6:2f:26:65:
         c2:02:a0:a6
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZQks/tXPfV3CYEWqPSj84mnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYTk3Y2FlN2RlNmIyOWU1NmYwMjU5YWY1M2M5NTkyNjAz
NGE1MDIwHhcNMjUwMTAyMDE0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjU5ZGEzMjZmYTAzMjJjMmMxMThiMWUwZmQ1NDFkY2FjMmRkM2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5CXoHche3BFylQ6oBZnqrS3cpoC
k0Md4eHeZFDsBIDfEzTPoThYBLUIBMdOd5dLrx07lGPw+R/Fix5dERWEo+qwwYVI
xpZ/wGIr46ha4V4hjP2vt37TkdGky/eaVmIwhw0eXQNE8hWVFtTK52jkmq50sBVV
dgvuVmXbEFNr12QoBy/7tF9wQF61jqcTs4Eo/WmczKJcswGDVmvXqUOyTrkoBzqf
5Q9CgiWnA8wo/lZJilL/na4+OrreRts1RuCmsTRlEtH6NchzKrKh8nQ+YRVUb54b
MYU8sRDstvLeeziLyzacXANeyHuwdkDzxeJVGBLmaHi0Pm/IYcJSMKA1KQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFHJZ2jJvoDIsLBGLHg/VQdysLdPOMB8GA1UdIwQY
MBaAFB2pfK595rKeVvAlmvU8lZJgNKUCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGFsOHJuM21zcDVXOENXYTlUeVZrbUEwcFFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC84NWI2NzMtZjFhZC00M2UyLWJmZTct
MGNkNzIzNmIyOWI2LzEvY2xuYU1tLWdNaXdzRVlzZUQ5VkIzS3d0MDg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC84NWI2NzMtZjFhZC00M2UyLWJmZTctMGNkNzIzNmIyOWI2
LzEvSGFsOHJuM21zcDVXOENXYTlUeVZrbUEwcFFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQCLY1sAwQD
soRIAwQCuVZoAwQCuZPsAwQCufLkAwQBw4DwAwQBw4D+MBQEAgACMA4DBQAqA4YA
AwUDKgdcwDANBgkqhkiG9w0BAQsFAAOCAQEAbAsQY6OdR2O/Yd2Pjqv+cRnhp4Cd
XoqJmosYG/qhaTQuEi+BCJgF0H+RkH4Lswp2d9B6M55aWH/IkUvvk2AckcI94WHX
b7zHDDBlsU8z3nf76EUzR7cXB6EE3wKFABvrkYW8wjZnolweXGMveQtMdhn7Mxef
QZKWr4gyKW5l5f5xIR1STRatXYimj3ZSowcucfYt6GidetQPaZSY4G12JJ65PA+N
pgI6Cvsn3C9Lk5OnxlyZ0HoDZ6bWQ4VmOoKnbgAVE0VAisrsB5BS3MeUk/1OZKE1
klapAjXNvDIEBZPhGv4eTUun7D+U5hrLl4LVof9RgZvu6+zWLyZlwgKgpg==
-----END CERTIFICATE-----