Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/1-Jd_qc8apOR4p6laQN0XEPGV69E.roa
File:                     1-Jd_qc8apOR4p6laQN0XEPGV69E.roa (raw, json)
Hash identifier:          GOoNb/QIaZMGL6bF2qxv1TbNPoQ9D5q5E8h1u/bWgGs=
Subject key identifier:   F8:97:7F:A9:CF:1A:A4:E4:78:A7:A9:5A:40:DD:17:10:F1:95:EB:D1
Certificate issuer:       /CN=330e640f9d63ba943a97b3dc10d4c6844a5d3dc1
Certificate serial:       01942444AC290B2D108B203312B605D667FF
Authority key identifier: 33:0E:64:0F:9D:63:BA:94:3A:97:B3:DC:10:D4:C6:84:4A:5D:3D:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mw5kD51jupQ6l7PcENTGhEpdPcE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/1-Jd_qc8apOR4p6laQN0XEPGV69E.roa
Signing time:             Wed 01 Jan 2025 23:47:47 +0000
ROA not before:           Wed 01 Jan 2025 23:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210278
IP address blocks:        101.56.0.0/15 maxlen: 15
                          101.56.0.0/18 maxlen: 18
                          101.56.64.0/18 maxlen: 18
                          101.56.128.0/18 maxlen: 18
                          101.56.192.0/18 maxlen: 18
                          101.57.0.0/16 maxlen: 16
                          101.58.0.0/15 maxlen: 15
                          101.58.0.0/16 maxlen: 16
                          101.59.0.0/16 maxlen: 16
                          101.62.0.0/15 maxlen: 15
                          101.62.0.0/16 maxlen: 16
                          101.62.194.0/23 maxlen: 23
                          101.62.196.0/23 maxlen: 23
                          101.63.0.0/16 maxlen: 16
                          195.162.92.0/22 maxlen: 22
                          2a0e:400::/25 maxlen: 25
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:ac:29:0b:2d:10:8b:20:33:12:b6:05:d6:67:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=330e640f9d63ba943a97b3dc10d4c6844a5d3dc1
        Validity
            Not Before: Jan  1 23:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8977fa9cf1aa4e478a7a95a40dd1710f195ebd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:f0:99:34:75:7b:c0:bd:05:e4:82:76:fc:e3:
                    22:d0:40:f5:fc:80:c1:58:7a:55:cb:ef:e6:cd:e3:
                    2c:9a:74:fe:6f:93:a8:84:d8:4d:6d:4a:b8:4d:4d:
                    2b:4d:77:ba:e3:b7:59:b8:62:fb:e0:ae:e8:40:a1:
                    ad:79:c8:70:87:f3:66:53:bb:11:ab:ca:b9:4e:12:
                    99:2c:3c:4f:09:b9:5e:9a:3c:e3:5b:08:52:e1:fd:
                    4c:98:a2:86:82:b0:9e:31:78:b5:77:8a:e9:46:67:
                    e3:5b:db:a2:b5:b6:36:83:87:5f:57:ed:78:b9:0f:
                    46:1a:a3:d2:72:51:8f:78:96:7e:33:46:4e:3b:b9:
                    6d:8a:b4:96:f4:88:50:7d:43:d8:36:2e:3a:0e:6f:
                    fd:fb:5a:80:34:1c:7f:1f:34:6a:ae:c5:9d:22:e7:
                    db:c1:4b:bf:98:96:0b:bc:a8:61:91:cd:99:de:ef:
                    be:9b:4d:76:ae:64:2a:d5:bc:3c:c6:e8:3e:49:da:
                    f7:f2:21:bc:51:03:bf:be:11:52:2c:7a:2b:83:56:
                    2e:be:c6:7f:81:3d:e9:08:ef:07:67:10:00:ae:7e:
                    49:a2:8c:52:2c:e3:7e:c5:a2:4c:d0:c5:53:49:90:
                    bd:de:60:90:06:98:f1:a5:7f:5b:bc:50:d5:4c:46:
                    ad:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:97:7F:A9:CF:1A:A4:E4:78:A7:A9:5A:40:DD:17:10:F1:95:EB:D1
            X509v3 Authority Key Identifier:
                keyid:33:0E:64:0F:9D:63:BA:94:3A:97:B3:DC:10:D4:C6:84:4A:5D:3D:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mw5kD51jupQ6l7PcENTGhEpdPcE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/1-Jd_qc8apOR4p6laQN0XEPGV69E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/Mw5kD51jupQ6l7PcENTGhEpdPcE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  101.56.0.0/14
                  101.62.0.0/15
                  195.162.92.0/22
                IPv6:
                  2a0e:400::/25

    Signature Algorithm: sha256WithRSAEncryption
         3c:88:57:95:6c:fd:51:fd:f3:65:21:02:2e:fb:de:4d:01:84:
         b8:80:a2:fa:24:04:54:85:fa:f6:c0:de:6b:7e:8f:f5:dd:f4:
         ff:3e:5c:bd:60:6b:5c:bf:bc:16:84:bb:3a:9d:bc:84:1d:72:
         d5:3a:7e:61:ab:f8:ac:f8:32:cf:d1:6a:6c:6a:e0:9a:8f:cf:
         8c:dd:a5:2e:18:c5:ec:51:73:29:00:0d:56:ba:fb:e5:77:c5:
         51:b3:83:71:1e:ec:c9:47:4c:f2:97:37:4a:93:10:28:e4:a1:
         0b:66:b8:dc:f3:b2:25:3b:86:be:ce:93:77:24:f7:90:f6:0f:
         e3:d8:77:03:ae:c7:91:c8:2f:3a:4e:25:90:2c:54:86:0a:dc:
         4f:cf:a3:69:87:3a:50:8b:35:25:97:31:76:ed:6e:74:29:b6:
         99:9b:0d:87:07:dd:63:fd:61:c4:3e:5c:49:02:2d:63:24:63:
         48:dd:58:b1:70:21:4b:90:03:cf:ea:a0:53:63:2e:ce:a2:b8:
         f2:19:39:2a:f4:52:12:2a:62:5e:73:df:e8:59:89:21:fd:63:
         d1:c0:20:0f:fe:b7:36:ae:cd:de:c9:ad:f8:13:ed:e0:91:4c:
         bc:49:16:4a:b2:61:94:a0:1d:56:a6:df:76:ba:eb:6e:04:5f:
         86:f0:fd:7b
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZQkRKwpCy0QiyAzErYF1mf/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMGU2NDBmOWQ2M2JhOTQzYTk3YjNkYzEwZDRjNjg0NGE1
ZDNkYzEwHhcNMjUwMTAxMjM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODk3N2ZhOWNmMWFhNGU0NzhhN2E5NWE0MGRkMTcxMGYxOTVlYmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4PCZNHV7wL0F5IJ2/OMi0ED1/IDB
WHpVy+/mzeMsmnT+b5OohNhNbUq4TU0rTXe647dZuGL74K7oQKGtechwh/NmU7sR
q8q5ThKZLDxPCblemjzjWwhS4f1MmKKGgrCeMXi1d4rpRmfjW9uitbY2g4dfV+14
uQ9GGqPSclGPeJZ+M0ZOO7ltirSW9IhQfUPYNi46Dm/9+1qANBx/HzRqrsWdIufb
wUu/mJYLvKhhkc2Z3u++m012rmQq1bw8xug+Sdr38iG8UQO/vhFSLHorg1YuvsZ/
gT3pCO8HZxAArn5JooxSLON+xaJM0MVTSZC93mCQBpjxpX9bvFDVTEatdwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFPiXf6nPGqTkeKepWkDdFxDxlevRMB8GA1UdIwQY
MBaAFDMOZA+dY7qUOpez3BDUxoRKXT3BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXc1a0Q1MWp1cFE2bDdQY0VOVEdoRXBkUGNFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9lNzE4ZTQtNTNiNy00N2JiLWEzMzYt
NWExNzcxOWQ0NDllLzEvMS1KZF9xYzhhcE9SNHA2bGFRTjBYRVBHVjY5RS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODUvZTcxOGU0LTUzYjctNDdiYi1hMzM2LTVhMTc3MTlkNDQ5
ZS8xL013NWtENTFqdXBRNmw3UGNFTlRHaEVwZFBjRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA4BggrBgEFBQcBBwEB/wQpMCcwFgQCAAEwEAMDAmU4AwMB
ZT4DBALDolwwDQQCAAIwBwMFByoOBAAwDQYJKoZIhvcNAQELBQADggEBADyIV5Vs
/VH982UhAi773k0BhLiAovokBFSF+vbA3mt+j/Xd9P8+XL1ga1y/vBaEuzqdvIQd
ctU6fmGr+Kz4Ms/Ramxq4JqPz4zdpS4YxexRcykADVa6++V3xVGzg3Ee7MlHTPKX
N0qTECjkoQtmuNzzsiU7hr7Ok3ck95D2D+PYdwOux5HILzpOJZAsVIYK3E/Po2mH
OlCLNSWXMXbtbnQptpmbDYcH3WP9YcQ+XEkCLWMkY0jdWLFwIUuQA8/qoFNjLs6i
uPIZOSr0UhIqYl5z3+hZiSH9Y9HAIA/+tzauzd7JrfgT7eCRTLxJFkqyYZSgHVam
33a6624EX4bw/Xs=
-----END CERTIFICATE-----