Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/dencvyi0TxmMkZDQCX9rZJN2RzU.roa
File:                     dencvyi0TxmMkZDQCX9rZJN2RzU.roa (raw, json)
Hash identifier:          B52p98p3HEzzhef7/oXAaRqNFYHk2h3tC+DtHUn18nc=
Subject key identifier:   75:E9:DC:BF:28:B4:4F:19:8C:91:90:D0:09:7F:6B:64:93:76:47:35
Certificate issuer:       /CN=9d6b9774c94876c98321de3201b11b75a1358d19
Certificate serial:       01941F8C482859554ABEE2C0D425DA01A2B2
Authority key identifier: 9D:6B:97:74:C9:48:76:C9:83:21:DE:32:01:B1:1B:75:A1:35:8D:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nWuXdMlIdsmDId4yAbEbdaE1jRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/dencvyi0TxmMkZDQCX9rZJN2RzU.roa
Signing time:             Wed 01 Jan 2025 01:47:54 +0000
ROA not before:           Wed 01 Jan 2025 01:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211462
IP address blocks:        193.32.87.0/24 maxlen: 24
                          2a0d:8140::/48 maxlen: 48
                          2a0d:8140:2fff::/48 maxlen: 48
                          2a0d:8140:3fff::/48 maxlen: 48
                          2a0d:8140:4fff::/48 maxlen: 48
                          2a0d:8141::/48 maxlen: 48
                          2a0d:8142::/48 maxlen: 48
                          2a0d:8143::/48 maxlen: 48
                          2a0d:8144::/48 maxlen: 48
                          2a0d:8145::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:48:28:59:55:4a:be:e2:c0:d4:25:da:01:a2:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d6b9774c94876c98321de3201b11b75a1358d19
        Validity
            Not Before: Jan  1 01:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75e9dcbf28b44f198c9190d0097f6b6493764735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:62:b8:e3:7e:c8:ed:5a:ad:2e:e3:25:88:ee:
                    4c:88:7e:c1:ef:41:3f:7b:d1:a9:bf:9d:46:50:0b:
                    79:ab:c7:a2:05:f1:c7:92:ec:9f:3f:2b:b8:a1:dc:
                    71:52:13:17:07:67:ae:aa:d4:74:54:19:1a:6c:1f:
                    a6:26:c0:50:2c:0f:e8:bc:76:a4:74:2b:35:f9:e3:
                    c6:07:3e:24:a3:87:39:d2:68:d6:80:82:5a:3a:a4:
                    5d:9d:20:94:4e:01:65:fb:e7:29:ae:bc:fc:eb:29:
                    f6:12:a9:4f:fd:4a:34:26:ab:1c:cb:2d:ee:3a:cc:
                    97:78:da:d0:4f:6e:55:60:7a:dd:73:5d:d6:8f:8e:
                    79:30:9c:e9:ee:2f:47:73:82:30:be:43:a2:2c:6b:
                    bc:94:2b:28:ca:18:a7:c3:ee:91:0b:01:ac:b2:eb:
                    38:aa:c1:ff:cc:72:ce:56:7e:c0:f6:e6:0b:8d:99:
                    86:18:fc:b7:77:6c:08:f8:ad:4c:45:ae:4e:f6:9a:
                    db:a7:a6:0f:e9:35:b8:37:d0:2c:32:da:95:30:94:
                    7b:a2:05:48:7b:b7:aa:a1:a5:ef:80:9b:50:55:f2:
                    ab:b4:2f:7b:a2:e7:08:af:67:38:f0:8d:d3:61:ab:
                    f1:ec:49:24:ff:fa:55:c3:8d:81:b9:2a:bb:4e:80:
                    af:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:E9:DC:BF:28:B4:4F:19:8C:91:90:D0:09:7F:6B:64:93:76:47:35
            X509v3 Authority Key Identifier:
                keyid:9D:6B:97:74:C9:48:76:C9:83:21:DE:32:01:B1:1B:75:A1:35:8D:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nWuXdMlIdsmDId4yAbEbdaE1jRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/dencvyi0TxmMkZDQCX9rZJN2RzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/40cb9c-c426-48ab-9968-a56bdfadb81e/1/nWuXdMlIdsmDId4yAbEbdaE1jRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.87.0/24
                IPv6:
                  2a0d:8140::/48
                  2a0d:8140:2fff::/48
                  2a0d:8140:3fff::/48
                  2a0d:8140:4fff::/48
                  2a0d:8141::/48
                  2a0d:8142::/48
                  2a0d:8143::/48
                  2a0d:8144::/48
                  2a0d:8145::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:e3:2d:1a:a5:9b:73:f6:f0:29:dd:24:27:da:d0:35:c3:15:
         c3:b0:ab:e1:8e:7f:89:61:f0:29:52:f2:41:36:2c:7e:51:93:
         f6:a7:2e:71:8e:fb:b4:cb:54:7a:e3:9f:fa:e7:a1:7e:67:32:
         b8:6b:aa:75:50:20:97:1f:cb:b3:e2:73:cc:50:64:52:d7:80:
         bd:e5:f8:15:de:4b:73:79:13:05:33:08:bb:fe:14:4b:ac:8f:
         fa:7c:d9:89:02:a2:0b:52:fd:0a:61:1f:36:31:33:5e:ba:c2:
         90:f8:55:c5:a0:eb:c6:05:24:2e:2c:4a:b3:93:09:64:05:d9:
         c9:39:3d:f4:78:06:fc:1a:43:c4:89:e6:af:6c:e6:e6:ee:6d:
         66:39:9c:0c:ec:35:48:e9:35:02:96:b4:67:db:3b:15:d4:20:
         88:8b:76:a3:65:4a:dd:0c:92:f1:17:8d:64:a9:be:88:f9:90:
         82:42:c3:b6:71:35:db:78:9c:25:ea:0e:af:cf:a6:83:ed:1e:
         c3:8f:12:db:78:0a:32:80:b6:24:47:29:07:15:8f:b2:e0:44:
         49:23:be:72:8b:c6:d3:bc:83:6a:ac:f5:94:14:91:6e:4d:0f:
         13:58:2c:6f:9a:39:dc:8d:c2:d6:55:06:6b:cd:bb:15:42:9d:
         1f:e8:85:89
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAZQfjEgoWVVKvuLA1CXaAaKyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNmI5Nzc0Yzk0ODc2Yzk4MzIxZGUzMjAxYjExYjc1YTEz
NThkMTkwHhcNMjUwMTAxMDE0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWU5ZGNiZjI4YjQ0ZjE5OGM5MTkwZDAwOTdmNmI2NDkzNzY0NzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mK4437I7VqtLuMliO5MiH7B70E/
e9Gpv51GUAt5q8eiBfHHkuyfPyu4odxxUhMXB2euqtR0VBkabB+mJsBQLA/ovHak
dCs1+ePGBz4ko4c50mjWgIJaOqRdnSCUTgFl++cprrz86yn2EqlP/Uo0Jqscyy3u
OsyXeNrQT25VYHrdc13Wj455MJzp7i9Hc4IwvkOiLGu8lCsoyhinw+6RCwGssus4
qsH/zHLOVn7A9uYLjZmGGPy3d2wI+K1MRa5O9prbp6YP6TW4N9AsMtqVMJR7ogVI
e7eqoaXvgJtQVfKrtC97oucIr2c48I3TYavx7Ekk//pVw42BuSq7ToCviwIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFHXp3L8otE8ZjJGQ0Al/a2STdkc1MB8GA1UdIwQY
MBaAFJ1rl3TJSHbJgyHeMgGxG3WhNY0ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbld1WGRNbElkc21ESWQ0eUFiRWJkYUUxalJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS80MGNiOWMtYzQyNi00OGFiLTk5Njgt
YTU2YmRmYWRiODFlLzEvZGVuY3Z5aTBUeG1Na1pEUUNYOXJaSk4yUnpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS80MGNiOWMtYzQyNi00OGFiLTk5NjgtYTU2YmRmYWRiODFl
LzEvbld1WGRNbElkc21ESWQ0eUFiRWJkYUUxalJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzAMBAIAATAGAwQAwSBXMFcE
AgACMFEDBwAqDYFAAAADBwAqDYFAL/8DBwAqDYFAP/8DBwAqDYFAT/8DBwAqDYFB
AAADBwAqDYFCAAADBwAqDYFDAAADBwAqDYFEAAADBwAqDYFFAAAwDQYJKoZIhvcN
AQELBQADggEBABLjLRqlm3P28CndJCfa0DXDFcOwq+GOf4lh8ClS8kE2LH5Rk/an
LnGO+7TLVHrjn/rnoX5nMrhrqnVQIJcfy7Pic8xQZFLXgL3l+BXeS3N5EwUzCLv+
FEusj/p82YkCogtS/QphHzYxM166wpD4VcWg68YFJC4sSrOTCWQF2ck5PfR4Bvwa
Q8SJ5q9s5ububWY5nAzsNUjpNQKWtGfbOxXUIIiLdqNlSt0MkvEXjWSpvoj5kIJC
w7ZxNdt4nCXqDq/PpoPtHsOPEtt4CjKAtiRHKQcVj7LgREkjvnKLxtO8g2qs9ZQU
kW5NDxNYLG+aOdyNwtZVBmvNuxVCnR/ohYk=
-----END CERTIFICATE-----