Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/SEpCkcxzQflYfwj66mcnnfjc0aw.roa
File:                     SEpCkcxzQflYfwj66mcnnfjc0aw.roa (raw, json)
Hash identifier:          m/i5q0ZcWIGbFdCWAMpHzQtELHV2z3EwkC+zJoL5H9s=
Subject key identifier:   48:4A:42:91:CC:73:41:F9:58:7F:08:FA:EA:67:27:9D:F8:DC:D1:AC
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019429BCFDDF60743F9A446F7F93B3D4D3CE
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/SEpCkcxzQflYfwj66mcnnfjc0aw.roa
Signing time:             Fri 03 Jan 2025 01:17:19 +0000
ROA not before:           Fri 03 Jan 2025 01:17:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        45.139.6.0/23 maxlen: 24
                          46.249.110.0/24 maxlen: 24
                          82.115.28.0/23 maxlen: 24
                          89.251.10.0/24 maxlen: 24
                          159.255.32.0/22 maxlen: 22
                          159.255.36.0/22 maxlen: 22
                          178.173.240.0/20 maxlen: 24
                          185.231.172.0/22 maxlen: 24
                          188.253.8.0/21 maxlen: 24
                          202.133.90.0/23 maxlen: 24
                          212.90.100.0/22 maxlen: 24
                          213.173.32.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:29:bc:fd:df:60:74:3f:9a:44:6f:7f:93:b3:d4:d3:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  3 01:17:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=484a4291cc7341f9587f08faea67279df8dcd1ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:81:88:6a:91:a7:d9:6c:08:06:28:91:99:04:
                    6e:4a:90:54:79:b1:4f:c6:74:b3:f8:2c:5f:cf:6c:
                    c0:a6:ae:b6:02:c6:f3:99:31:fb:f4:e7:8d:07:36:
                    a1:87:4b:86:58:af:81:5e:e1:a5:c9:86:54:d9:34:
                    15:2a:93:63:b0:67:a8:31:76:c3:7b:fa:02:6a:19:
                    3c:62:0d:a7:49:e9:7e:78:3e:e0:5c:54:1b:68:c2:
                    8e:57:66:53:26:6e:4d:c4:20:e0:c2:df:fc:29:82:
                    40:bd:5f:72:29:1d:88:47:98:89:aa:01:55:cc:40:
                    b2:0b:7e:82:0b:27:64:45:67:ee:1b:a7:8f:83:75:
                    a8:8f:41:3c:3c:18:f9:56:c4:f1:0a:a3:34:34:5e:
                    ac:4e:8c:46:e9:a4:b8:81:7c:82:8b:94:68:4c:fc:
                    a8:99:94:fa:64:70:4c:dd:a1:81:f6:86:23:51:1b:
                    1e:43:11:84:22:27:05:96:3d:40:76:53:7e:9d:b9:
                    3f:f7:33:a3:a8:ce:41:2b:b0:25:45:1b:40:f7:3a:
                    a1:ba:4a:2d:14:ff:11:b7:23:73:d0:f9:d9:32:a8:
                    9c:13:b5:65:87:7b:7a:6a:fc:ff:5c:54:bb:ec:d1:
                    21:44:c4:1a:c6:33:2d:4a:04:e4:37:d0:00:ec:5f:
                    2e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:4A:42:91:CC:73:41:F9:58:7F:08:FA:EA:67:27:9D:F8:DC:D1:AC
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/SEpCkcxzQflYfwj66mcnnfjc0aw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.6.0/23
                  46.249.110.0/24
                  82.115.28.0/23
                  89.251.10.0/24
                  159.255.32.0/21
                  178.173.240.0/20
                  185.231.172.0/22
                  188.253.8.0/21
                  202.133.90.0/23
                  212.90.100.0/22
                  213.173.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d0:0b:01:c9:3e:7d:e5:06:e8:af:ae:ea:dc:ef:18:c2:9e:9c:
         ad:f9:56:f3:b1:6b:4c:cb:4d:03:d6:0a:94:5a:c4:e0:44:1e:
         3e:a5:09:d5:b5:72:6c:0b:a7:9d:e4:89:eb:ac:2e:e6:95:25:
         0f:47:c3:37:56:e1:1f:88:1c:a1:3a:ff:ee:33:84:f9:4d:85:
         dc:b7:30:50:12:93:cb:f6:2b:77:a6:18:cd:18:e2:2a:a3:37:
         e5:3b:9c:17:c9:46:3b:6d:87:7a:3b:aa:3c:76:28:5c:a0:96:
         0a:4b:70:d0:de:a3:ef:47:0f:a6:89:c4:d7:c8:e6:26:ca:57:
         84:48:d0:6b:a1:43:bd:08:32:c0:f4:4d:ff:f1:47:46:ff:36:
         da:e1:98:3d:27:e2:7c:42:0d:f8:02:b6:ff:f3:9f:02:c4:fe:
         a3:3c:57:c4:bb:ef:79:e3:21:ef:68:24:70:23:ff:e0:d6:b5:
         e7:a9:61:ff:4c:e0:dd:89:55:ca:2e:6b:c3:bb:21:64:2a:a1:
         fd:17:1e:84:59:bb:d6:fa:a3:e3:7e:8e:63:52:b0:85:f9:87:
         e0:82:45:e1:a3:75:7a:dd:41:1f:ad:0a:fc:7d:f0:6e:a7:e2:
         d3:f2:8f:96:35:9e:7f:ae:34:4d:fd:67:79:23:53:b3:cf:24:
         65:8b:5f:71
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZQpvP3fYHQ/mkRvf5Oz1NPOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwMTAzMDExNzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODRhNDI5MWNjNzM0MWY5NTg3ZjA4ZmFlYTY3Mjc5ZGY4ZGNkMWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoGIapGn2WwIBiiRmQRuSpBUebFP
xnSz+Cxfz2zApq62AsbzmTH79OeNBzahh0uGWK+BXuGlyYZU2TQVKpNjsGeoMXbD
e/oCahk8Yg2nSel+eD7gXFQbaMKOV2ZTJm5NxCDgwt/8KYJAvV9yKR2IR5iJqgFV
zECyC36CCydkRWfuG6ePg3Woj0E8PBj5VsTxCqM0NF6sToxG6aS4gXyCi5RoTPyo
mZT6ZHBM3aGB9oYjURseQxGEIicFlj1AdlN+nbk/9zOjqM5BK7AlRRtA9zqhukot
FP8RtyNz0PnZMqicE7Vlh3t6avz/XFS77NEhRMQaxjMtSgTkN9AA7F8uSwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFEhKQpHMc0H5WH8I+upnJ5343NGsMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvU0VwQ2tjeHpRZmxZZndqNjZtY25uZmpjMGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQBLYsGAwQA
LvluAwQBUnMcAwQAWfsKAwQDn/8gAwQEsq3wAwQCueesAwQDvP0IAwQByoVaAwQC
1FpkAwQC1a0gMA0GCSqGSIb3DQEBCwUAA4IBAQDQCwHJPn3lBuivrurc7xjCnpyt
+VbzsWtMy00D1gqUWsTgRB4+pQnVtXJsC6ed5InrrC7mlSUPR8M3VuEfiByhOv/u
M4T5TYXctzBQEpPL9it3phjNGOIqozflO5wXyUY7bYd6O6o8dihcoJYKS3DQ3qPv
Rw+micTXyOYmyleESNBroUO9CDLA9E3/8UdG/zba4Zg9J+J8Qg34Arb/858CxP6j
PFfEu+954yHvaCRwI//g1rXnqWH/TODdiVXKLmvDuyFkKqH9Fx6EWbvW+qPjfo5j
UrCF+YfggkXho3V63UEfrQr8ffBup+LT8o+WNZ5/rjRN/Wd5I1OzzyRli19x
-----END CERTIFICATE-----