Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/CqhAKW35oNNLnPMxTbinI5wRncE.roa
File:                     CqhAKW35oNNLnPMxTbinI5wRncE.roa (raw, json)
Hash identifier:          ehXEm/rZMwl+eBvDwGsfvqeLpGZCmgCEF0C3TfO/fDk=
Subject key identifier:   0A:A8:40:29:6D:F9:A0:D3:4B:9C:F3:31:4D:B8:A7:23:9C:11:9D:C1
Certificate issuer:       /CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
Certificate serial:       0194AC3F23A333CEBED2BA5A40A80D344BCB
Authority key identifier: B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/CqhAKW35oNNLnPMxTbinI5wRncE.roa
Signing time:             Tue 28 Jan 2025 09:30:06 +0000
ROA not before:           Tue 28 Jan 2025 09:30:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44843
IP address blocks:        31.207.64.0/20 maxlen: 20
                          31.207.66.0/24 maxlen: 24
                          31.207.67.0/24 maxlen: 24
                          31.207.70.0/24 maxlen: 24
                          31.207.71.0/24 maxlen: 24
                          31.207.79.0/24 maxlen: 24
                          152.89.134.0/24 maxlen: 24
                          178.236.128.0/21 maxlen: 21
                          178.236.128.0/24 maxlen: 24
                          178.236.129.0/24 maxlen: 24
                          178.236.130.0/24 maxlen: 24
                          178.236.131.0/24 maxlen: 24
                          178.236.132.0/24 maxlen: 24
                          178.236.133.0/24 maxlen: 24
                          178.236.134.0/24 maxlen: 24
                          178.236.135.0/24 maxlen: 24
                          2a02:1710:4::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:3f:23:a3:33:ce:be:d2:ba:5a:40:a8:0d:34:4b:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
        Validity
            Not Before: Jan 28 09:30:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0aa840296df9a0d34b9cf3314db8a7239c119dc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:60:64:fb:a1:f8:99:84:64:42:cc:24:84:cb:
                    ef:43:0f:ab:3e:e4:83:27:19:42:63:13:28:fe:dc:
                    1e:a9:09:bc:b6:6c:14:65:a4:65:7e:59:6c:e3:80:
                    e1:75:47:43:c9:94:51:fb:e6:cb:05:b5:88:83:7b:
                    18:56:c7:4d:e0:a6:9b:ba:ef:74:7c:99:9d:4e:dc:
                    6b:63:70:12:9e:9a:19:c5:f9:a0:7e:15:97:9f:96:
                    e6:e3:5d:40:94:e6:5e:f4:db:cd:cb:37:ca:c1:6f:
                    d8:42:9d:0e:d9:6e:29:df:0f:2d:df:52:29:9f:c6:
                    8d:5c:3e:0d:05:f2:ec:11:0e:cd:44:d3:5b:55:92:
                    7d:8e:47:ab:cd:e8:8a:8b:32:76:37:75:6b:82:d1:
                    52:69:95:ba:60:9f:20:3c:8a:6a:48:45:11:87:d8:
                    d3:b6:e7:ce:24:b7:01:20:98:85:8b:5c:3f:65:32:
                    96:71:7f:ef:fb:f1:d3:9e:f5:7c:b3:ce:08:f9:40:
                    03:52:a9:51:44:c6:98:7a:90:9f:25:20:a0:16:fc:
                    54:b3:0d:61:e0:fa:1e:c4:83:04:22:2a:9a:9c:84:
                    20:46:05:17:11:0d:20:49:0c:2c:8a:92:0d:65:64:
                    58:bd:6f:6a:0a:c0:8a:32:57:01:de:a3:15:4e:64:
                    d7:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:A8:40:29:6D:F9:A0:D3:4B:9C:F3:31:4D:B8:A7:23:9C:11:9D:C1
            X509v3 Authority Key Identifier:
                keyid:B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/CqhAKW35oNNLnPMxTbinI5wRncE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.207.64.0/20
                  152.89.134.0/24
                  178.236.128.0/21
                IPv6:
                  2a02:1710:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:52:87:fc:80:b5:ff:ee:cd:8f:01:7d:1f:b7:2c:26:74:6e:
         5f:11:55:e6:f5:01:11:70:f8:63:84:64:12:ca:d4:55:67:72:
         05:f4:7a:ad:26:93:bd:87:33:2d:36:0f:c9:cf:3e:23:73:a6:
         5c:1b:4e:40:32:6e:fe:aa:0c:38:a5:df:d1:74:ba:d7:69:f9:
         68:c9:91:fc:b2:bf:3f:c1:af:74:55:27:7b:3c:1b:2e:f4:2d:
         be:b6:5b:71:0d:15:fc:39:38:56:3f:4c:3e:7b:6b:88:61:55:
         17:00:8f:e1:f5:da:c8:4e:3d:45:be:16:35:c7:cf:4d:f1:77:
         af:af:a0:c5:7a:0b:f7:a6:52:82:54:a3:97:2b:4d:99:d0:71:
         bd:5a:15:69:85:77:cb:c9:2b:84:ab:7f:77:f7:36:32:bf:a6:
         72:f3:e1:de:1f:e8:bc:3c:e4:72:cc:21:0e:db:19:3e:9a:62:
         92:e5:ff:1f:22:6a:6f:22:6b:b7:e5:fd:28:84:86:93:56:f9:
         c5:fb:85:58:3f:db:6b:99:49:8a:32:82:52:56:1a:75:20:35:
         f3:de:97:61:03:2b:41:71:37:19:91:17:a5:14:77:00:09:e9:
         78:63:8a:4b:47:a8:bf:20:c6:6d:06:7d:6d:5f:01:1d:1e:9a:
         37:b0:27:9b
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZSsPyOjM86+0rpaQKgNNEvLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MjU4OGMwMGVlZjcxNTgwOWViNWZkZDZkNjcxN2NjMjhj
MGRmYWMwHhcNMjUwMTI4MDkzMDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWE4NDAyOTZkZjlhMGQzNGI5Y2YzMzE0ZGI4YTcyMzljMTE5ZGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmBk+6H4mYRkQswkhMvvQw+rPuSD
JxlCYxMo/tweqQm8tmwUZaRlflls44DhdUdDyZRR++bLBbWIg3sYVsdN4Kabuu90
fJmdTtxrY3ASnpoZxfmgfhWXn5bm411AlOZe9NvNyzfKwW/YQp0O2W4p3w8t31Ip
n8aNXD4NBfLsEQ7NRNNbVZJ9jkerzeiKizJ2N3VrgtFSaZW6YJ8gPIpqSEURh9jT
tufOJLcBIJiFi1w/ZTKWcX/v+/HTnvV8s84I+UADUqlRRMaYepCfJSCgFvxUsw1h
4PoexIMEIiqanIQgRgUXEQ0gSQwsipINZWRYvW9qCsCKMlcB3qMVTmTXpQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFAqoQClt+aDTS5zzMU24pyOcEZ3BMB8GA1UdIwQY
MBaAFLcliMAO73FYCetf3W1nF8wowN+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUt
N2E0MTI1NGVhYWNhLzEvQ3FoQUtXMzVvTk5MblBNeFRiaW5JNXdSbmNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUtN2E0MTI1NGVhYWNh
LzEvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQEH89AAwQA
mFmGAwQDsuyAMA8EAgACMAkDBwAqAhcQAAQwDQYJKoZIhvcNAQELBQADggEBABZS
h/yAtf/uzY8BfR+3LCZ0bl8RVeb1ARFw+GOEZBLK1FVncgX0eq0mk72HMy02D8nP
PiNzplwbTkAybv6qDDil39F0utdp+WjJkfyyvz/Br3RVJ3s8Gy70Lb62W3ENFfw5
OFY/TD57a4hhVRcAj+H12shOPUW+FjXHz03xd6+voMV6C/emUoJUo5crTZnQcb1a
FWmFd8vJK4Srf3f3NjK/pnLz4d4f6Lw85HLMIQ7bGT6aYpLl/x8iam8ia7fl/SiE
hpNW+cX7hVg/22uZSYoyglJWGnUgNfPel2EDK0FxNxmRF6UUdwAJ6XhjiktHqL8g
xm0GfW1fAR0emjewJ5s=
-----END CERTIFICATE-----