Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/a72a4b-0693-4d1b-9bfc-767b0cc80c08/1/Ia7_fQGIqVYuYGN38gmKtoySvvs.roa
File:                     Ia7_fQGIqVYuYGN38gmKtoySvvs.roa (raw, json)
Hash identifier:          ND7M9PBDfnLYdMRYmEV2myMBk36vw3h/zFiPRe14Vn8=
Subject key identifier:   21:AE:FF:7D:01:88:A9:56:2E:60:63:77:F2:09:8A:B6:8C:92:BE:FB
Certificate issuer:       /CN=cc777a08a4564548b518ec3864b341e1fa5225ea
Certificate serial:       019425FBFB9B74161195B066E4911CF82448
Authority key identifier: CC:77:7A:08:A4:56:45:48:B5:18:EC:38:64:B3:41:E1:FA:52:25:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zHd6CKRWRUi1GOw4ZLNB4fpSJeo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/a72a4b-0693-4d1b-9bfc-767b0cc80c08/1/Ia7_fQGIqVYuYGN38gmKtoySvvs.roa
Signing time:             Thu 02 Jan 2025 07:47:38 +0000
ROA not before:           Thu 02 Jan 2025 07:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202779
IP address blocks:        91.201.220.0/22 maxlen: 24
                          91.201.220.0/24 maxlen: 24
                          91.201.221.0/24 maxlen: 24
                          91.201.222.0/24 maxlen: 24
                          185.154.156.0/22 maxlen: 24
                          185.154.156.0/24 maxlen: 24
                          185.154.157.0/24 maxlen: 24
                          185.154.158.0/24 maxlen: 24
                          185.154.159.0/24 maxlen: 24
                          213.173.96.0/19 maxlen: 24
                          213.173.96.0/20 maxlen: 24
                          213.173.96.0/23 maxlen: 23
                          213.173.99.0/24 maxlen: 24
                          213.173.112.0/20 maxlen: 20
                          213.244.248.0/21 maxlen: 24
                          213.244.248.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fb:fb:9b:74:16:11:95:b0:66:e4:91:1c:f8:24:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc777a08a4564548b518ec3864b341e1fa5225ea
        Validity
            Not Before: Jan  2 07:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21aeff7d0188a9562e606377f2098ab68c92befb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:40:83:0f:7f:ea:8e:7e:81:f9:2a:0b:5e:c8:
                    08:ca:80:3a:ab:4a:e5:64:e6:b5:53:21:1c:ee:88:
                    d6:4a:e0:33:85:94:13:b3:69:7e:e1:a8:bb:5c:f4:
                    94:5f:36:84:a9:09:bd:0d:80:26:48:93:f3:10:a1:
                    08:a3:0c:05:f1:eb:a2:24:4a:1e:12:9c:20:12:0b:
                    81:cb:0f:e0:9d:3f:db:0f:e1:80:fc:f8:0d:f3:53:
                    e0:8b:17:53:1b:8a:b4:5a:53:4c:75:0d:82:19:ab:
                    b0:fc:cc:b3:8e:3b:a7:7d:37:41:ad:ae:21:25:09:
                    49:f3:f2:0e:e4:f4:12:f6:77:09:a5:31:57:76:b7:
                    76:fc:65:8a:4f:dd:98:06:2a:94:05:ad:7b:2a:66:
                    d8:df:b7:d6:cf:20:f9:72:ff:12:ae:d3:fc:0f:6c:
                    f2:a6:ba:1b:11:90:b0:d1:39:b0:f4:d5:fd:2b:dd:
                    94:02:c7:d6:7a:54:8e:ba:63:5c:64:b2:cd:22:c9:
                    57:36:13:98:f8:05:4c:11:33:3c:13:36:0a:c2:e1:
                    6c:61:19:3c:80:38:f9:77:9a:e7:62:7f:9a:05:b2:
                    47:a4:f6:ce:37:b2:da:87:b9:4d:ea:cc:dc:57:9b:
                    d1:75:5e:9d:8c:24:97:eb:bc:81:46:0b:83:6b:e7:
                    37:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:AE:FF:7D:01:88:A9:56:2E:60:63:77:F2:09:8A:B6:8C:92:BE:FB
            X509v3 Authority Key Identifier:
                keyid:CC:77:7A:08:A4:56:45:48:B5:18:EC:38:64:B3:41:E1:FA:52:25:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zHd6CKRWRUi1GOw4ZLNB4fpSJeo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/a72a4b-0693-4d1b-9bfc-767b0cc80c08/1/Ia7_fQGIqVYuYGN38gmKtoySvvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/a72a4b-0693-4d1b-9bfc-767b0cc80c08/1/zHd6CKRWRUi1GOw4ZLNB4fpSJeo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.220.0/22
                  185.154.156.0/22
                  213.173.96.0/19
                  213.244.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0a:1b:cb:6c:26:ed:7e:b2:c7:d9:e1:fb:8a:96:b9:0e:ea:3f:
         07:59:79:de:6d:60:fc:43:3e:5f:98:52:e2:4b:35:9a:5a:3c:
         71:cb:39:01:f7:e3:25:c8:b1:40:56:f7:8f:6c:c4:6d:18:88:
         72:bc:8b:84:e9:18:dd:d2:b7:2b:de:97:3b:0e:ea:ce:5d:ad:
         f2:3b:25:f6:e6:01:ee:f4:21:1e:d6:66:de:e4:d9:93:c6:93:
         ba:9f:bd:df:81:18:bc:30:a3:4f:e1:62:10:82:2a:3b:b1:65:
         91:69:95:23:35:26:02:6d:55:41:86:21:25:3a:46:c9:fb:51:
         21:b1:b2:1a:0e:25:36:8e:27:dd:a4:69:83:07:76:f2:73:15:
         5b:79:71:5f:df:7b:8e:86:c0:bd:64:99:5f:69:87:dc:55:9e:
         4a:c8:f1:92:c7:2c:65:43:f0:75:2e:ae:1a:16:66:01:06:eb:
         ca:a2:52:5b:df:0c:61:30:51:fc:34:be:a6:59:4c:76:6a:54:
         99:81:dc:7c:d6:29:67:56:3b:05:7a:3d:20:cf:28:e4:69:b8:
         fa:c1:52:ae:6a:74:b7:7c:22:eb:b6:04:5d:47:b9:d6:d1:6b:
         75:38:ac:10:c4:25:ea:30:ff:c5:5c:dd:2d:f5:3e:35:e1:7d:
         9a:43:35:d0
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQl+/ubdBYRlbBm5JEc+CRIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNzc3YTA4YTQ1NjQ1NDhiNTE4ZWMzODY0YjM0MWUxZmE1
MjI1ZWEwHhcNMjUwMTAyMDc0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWFlZmY3ZDAxODhhOTU2MmU2MDYzNzdmMjA5OGFiNjhjOTJiZWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkCDD3/qjn6B+SoLXsgIyoA6q0rl
ZOa1UyEc7ojWSuAzhZQTs2l+4ai7XPSUXzaEqQm9DYAmSJPzEKEIowwF8euiJEoe
EpwgEguByw/gnT/bD+GA/PgN81PgixdTG4q0WlNMdQ2CGauw/MyzjjunfTdBra4h
JQlJ8/IO5PQS9ncJpTFXdrd2/GWKT92YBiqUBa17KmbY37fWzyD5cv8SrtP8D2zy
probEZCw0Tmw9NX9K92UAsfWelSOumNcZLLNIslXNhOY+AVMETM8EzYKwuFsYRk8
gDj5d5rnYn+aBbJHpPbON7Lah7lN6szcV5vRdV6djCSX67yBRguDa+c3hQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCGu/30BiKlWLmBjd/IJiraMkr77MB8GA1UdIwQY
MBaAFMx3egikVkVItRjsOGSzQeH6UiXqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekhkNkNLUldSVWkxR093NFpMTkI0ZnBTSmVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9hNzJhNGItMDY5My00ZDFiLTliZmMt
NzY3YjBjYzgwYzA4LzEvSWE3X2ZRR0lxVll1WUdOMzhnbUt0b3lTdnZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9hNzJhNGItMDY5My00ZDFiLTliZmMtNzY3YjBjYzgwYzA4
LzEvekhkNkNLUldSVWkxR093NFpMTkI0ZnBTSmVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCW8ncAwQC
uZqcAwQF1a1gAwQD1fT4MA0GCSqGSIb3DQEBCwUAA4IBAQAKG8tsJu1+ssfZ4fuK
lrkO6j8HWXnebWD8Qz5fmFLiSzWaWjxxyzkB9+MlyLFAVvePbMRtGIhyvIuE6Rjd
0rcr3pc7DurOXa3yOyX25gHu9CEe1mbe5NmTxpO6n73fgRi8MKNP4WIQgio7sWWR
aZUjNSYCbVVBhiElOkbJ+1EhsbIaDiU2jifdpGmDB3bycxVbeXFf33uOhsC9ZJlf
aYfcVZ5KyPGSxyxlQ/B1Lq4aFmYBBuvKolJb3wxhMFH8NL6mWUx2alSZgdx81iln
VjsFej0gzyjkabj6wVKuanS3fCLrtgRdR7nW0Wt1OKwQxCXqMP/FXN0t9T414X2a
QzXQ
-----END CERTIFICATE-----