Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/8pbh1YxitgIoJToUZHUW2OYCa_A.roa
File:                     8pbh1YxitgIoJToUZHUW2OYCa_A.roa (raw, json)
Hash identifier:          JZCfLHujqQBITaFT0KiNcmGJ+90SCdFdg/GhOEvCgb4=
Subject key identifier:   F2:96:E1:D5:8C:62:B6:02:28:25:3A:14:64:75:16:D8:E6:02:6B:F0
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019420D5C63ECB64CBD72FE4CFA6AB972265
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/8pbh1YxitgIoJToUZHUW2OYCa_A.roa
Signing time:             Wed 01 Jan 2025 07:47:48 +0000
ROA not before:           Wed 01 Jan 2025 07:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12722
IP address blocks:        45.8.156.0/24 maxlen: 24
                          45.85.64.0/24 maxlen: 24
                          45.85.67.0/24 maxlen: 24
                          45.144.38.0/24 maxlen: 24
                          45.145.3.0/24 maxlen: 24
                          85.8.187.0/24 maxlen: 24
                          185.21.140.0/24 maxlen: 24
                          194.32.250.0/24 maxlen: 24
                          194.61.234.0/24 maxlen: 24
                          194.61.235.0/24 maxlen: 24
                          213.139.231.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:c6:3e:cb:64:cb:d7:2f:e4:cf:a6:ab:97:22:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 07:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f296e1d58c62b60228253a14647516d8e6026bf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:05:e4:47:b8:e6:a3:f2:a6:ac:a1:45:16:66:
                    99:b1:f8:37:0c:cf:da:3f:26:e6:b9:e1:88:90:ba:
                    a0:91:5b:4a:00:62:05:bf:a5:d0:02:51:31:5c:51:
                    ba:60:7c:69:f7:50:75:67:49:c6:97:09:40:6d:2b:
                    a0:bb:6b:3f:49:70:03:94:be:90:33:ef:70:9b:28:
                    23:34:a1:1c:22:9c:1b:e9:f4:3c:5a:57:6c:c2:4d:
                    91:39:e2:c2:f7:9e:10:52:84:83:05:7c:3a:3f:25:
                    91:46:6c:60:c9:8d:61:e9:43:19:0c:6f:85:9c:e7:
                    5e:ce:c7:dd:81:1e:76:b7:98:79:50:f3:e7:1a:1e:
                    c5:33:96:75:75:01:aa:40:b7:9d:b0:d5:99:21:b8:
                    a7:61:4a:bb:6c:c0:70:e9:ba:1c:49:be:4d:14:1b:
                    61:87:b4:9b:1f:37:a7:3c:79:90:5f:93:d8:d4:78:
                    d7:84:e6:4b:51:a9:2b:43:cd:1a:5d:4c:f1:95:8e:
                    cc:24:bd:2c:1a:64:41:5b:14:98:1a:e8:f0:b2:4a:
                    7b:c0:cb:9f:8e:02:e2:4f:7d:25:9b:b0:ff:cb:eb:
                    da:76:da:7e:35:af:63:5a:e5:dd:66:d2:e8:ee:5e:
                    bd:3f:a9:49:60:7f:7a:63:f0:3a:56:d5:6b:3a:a2:
                    31:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:96:E1:D5:8C:62:B6:02:28:25:3A:14:64:75:16:D8:E6:02:6B:F0
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/8pbh1YxitgIoJToUZHUW2OYCa_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.156.0/24
                  45.85.64.0/24
                  45.85.67.0/24
                  45.144.38.0/24
                  45.145.3.0/24
                  85.8.187.0/24
                  185.21.140.0/24
                  194.32.250.0/24
                  194.61.234.0/23
                  213.139.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:5f:ee:07:3b:e8:82:a0:4b:62:75:21:6b:b2:10:e1:25:df:
         59:bc:37:5a:e4:4b:5e:73:a8:64:ed:f3:8f:4c:66:20:10:55:
         dd:f9:b7:b7:4d:6f:6b:c4:59:8b:5b:dd:b0:2c:24:12:91:9b:
         1e:13:d6:e7:7b:5f:79:e3:e7:14:28:37:64:bb:3c:05:0b:6a:
         ad:b6:a2:34:01:e2:09:36:df:31:5b:32:82:dc:9f:58:e9:3c:
         4a:e1:7e:d3:e1:e7:cd:c2:e3:de:04:ac:50:0c:4d:23:b3:3f:
         98:ef:33:ac:e9:e4:04:99:63:a5:77:6c:71:a0:cf:f3:96:9e:
         4c:c9:ee:b6:15:eb:62:48:21:27:e3:1c:7a:80:5a:cc:3c:ea:
         0b:89:af:15:59:b7:1d:e9:22:d4:4a:03:74:08:a9:d5:fb:b2:
         be:af:78:aa:86:13:d5:cc:05:a3:0e:d7:87:ac:4d:26:28:65:
         47:d9:0b:28:82:51:1b:48:0f:78:d0:28:4e:9f:19:d9:8c:63:
         f8:a4:f5:d1:bc:0b:db:6e:a6:99:c9:79:65:2b:11:21:fe:60:
         c8:ba:90:48:05:3b:fb:5a:15:b3:6c:a9:f5:64:a7:92:05:e1:
         34:c7:62:9a:f3:63:06:ef:41:10:db:94:1e:46:2c:4f:f5:4a:
         f8:a8:3b:96
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZQg1cY+y2TL1y/kz6arlyJlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjUwMTAxMDc0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjk2ZTFkNThjNjJiNjAyMjgyNTNhMTQ2NDc1MTZkOGU2MDI2YmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAXkR7jmo/KmrKFFFmaZsfg3DM/a
PybmueGIkLqgkVtKAGIFv6XQAlExXFG6YHxp91B1Z0nGlwlAbSugu2s/SXADlL6Q
M+9wmygjNKEcIpwb6fQ8Wldswk2ROeLC954QUoSDBXw6PyWRRmxgyY1h6UMZDG+F
nOdezsfdgR52t5h5UPPnGh7FM5Z1dQGqQLedsNWZIbinYUq7bMBw6bocSb5NFBth
h7SbHzenPHmQX5PY1HjXhOZLUakrQ80aXUzxlY7MJL0sGmRBWxSYGujwskp7wMuf
jgLiT30lm7D/y+vadtp+Na9jWuXdZtLo7l69P6lJYH96Y/A6VtVrOqIxdwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFPKW4dWMYrYCKCU6FGR1FtjmAmvwMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvOHBiaDFZeGl0Z0lvSlRvVVpIVVcyT1lDYV9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALQicAwQA
LVVAAwQALVVDAwQALZAmAwQALZEDAwQAVQi7AwQAuRWMAwQAwiD6AwQBwj3qAwQA
1YvnMA0GCSqGSIb3DQEBCwUAA4IBAQBdX+4HO+iCoEtidSFrshDhJd9ZvDda5Ete
c6hk7fOPTGYgEFXd+be3TW9rxFmLW92wLCQSkZseE9bne1954+cUKDdkuzwFC2qt
tqI0AeIJNt8xWzKC3J9Y6TxK4X7T4efNwuPeBKxQDE0jsz+Y7zOs6eQEmWOld2xx
oM/zlp5Mye62FetiSCEn4xx6gFrMPOoLia8VWbcd6SLUSgN0CKnV+7K+r3iqhhPV
zAWjDteHrE0mKGVH2QsoglEbSA940ChOnxnZjGP4pPXRvAvbbqaZyXllKxEh/mDI
upBIBTv7WhWzbKn1ZKeSBeE0x2Ka82MG70EQ25QeRixP9Ur4qDuW
-----END CERTIFICATE-----