Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/5Ms63FRY8HqsJ8LMWtJ94YR9tyQ.roa
File:                     5Ms63FRY8HqsJ8LMWtJ94YR9tyQ.roa (raw, json)
Hash identifier:          VrQf6hckJ84AXHDHn6hA5ziPU48fYjaO75uG65nKveQ=
Subject key identifier:   E4:CB:3A:DC:54:58:F0:7A:AC:27:C2:CC:5A:D2:7D:E1:84:7D:B7:24
Certificate issuer:       /CN=74e3c336972094b1a8c13d41816857d197a3aae9
Certificate serial:       019376F1103AD1BF896F3B544647F5F650E1
Authority key identifier: 74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/5Ms63FRY8HqsJ8LMWtJ94YR9tyQ.roa
Signing time:             Fri 29 Nov 2024 08:02:09 +0000
ROA not before:           Fri 29 Nov 2024 08:02:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12963
IP address blocks:        91.218.72.0/24 maxlen: 24
                          91.218.73.0/24 maxlen: 24
                          91.218.74.0/24 maxlen: 24
                          91.218.75.0/24 maxlen: 24
                          94.247.224.0/21 maxlen: 21
                          94.247.224.0/23 maxlen: 23
                          176.97.0.0/23 maxlen: 23
                          176.97.2.0/24 maxlen: 24
                          176.97.3.0/24 maxlen: 24
                          176.97.4.0/22 maxlen: 22
                          185.192.216.0/22 maxlen: 22
                          194.183.160.0/19 maxlen: 19
                          213.160.128.0/19 maxlen: 19
                          2a00:9880::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:76:f1:10:3a:d1:bf:89:6f:3b:54:46:47:f5:f6:50:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74e3c336972094b1a8c13d41816857d197a3aae9
        Validity
            Not Before: Nov 29 08:02:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4cb3adc5458f07aac27c2cc5ad27de1847db724
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:3c:44:69:dc:e9:74:c0:8a:d2:10:0a:1a:58:
                    ac:74:66:ae:57:9d:d7:43:d7:e2:59:23:5a:81:7e:
                    ed:e1:5e:6d:e2:78:8f:13:8d:16:bf:d0:91:32:8d:
                    d2:2d:35:92:9d:84:ac:38:27:15:60:79:8e:fa:6f:
                    6a:ea:49:cf:c8:8a:62:bc:bd:76:04:2a:20:5a:69:
                    ae:3e:93:db:9b:6d:c6:27:0c:92:0d:54:82:05:16:
                    70:67:22:3c:6f:66:a2:6f:d4:57:12:a1:04:09:f3:
                    64:09:3c:14:09:29:28:43:98:12:69:d3:91:3a:88:
                    39:c6:cf:90:14:8f:a3:0b:3a:79:32:7f:8e:76:5b:
                    33:0d:bc:e2:74:4a:91:5c:ab:40:96:e9:77:4f:d9:
                    42:1c:3c:04:a6:5b:5a:41:0d:bc:53:ae:38:d7:ff:
                    12:32:d2:db:3c:23:da:a4:5f:bd:7e:ee:b7:52:47:
                    dc:48:f2:34:08:db:f7:b9:05:15:3d:8e:c6:d5:0e:
                    47:ba:91:23:0f:3e:36:28:9f:0f:85:8a:32:ae:2c:
                    20:9c:30:0b:45:9b:9e:d7:a6:c0:07:ea:5c:cc:d9:
                    b0:16:80:d1:d3:39:86:2c:19:56:c7:62:6d:16:dd:
                    be:05:c8:2e:a6:f3:d0:38:74:66:fb:49:da:1c:54:
                    1a:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:CB:3A:DC:54:58:F0:7A:AC:27:C2:CC:5A:D2:7D:E1:84:7D:B7:24
            X509v3 Authority Key Identifier:
                keyid:74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/5Ms63FRY8HqsJ8LMWtJ94YR9tyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.72.0/22
                  94.247.224.0/21
                  176.97.0.0/21
                  185.192.216.0/22
                  194.183.160.0/19
                  213.160.128.0/19
                IPv6:
                  2a00:9880::/32

    Signature Algorithm: sha256WithRSAEncryption
         1c:74:19:8f:9b:0a:cc:e6:6d:1e:12:53:24:51:0d:f8:9d:4d:
         45:06:61:7f:a4:07:26:fb:6c:b6:ed:ed:0b:cd:d4:db:1b:8e:
         7f:fa:4b:c3:56:5f:85:61:21:3c:80:b2:a3:d6:42:18:a9:41:
         bf:89:8d:e6:b4:2d:d8:f1:9c:31:4a:c3:e9:63:11:79:7a:10:
         be:c0:4f:70:c8:9f:06:7d:d9:15:8b:5f:3d:ef:d2:85:85:d8:
         57:87:0c:f7:d0:e8:e5:10:1e:14:7b:e1:a1:2a:06:c6:15:e2:
         1d:ff:14:b3:51:75:3e:11:ba:2e:b1:7e:9a:b5:70:1f:f1:b0:
         10:26:c6:7d:e8:d9:ae:07:17:1b:97:6c:af:b5:71:88:79:c5:
         92:aa:86:0b:0a:e3:60:ae:c5:f6:7e:7d:f7:a6:39:48:e8:4a:
         4f:68:e7:14:ce:dd:07:bf:7e:e2:36:f0:26:71:71:27:a7:86:
         61:9c:55:46:69:98:95:fe:fe:68:4a:d0:6b:1a:b1:cb:84:91:
         82:2f:55:e2:5a:9d:d2:8b:b8:d5:cb:b4:10:47:66:01:72:c3:
         d9:0a:4f:8d:22:60:6d:d8:ae:9a:34:72:fd:66:d4:20:27:0e:
         8d:38:40:a8:4d:66:07:c2:ed:52:83:60:f9:fb:65:45:7d:6f:
         e9:85:a6:f7
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZN28RA60b+JbztURkf19lDhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZTNjMzM2OTcyMDk0YjFhOGMxM2Q0MTgxNjg1N2QxOTdh
M2FhZTkwHhcNMjQxMTI5MDgwMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGNiM2FkYzU0NThmMDdhYWMyN2MyY2M1YWQyN2RlMTg0N2RiNzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jxEadzpdMCK0hAKGlisdGauV53X
Q9fiWSNagX7t4V5t4niPE40Wv9CRMo3SLTWSnYSsOCcVYHmO+m9q6knPyIpivL12
BCogWmmuPpPbm23GJwySDVSCBRZwZyI8b2aib9RXEqEECfNkCTwUCSkoQ5gSadOR
Oog5xs+QFI+jCzp5Mn+OdlszDbzidEqRXKtAlul3T9lCHDwEpltaQQ28U6441/8S
MtLbPCPapF+9fu63UkfcSPI0CNv3uQUVPY7G1Q5HupEjDz42KJ8PhYoyriwgnDAL
RZue16bAB+pczNmwFoDR0zmGLBlWx2JtFt2+BcgupvPQOHRm+0naHFQa0wIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFOTLOtxUWPB6rCfCzFrSfeGEfbckMB8GA1UdIwQY
MBaAFHTjwzaXIJSxqME9QYFoV9GXo6rpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAt
YTZjNDllYjI4Mjg3LzEvNU1zNjNGUlk4SHFzSjhMTVd0Sjk0WVI5dHlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAtYTZjNDllYjI4Mjg3
LzEvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQCW9pIAwQD
XvfgAwQDsGEAAwQCucDYAwQFwregAwQF1aCAMA0EAgACMAcDBQAqAJiAMA0GCSqG
SIb3DQEBCwUAA4IBAQAcdBmPmwrM5m0eElMkUQ34nU1FBmF/pAcm+2y27e0LzdTb
G45/+kvDVl+FYSE8gLKj1kIYqUG/iY3mtC3Y8ZwxSsPpYxF5ehC+wE9wyJ8GfdkV
i18979KFhdhXhwz30OjlEB4Ue+GhKgbGFeId/xSzUXU+EbousX6atXAf8bAQJsZ9
6NmuBxcbl2yvtXGIecWSqoYLCuNgrsX2fn33pjlI6EpPaOcUzt0Hv37iNvAmcXEn
p4ZhnFVGaZiV/v5oStBrGrHLhJGCL1XiWp3Si7jVy7QQR2YBcsPZCk+NImBt2K6a
NHL9ZtQgJw6NOECoTWYHwu1Sg2D5+2VFfW/phab3
-----END CERTIFICATE-----