Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/YgamyXRxKHUzxzkXvczmp7vgqw8.roa
File:                     YgamyXRxKHUzxzkXvczmp7vgqw8.roa (raw, json)
Hash identifier:          NXIbSmHVmW35J4W59v5iDmAodNzPa9Un4ANsj13wZxE=
Subject key identifier:   62:06:A6:C9:74:71:28:75:33:C7:39:17:BD:CC:E6:A7:BB:E0:AB:0F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425227B4B689BD4DABB41102467C45C7E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/YgamyXRxKHUzxzkXvczmp7vgqw8.roa
Signing time:             Thu 02 Jan 2025 03:50:04 +0000
ROA not before:           Thu 02 Jan 2025 03:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214430
IP address blocks:        2a06:de02:20::/48 maxlen: 48
                          2a06:de02:21::/48 maxlen: 48
                          2a06:de02:22::/48 maxlen: 48
                          2a06:de02:23::/48 maxlen: 48
                          2a06:de02:24::/48 maxlen: 48
                          2a06:de02:25::/48 maxlen: 48
                          2a06:de02:26::/48 maxlen: 48
                          2a06:de02:27::/48 maxlen: 48
                          2a06:de02:28::/48 maxlen: 48
                          2a06:de02:29::/48 maxlen: 48
                          2a06:de02:2a::/48 maxlen: 48
                          2a06:de02:2b::/48 maxlen: 48
                          2a06:de02:2c::/48 maxlen: 48
                          2a06:de02:2d::/48 maxlen: 48
                          2a06:de02:2e::/48 maxlen: 48
                          2a06:de02:2f::/48 maxlen: 48
                          2a10:2f00:12c::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:7b:4b:68:9b:d4:da:bb:41:10:24:67:c4:5c:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6206a6c97471287533c73917bdcce6a7bbe0ab0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:1e:1b:99:b3:fa:ef:45:10:64:95:f2:b1:03:
                    18:59:e2:1e:4c:4e:f6:57:bd:5c:c4:4e:d8:e4:dd:
                    fc:d5:fa:6f:92:1d:c7:4e:00:66:94:62:a1:a6:4b:
                    fb:07:14:71:3b:75:4f:2b:25:96:5f:77:cb:06:db:
                    9c:c6:4a:47:db:7b:43:e1:75:ae:82:9d:0c:2d:87:
                    0f:8c:6a:06:89:27:c9:af:a5:51:5a:40:38:cd:13:
                    39:af:44:2e:20:60:47:0a:26:0e:e1:d5:36:43:33:
                    ec:27:32:ae:ab:a6:f9:ad:24:a1:ef:89:23:05:35:
                    e7:b8:53:92:b2:a7:41:25:7e:6c:a6:95:d3:64:e1:
                    b2:aa:82:ba:79:89:85:f9:ec:d6:30:fe:60:37:a2:
                    2f:b7:c0:48:fa:ad:bf:37:74:a9:d9:41:0c:34:01:
                    95:ce:e3:66:c6:e4:ec:24:0a:57:ec:60:b7:9d:15:
                    b0:92:78:57:9a:2e:ab:48:7d:bb:51:f8:8f:e6:db:
                    ab:05:cf:d7:6a:f6:ea:64:86:b1:bb:7a:30:04:07:
                    50:0a:58:27:d5:21:fe:00:c2:90:92:8b:b7:84:81:
                    fa:6e:7a:0d:a6:0f:4e:40:03:2c:fd:cb:bd:bc:67:
                    fa:6d:df:df:cc:4e:6b:ab:dd:de:bb:12:4f:63:4c:
                    aa:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:06:A6:C9:74:71:28:75:33:C7:39:17:BD:CC:E6:A7:BB:E0:AB:0F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/YgamyXRxKHUzxzkXvczmp7vgqw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de02:20::/44
                  2a10:2f00:12c::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:33:4d:d3:51:7b:87:4c:c1:64:23:96:15:81:81:48:1f:5d:
         1e:62:97:b4:08:7b:f1:66:63:00:ee:df:45:3e:7f:33:bb:25:
         6f:19:ff:23:4d:9a:4e:19:8f:f2:f7:99:6e:a9:46:28:9f:1b:
         94:5a:c8:1b:91:19:10:44:b5:f9:3b:10:f5:60:f9:ab:3d:52:
         f4:ab:5a:7d:46:4b:cd:08:1e:10:8d:c0:8b:69:36:d3:56:80:
         eb:21:94:60:b9:aa:68:18:2a:81:51:33:69:b3:ca:86:1f:fa:
         49:b7:f0:85:ae:c7:79:67:01:01:15:13:67:1a:f3:7f:0d:aa:
         a8:ff:1f:1a:f2:c3:16:f1:bd:fb:60:83:e5:87:6b:e7:93:81:
         ba:fa:66:cc:1d:a3:53:7f:bf:aa:b1:c5:ff:15:89:52:2d:0c:
         8f:be:fd:36:5a:e6:e9:f6:aa:21:19:db:14:b1:1d:d4:06:51:
         76:83:ad:e7:17:ef:0d:d3:89:61:69:ed:6f:a4:37:f6:f3:fe:
         e4:87:dc:d1:36:5f:85:e3:ab:25:57:da:81:88:3b:a8:51:b9:
         27:10:fc:fc:c3:35:4d:e8:e5:10:d8:d5:da:9f:93:13:81:23:
         07:ea:06:64:d5:66:a3:b9:75:e9:5c:73:18:c4:b2:06:67:20:
         bf:74:0e:7f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIntLaJvU2rtBECRnxFx+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjA2YTZjOTc0NzEyODc1MzNjNzM5MTdiZGNjZTZhN2JiZTBhYjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjx4bmbP670UQZJXysQMYWeIeTE72
V71cxE7Y5N381fpvkh3HTgBmlGKhpkv7BxRxO3VPKyWWX3fLBtucxkpH23tD4XWu
gp0MLYcPjGoGiSfJr6VRWkA4zRM5r0QuIGBHCiYO4dU2QzPsJzKuq6b5rSSh74kj
BTXnuFOSsqdBJX5sppXTZOGyqoK6eYmF+ezWMP5gN6Ivt8BI+q2/N3Sp2UEMNAGV
zuNmxuTsJApX7GC3nRWwknhXmi6rSH27UfiP5turBc/XavbqZIaxu3owBAdQClgn
1SH+AMKQkou3hIH6bnoNpg9OQAMs/cu9vGf6bd/fzE5rq93euxJPY0yqkwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGIGpsl0cSh1M8c5F73M5qe74KsPMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWWdhbXlYUnhLSFV6eHprWHZjem1wN3ZncXc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKgbeAgAg
AwcAKhAvAAEsMA0GCSqGSIb3DQEBCwUAA4IBAQCyM03TUXuHTMFkI5YVgYFIH10e
Ype0CHvxZmMA7t9FPn8zuyVvGf8jTZpOGY/y95luqUYonxuUWsgbkRkQRLX5OxD1
YPmrPVL0q1p9RkvNCB4QjcCLaTbTVoDrIZRguapoGCqBUTNps8qGH/pJt/CFrsd5
ZwEBFRNnGvN/Daqo/x8a8sMW8b37YIPlh2vnk4G6+mbMHaNTf7+qscX/FYlSLQyP
vv02Wubp9qohGdsUsR3UBlF2g63nF+8N04lhae1vpDf28/7kh9zRNl+F46slV9qB
iDuoUbknEPz8wzVN6OUQ2NXan5MTgSMH6gZk1WajuXXpXHMYxLIGZyC/dA5/
-----END CERTIFICATE-----