Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/e80231-53b8-4225-8523-947de3868cd5/1/G2qBYse5oGAPa5xfzo8tHGuDcqo.roa
File:                     G2qBYse5oGAPa5xfzo8tHGuDcqo.roa (raw, json)
Hash identifier:          mPibjHFH8adYSb6G95eGzgbjvN5yGYvqGie41fvkWHY=
Subject key identifier:   1B:6A:81:62:C7:B9:A0:60:0F:6B:9C:5F:CE:8F:2D:1C:6B:83:72:AA
Certificate issuer:       /CN=d78ac174e852b71c31163ec1d8649fff6b07ba79
Certificate serial:       0194258EF969B0927722DDDE7A78C7D6711B
Authority key identifier: D7:8A:C1:74:E8:52:B7:1C:31:16:3E:C1:D8:64:9F:FF:6B:07:BA:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/14rBdOhStxwxFj7B2GSf_2sHunk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/e80231-53b8-4225-8523-947de3868cd5/1/G2qBYse5oGAPa5xfzo8tHGuDcqo.roa
Signing time:             Thu 02 Jan 2025 05:48:34 +0000
ROA not before:           Thu 02 Jan 2025 05:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31263
IP address blocks:        88.214.44.0/22 maxlen: 22
                          195.182.225.0/24 maxlen: 24
                          195.182.226.0/24 maxlen: 24
                          195.182.227.0/24 maxlen: 24
                          195.182.228.0/24 maxlen: 24
                          195.182.229.0/24 maxlen: 24
                          195.182.230.0/24 maxlen: 24
                          195.182.231.0/24 maxlen: 24
                          195.182.232.0/21 maxlen: 21
                          195.182.240.0/20 maxlen: 20
                          195.182.240.0/24 maxlen: 24
                          195.182.241.0/24 maxlen: 24
                          195.182.242.0/23 maxlen: 23
                          195.182.244.0/22 maxlen: 22
                          195.182.248.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:f9:69:b0:92:77:22:dd:de:7a:78:c7:d6:71:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d78ac174e852b71c31163ec1d8649fff6b07ba79
        Validity
            Not Before: Jan  2 05:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b6a8162c7b9a0600f6b9c5fce8f2d1c6b8372aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7d:47:b7:13:f5:18:ec:6a:01:cb:48:09:77:
                    76:6b:be:8f:31:73:b9:55:64:3e:de:23:ab:7a:3b:
                    99:f1:93:b1:4a:ca:31:dd:51:78:2a:06:5c:1d:55:
                    20:8c:e6:70:44:4f:f0:98:2f:6d:1a:f6:4a:49:3a:
                    d5:bf:0c:50:a0:f9:fb:fc:97:d7:6d:fd:ab:85:29:
                    23:d0:18:5b:db:3f:c9:59:6c:23:8d:62:a2:75:83:
                    81:b5:ca:31:b8:07:35:cb:98:e7:ac:41:15:c9:10:
                    a7:23:57:ea:04:99:4c:0c:61:80:58:20:ca:da:2a:
                    ef:ca:2a:e3:06:ef:0b:55:93:18:36:f3:64:9b:c8:
                    5e:e9:e3:99:25:53:13:cf:41:35:63:09:d6:de:8a:
                    68:67:0c:37:16:bb:0b:a1:b8:b4:3f:3f:fa:3c:ff:
                    4f:4e:6c:fb:9f:ec:7a:1e:c0:82:9f:96:fe:77:ee:
                    16:a6:d1:77:ed:72:60:14:fa:ce:19:62:23:92:37:
                    85:f6:4f:85:9a:e9:4b:7c:8c:40:a1:6a:1e:1a:c3:
                    b8:b1:cf:0c:ee:a0:cd:db:14:72:ac:de:43:60:30:
                    55:2e:ac:3d:c3:09:d4:fa:0b:49:2d:f0:9d:86:e2:
                    d9:eb:af:3a:eb:0f:24:18:12:c7:71:fc:f7:31:03:
                    4d:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:6A:81:62:C7:B9:A0:60:0F:6B:9C:5F:CE:8F:2D:1C:6B:83:72:AA
            X509v3 Authority Key Identifier:
                keyid:D7:8A:C1:74:E8:52:B7:1C:31:16:3E:C1:D8:64:9F:FF:6B:07:BA:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/14rBdOhStxwxFj7B2GSf_2sHunk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e80231-53b8-4225-8523-947de3868cd5/1/G2qBYse5oGAPa5xfzo8tHGuDcqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e80231-53b8-4225-8523-947de3868cd5/1/14rBdOhStxwxFj7B2GSf_2sHunk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.214.44.0/22
                  195.182.225.0-195.182.255.255

    Signature Algorithm: sha256WithRSAEncryption
         23:e4:19:bc:53:96:47:25:eb:c1:fb:a3:d4:1f:61:10:ee:e3:
         ab:2d:f7:ad:39:15:0a:26:c6:bf:c0:38:60:3f:01:a4:e6:e8:
         f0:5f:64:6c:1f:56:52:c8:d6:12:bc:f8:16:54:6c:b5:98:2a:
         0a:f4:ed:75:6d:0f:3d:22:52:45:6d:c9:49:91:49:92:4b:01:
         e1:b3:67:7c:39:89:3b:6d:53:55:0a:70:91:55:0d:37:fd:96:
         ac:06:00:67:7e:45:0b:e1:1d:ae:dd:3f:16:62:4a:c5:c0:43:
         97:fb:3c:16:d1:a5:f8:5d:23:59:95:8b:b6:e4:36:98:38:e6:
         17:99:49:45:06:00:d9:7a:0f:c9:cd:a8:1f:42:d6:1a:3c:68:
         c9:b5:97:fa:b3:7e:bb:21:c0:ac:19:de:f5:c0:30:e5:7f:5d:
         48:18:21:d0:73:7c:82:71:95:99:24:db:6d:3f:76:b4:e6:c1:
         72:05:69:9e:31:57:0b:8b:1b:00:ed:70:84:95:f4:09:d5:4e:
         2c:7f:44:17:5c:56:0a:54:88:d4:03:9e:02:99:1b:98:32:a4:
         75:66:55:1a:c9:c9:a1:33:0c:06:04:08:d9:7b:c4:02:5b:e1:
         67:a2:70:aa:08:b3:f4:7e:be:e6:be:b6:14:de:49:18:70:4f:
         95:4c:55:1f
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZQljvlpsJJ3It3eenjH1nEbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3OGFjMTc0ZTg1MmI3MWMzMTE2M2VjMWQ4NjQ5ZmZmNmIw
N2JhNzkwHhcNMjUwMTAyMDU0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjZhODE2MmM3YjlhMDYwMGY2YjljNWZjZThmMmQxYzZiODM3MmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH1HtxP1GOxqActICXd2a76PMXO5
VWQ+3iOrejuZ8ZOxSsox3VF4KgZcHVUgjOZwRE/wmC9tGvZKSTrVvwxQoPn7/JfX
bf2rhSkj0Bhb2z/JWWwjjWKidYOBtcoxuAc1y5jnrEEVyRCnI1fqBJlMDGGAWCDK
2irvyirjBu8LVZMYNvNkm8he6eOZJVMTz0E1YwnW3opoZww3FrsLobi0Pz/6PP9P
Tmz7n+x6HsCCn5b+d+4WptF37XJgFPrOGWIjkjeF9k+FmulLfIxAoWoeGsO4sc8M
7qDN2xRyrN5DYDBVLqw9wwnU+gtJLfCdhuLZ66866w8kGBLHcfz3MQNNHQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFBtqgWLHuaBgD2ucX86PLRxrg3KqMB8GA1UdIwQY
MBaAFNeKwXToUrccMRY+wdhkn/9rB7p5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTRyQmRPaFN0eHd4Rmo3QjJHU2ZfMnNIdW5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9lODAyMzEtNTNiOC00MjI1LTg1MjMt
OTQ3ZGUzODY4Y2Q1LzEvRzJxQllzZTVvR0FQYTV4ZnpvOHRIR3VEY3FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9lODAyMzEtNTNiOC00MjI1LTg1MjMtOTQ3ZGUzODY4Y2Q1
LzEvMTRyQmRPaFN0eHd4Rmo3QjJHU2ZfMnNIdW5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATAwQCWNYsMAsD
BADDtuEDAwDDtjANBgkqhkiG9w0BAQsFAAOCAQEAI+QZvFOWRyXrwfuj1B9hEO7j
qy33rTkVCibGv8A4YD8BpObo8F9kbB9WUsjWErz4FlRstZgqCvTtdW0PPSJSRW3J
SZFJkksB4bNnfDmJO21TVQpwkVUNN/2WrAYAZ35FC+Edrt0/FmJKxcBDl/s8FtGl
+F0jWZWLtuQ2mDjmF5lJRQYA2XoPyc2oH0LWGjxoybWX+rN+uyHArBne9cAw5X9d
SBgh0HN8gnGVmSTbbT92tObBcgVpnjFXC4sbAO1whJX0CdVOLH9EF1xWClSI1AOe
ApkbmDKkdWZVGsnJoTMMBgQI2XvEAlvhZ6Jwqgiz9H6+5r62FN5JGHBPlUxVHw==
-----END CERTIFICATE-----