Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/MzexVnoEX1aidvXhO8rBYCWWXlw.roa
File:                     MzexVnoEX1aidvXhO8rBYCWWXlw.roa (raw, json)
Hash identifier:          8AueGbVIiyxOajGtpr0y3eBMTBqEk/cV+Tq+qaTb8PI=
Subject key identifier:   33:37:B1:56:7A:04:5F:56:A2:76:F5:E1:3B:CA:C1:60:25:96:5E:5C
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018FBFC3ACF51C115268ED5A4D42B6748D86
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/MzexVnoEX1aidvXhO8rBYCWWXlw.roa
Signing time:             Tue 28 May 2024 15:13:43 +0000
ROA not before:           Tue 28 May 2024 15:13:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56361
IP address blocks:        31.148.40.0/21 maxlen: 24
                          31.148.52.0/22 maxlen: 24
                          31.148.56.0/21 maxlen: 24
                          31.148.104.0/21 maxlen: 24
                          31.148.192.0/22 maxlen: 24
                          93.170.192.0/21 maxlen: 24
                          93.171.34.0/23 maxlen: 24
                          93.171.36.0/22 maxlen: 24
                          95.46.166.0/23 maxlen: 24
                          95.46.168.0/22 maxlen: 24
                          95.46.172.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:bf:c3:ac:f5:1c:11:52:68:ed:5a:4d:42:b6:74:8d:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: May 28 15:13:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3337b1567a045f56a276f5e13bcac16025965e5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:70:e1:41:3c:bb:14:fb:fd:d4:df:78:3e:bc:
                    d9:04:4b:72:9a:b2:41:af:a0:d6:17:ef:3f:0e:0c:
                    8c:32:b8:9d:82:d4:25:7d:0d:0c:1d:ed:0a:17:89:
                    fa:5d:82:12:b2:f7:dd:8b:f2:90:f6:af:51:53:ff:
                    c4:8e:6f:57:71:64:a9:41:3c:cc:9f:5b:b3:b8:75:
                    c3:b7:01:33:ca:a2:67:ce:dd:ec:81:52:07:91:c6:
                    69:6c:7a:17:f1:d3:d7:dc:70:56:80:e4:d0:da:25:
                    b2:0b:d5:03:81:59:8b:e3:71:01:07:2d:fc:c5:54:
                    49:3a:10:9e:d6:64:72:4e:6f:bd:bc:f4:47:93:0e:
                    04:42:52:ce:28:0f:8b:75:7b:9c:4c:06:95:c3:c7:
                    a1:e1:f7:d8:f8:5e:45:59:66:0c:78:0d:04:ac:b4:
                    da:a6:23:67:ac:0a:11:2e:24:52:51:22:d8:f0:cb:
                    ad:c2:4e:1c:33:91:ac:fa:bc:ae:2d:a4:4f:15:48:
                    1c:6f:96:c3:3f:35:7b:7e:e6:83:12:48:92:26:87:
                    8e:25:fa:4d:ef:23:64:f2:79:f8:5f:46:87:30:e5:
                    6f:dd:f1:3c:6a:bb:25:4a:f6:8c:98:18:b7:28:b1:
                    38:a5:df:55:f2:c8:dc:a0:b2:f9:83:25:97:17:98:
                    21:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:37:B1:56:7A:04:5F:56:A2:76:F5:E1:3B:CA:C1:60:25:96:5E:5C
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/MzexVnoEX1aidvXhO8rBYCWWXlw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.40.0/21
                  31.148.52.0-31.148.63.255
                  31.148.104.0/21
                  31.148.192.0/22
                  93.170.192.0/21
                  93.171.34.0-93.171.39.255
                  95.46.166.0-95.46.175.255

    Signature Algorithm: sha256WithRSAEncryption
         17:ef:b5:86:ce:25:23:b6:93:2c:83:a0:c6:26:9b:b2:d3:01:
         c7:fc:5d:3c:4e:2c:73:00:5c:66:13:c0:e8:03:8b:30:b1:55:
         92:e2:a6:0a:8e:56:7b:b0:e2:e6:70:90:13:cc:96:69:39:15:
         6e:45:bb:bc:e4:33:5c:01:d5:23:79:1a:66:63:8d:e5:0c:07:
         ed:de:84:83:7f:1d:92:50:a9:66:23:74:5d:40:60:ab:51:06:
         1b:25:59:ad:58:ad:59:e9:45:bd:5d:ad:ae:89:4c:10:d1:38:
         37:61:c2:92:92:6b:82:22:77:9f:76:f5:92:d2:f9:5b:63:50:
         df:38:f7:84:a2:d7:57:5d:2f:0b:a2:56:a9:97:c4:c3:1e:d3:
         08:ee:e6:23:ef:04:da:83:ab:20:6c:73:42:dd:40:83:51:8e:
         99:6e:38:87:d8:d9:71:1c:c2:cb:ae:bf:7b:23:9f:4a:1f:e5:
         9a:25:08:9d:4a:bd:a2:d1:7a:85:e6:07:5c:92:66:c9:7b:e9:
         96:e3:a0:98:3d:ea:36:22:4a:32:89:78:05:ec:35:bc:b4:e9:
         02:e1:67:1d:38:00:9c:f3:43:01:56:d1:d9:00:bb:e1:45:61:
         9a:05:17:2e:e2:c5:4c:b6:6b:5c:91:a4:02:4c:1c:44:dc:ba:
         ef:5e:7e:59
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAY+/w6z1HBFSaO1aTUK2dI2GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwNTI4MTUxMzQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzM3YjE1NjdhMDQ1ZjU2YTI3NmY1ZTEzYmNhYzE2MDI1OTY1ZTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5HDhQTy7FPv91N94PrzZBEtymrJB
r6DWF+8/DgyMMridgtQlfQ0MHe0KF4n6XYISsvfdi/KQ9q9RU//Ejm9XcWSpQTzM
n1uzuHXDtwEzyqJnzt3sgVIHkcZpbHoX8dPX3HBWgOTQ2iWyC9UDgVmL43EBBy38
xVRJOhCe1mRyTm+9vPRHkw4EQlLOKA+LdXucTAaVw8eh4ffY+F5FWWYMeA0ErLTa
piNnrAoRLiRSUSLY8Mutwk4cM5Gs+ryuLaRPFUgcb5bDPzV7fuaDEkiSJoeOJfpN
7yNk8nn4X0aHMOVv3fE8arslSvaMmBi3KLE4pd9V8sjcoLL5gyWXF5gh4QIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFDM3sVZ6BF9Wonb14TvKwWAlll5cMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvTXpleFZub0VYMWFpZHZYaE84ckJZQ1dXWGx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQDH5QoMAwD
BAIflDQDBAYflAADBAMflGgDBAIflMADBANdqsAwDAMEAV2rIgMEA12rIDAMAwQB
Xy6mAwQEXy6gMA0GCSqGSIb3DQEBCwUAA4IBAQAX77WGziUjtpMsg6DGJpuy0wHH
/F08TixzAFxmE8DoA4swsVWS4qYKjlZ7sOLmcJATzJZpORVuRbu85DNcAdUjeRpm
Y43lDAft3oSDfx2SUKlmI3RdQGCrUQYbJVmtWK1Z6UW9Xa2uiUwQ0Tg3YcKSkmuC
InefdvWS0vlbY1DfOPeEotdXXS8Lolapl8TDHtMI7uYj7wTag6sgbHNC3UCDUY6Z
bjiH2NlxHMLLrr97I59KH+WaJQidSr2i0XqF5gdckmbJe+mW46CYPeo2IkoyiXgF
7DW8tOkC4WcdOACc80MBVtHZALvhRWGaBRcu4sVMtmtckaQCTBxE3LrvXn5Z
-----END CERTIFICATE-----