Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/fYISzZWRzG7_wtxIDhjyXHPM4P4.roa
File:                     fYISzZWRzG7_wtxIDhjyXHPM4P4.roa (raw, json)
Hash identifier:          G+ywPlLAl4RvDHTdYmvn2UIgfVxBZaWwGMa191aRbWk=
Subject key identifier:   7D:82:12:CD:95:91:CC:6E:FF:C2:DC:48:0E:18:F2:5C:73:CC:E0:FE
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       0194228E0323333BE238FF9690474AC1C3F1
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/fYISzZWRzG7_wtxIDhjyXHPM4P4.roa
Signing time:             Wed 01 Jan 2025 15:48:39 +0000
ROA not before:           Wed 01 Jan 2025 15:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6453
IP address blocks:        82.222.0.0/16 maxlen: 24
                          85.29.0.0/18 maxlen: 24
                          92.44.0.0/15 maxlen: 24
                          151.250.0.0/16 maxlen: 24
                          176.33.0.0/16 maxlen: 24
                          176.40.0.0/14 maxlen: 24
                          195.214.128.0/18 maxlen: 24
                          212.57.0.0/19 maxlen: 24
                          213.153.128.0/17 maxlen: 24
                          2a02:e0::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:03:23:33:3b:e2:38:ff:96:90:47:4a:c1:c3:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 15:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d8212cd9591cc6effc2dc480e18f25c73cce0fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:0c:92:73:af:59:7f:d4:d3:08:cc:aa:16:62:
                    9e:5e:c3:bc:91:c7:fc:4d:0b:d8:33:63:62:24:1b:
                    41:95:b3:d7:60:6b:7b:4b:a8:cd:ed:52:6b:cb:37:
                    54:35:de:05:6a:45:44:1d:ac:bd:d1:46:78:87:e3:
                    f6:76:3d:00:17:84:e7:15:84:48:a3:b3:94:95:f6:
                    be:f1:9d:28:dd:65:6a:cd:c5:4c:ed:bd:d4:5f:28:
                    10:02:4e:e6:eb:9b:d4:dd:8c:75:5a:76:48:f2:4b:
                    46:06:79:21:bc:c6:b2:f6:f6:85:23:cb:72:90:54:
                    a5:a7:74:0a:a2:fc:83:6f:7c:d6:05:c3:ee:43:38:
                    f5:2c:ed:ef:55:f4:8a:45:3c:46:ac:1f:28:26:37:
                    46:12:53:7a:20:84:32:a1:1e:99:cf:9a:a7:6e:dd:
                    59:9f:a4:2f:d3:78:f5:18:78:a7:17:b2:d3:5a:42:
                    a1:d5:9c:e6:e1:09:88:03:69:7d:64:f1:3f:eb:72:
                    25:a7:49:fe:19:c7:4a:56:62:14:c9:b7:30:c4:29:
                    7c:82:7f:26:41:cd:ee:8c:91:4a:df:b1:58:49:82:
                    eb:42:74:f4:c6:e3:23:0c:1d:c1:2f:03:cf:26:72:
                    54:8c:98:20:60:ef:4d:bb:e5:cf:90:ea:37:f4:99:
                    66:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:82:12:CD:95:91:CC:6E:FF:C2:DC:48:0E:18:F2:5C:73:CC:E0:FE
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/fYISzZWRzG7_wtxIDhjyXHPM4P4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.222.0.0/16
                  85.29.0.0/18
                  92.44.0.0/15
                  151.250.0.0/16
                  176.33.0.0/16
                  176.40.0.0/14
                  195.214.128.0/18
                  212.57.0.0/19
                  213.153.128.0/17
                IPv6:
                  2a02:e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:2b:d1:60:5d:31:6d:cf:3c:69:41:64:2b:a5:cb:d7:32:a9:
         bc:20:9a:0d:be:4e:65:ab:fd:bc:f9:fb:92:6c:a3:4e:b9:5f:
         e4:b0:71:7f:8a:00:c1:01:e1:ab:8b:5b:d4:05:73:2c:e9:e2:
         2a:b6:04:d7:60:73:74:c6:67:a3:9a:ee:15:65:cf:ae:90:51:
         5f:60:92:7a:8e:50:c1:74:6d:07:36:6a:0c:bd:06:6a:ea:52:
         09:ef:7c:95:af:86:ae:17:e2:94:e5:d2:5a:69:08:9a:46:22:
         0e:59:6b:5e:b4:10:5e:4b:5e:51:c2:e0:ee:34:9e:5c:39:5c:
         12:df:85:ee:0c:d2:cd:4f:7a:99:0d:60:d3:77:0a:08:b6:c0:
         7d:82:21:20:ac:1c:59:ad:48:be:44:76:18:96:9c:2d:f3:7c:
         fa:88:4b:ea:ef:b4:26:5f:90:16:f6:8a:78:e3:1c:fe:11:52:
         73:96:65:d7:81:af:e7:bb:3b:be:2f:1b:41:a9:b4:2d:82:d8:
         8f:ef:53:dc:fd:ec:7e:9b:ad:8b:44:aa:97:50:8e:da:0b:18:
         de:61:2e:6a:89:9e:a7:d2:c1:12:59:73:e5:1a:b8:f8:e9:92:
         70:e5:f7:36:12:76:15:89:c1:0b:06:4a:21:a3:36:52:ad:0c:
         41:5d:ba:81
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZQijgMjMzviOP+WkEdKwcPxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjUwMTAxMTU0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDgyMTJjZDk1OTFjYzZlZmZjMmRjNDgwZTE4ZjI1YzczY2NlMGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQySc69Zf9TTCMyqFmKeXsO8kcf8
TQvYM2NiJBtBlbPXYGt7S6jN7VJryzdUNd4FakVEHay90UZ4h+P2dj0AF4TnFYRI
o7OUlfa+8Z0o3WVqzcVM7b3UXygQAk7m65vU3Yx1WnZI8ktGBnkhvMay9vaFI8ty
kFSlp3QKovyDb3zWBcPuQzj1LO3vVfSKRTxGrB8oJjdGElN6IIQyoR6Zz5qnbt1Z
n6Qv03j1GHinF7LTWkKh1Zzm4QmIA2l9ZPE/63Ilp0n+GcdKVmIUybcwxCl8gn8m
Qc3ujJFK37FYSYLrQnT0xuMjDB3BLwPPJnJUjJggYO9Nu+XPkOo39JlmLQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFH2CEs2Vkcxu/8LcSA4Y8lxzzOD+MB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvZllJU3paV1J6Rzdfd3R4SURoanlYSFBNNFA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDA3BAIAATAxAwMAUt4DBAZV
HQADAwFcLAMDAJf6AwMAsCEDAwKwKAMEBsPWgAMEBdQ5AAMEB9WZgDANBAIAAjAH
AwUAKgIA4DANBgkqhkiG9w0BAQsFAAOCAQEAaSvRYF0xbc88aUFkK6XL1zKpvCCa
Db5OZav9vPn7kmyjTrlf5LBxf4oAwQHhq4tb1AVzLOniKrYE12BzdMZno5ruFWXP
rpBRX2CSeo5QwXRtBzZqDL0GaupSCe98la+GrhfilOXSWmkImkYiDllrXrQQXkte
UcLg7jSeXDlcEt+F7gzSzU96mQ1g03cKCLbAfYIhIKwcWa1IvkR2GJacLfN8+ohL
6u+0Jl+QFvaKeOMc/hFSc5Zl14Gv57s7vi8bQam0LYLYj+9T3P3sfputi0Sql1CO
2gsY3mEuaomep9LBEllz5Rq4+OmScOX3NhJ2FYnBCwZKIaM2Uq0MQV26gQ==
-----END CERTIFICATE-----