Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/mpnmxcezza43gCgHhqavVbc5ErA.roa
File:                     mpnmxcezza43gCgHhqavVbc5ErA.roa (raw, json)
Hash identifier:          jNboZ69/cDqtpmyXSrtnPV/gJ9nvg6c2NlB1yYkw+PA=
Subject key identifier:   9A:99:E6:C5:C7:B3:CD:AE:37:80:28:07:86:A6:AF:55:B7:39:12:B0
Certificate issuer:       /CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
Certificate serial:       0194214415E2710174E60E1C7C0CD39A7D5E
Authority key identifier: AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/mpnmxcezza43gCgHhqavVbc5ErA.roa
Signing time:             Wed 01 Jan 2025 09:48:17 +0000
ROA not before:           Wed 01 Jan 2025 09:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20811
IP address blocks:        37.186.128.0/18 maxlen: 24
                          46.234.224.0/19 maxlen: 24
                          84.18.128.0/19 maxlen: 24
                          89.190.160.0/19 maxlen: 24
                          93.89.48.0/20 maxlen: 24
                          95.171.32.0/19 maxlen: 24
                          185.6.192.0/22 maxlen: 24
                          212.46.160.0/21 maxlen: 24
                          217.199.0.0/19 maxlen: 24
                          2a02:490::/29 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:15:e2:71:01:74:e6:0e:1c:7c:0c:d3:9a:7d:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
        Validity
            Not Before: Jan  1 09:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a99e6c5c7b3cdae3780280786a6af55b73912b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:c0:aa:56:56:83:76:4d:36:0d:16:6f:a2:ef:
                    86:eb:cd:87:9c:f7:c7:c1:ba:76:f9:0a:04:6b:29:
                    28:1b:36:ae:6d:64:af:e7:6e:47:69:74:ee:95:4b:
                    ba:13:3b:f5:fa:4e:44:ee:b1:14:56:32:f2:73:24:
                    6b:ac:43:f5:9f:1a:51:ca:67:55:bb:e1:6b:ff:b8:
                    04:4a:dc:f6:ab:90:cb:f8:36:a5:d1:bd:f8:e5:86:
                    ce:a5:1e:7d:d1:e8:ae:83:b3:29:50:64:c2:6a:f8:
                    f7:e5:ff:95:47:07:3b:2d:dd:63:f1:8d:b6:9b:1b:
                    72:92:d7:26:90:ef:2e:ff:52:fe:07:8d:67:4a:82:
                    c9:8e:2f:f4:a1:f7:59:5f:d6:2f:cc:6f:47:d6:dd:
                    4f:2d:5d:af:0b:36:a4:d2:18:cf:46:83:03:69:5a:
                    65:34:8c:63:9d:ad:48:7a:4e:80:a8:66:a1:71:7c:
                    cd:74:a4:ba:e4:53:05:df:c8:2b:2e:29:0e:af:ed:
                    47:fe:25:bb:af:34:18:7e:dc:4b:cb:f7:57:5a:87:
                    35:ec:99:7a:c7:c2:e4:b0:da:f4:40:a5:58:f7:d2:
                    9d:fa:55:fd:30:57:ca:d2:d4:50:45:00:6b:f6:e3:
                    01:7d:cb:c0:fc:91:9f:64:20:35:4e:7b:9d:2d:73:
                    07:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:99:E6:C5:C7:B3:CD:AE:37:80:28:07:86:A6:AF:55:B7:39:12:B0
            X509v3 Authority Key Identifier:
                keyid:AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/mpnmxcezza43gCgHhqavVbc5ErA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.186.128.0/18
                  46.234.224.0/19
                  84.18.128.0/19
                  89.190.160.0/19
                  93.89.48.0/20
                  95.171.32.0/19
                  185.6.192.0/22
                  212.46.160.0/21
                  217.199.0.0/19
                IPv6:
                  2a02:490::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:b2:3f:57:55:ae:b6:5a:a7:25:c2:db:35:e0:2b:64:7d:dc:
         1f:82:a6:c4:5c:93:f7:80:b1:c9:2b:94:17:be:99:64:d1:2c:
         80:83:56:b0:0d:1d:23:2b:9b:db:e1:35:04:3f:cf:4b:05:60:
         09:16:22:f1:80:34:84:55:8a:68:82:31:da:4c:fc:24:97:47:
         a9:4c:40:37:c8:5e:32:8c:58:e2:8f:36:a0:15:4d:b7:51:8e:
         02:05:a0:9a:15:4a:03:12:c9:9a:68:87:d2:87:5b:8c:22:b1:
         ff:f6:76:26:ed:d5:15:f8:07:6a:88:85:4a:40:df:c2:a1:e1:
         8e:5a:39:40:8a:1a:46:64:db:0a:3a:2a:80:bc:e4:ea:63:ed:
         a5:65:22:20:ad:0e:19:70:f6:16:f8:73:63:48:4e:0d:f6:f8:
         b9:b4:91:2d:9b:80:c1:48:a5:b4:1b:02:29:ae:55:30:b6:f7:
         d7:38:a2:4c:e7:e6:93:7b:80:df:6c:ee:41:bf:48:1a:2f:ce:
         46:d6:43:57:f3:2b:d3:2d:bd:8f:7f:e8:1f:58:4e:70:7e:fe:
         53:01:f8:cf:c4:10:13:dc:67:ea:41:0f:92:39:fe:6b:8e:8d:
         2f:44:49:7d:a2:fc:a0:34:7c:ff:9f:f5:6e:50:8b:0f:a7:75:
         00:c2:c2:38
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZQhRBXicQF05g4cfAzTmn1eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjN2NjMzM0ZjUxZDJiNmViNGUyN2Q2ZDU2YjliY2UzZTg1
NTYwY2MwHhcNMjUwMTAxMDk0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTk5ZTZjNWM3YjNjZGFlMzc4MDI4MDc4NmE2YWY1NWI3MzkxMmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0sCqVlaDdk02DRZvou+G682HnPfH
wbp2+QoEaykoGzaubWSv525HaXTulUu6Ezv1+k5E7rEUVjLycyRrrEP1nxpRymdV
u+Fr/7gEStz2q5DL+Dal0b345YbOpR590eiug7MpUGTCavj35f+VRwc7Ld1j8Y22
mxtyktcmkO8u/1L+B41nSoLJji/0ofdZX9YvzG9H1t1PLV2vCzak0hjPRoMDaVpl
NIxjna1Iek6AqGahcXzNdKS65FMF38grLikOr+1H/iW7rzQYftxLy/dXWoc17Jl6
x8LksNr0QKVY99Kd+lX9MFfK0tRQRQBr9uMBfcvA/JGfZCA1TnudLXMHQwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFJqZ5sXHs82uN4AoB4amr1W3ORKwMB8GA1UdIwQY
MBaAFKx8wzT1HStutOJ9bVa5vOPoVWDMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTct
MWNmMTViMmJhN2JlLzEvbXBubXhjZXp6YTQzZ0NnSGhxYXZWYmM1RXJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTctMWNmMTViMmJhN2Jl
LzEvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQGJbqAAwQF
LurgAwQFVBKAAwQFWb6gAwQEXVkwAwQFX6sgAwQCuQbAAwQD1C6gAwQF2ccAMA0E
AgACMAcDBQMqAgSQMA0GCSqGSIb3DQEBCwUAA4IBAQBpsj9XVa62Wqclwts14Ctk
fdwfgqbEXJP3gLHJK5QXvplk0SyAg1awDR0jK5vb4TUEP89LBWAJFiLxgDSEVYpo
gjHaTPwkl0epTEA3yF4yjFjijzagFU23UY4CBaCaFUoDEsmaaIfSh1uMIrH/9nYm
7dUV+AdqiIVKQN/CoeGOWjlAihpGZNsKOiqAvOTqY+2lZSIgrQ4ZcPYW+HNjSE4N
9vi5tJEtm4DBSKW0GwIprlUwtvfXOKJM5+aTe4DfbO5Bv0gaL85G1kNX8yvTLb2P
f+gfWE5wfv5TAfjPxBAT3GfqQQ+SOf5rjo0vREl9ovygNHz/n/VuUIsPp3UAwsI4
-----END CERTIFICATE-----