Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/2w6cJY-65VWC2NML2owk2yJnMiA.roa
File:                     2w6cJY-65VWC2NML2owk2yJnMiA.roa (raw, json)
Hash identifier:          EQdIIOaZeOY4ggj992egRQ+P6maqigxMmD0PENzh+00=
Subject key identifier:   DB:0E:9C:25:8F:BA:E5:55:82:D8:D3:0B:DA:8C:24:DB:22:67:32:20
Certificate issuer:       /CN=68a8e93d3f590f4450d1db3c2074598244353e93
Certificate serial:       019424B3D83617D907949734DE36B8F08576
Authority key identifier: 68:A8:E9:3D:3F:59:0F:44:50:D1:DB:3C:20:74:59:82:44:35:3E:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/2w6cJY-65VWC2NML2owk2yJnMiA.roa
Signing time:             Thu 02 Jan 2025 01:49:13 +0000
ROA not before:           Thu 02 Jan 2025 01:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21221
IP address blocks:        2.56.226.0/23 maxlen: 24
                          46.182.180.0/23 maxlen: 24
                          46.182.182.0/23 maxlen: 24
                          178.255.192.0/21 maxlen: 24
                          185.70.208.0/22 maxlen: 24
                          185.214.148.0/22 maxlen: 24
                          217.18.64.0/20 maxlen: 24
                          2a00:19c0::/32 maxlen: 48
                          2a04:e1c0:1::/48 maxlen: 48
                          2a09:d240:1::/48 maxlen: 48
                          2a0b:9cc0::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:d8:36:17:d9:07:94:97:34:de:36:b8:f0:85:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68a8e93d3f590f4450d1db3c2074598244353e93
        Validity
            Not Before: Jan  2 01:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db0e9c258fbae55582d8d30bda8c24db22673220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ec:81:b6:5f:c4:e8:88:ad:ce:d6:d3:f8:1e:
                    e9:af:01:88:a8:19:bd:33:8a:ad:35:4b:4e:09:df:
                    87:1e:50:03:ef:8a:88:e1:f1:e9:46:db:0b:19:50:
                    95:e2:f0:b7:24:cb:c0:96:d5:9c:f5:30:19:69:d1:
                    be:07:91:ce:59:f8:29:8b:48:4f:84:8b:89:0c:2e:
                    7f:7d:35:29:a1:fb:de:10:c3:e0:39:84:18:2e:42:
                    f0:be:1d:01:fc:5f:44:8f:0b:59:a9:3e:22:e0:f7:
                    e3:3b:36:8b:1a:9b:73:97:f9:59:69:df:2e:48:86:
                    67:ae:6b:ca:03:e4:e1:2c:e8:1a:e8:bd:d2:4f:73:
                    63:ae:4b:24:da:92:98:56:30:dc:4f:33:66:3e:c6:
                    bb:2e:49:8b:cf:38:62:58:99:dc:52:6f:4e:c3:75:
                    fd:a7:03:fc:90:c1:3d:78:d7:11:b1:45:8d:79:4d:
                    49:9b:ae:97:d4:40:ac:ef:cd:15:22:94:79:c9:5d:
                    37:10:0c:3e:e1:8c:3f:da:ea:05:92:eb:c1:25:a0:
                    4a:44:1e:17:ba:52:8d:7f:24:60:13:0d:45:40:00:
                    6e:c3:2f:de:3c:b8:42:22:f0:b1:c9:6e:9f:3c:dd:
                    28:13:f3:cb:40:ae:25:ee:aa:6c:4a:31:9c:0c:f3:
                    e3:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:0E:9C:25:8F:BA:E5:55:82:D8:D3:0B:DA:8C:24:DB:22:67:32:20
            X509v3 Authority Key Identifier:
                keyid:68:A8:E9:3D:3F:59:0F:44:50:D1:DB:3C:20:74:59:82:44:35:3E:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/2w6cJY-65VWC2NML2owk2yJnMiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.226.0/23
                  46.182.180.0/22
                  178.255.192.0/21
                  185.70.208.0/22
                  185.214.148.0/22
                  217.18.64.0/20
                IPv6:
                  2a00:19c0::/32
                  2a04:e1c0:1::/48
                  2a09:d240:1::/48
                  2a0b:9cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:4a:12:a5:ae:14:d9:a9:29:b6:79:14:67:58:72:a2:9f:af:
         9e:00:13:fa:a3:1a:33:cf:7f:04:0a:59:9d:9f:45:ef:20:15:
         d0:11:74:e0:ea:9a:df:c5:8d:b0:f4:63:6f:17:bb:02:88:56:
         2c:28:0f:76:c3:09:f5:a7:91:42:dc:3e:6f:62:f9:59:56:3e:
         c6:d9:2d:e7:4c:e7:6a:9d:9d:15:6e:d0:6e:56:74:7d:01:9b:
         90:14:1c:d4:d5:15:9e:28:b9:90:e5:36:3e:cc:83:61:33:0d:
         e3:94:5a:e9:a5:7a:87:80:f5:8b:f7:85:62:81:ed:f1:1a:54:
         0a:5d:1f:69:ab:56:84:b4:53:a7:52:f8:75:be:4d:e7:b8:48:
         34:3e:30:29:c3:4d:2e:47:c6:42:72:a3:fe:31:a3:7b:19:ff:
         59:56:ac:e7:c3:df:66:d9:5b:29:11:37:ac:02:b3:7c:54:3b:
         ab:b2:8d:30:1e:f3:8a:f2:5e:b7:46:b5:34:6e:a2:52:5d:ab:
         c1:c0:25:16:22:a4:6c:48:dc:8b:a0:82:72:84:a0:61:e9:d9:
         a8:68:37:91:9c:7e:98:11:27:24:a7:c3:c6:1b:d5:3c:fc:47:
         2a:8e:e6:88:c1:de:4f:af:bb:bf:f3:d4:eb:ec:23:5e:f1:70:
         df:b6:a2:7b
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZQks9g2F9kHlJc03ja48IV2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YThlOTNkM2Y1OTBmNDQ1MGQxZGIzYzIwNzQ1OTgyNDQz
NTNlOTMwHhcNMjUwMTAyMDE0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjBlOWMyNThmYmFlNTU1ODJkOGQzMGJkYThjMjRkYjIyNjczMjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeyBtl/E6IitztbT+B7prwGIqBm9
M4qtNUtOCd+HHlAD74qI4fHpRtsLGVCV4vC3JMvAltWc9TAZadG+B5HOWfgpi0hP
hIuJDC5/fTUpofveEMPgOYQYLkLwvh0B/F9EjwtZqT4i4PfjOzaLGptzl/lZad8u
SIZnrmvKA+ThLOga6L3ST3Njrksk2pKYVjDcTzNmPsa7LkmLzzhiWJncUm9Ow3X9
pwP8kME9eNcRsUWNeU1Jm66X1ECs780VIpR5yV03EAw+4Yw/2uoFkuvBJaBKRB4X
ulKNfyRgEw1FQABuwy/ePLhCIvCxyW6fPN0oE/PLQK4l7qpsSjGcDPPj3wIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFNsOnCWPuuVVgtjTC9qMJNsiZzIgMB8GA1UdIwQY
MBaAFGio6T0/WQ9EUNHbPCB0WYJENT6TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUtqcFBUOVpEMFJRMGRzOElIUlpna1ExUHBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9iYjNiMjktODFlNS00NWEyLTgxZWMt
MjVkZDRjYmIzNjk4LzEvMnc2Y0pZLTY1VldDMk5NTDJvd2syeUpuTWlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9iYjNiMjktODFlNS00NWEyLTgxZWMtMjVkZDRjYmIzNjk4
LzEvYUtqcFBUOVpEMFJRMGRzOElIUlpna1ExUHBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDAqBAIAATAkAwQBAjjiAwQC
Lra0AwQDsv/AAwQCuUbQAwQCudaUAwQE2RJAMCYEAgACMCADBQAqABnAAwcAKgTh
wAABAwcAKgnSQAABAwUDKgucwDANBgkqhkiG9w0BAQsFAAOCAQEAVUoSpa4U2akp
tnkUZ1hyop+vngAT+qMaM89/BApZnZ9F7yAV0BF04Oqa38WNsPRjbxe7AohWLCgP
dsMJ9aeRQtw+b2L5WVY+xtkt50znap2dFW7QblZ0fQGbkBQc1NUVnii5kOU2PsyD
YTMN45Ra6aV6h4D1i/eFYoHt8RpUCl0faatWhLRTp1L4db5N57hIND4wKcNNLkfG
QnKj/jGjexn/WVas58PfZtlbKRE3rAKzfFQ7q7KNMB7zivJet0a1NG6iUl2rwcAl
FiKkbEjci6CCcoSgYenZqGg3kZx+mBEnJKfDxhvVPPxHKo7miMHeT6+7v/PU6+wj
XvFw37aiew==
-----END CERTIFICATE-----