Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/XPP7F5mDO8fdtvjirfCgsQBUDPE.roa
File:                     XPP7F5mDO8fdtvjirfCgsQBUDPE.roa (raw, json)
Hash identifier:          Do3JY163ktXxFxe8bc2aG6JJs1uQbqKOw3uTRl+UJg8=
Subject key identifier:   5C:F3:FB:17:99:83:3B:C7:DD:B6:F8:E2:AD:F0:A0:B1:00:54:0C:F1
Certificate issuer:       /CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
Certificate serial:       019427B5C3453DEE932F8FDD2D274C159002
Authority key identifier: E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/XPP7F5mDO8fdtvjirfCgsQBUDPE.roa
Signing time:             Thu 02 Jan 2025 15:50:10 +0000
ROA not before:           Thu 02 Jan 2025 15:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49000
IP address blocks:        89.29.190.0/23 maxlen: 23
                          89.29.206.0/23 maxlen: 23
                          89.29.225.0/24 maxlen: 24
                          89.29.247.0/24 maxlen: 24
                          89.29.253.0/24 maxlen: 24
                          89.29.255.0/24 maxlen: 24
                          176.57.96.0/24 maxlen: 24
                          213.181.72.0/23 maxlen: 23
                          213.181.77.0/24 maxlen: 24
                          213.181.89.0/24 maxlen: 24
                          213.181.90.0/23 maxlen: 23
                          213.181.92.0/23 maxlen: 23
                          213.181.94.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:c3:45:3d:ee:93:2f:8f:dd:2d:27:4c:15:90:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
        Validity
            Not Before: Jan  2 15:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5cf3fb1799833bc7ddb6f8e2adf0a0b100540cf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:66:04:5d:61:c3:c9:96:ea:67:e9:16:17:65:
                    bf:7a:cb:5b:6a:be:34:0f:52:65:3f:66:62:d5:73:
                    b1:d4:ce:53:37:7d:78:d0:00:40:a3:e4:9a:a8:95:
                    f2:a9:ff:71:cd:5d:25:62:4b:14:bd:da:55:7a:02:
                    ae:a7:d8:85:e5:06:4a:57:04:26:f3:d7:41:10:ed:
                    2a:94:df:9d:90:af:ce:e6:99:15:c0:66:a0:63:2f:
                    0c:ef:ba:2d:bf:b7:38:39:0e:cc:89:8a:91:c7:8f:
                    8d:fb:bb:dc:44:03:55:17:2d:c1:40:e9:51:6f:cd:
                    0b:22:a6:c6:bd:77:ef:3c:50:ee:7b:cf:ec:b4:4d:
                    f1:79:9d:f9:86:8f:99:34:ed:5d:6f:9e:62:34:a1:
                    af:0c:8a:57:f1:7e:66:a5:e2:ee:87:d9:c5:f6:82:
                    57:34:89:85:77:2e:5d:d6:56:2f:86:66:d1:dc:e1:
                    05:cc:cb:7b:64:20:62:a2:e5:58:3b:8e:4e:4a:05:
                    e1:db:df:70:f3:84:ca:53:0e:04:1d:52:9f:78:ba:
                    4c:5b:dd:d5:61:d6:e6:6f:2f:8c:11:b9:0e:70:65:
                    84:4c:ed:81:54:d9:19:5e:e5:90:85:d7:e7:43:eb:
                    57:dc:96:a6:cf:a9:10:57:43:1b:8e:1f:67:e5:88:
                    79:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:F3:FB:17:99:83:3B:C7:DD:B6:F8:E2:AD:F0:A0:B1:00:54:0C:F1
            X509v3 Authority Key Identifier:
                keyid:E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/XPP7F5mDO8fdtvjirfCgsQBUDPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.29.190.0/23
                  89.29.206.0/23
                  89.29.225.0/24
                  89.29.247.0/24
                  89.29.253.0/24
                  89.29.255.0/24
                  176.57.96.0/24
                  213.181.72.0/23
                  213.181.77.0/24
                  213.181.89.0-213.181.94.255

    Signature Algorithm: sha256WithRSAEncryption
         26:fa:35:61:09:eb:86:3b:05:8d:e5:f0:19:f7:ec:85:b5:dc:
         e4:2e:79:1b:2e:fe:3c:91:53:eb:9b:bc:9d:46:ae:1f:ed:0d:
         d6:95:c2:a5:f1:6d:6b:49:c3:70:53:7d:c9:bc:35:71:19:c0:
         a9:13:24:1a:6b:85:53:fe:60:39:1b:c4:a5:e2:4c:e9:d6:69:
         85:82:d0:59:64:e9:10:db:5d:62:d6:f8:a9:0b:56:97:13:ec:
         69:3d:87:57:a0:67:14:43:91:2d:07:bd:89:67:92:b6:47:2a:
         ad:b5:1b:d1:49:f2:c1:96:94:2a:1e:ec:fe:e0:ef:83:5b:5f:
         a5:05:28:41:71:6e:17:1c:f8:20:ef:1a:07:66:30:d8:1a:a3:
         a1:b1:b4:13:50:72:40:d2:f0:d3:3f:e8:37:0a:b5:dc:5a:04:
         56:8a:b9:7f:bf:f2:6a:88:bf:b1:ed:42:59:bd:93:83:d5:61:
         6a:68:27:2e:4a:41:88:a3:cc:18:4d:19:d2:f7:a7:e4:56:41:
         cf:bb:b7:43:27:12:f4:a2:7e:b3:6f:88:1e:39:04:01:b0:cb:
         31:70:d5:a4:ab:a6:df:42:52:45:b8:5d:6e:f4:ab:df:6d:ca:
         f6:2a:b1:fd:0a:ff:a3:d7:df:96:f6:ab:16:da:ac:7f:18:f6:
         55:9b:0f:64
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZQntcNFPe6TL4/dLSdMFZACMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MmM0MTVkMTc3NWFlOTk5M2U5MDBhNzUzNmI0NmFiMTQ0
YTlhYTIwHhcNMjUwMTAyMTU1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2YzZmIxNzk5ODMzYmM3ZGRiNmY4ZTJhZGYwYTBiMTAwNTQwY2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WYEXWHDyZbqZ+kWF2W/estbar40
D1JlP2Zi1XOx1M5TN3140ABAo+SaqJXyqf9xzV0lYksUvdpVegKup9iF5QZKVwQm
89dBEO0qlN+dkK/O5pkVwGagYy8M77otv7c4OQ7MiYqRx4+N+7vcRANVFy3BQOlR
b80LIqbGvXfvPFDue8/stE3xeZ35ho+ZNO1db55iNKGvDIpX8X5mpeLuh9nF9oJX
NImFdy5d1lYvhmbR3OEFzMt7ZCBiouVYO45OSgXh299w84TKUw4EHVKfeLpMW93V
Ydbmby+MEbkOcGWETO2BVNkZXuWQhdfnQ+tX3Jamz6kQV0Mbjh9n5Yh5dwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFFzz+xeZgzvH3bb44q3woLEAVAzxMB8GA1UdIwQY
MBaAFOksQV0Xda6Zk+kAp1NrRqsUSpqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQt
MWQ5MzRhMDQ4NDc0LzEvWFBQN0Y1bURPOGZkdHZqaXJmQ2dzUUJVRFBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQtMWQ5MzRhMDQ4NDc0
LzEvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQBWR2+AwQB
WR3OAwQAWR3hAwQAWR33AwQAWR39AwQAWR3/AwQAsDlgAwQB1bVIAwQA1bVNMAwD
BADVtVkDBADVtV4wDQYJKoZIhvcNAQELBQADggEBACb6NWEJ64Y7BY3l8Bn37IW1
3OQueRsu/jyRU+ubvJ1Grh/tDdaVwqXxbWtJw3BTfcm8NXEZwKkTJBprhVP+YDkb
xKXiTOnWaYWC0Flk6RDbXWLW+KkLVpcT7Gk9h1egZxRDkS0HvYlnkrZHKq21G9FJ
8sGWlCoe7P7g74NbX6UFKEFxbhcc+CDvGgdmMNgao6GxtBNQckDS8NM/6DcKtdxa
BFaKuX+/8mqIv7HtQlm9k4PVYWpoJy5KQYijzBhNGdL3p+RWQc+7t0MnEvSifrNv
iB45BAGwyzFw1aSrpt9CUkW4XW70q99tyvYqsf0K/6PX35b2qxbarH8Y9lWbD2Q=
-----END CERTIFICATE-----