Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/acd28e-52ae-4ac9-b028-669f7a761631/1/0l-uuc0ta--zZGivAH1vRPmB_34.roa
File:                     0l-uuc0ta--zZGivAH1vRPmB_34.roa (raw, json)
Hash identifier:          N3+ixN59bx1CAdzBVH5dBhTA7XSG6tSZGbX7+qQ9kkU=
Subject key identifier:   D2:5F:AE:B9:CD:2D:6B:EF:B3:64:68:AF:00:7D:6F:44:F9:81:FF:7E
Certificate issuer:       /CN=29b3a717665a1137e99dc8fad22e3e7f98db8973
Certificate serial:       0194228DC10BF7011FE698D117843A7CDDD1
Authority key identifier: 29:B3:A7:17:66:5A:11:37:E9:9D:C8:FA:D2:2E:3E:7F:98:DB:89:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KbOnF2ZaETfpncj60i4-f5jbiXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/acd28e-52ae-4ac9-b028-669f7a761631/1/0l-uuc0ta--zZGivAH1vRPmB_34.roa
Signing time:             Wed 01 Jan 2025 15:48:22 +0000
ROA not before:           Wed 01 Jan 2025 15:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42675
IP address blocks:        185.157.160.0/23 maxlen: 23
                          185.157.162.0/24 maxlen: 24
                          185.157.163.0/24 maxlen: 24
                          217.64.148.0/23 maxlen: 23
                          217.64.150.0/24 maxlen: 24
                          2a07:a880:3101::/48 maxlen: 48
                          2a07:a880:4601::/48 maxlen: 48
                          2a07:a880:4602::/48 maxlen: 48
                          2a07:a880:4603::/48 maxlen: 48
                          2a07:a880:4604::/48 maxlen: 48
                          2a07:a880:4701::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:c1:0b:f7:01:1f:e6:98:d1:17:84:3a:7c:dd:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29b3a717665a1137e99dc8fad22e3e7f98db8973
        Validity
            Not Before: Jan  1 15:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d25faeb9cd2d6befb36468af007d6f44f981ff7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:3c:b2:c2:ce:49:fa:8d:38:32:1c:bf:9c:8c:
                    f9:20:f8:21:13:11:4a:11:c1:30:34:f8:50:ec:10:
                    de:ba:e9:6e:f9:27:72:1e:6b:71:0b:d7:a8:32:9d:
                    82:ba:a8:f0:9c:ff:b6:8e:74:6a:7e:4d:b9:d3:2d:
                    13:06:a3:aa:0a:1b:65:5d:6a:bb:24:39:84:c8:24:
                    4f:36:5e:70:86:bf:20:60:07:cb:f6:5d:eb:a1:ba:
                    1d:66:c5:dc:23:83:c7:93:c6:01:e6:96:16:1f:d9:
                    8f:b6:bb:be:1f:39:e2:49:8d:19:8c:bf:0b:54:56:
                    04:12:d2:f0:aa:82:42:38:59:e3:1b:40:f8:11:2a:
                    f9:8e:ff:c5:ae:93:29:ca:f6:bd:7c:61:98:a1:0e:
                    1f:58:63:80:69:21:69:f2:8d:4a:09:b5:56:50:77:
                    66:1f:81:01:24:9e:ce:46:10:bb:56:19:21:bb:e2:
                    70:02:f8:61:54:47:d5:94:f3:a0:d3:3a:05:f9:b3:
                    f3:61:20:39:d5:e6:2a:5d:c1:f2:41:ce:f3:53:16:
                    3b:d1:61:fe:72:eb:aa:10:5c:82:35:a1:0a:73:2a:
                    e9:fb:06:e3:ac:e9:0d:08:23:f1:20:f9:f4:a0:5f:
                    71:cd:0f:ec:dc:a6:83:25:fe:39:96:ca:f5:cf:3a:
                    9b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:5F:AE:B9:CD:2D:6B:EF:B3:64:68:AF:00:7D:6F:44:F9:81:FF:7E
            X509v3 Authority Key Identifier:
                keyid:29:B3:A7:17:66:5A:11:37:E9:9D:C8:FA:D2:2E:3E:7F:98:DB:89:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KbOnF2ZaETfpncj60i4-f5jbiXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/acd28e-52ae-4ac9-b028-669f7a761631/1/0l-uuc0ta--zZGivAH1vRPmB_34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/acd28e-52ae-4ac9-b028-669f7a761631/1/KbOnF2ZaETfpncj60i4-f5jbiXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.160.0/22
                  217.64.148.0-217.64.150.255
                IPv6:
                  2a07:a880:3101::/48
                  2a07:a880:4601::-2a07:a880:4604:ffff:ffff:ffff:ffff:ffff
                  2a07:a880:4701::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:b2:2b:30:8f:cd:7c:3a:ca:49:cb:12:76:b1:a3:b9:ef:05:
         b0:ef:13:5f:73:ed:20:97:37:b0:4b:6d:71:a0:41:14:48:5f:
         6c:e1:3e:ba:f8:70:ad:2d:91:25:73:cc:1d:12:9b:be:f3:bf:
         2a:88:42:dd:70:1b:00:f5:bd:2c:df:da:8c:8e:3d:df:a0:bc:
         07:00:db:2f:30:6b:c4:fe:44:14:a8:ba:5a:9d:9f:4a:b1:85:
         c4:c6:d5:ba:cb:be:f6:45:8b:1d:2b:a6:91:5d:bb:a8:3c:f5:
         ee:64:b1:b7:9d:c8:20:00:8a:30:8e:d2:dd:48:30:0f:59:cf:
         3d:a9:f0:f9:a9:d3:63:85:66:eb:f6:8f:34:cf:7a:bc:ee:26:
         84:51:73:08:b5:6e:c5:2d:2a:54:a7:cc:17:59:fa:0c:9e:a3:
         8a:dd:29:9e:bd:38:34:6b:82:23:49:96:7d:cd:cd:15:62:d5:
         9f:6c:bf:a6:86:47:e7:78:eb:9a:9a:cc:ad:45:b9:16:a0:a2:
         32:62:cc:52:99:9c:d6:f0:7e:8a:b7:a9:6d:00:80:9b:29:f5:
         1e:71:94:8b:7f:f5:3a:2c:5c:b0:45:7a:90:cd:0a:e9:55:e9:
         13:04:63:cd:61:cb:e6:2b:af:3f:86:b2:a6:cb:72:43:99:ea:
         69:d6:b2:f5
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZQijcEL9wEf5pjRF4Q6fN3RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YjNhNzE3NjY1YTExMzdlOTlkYzhmYWQyMmUzZTdmOThk
Yjg5NzMwHhcNMjUwMTAxMTU0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjVmYWViOWNkMmQ2YmVmYjM2NDY4YWYwMDdkNmY0NGY5ODFmZjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Tyyws5J+o04Mhy/nIz5IPghExFK
EcEwNPhQ7BDeuulu+SdyHmtxC9eoMp2CuqjwnP+2jnRqfk250y0TBqOqChtlXWq7
JDmEyCRPNl5whr8gYAfL9l3robodZsXcI4PHk8YB5pYWH9mPtru+HzniSY0ZjL8L
VFYEEtLwqoJCOFnjG0D4ESr5jv/FrpMpyva9fGGYoQ4fWGOAaSFp8o1KCbVWUHdm
H4EBJJ7ORhC7Vhkhu+JwAvhhVEfVlPOg0zoF+bPzYSA51eYqXcHyQc7zUxY70WH+
cuuqEFyCNaEKcyrp+wbjrOkNCCPxIPn0oF9xzQ/s3KaDJf45lsr1zzqbdwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFNJfrrnNLWvvs2RorwB9b0T5gf9+MB8GA1UdIwQY
MBaAFCmzpxdmWhE36Z3I+tIuPn+Y24lzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2JPbkYyWmFFVGZwbmNqNjBpNC1mNWpiaVhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hY2QyOGUtNTJhZS00YWM5LWIwMjgt
NjY5ZjdhNzYxNjMxLzEvMGwtdXVjMHRhLS16WkdpdkFIMXZSUG1CXzM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hY2QyOGUtNTJhZS00YWM5LWIwMjgtNjY5ZjdhNzYxNjMx
LzEvS2JPbkYyWmFFVGZwbmNqNjBpNC1mNWpiaVhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjAaBAIAATAUAwQCuZ2gMAwD
BALZQJQDBADZQJYwLAQCAAIwJgMHACoHqIAxATASAwcAKgeogEYBAwcAKgeogEYE
AwcAKgeogEcBMA0GCSqGSIb3DQEBCwUAA4IBAQBRsiswj818OspJyxJ2saO57wWw
7xNfc+0glzewS21xoEEUSF9s4T66+HCtLZElc8wdEpu+878qiELdcBsA9b0s39qM
jj3foLwHANsvMGvE/kQUqLpanZ9KsYXExtW6y772RYsdK6aRXbuoPPXuZLG3ncgg
AIowjtLdSDAPWc89qfD5qdNjhWbr9o80z3q87iaEUXMItW7FLSpUp8wXWfoMnqOK
3SmevTg0a4IjSZZ9zc0VYtWfbL+mhkfneOuamsytRbkWoKIyYsxSmZzW8H6Kt6lt
AICbKfUecZSLf/U6LFywRXqQzQrpVekTBGPNYcvmK68/hrKmy3JDmepp1rL1
-----END CERTIFICATE-----