Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/QlkzD36W5v0AxlNSx0z4hSk7uFU.roa
File:                     QlkzD36W5v0AxlNSx0z4hSk7uFU.roa (raw, json)
Hash identifier:          uYqo04qiRW99BRZNiigYBH7mOhV3UNP+jPgusIVov/k=
Subject key identifier:   42:59:33:0F:7E:96:E6:FD:00:C6:53:52:C7:4C:F8:85:29:3B:B8:55
Certificate issuer:       /CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
Certificate serial:       0194BC526EE1932CEFBE2F86EE1561B94C21
Authority key identifier: F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/QlkzD36W5v0AxlNSx0z4hSk7uFU.roa
Signing time:             Fri 31 Jan 2025 12:25:06 +0000
ROA not before:           Fri 31 Jan 2025 12:25:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        86.104.215.0/24 maxlen: 24
                          89.32.200.0/24 maxlen: 24
                          89.32.204.0/24 maxlen: 24
                          89.33.83.0/24 maxlen: 24
                          103.47.52.0/22 maxlen: 22
                          162.218.158.0/24 maxlen: 24
                          188.215.5.0/24 maxlen: 24
                          194.26.149.0/24 maxlen: 24
                          212.102.116.0/24 maxlen: 24
                          2a0a:eb00::/29 maxlen: 29
                          2a0a:eb00::/30 maxlen: 30
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:bc:52:6e:e1:93:2c:ef:be:2f:86:ee:15:61:b9:4c:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
        Validity
            Not Before: Jan 31 12:25:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4259330f7e96e6fd00c65352c74cf885293bb855
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e6:86:8f:61:a7:3b:7e:97:5d:2b:bd:3a:a9:
                    09:bf:d8:1e:bb:b4:7b:30:5b:1f:f8:ed:71:a0:86:
                    9a:f3:ee:ee:09:5a:9b:ea:79:52:a6:4a:53:d2:d6:
                    53:f4:41:1c:0a:3c:7e:91:4d:74:2e:d2:60:15:75:
                    d9:ab:3c:f4:cc:62:9f:76:a1:75:75:58:cb:35:72:
                    ed:b0:c9:e5:60:ea:6e:bd:ed:e3:dd:4b:91:ba:34:
                    32:d0:1b:fb:7a:8a:1e:d1:84:81:5b:2e:61:87:f2:
                    c4:db:9a:1b:4c:66:aa:df:96:f7:1c:5e:db:7e:6c:
                    4e:b3:8d:6a:c4:6f:01:45:e2:3c:c1:6a:b0:a2:7c:
                    2c:93:91:ba:eb:24:14:e6:fe:aa:dc:63:a2:bf:92:
                    1b:6e:33:20:3f:a7:42:3d:5f:03:cb:cc:d6:a7:67:
                    e3:a9:aa:8e:d4:40:d1:79:54:e1:71:0c:e9:24:9d:
                    11:e2:01:4c:3a:01:ca:b4:b7:f5:e5:e6:90:9b:02:
                    d8:74:44:a7:3e:50:09:f5:35:36:c3:61:92:32:17:
                    c2:2b:56:ec:13:5b:d8:81:9d:8e:4f:5c:63:ee:ed:
                    91:9b:cd:d9:91:c4:75:6b:d4:ca:17:40:a2:7b:21:
                    48:87:09:b6:4d:33:89:a8:e3:fa:86:96:03:c1:db:
                    15:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:59:33:0F:7E:96:E6:FD:00:C6:53:52:C7:4C:F8:85:29:3B:B8:55
            X509v3 Authority Key Identifier:
                keyid:F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/QlkzD36W5v0AxlNSx0z4hSk7uFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.215.0/24
                  89.32.200.0/24
                  89.32.204.0/24
                  89.33.83.0/24
                  103.47.52.0/22
                  162.218.158.0/24
                  188.215.5.0/24
                  194.26.149.0/24
                  212.102.116.0/24
                IPv6:
                  2a0a:eb00::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:ba:96:81:91:97:cc:61:d7:ec:02:be:b3:b5:62:4a:c6:6c:
         31:75:30:94:7b:4d:5e:11:d1:ac:d9:39:53:45:d3:a3:60:b6:
         87:6e:c2:72:bb:70:4f:57:b8:98:b8:a7:4a:eb:27:fd:af:16:
         32:16:20:b7:ac:2f:48:26:90:9f:12:8f:dd:ed:a7:83:36:8a:
         1e:3a:56:54:e8:6c:0d:b2:e0:9a:75:04:45:91:06:fa:6a:c1:
         4a:ca:6b:e4:d4:43:ee:1b:8d:dc:40:7e:7f:20:d0:f3:f2:9e:
         8f:b3:b7:ae:ad:8b:d9:2d:6a:3e:14:be:67:55:c5:dd:37:71:
         a0:b5:7d:cf:82:0e:68:6e:cd:80:12:b6:24:0d:a5:bb:b8:0b:
         15:f2:e9:41:91:27:64:86:47:8b:a9:e1:41:a3:d3:94:ba:d4:
         6b:f6:ae:96:16:2b:bf:75:0c:ea:e7:06:5f:e8:a1:bc:b9:36:
         15:d8:8d:e9:43:e7:2f:1f:61:00:02:77:70:2d:eb:14:af:ef:
         bf:08:75:5e:63:eb:b2:e7:87:a4:ac:9e:c8:82:7c:17:24:a9:
         9d:e9:a4:f3:51:06:8e:5f:b7:79:d8:c0:5f:b7:4a:b9:f7:95:
         8d:86:9e:bc:c7:07:39:c5:e5:9b:a6:30:35:2b:8c:7f:36:5c:
         55:c7:a2:c4
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZS8Um7hkyzvvi+G7hVhuUwhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZmIzMmQyMjY2YjFmOWJjZTU3Y2FjOThiYzAyNDdmMmM5
MTk3ZjIwHhcNMjUwMTMxMTIyNTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjU5MzMwZjdlOTZlNmZkMDBjNjUzNTJjNzRjZjg4NTI5M2JiODU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuaGj2GnO36XXSu9OqkJv9geu7R7
MFsf+O1xoIaa8+7uCVqb6nlSpkpT0tZT9EEcCjx+kU10LtJgFXXZqzz0zGKfdqF1
dVjLNXLtsMnlYOpuve3j3UuRujQy0Bv7eooe0YSBWy5hh/LE25obTGaq35b3HF7b
fmxOs41qxG8BReI8wWqwonwsk5G66yQU5v6q3GOiv5IbbjMgP6dCPV8Dy8zWp2fj
qaqO1EDReVThcQzpJJ0R4gFMOgHKtLf15eaQmwLYdESnPlAJ9TU2w2GSMhfCK1bs
E1vYgZ2OT1xj7u2Rm83ZkcR1a9TKF0CieyFIhwm2TTOJqOP6hpYDwdsVDQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFEJZMw9+lub9AMZTUsdM+IUpO7hVMB8GA1UdIwQY
MBaAFPX7MtImax+bzlfKyYvAJH8skZfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAt
MmQxNDNkN2I4NTNjLzEvUWxrekQzNlc1djBBeGxOU3gwejRoU2s3dUZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAtMmQxNDNkN2I4NTNj
LzEvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQAVmjXAwQA
WSDIAwQAWSDMAwQAWSFTAwQCZy80AwQAotqeAwQAvNcFAwQAwhqVAwQA1GZ0MA0E
AgACMAcDBQMqCusAMA0GCSqGSIb3DQEBCwUAA4IBAQBnupaBkZfMYdfsAr6ztWJK
xmwxdTCUe01eEdGs2TlTRdOjYLaHbsJyu3BPV7iYuKdK6yf9rxYyFiC3rC9IJpCf
Eo/d7aeDNooeOlZU6GwNsuCadQRFkQb6asFKymvk1EPuG43cQH5/INDz8p6Ps7eu
rYvZLWo+FL5nVcXdN3GgtX3Pgg5obs2AErYkDaW7uAsV8ulBkSdkhkeLqeFBo9OU
utRr9q6WFiu/dQzq5wZf6KG8uTYV2I3pQ+cvH2EAAndwLesUr++/CHVeY+uy54ek
rJ7IgnwXJKmd6aTzUQaOX7d52MBft0q595WNhp68xwc5xeWbpjA1K4x/NlxVx6LE
-----END CERTIFICATE-----