Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/8m2VE7cde3oVtv9V_-g77YmilKk.roa
File:                     8m2VE7cde3oVtv9V_-g77YmilKk.roa (raw, json)
Hash identifier:          m7qwSMENKBjBBCZHuypBoKQt+VBNtGDE+D+M80/7hPE=
Subject key identifier:   F2:6D:95:13:B7:1D:7B:7A:15:B6:FF:55:FF:E8:3B:ED:89:A2:94:A9
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       019422FBC8D726E7238A8604A3808D57B374
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/8m2VE7cde3oVtv9V_-g77YmilKk.roa
Signing time:             Wed 01 Jan 2025 17:48:33 +0000
ROA not before:           Wed 01 Jan 2025 17:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47952
IP address blocks:        81.90.176.0/24 maxlen: 24
                          81.90.177.0/24 maxlen: 24
                          81.90.178.0/24 maxlen: 24
                          81.90.179.0/24 maxlen: 24
                          193.138.172.0/24 maxlen: 24
                          193.138.173.0/24 maxlen: 24
                          193.138.174.0/24 maxlen: 24
                          193.138.175.0/24 maxlen: 24
                          194.56.184.0/24 maxlen: 24
                          194.56.185.0/24 maxlen: 24
                          194.56.186.0/24 maxlen: 24
                          194.56.187.0/24 maxlen: 24
                          212.103.36.0/24 maxlen: 24
                          212.103.37.0/24 maxlen: 24
                          212.103.38.0/24 maxlen: 24
                          212.103.39.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:c8:d7:26:e7:23:8a:86:04:a3:80:8d:57:b3:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Jan  1 17:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f26d9513b71d7b7a15b6ff55ffe83bed89a294a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7d:9b:02:4a:bf:c2:02:15:64:d5:72:4f:3c:
                    d6:81:58:70:87:e5:e1:41:3d:07:f2:74:d3:ba:ad:
                    17:b6:94:d1:0d:64:0a:d6:f1:02:43:a9:ce:21:2b:
                    b9:d7:33:7b:ca:95:7b:8e:4a:7a:4b:61:5f:b1:27:
                    cb:8c:59:2f:26:cc:4d:34:89:25:88:0c:ba:54:47:
                    e5:af:43:49:d3:4e:64:06:47:df:37:d1:b6:be:18:
                    81:b7:b0:46:8f:b4:af:7e:63:9e:4e:68:2b:ec:e7:
                    b1:b3:27:ce:76:52:84:ff:ca:75:4b:a5:a1:15:62:
                    18:8a:39:6b:29:92:91:08:2e:d7:b0:a6:41:76:f5:
                    72:39:cc:f4:06:69:12:7e:ec:6e:6d:65:43:53:55:
                    8a:a5:06:42:92:1d:7b:2a:77:5c:bb:e1:1f:a7:de:
                    71:ce:09:4d:7f:2d:ac:5d:c6:44:53:ae:83:0b:b8:
                    8e:c7:1b:ef:8d:08:6c:3a:b1:b2:ed:1f:28:d0:6d:
                    ad:a8:31:95:1b:0f:8c:e8:37:28:fe:ec:b7:57:83:
                    64:4a:c1:47:25:d3:a3:44:b2:82:2f:7b:14:1e:b7:
                    46:ef:77:97:c1:dc:dc:3a:2b:32:34:95:8a:21:11:
                    56:af:c0:ab:3d:e9:ef:bc:42:62:12:84:7b:50:0f:
                    e9:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:6D:95:13:B7:1D:7B:7A:15:B6:FF:55:FF:E8:3B:ED:89:A2:94:A9
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/8m2VE7cde3oVtv9V_-g77YmilKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.90.176.0/22
                  193.138.172.0/22
                  194.56.184.0/22
                  212.103.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:7d:d2:4c:f7:b5:98:8f:60:8d:09:68:0b:89:9d:17:46:2f:
         1f:0c:0e:a9:09:c3:86:a9:e9:6e:4f:cd:43:7d:bc:ee:a9:b5:
         60:c0:6e:7c:06:79:f6:53:b8:76:7c:65:90:28:66:03:24:1c:
         21:8a:71:d2:f4:ec:2a:5f:2c:3f:cf:5e:80:c2:7d:21:cf:30:
         39:50:e0:dd:50:6b:aa:cd:31:53:e3:08:3a:53:c1:86:c9:cb:
         cd:db:f3:bc:80:c3:95:36:34:82:d9:96:fc:98:e5:2a:13:64:
         6b:fe:d0:d6:03:f1:32:c7:47:2d:cd:d7:d9:5d:7d:a5:ba:e0:
         54:9f:e3:70:08:53:4b:82:6f:a8:b0:b6:10:a3:ae:0d:60:6c:
         62:c6:c2:11:a7:c4:3b:32:4a:fb:09:33:b5:d4:8f:97:f8:c1:
         3c:ba:d2:dc:db:47:ee:33:de:4d:28:22:a0:31:12:b6:75:5e:
         a0:84:e0:9d:23:c5:cc:23:9d:4a:77:8a:f3:88:d3:ca:d1:4b:
         53:cd:a9:23:19:40:e6:58:e1:42:6d:84:a5:be:68:df:29:7c:
         07:77:25:f8:97:14:a1:13:ad:b9:21:13:e9:b1:66:ab:82:79:
         76:3d:1d:ac:79:e7:ea:3b:ac:9f:7e:42:fd:e7:c7:6c:6b:e8:
         08:1f:4b:f4
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQi+8jXJucjioYEo4CNV7N0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjUwMTAxMTc0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjZkOTUxM2I3MWQ3YjdhMTViNmZmNTVmZmU4M2JlZDg5YTI5NGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq32bAkq/wgIVZNVyTzzWgVhwh+Xh
QT0H8nTTuq0XtpTRDWQK1vECQ6nOISu51zN7ypV7jkp6S2FfsSfLjFkvJsxNNIkl
iAy6VEflr0NJ005kBkffN9G2vhiBt7BGj7SvfmOeTmgr7OexsyfOdlKE/8p1S6Wh
FWIYijlrKZKRCC7XsKZBdvVyOcz0BmkSfuxubWVDU1WKpQZCkh17Kndcu+Efp95x
zglNfy2sXcZEU66DC7iOxxvvjQhsOrGy7R8o0G2tqDGVGw+M6Dco/uy3V4NkSsFH
JdOjRLKCL3sUHrdG73eXwdzcOisyNJWKIRFWr8CrPenvvEJiEoR7UA/pgQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPJtlRO3HXt6Fbb/Vf/oO+2JopSpMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvOG0yVkU3Y2RlM29WdHY5Vl8tZzc3WW1pbEtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCUVqwAwQC
wYqsAwQCwji4AwQC1GckMA0GCSqGSIb3DQEBCwUAA4IBAQARfdJM97WYj2CNCWgL
iZ0XRi8fDA6pCcOGqeluT81DfbzuqbVgwG58Bnn2U7h2fGWQKGYDJBwhinHS9Owq
Xyw/z16Awn0hzzA5UODdUGuqzTFT4wg6U8GGycvN2/O8gMOVNjSC2Zb8mOUqE2Rr
/tDWA/Eyx0ctzdfZXX2luuBUn+NwCFNLgm+osLYQo64NYGxixsIRp8Q7Mkr7CTO1
1I+X+ME8utLc20fuM95NKCKgMRK2dV6ghOCdI8XMI51Kd4rziNPK0UtTzakjGUDm
WOFCbYSlvmjfKXwHdyX4lxShE625IRPpsWargnl2PR2seefqO6yffkL958dsa+gI
H0v0
-----END CERTIFICATE-----