Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/n9iFd6BhdW1HfFYbw4aOSONpc0M.roa
File:                     n9iFd6BhdW1HfFYbw4aOSONpc0M.roa (raw, json)
Hash identifier:          tf4RPO5DoiWpCR+7iBQSJmB6EC6X6A9jgPGDLF3CyMY=
Subject key identifier:   9F:D8:85:77:A0:61:75:6D:47:7C:56:1B:C3:86:8E:48:E3:69:73:43
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0193D4DFDC0BE48C22335D44FE54E3455792
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/n9iFd6BhdW1HfFYbw4aOSONpc0M.roa
Signing time:             Tue 17 Dec 2024 13:47:40 +0000
ROA not before:           Tue 17 Dec 2024 13:47:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42772
IP address blocks:        92.38.64.0/20 maxlen: 24
                          93.170.184.0/23 maxlen: 24
                          93.171.112.0/20 maxlen: 24
                          95.46.16.0/20 maxlen: 24
                          95.46.46.0/24 maxlen: 24
                          95.46.200.0/21 maxlen: 24
                          95.46.208.0/24 maxlen: 24
                          146.120.32.0/21 maxlen: 24
                          146.120.128.0/20 maxlen: 24
                          146.120.144.0/21 maxlen: 24
                          151.249.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:d4:df:dc:0b:e4:8c:22:33:5d:44:fe:54:e3:45:57:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Dec 17 13:47:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fd88577a061756d477c561bc3868e48e3697343
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:5f:41:0c:9f:ee:97:db:fc:65:dd:ed:54:b0:
                    99:3f:e2:9f:90:4a:13:5a:24:a0:e1:6b:b8:44:fe:
                    dc:1f:9a:07:b6:90:d8:f6:bb:6f:9c:d8:16:e8:18:
                    ee:1b:6c:cc:bb:e4:c4:af:b3:ed:35:46:7c:30:ca:
                    9e:e3:df:b3:3b:28:47:d0:28:ec:fb:1c:d6:3a:7a:
                    61:a0:d7:fb:5d:98:5c:fd:d2:45:60:c0:0d:ae:69:
                    38:56:f9:1e:61:3a:a0:d9:87:2b:25:1b:6c:ad:48:
                    0d:42:60:07:73:38:19:30:c2:0e:79:42:b5:ca:b9:
                    8c:ca:d1:87:e2:7f:33:f4:04:40:f0:c9:49:aa:02:
                    45:e9:1f:3c:b3:88:4b:cd:20:bf:3b:36:78:ec:a5:
                    b1:f7:75:3b:1c:b0:1f:3e:87:c4:96:85:ae:a7:53:
                    71:cf:4a:a9:ff:1c:30:21:70:11:c4:95:c6:9f:1d:
                    26:b0:e2:5b:81:cc:ca:23:c5:dd:15:b2:34:1f:9b:
                    8f:2b:a0:94:f1:11:ee:31:b6:c6:72:c8:89:88:31:
                    61:56:fa:38:b4:e0:bc:54:77:b2:82:9d:70:5c:c6:
                    ae:7c:22:a5:5d:c5:dd:72:41:4b:34:37:76:73:25:
                    25:b4:15:11:ea:ad:38:1f:cc:2e:3a:35:c7:0b:6d:
                    1a:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:D8:85:77:A0:61:75:6D:47:7C:56:1B:C3:86:8E:48:E3:69:73:43
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/n9iFd6BhdW1HfFYbw4aOSONpc0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.38.64.0/20
                  93.170.184.0/23
                  93.171.112.0/20
                  95.46.16.0/20
                  95.46.46.0/24
                  95.46.200.0-95.46.208.255
                  146.120.32.0/21
                  146.120.128.0-146.120.151.255
                  151.249.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         7d:53:a1:b9:a2:2e:c7:93:7d:5c:85:c9:0f:63:9d:ad:9d:7a:
         f2:ba:60:4c:b4:cf:ef:f1:5b:47:2f:21:06:fd:a5:fa:54:06:
         66:a3:99:92:b3:ec:7d:11:ba:82:47:be:8d:e8:ab:65:26:03:
         3c:98:83:bf:9b:ef:da:64:c1:77:6f:74:63:9f:38:d0:e3:46:
         c7:d3:ec:86:89:0c:a8:e3:1d:9d:86:10:87:8f:8a:67:fb:8c:
         87:45:e8:d8:47:79:d4:81:c3:51:31:a8:40:7b:f5:2a:30:b2:
         16:50:23:82:aa:42:cc:ce:01:88:0e:53:05:21:ca:18:04:db:
         53:00:32:4f:84:a9:b9:f0:24:3f:70:f2:ee:82:a7:43:6c:92:
         eb:93:7c:61:18:f1:d0:ef:e4:de:84:26:07:44:f0:1c:2f:7c:
         1b:1e:1c:09:87:c1:d4:75:ac:3e:6d:ad:ed:b7:d2:65:17:d3:
         45:34:42:78:3b:0c:26:7d:e3:bd:d6:9d:2c:3f:77:64:38:7a:
         09:0e:e5:42:1e:a4:00:64:fa:fc:4b:7c:79:08:9e:e2:19:d9:
         65:48:63:7d:08:dd:ed:bf:c6:d8:19:0b:b0:64:02:27:eb:61:
         bd:8f:53:bc:02:f0:08:d5:44:97:e9:58:63:3b:a1:51:a8:4d:
         24:ba:79:13
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZPU39wL5IwiM11E/lTjRVeSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQxMjE3MTM0NzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmQ4ODU3N2EwNjE3NTZkNDc3YzU2MWJjMzg2OGU0OGUzNjk3MzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs19BDJ/ul9v8Zd3tVLCZP+KfkEoT
WiSg4Wu4RP7cH5oHtpDY9rtvnNgW6BjuG2zMu+TEr7PtNUZ8MMqe49+zOyhH0Cjs
+xzWOnphoNf7XZhc/dJFYMANrmk4VvkeYTqg2YcrJRtsrUgNQmAHczgZMMIOeUK1
yrmMytGH4n8z9ARA8MlJqgJF6R88s4hLzSC/OzZ47KWx93U7HLAfPofEloWup1Nx
z0qp/xwwIXARxJXGnx0msOJbgczKI8XdFbI0H5uPK6CU8RHuMbbGcsiJiDFhVvo4
tOC8VHeygp1wXMaufCKlXcXdckFLNDd2cyUltBUR6q04H8wuOjXHC20axQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFJ/YhXegYXVtR3xWG8OGjkjjaXNDMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvbjlpRmQ2QmhkVzFIZkZZYnc0YU9TT05wYzBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQEXCZAAwQB
Xaq4AwQEXatwAwQEXy4QAwQAXy4uMAwDBANfLsgDBABfLtADBAOSeCAwDAMEB5J4
gAMEA5J4kAMEB5f5gDANBgkqhkiG9w0BAQsFAAOCAQEAfVOhuaIux5N9XIXJD2Od
rZ168rpgTLTP7/FbRy8hBv2l+lQGZqOZkrPsfRG6gke+jeirZSYDPJiDv5vv2mTB
d290Y5840ONGx9PshokMqOMdnYYQh4+KZ/uMh0Xo2Ed51IHDUTGoQHv1KjCyFlAj
gqpCzM4BiA5TBSHKGATbUwAyT4SpufAkP3Dy7oKnQ2yS65N8YRjx0O/k3oQmB0Tw
HC98Gx4cCYfB1HWsPm2t7bfSZRfTRTRCeDsMJn3jvdadLD93ZDh6CQ7lQh6kAGT6
/Et8eQie4hnZZUhjfQjd7b/G2BkLsGQCJ+thvY9TvALwCNVEl+lYYzuhUahNJLp5
Ew==
-----END CERTIFICATE-----