Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/bU7bQwmnFOmp2aFn0OfY212qPNY.roa
File:                     bU7bQwmnFOmp2aFn0OfY212qPNY.roa (raw, json)
Hash identifier:          HQd1wE5/lMFk54jnSGcpPvBcqXRTlpWouTKkK5mksPQ=
Subject key identifier:   6D:4E:DB:43:09:A7:14:E9:A9:D9:A1:67:D0:E7:D8:DB:5D:AA:3C:D6
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348D037C6778544765E197F88AFAB27
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/bU7bQwmnFOmp2aFn0OfY212qPNY.roa
Signing time:             Mon 01 Jan 2024 04:29:38 +0000
ROA not before:           Mon 01 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12429
IP address blocks:        193.246.32.0/21 maxlen: 21
                          193.246.40.0/21 maxlen: 21
                          193.223.24.0/22 maxlen: 22
                          193.223.20.0/22 maxlen: 22
                          193.222.64.0/19 maxlen: 20
                          188.92.48.0/22 maxlen: 22
                          188.92.48.0/21 maxlen: 22
                          193.223.44.0/22 maxlen: 22
                          193.223.48.0/20 maxlen: 20
                          193.246.208.0/20 maxlen: 20
                          194.11.144.0/21 maxlen: 24
                          2a02:a90::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d0:37:c6:77:85:44:76:5e:19:7f:88:af:ab:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d4edb4309a714e9a9d9a167d0e7d8db5daa3cd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:70:00:09:a3:af:88:5f:d2:72:5d:e1:5e:4d:
                    13:12:2d:33:7c:32:f2:18:61:dc:0f:ef:57:5a:d0:
                    fa:53:bc:7b:50:05:ec:8b:a3:9b:19:d2:84:88:ab:
                    a1:3f:95:82:7f:79:d5:d4:c7:d7:46:78:6e:57:cc:
                    ad:4e:f5:70:27:d4:e0:c7:c4:76:9c:0d:68:ab:58:
                    5d:31:e5:76:c9:08:8d:4b:65:76:69:13:2e:1e:bf:
                    64:18:9f:a7:71:7c:35:2c:49:87:a7:55:ea:74:3b:
                    a6:72:87:f5:0e:53:d9:17:60:4f:4f:a9:c3:af:d9:
                    b5:ac:4d:57:61:dd:d5:9e:40:eb:6f:62:da:61:80:
                    e5:e7:f3:9d:16:90:f2:45:29:d5:5d:c0:eb:3b:a7:
                    97:66:e2:77:3c:39:f9:c7:54:e8:a0:aa:a0:e0:6e:
                    58:42:be:43:ef:60:93:12:5c:4b:7d:c7:24:2e:e3:
                    ea:26:3f:f0:b1:e3:4a:ae:d5:c4:d2:48:d9:2a:77:
                    a0:93:8f:36:34:aa:b8:b2:39:cf:13:38:41:6c:dd:
                    bf:31:3d:8e:95:fb:c4:d5:55:74:07:5d:ea:d7:79:
                    89:d2:4e:19:8e:b1:97:93:9b:7e:36:00:3a:af:58:
                    7a:a6:12:74:c5:c1:3b:13:ef:96:ab:df:5e:f6:b2:
                    f5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:4E:DB:43:09:A7:14:E9:A9:D9:A1:67:D0:E7:D8:DB:5D:AA:3C:D6
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/bU7bQwmnFOmp2aFn0OfY212qPNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.92.48.0/21
                  193.222.64.0/19
                  193.223.20.0-193.223.27.255
                  193.223.44.0-193.223.63.255
                  193.246.32.0/20
                  193.246.208.0/20
                  194.11.144.0/21
                IPv6:
                  2a02:a90::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:2e:c2:0b:8d:17:49:f8:c1:5c:e6:89:de:c1:a5:81:90:2c:
         24:35:c7:9a:e1:43:31:71:60:a1:fa:0b:de:ea:2d:ee:02:a8:
         03:4b:b5:a3:b8:bf:a2:e2:fd:99:ff:ac:5a:02:2e:cb:81:43:
         ce:c5:cd:a0:c6:fd:cb:23:4d:c2:f8:e8:71:55:3f:a0:3a:db:
         f3:e0:3e:f7:4f:ac:aa:45:27:be:82:9b:34:24:13:95:f4:bf:
         15:c9:9f:d0:8c:84:f8:fa:5e:13:73:a5:7a:33:a6:f9:b4:2a:
         5c:99:1c:e0:cd:f8:58:4c:ea:4f:91:0e:61:b9:c2:5c:da:53:
         27:3a:7d:ad:b8:81:71:4c:1f:b9:c9:d4:21:d4:7c:5b:68:33:
         66:27:96:21:c9:bb:50:af:b3:bf:9a:d2:a1:63:a3:54:dc:cb:
         ce:27:80:e4:3d:a8:a9:ef:c5:df:77:05:66:db:00:40:f5:d5:
         92:6d:04:68:dc:76:a2:d4:74:3e:fa:4c:fa:76:c9:bf:38:03:
         80:fb:db:a8:59:14:c0:8f:65:89:77:82:c8:7c:70:80:4e:eb:
         4e:7b:85:ff:4f:db:a5:29:70:cb:ed:e1:b3:64:48:3e:81:da:
         a4:3f:43:77:64:f8:a1:ae:05:92:ea:39:be:21:be:d6:ed:92:
         f0:6a:82:c0
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYzDSNA3xneFRHZeGX+Ir6snMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDRlZGI0MzA5YTcxNGU5YTlkOWExNjdkMGU3ZDhkYjVkYWEzY2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3AACaOviF/Scl3hXk0TEi0zfDLy
GGHcD+9XWtD6U7x7UAXsi6ObGdKEiKuhP5WCf3nV1MfXRnhuV8ytTvVwJ9Tgx8R2
nA1oq1hdMeV2yQiNS2V2aRMuHr9kGJ+ncXw1LEmHp1XqdDumcof1DlPZF2BPT6nD
r9m1rE1XYd3VnkDrb2LaYYDl5/OdFpDyRSnVXcDrO6eXZuJ3PDn5x1TooKqg4G5Y
Qr5D72CTElxLfcckLuPqJj/wseNKrtXE0kjZKnegk482NKq4sjnPEzhBbN2/MT2O
lfvE1VV0B13q13mJ0k4ZjrGXk5t+NgA6r1h6phJ0xcE7E++Wq99e9rL1lQIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFG1O20MJpxTpqdmhZ9Dn2NtdqjzWMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvYlU3YlF3bW5GT21wMmFGbjBPZlkyMTJxUE5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTBABAIAATA6AwQDvFwwAwQF
wd5AMAwDBALB3xQDBALB3xgwDAMEAsHfLAMEBsHfAAMEBMH2IAMEBMH20AMEA8IL
kDANBAIAAjAHAwUAKgIKkDANBgkqhkiG9w0BAQsFAAOCAQEAOC7CC40XSfjBXOaJ
3sGlgZAsJDXHmuFDMXFgofoL3uot7gKoA0u1o7i/ouL9mf+sWgIuy4FDzsXNoMb9
yyNNwvjocVU/oDrb8+A+90+sqkUnvoKbNCQTlfS/Fcmf0IyE+PpeE3OlejOm+bQq
XJkc4M34WEzqT5EOYbnCXNpTJzp9rbiBcUwfucnUIdR8W2gzZieWIcm7UK+zv5rS
oWOjVNzLzieA5D2oqe/F33cFZtsAQPXVkm0EaNx2otR0PvpM+nbJvzgDgPvbqFkU
wI9liXeCyHxwgE7rTnuF/0/bpSlwy+3hs2RIPoHapD9Dd2T4oa4Fkuo5viG+1u2S
8GqCwA==
-----END CERTIFICATE-----