Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/af58b6-9e8f-406e-ac1c-2fc030a60cea/1/xRuQVNxBS_3Mgbe42rndbMsNass.roa
File:                     xRuQVNxBS_3Mgbe42rndbMsNass.roa (raw, json)
Hash identifier:          A1raJrfsn9sVKt/kmB4hYgZNVWgJqoDFFUH8LA8mWcI=
Subject key identifier:   C5:1B:90:54:DC:41:4B:FD:CC:81:B7:B8:DA:B9:DD:6C:CB:0D:6A:CB
Certificate issuer:       /CN=1329cd3ee2fe126a82ca2a58c87ed5838fe2af57
Certificate serial:       0195A345799DA63A269667068930284B2310
Authority key identifier: 13:29:CD:3E:E2:FE:12:6A:82:CA:2A:58:C8:7E:D5:83:8F:E2:AF:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EynNPuL-EmqCyipYyH7Vg4_ir1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/af58b6-9e8f-406e-ac1c-2fc030a60cea/1/xRuQVNxBS_3Mgbe42rndbMsNass.roa
Signing time:             Mon 17 Mar 2025 08:43:14 +0000
ROA not before:           Mon 17 Mar 2025 08:43:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59497
IP address blocks:        185.189.184.0/22 maxlen: 22
                          185.189.184.0/24 maxlen: 24
                          185.189.185.0/24 maxlen: 24
                          185.189.186.0/24 maxlen: 24
                          185.189.187.0/24 maxlen: 24
                          194.8.156.0/22 maxlen: 22
                          194.8.156.0/24 maxlen: 24
                          194.8.158.0/24 maxlen: 24
                          195.140.228.0/22 maxlen: 22
                          195.140.228.0/24 maxlen: 24
                          195.178.18.0/23 maxlen: 23
                          195.178.18.0/24 maxlen: 24
                          2a09:87c0::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a3:45:79:9d:a6:3a:26:96:67:06:89:30:28:4b:23:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1329cd3ee2fe126a82ca2a58c87ed5838fe2af57
        Validity
            Not Before: Mar 17 08:43:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c51b9054dc414bfdcc81b7b8dab9dd6ccb0d6acb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:dc:91:ad:a2:eb:4f:4e:f5:32:5d:bf:b2:e8:
                    93:8b:24:b0:05:56:06:98:61:43:da:ed:52:40:83:
                    f5:68:b5:cf:aa:e0:7d:de:ec:80:89:3d:a7:e6:de:
                    b8:0d:60:93:d2:18:bd:62:48:93:28:b7:81:2b:b9:
                    0f:f5:9f:ff:af:a3:ff:4b:80:51:2b:12:61:38:a4:
                    cf:ac:fa:41:44:28:58:71:45:90:d4:71:ea:28:d7:
                    ee:e0:51:fe:5f:b5:5a:8c:59:5b:d4:47:1d:1a:7f:
                    51:c2:2e:39:4e:31:7f:74:62:fa:ea:60:83:d5:d6:
                    41:9c:ed:dc:2a:bd:e9:86:c5:86:40:5e:01:9a:7b:
                    36:7c:4f:1d:da:65:37:a6:fe:7b:77:df:30:18:e4:
                    50:b8:6f:a0:83:89:b3:f5:39:72:9b:a2:d0:2d:c5:
                    97:ec:18:89:19:18:6d:7b:34:fb:d3:08:95:d8:e8:
                    3d:1c:51:4c:c7:b7:db:02:28:be:3f:ed:21:f2:0d:
                    6b:2d:58:93:65:53:60:a3:67:62:b5:9f:cc:71:35:
                    de:24:78:f9:22:5d:81:6a:80:24:1f:8e:e2:92:70:
                    cb:43:28:67:ac:10:24:f9:4a:be:b5:5d:a5:d5:bd:
                    7c:5f:ba:25:b5:b6:69:2f:c3:6b:c1:3a:a8:87:0b:
                    d5:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:1B:90:54:DC:41:4B:FD:CC:81:B7:B8:DA:B9:DD:6C:CB:0D:6A:CB
            X509v3 Authority Key Identifier:
                keyid:13:29:CD:3E:E2:FE:12:6A:82:CA:2A:58:C8:7E:D5:83:8F:E2:AF:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EynNPuL-EmqCyipYyH7Vg4_ir1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/af58b6-9e8f-406e-ac1c-2fc030a60cea/1/xRuQVNxBS_3Mgbe42rndbMsNass.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/af58b6-9e8f-406e-ac1c-2fc030a60cea/1/EynNPuL-EmqCyipYyH7Vg4_ir1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.184.0/22
                  194.8.156.0/22
                  195.140.228.0/22
                  195.178.18.0/23
                IPv6:
                  2a09:87c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         40:8b:01:0b:d1:b9:85:9a:32:a7:b6:e0:2f:ea:71:e6:c8:b6:
         b4:c8:52:f7:1b:b7:1f:a6:ed:80:54:53:46:98:09:b3:b4:45:
         65:90:46:c8:4e:78:f7:22:d9:70:de:72:d1:38:d4:c3:7b:88:
         30:61:26:96:71:f2:84:18:54:5a:3a:81:c0:5a:d5:70:13:b6:
         ed:21:48:c8:43:ac:bf:80:39:91:37:2b:a4:c3:fe:e9:01:55:
         2e:3d:1c:d2:89:60:db:33:19:6a:98:75:3d:c2:d4:dc:bf:77:
         20:ed:ac:5a:75:c9:a8:4f:28:33:19:1d:46:21:8e:de:04:a8:
         15:6c:2c:a9:8a:17:30:40:12:21:78:9a:57:e7:31:d1:5f:2b:
         7b:fc:5a:75:bf:cd:7f:15:ce:de:88:bd:8b:c0:0f:63:e6:00:
         9e:40:47:2f:26:c4:6a:02:61:e3:3d:f2:69:12:23:dc:14:55:
         f8:37:e0:66:f3:58:2f:c9:48:fb:d3:62:0e:34:50:3d:24:75:
         a4:78:ca:98:0b:70:93:66:4e:c5:5b:63:67:40:ca:a0:7e:ec:
         d7:b0:4d:c1:3c:b5:e8:ee:6f:c4:50:4b:16:47:44:14:d3:4a:
         d5:a1:b0:c2:9e:d1:2b:eb:6a:a2:21:46:7a:9b:07:a9:72:68:
         ef:0d:ae:17
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZWjRXmdpjomlmcGiTAoSyMQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMjljZDNlZTJmZTEyNmE4MmNhMmE1OGM4N2VkNTgzOGZl
MmFmNTcwHhcNMjUwMzE3MDg0MzE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTFiOTA1NGRjNDE0YmZkY2M4MWI3YjhkYWI5ZGQ2Y2NiMGQ2YWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydyRraLrT071Ml2/suiTiySwBVYG
mGFD2u1SQIP1aLXPquB93uyAiT2n5t64DWCT0hi9YkiTKLeBK7kP9Z//r6P/S4BR
KxJhOKTPrPpBRChYcUWQ1HHqKNfu4FH+X7VajFlb1EcdGn9Rwi45TjF/dGL66mCD
1dZBnO3cKr3phsWGQF4Bmns2fE8d2mU3pv57d98wGORQuG+gg4mz9Tlym6LQLcWX
7BiJGRhtezT70wiV2Og9HFFMx7fbAii+P+0h8g1rLViTZVNgo2ditZ/McTXeJHj5
Il2BaoAkH47iknDLQyhnrBAk+Uq+tV2l1b18X7oltbZpL8NrwTqohwvVdQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFMUbkFTcQUv9zIG3uNq53WzLDWrLMB8GA1UdIwQY
MBaAFBMpzT7i/hJqgsoqWMh+1YOP4q9XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXluTlB1TC1FbXFDeWlwWXlIN1ZnNF9pcjFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9hZjU4YjYtOWU4Zi00MDZlLWFjMWMt
MmZjMDMwYTYwY2VhLzEveFJ1UVZOeEJTXzNNZ2JlNDJybmRiTXNOYXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9hZjU4YjYtOWU4Zi00MDZlLWFjMWMtMmZjMDMwYTYwY2Vh
LzEvRXluTlB1TC1FbXFDeWlwWXlIN1ZnNF9pcjFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCub24AwQC
wgicAwQCw4zkAwQBw7ISMA0EAgACMAcDBQMqCYfAMA0GCSqGSIb3DQEBCwUAA4IB
AQBAiwEL0bmFmjKntuAv6nHmyLa0yFL3G7cfpu2AVFNGmAmztEVlkEbITnj3Itlw
3nLRONTDe4gwYSaWcfKEGFRaOoHAWtVwE7btIUjIQ6y/gDmRNyukw/7pAVUuPRzS
iWDbMxlqmHU9wtTcv3cg7axadcmoTygzGR1GIY7eBKgVbCypihcwQBIheJpX5zHR
Xyt7/Fp1v81/Fc7eiL2LwA9j5gCeQEcvJsRqAmHjPfJpEiPcFFX4N+Bm81gvyUj7
02IONFA9JHWkeMqYC3CTZk7FW2NnQMqgfuzXsE3BPLXo7m/EUEsWR0QU00rVobDC
ntEr62qiIUZ6mwepcmjvDa4X
-----END CERTIFICATE-----