Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/0aLBssBiM0shb0gQaP0tz4Myeys.roa
File:                     0aLBssBiM0shb0gQaP0tz4Myeys.roa (raw, json)
Hash identifier:          /uHevUb644M9Y20/EvaBGwSktD+u3M4pnfpsDZpoUkc=
Subject key identifier:   D1:A2:C1:B2:C0:62:33:4B:21:6F:48:10:68:FD:2D:CF:83:32:7B:2B
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019425FD268460201017DE343548C00F540E
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/0aLBssBiM0shb0gQaP0tz4Myeys.roa
Signing time:             Thu 02 Jan 2025 07:48:54 +0000
ROA not before:           Thu 02 Jan 2025 07:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202496
IP address blocks:        45.43.176.0/20 maxlen: 20
                          45.43.176.0/23 maxlen: 23
                          45.43.178.0/23 maxlen: 23
                          45.43.180.0/23 maxlen: 23
                          45.43.182.0/23 maxlen: 23
                          45.43.184.0/23 maxlen: 23
                          45.43.186.0/23 maxlen: 23
                          45.43.188.0/23 maxlen: 23
                          45.43.190.0/23 maxlen: 23
                          104.143.235.0/24 maxlen: 24
                          104.238.4.0/23 maxlen: 23
                          104.249.30.0/23 maxlen: 23
                          104.249.60.0/23 maxlen: 23
                          216.173.78.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:26:84:60:20:10:17:de:34:35:48:c0:0f:54:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  2 07:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1a2c1b2c062334b216f481068fd2dcf83327b2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d1:0d:3e:c1:e3:88:64:c7:ea:5d:93:0c:bd:
                    b6:37:45:df:b1:1e:14:5e:28:2d:5e:eb:e1:0c:82:
                    2a:23:6e:42:7f:82:24:25:75:45:b3:8b:45:f9:c4:
                    87:2a:2b:da:8f:4e:b5:af:4d:db:a1:69:e1:d8:2b:
                    98:9a:e2:6f:27:d1:bc:9b:e0:59:3b:65:69:4d:34:
                    1a:6f:f1:0e:f5:a1:68:ef:0d:60:4a:1a:7b:b3:3c:
                    15:57:8a:89:83:35:9a:29:71:b8:f5:f4:53:95:e0:
                    66:5d:6b:16:37:e3:b0:c3:7e:d1:18:14:7c:ba:5c:
                    c4:71:43:20:4a:53:6c:30:f8:9f:c8:4c:21:b6:fc:
                    33:ef:ac:1e:24:52:e2:8e:50:b2:c6:b3:54:7d:e7:
                    76:ee:ba:4c:e9:bd:87:c9:19:63:23:70:fa:f4:ca:
                    7c:09:fd:e5:4a:98:1f:6b:5b:1c:48:6a:6c:ef:e4:
                    c4:b4:d5:ce:be:14:ae:68:03:41:c7:79:92:ca:0b:
                    13:47:66:30:0f:04:1c:36:ab:0b:48:9c:bd:83:8b:
                    96:84:be:39:d3:c0:84:56:7c:d0:f2:11:3b:03:56:
                    d6:64:a4:31:fc:69:d9:e0:9f:cf:25:90:55:a2:e4:
                    a8:35:43:31:fa:97:dd:27:8e:3e:b1:ae:34:16:8b:
                    27:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:A2:C1:B2:C0:62:33:4B:21:6F:48:10:68:FD:2D:CF:83:32:7B:2B
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/0aLBssBiM0shb0gQaP0tz4Myeys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.176.0/20
                  104.143.235.0/24
                  104.238.4.0/23
                  104.249.30.0/23
                  104.249.60.0/23
                  216.173.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:fa:54:10:71:19:62:d3:da:b4:09:43:c8:d8:41:92:9f:34:
         10:ce:b9:ac:27:2d:f4:48:c2:07:5d:9d:b9:07:4c:f4:05:77:
         8d:dc:77:ed:f3:4b:18:09:d1:4c:00:1e:de:99:e2:85:b2:5e:
         87:fe:23:b7:f6:cc:10:e8:85:e3:86:50:b9:b6:c7:2b:70:49:
         69:9b:4a:58:0f:07:7e:9b:5e:7b:24:65:e0:38:14:19:c5:97:
         3f:b0:3d:10:a7:ad:a2:83:1b:9d:99:36:8b:97:7a:e3:43:a3:
         eb:82:d2:17:16:f9:6a:d1:9c:b2:aa:98:92:bb:f6:3e:4f:f3:
         e0:8f:49:c9:d4:26:63:2c:30:2c:b5:41:a2:6e:ba:47:35:2e:
         96:a0:ac:64:12:ea:92:bf:ab:bd:42:f2:cf:4d:ee:92:e8:ac:
         52:e9:5a:96:74:84:09:46:b5:6a:22:3a:61:33:9e:e2:76:50:
         3e:85:45:c0:44:18:aa:15:c6:ac:73:07:e6:1c:9d:7b:8a:6f:
         ec:ee:a9:e9:1d:7c:7f:2f:55:8d:30:b5:82:2e:1b:e7:f6:66:
         7c:be:a4:17:73:e0:28:b7:28:4f:36:a1:d7:57:b7:07:63:b4:
         86:55:b7:21:9c:29:d0:7f:10:82:3b:c3:47:94:7a:6b:31:46:
         41:c2:f8:7e
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQl/SaEYCAQF940NUjAD1QOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwMTAyMDc0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWEyYzFiMmMwNjIzMzRiMjE2ZjQ4MTA2OGZkMmRjZjgzMzI3YjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdENPsHjiGTH6l2TDL22N0XfsR4U
XigtXuvhDIIqI25Cf4IkJXVFs4tF+cSHKivaj061r03boWnh2CuYmuJvJ9G8m+BZ
O2VpTTQab/EO9aFo7w1gShp7szwVV4qJgzWaKXG49fRTleBmXWsWN+Oww37RGBR8
ulzEcUMgSlNsMPifyEwhtvwz76weJFLijlCyxrNUfed27rpM6b2HyRljI3D69Mp8
Cf3lSpgfa1scSGps7+TEtNXOvhSuaANBx3mSygsTR2YwDwQcNqsLSJy9g4uWhL45
08CEVnzQ8hE7A1bWZKQx/GnZ4J/PJZBVouSoNUMx+pfdJ44+sa40FosnRwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNGiwbLAYjNLIW9IEGj9Lc+DMnsrMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvMGFMQnNzQmlNMHNoYjBnUWFQMHR6NE15ZXlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQELSuwAwQA
aI/rAwQBaO4EAwQBaPkeAwQBaPk8AwQB2K1OMA0GCSqGSIb3DQEBCwUAA4IBAQAp
+lQQcRli09q0CUPI2EGSnzQQzrmsJy30SMIHXZ25B0z0BXeN3Hft80sYCdFMAB7e
meKFsl6H/iO39swQ6IXjhlC5tscrcElpm0pYDwd+m157JGXgOBQZxZc/sD0Qp62i
gxudmTaLl3rjQ6PrgtIXFvlq0ZyyqpiSu/Y+T/Pgj0nJ1CZjLDAstUGibrpHNS6W
oKxkEuqSv6u9QvLPTe6S6KxS6VqWdIQJRrVqIjphM57idlA+hUXARBiqFcascwfm
HJ17im/s7qnpHXx/L1WNMLWCLhvn9mZ8vqQXc+AotyhPNqHXV7cHY7SGVbchnCnQ
fxCCO8NHlHprMUZBwvh+
-----END CERTIFICATE-----