Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/c0a576-a220-4de0-aac1-7b96a9997718/1/PawZ63YCzLh66nBk8KkHzYsa-D8.roa
File:                     PawZ63YCzLh66nBk8KkHzYsa-D8.roa (raw, json)
Hash identifier:          MbGnyPjYsuuNw4Rc4to6au5h1LGwPajvRQALk91Nf/M=
Subject key identifier:   3D:AC:19:EB:76:02:CC:B8:7A:EA:70:64:F0:A9:07:CD:8B:1A:F8:3F
Certificate issuer:       /CN=0246e8a76d30c7c0495bc5ce8ee5110feab286e6
Certificate serial:       0194228DCDBD98D08E0EE0C0EBA15CE88227
Authority key identifier: 02:46:E8:A7:6D:30:C7:C0:49:5B:C5:CE:8E:E5:11:0F:EA:B2:86:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Akbop20wx8BJW8XOjuURD-qyhuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/c0a576-a220-4de0-aac1-7b96a9997718/1/PawZ63YCzLh66nBk8KkHzYsa-D8.roa
Signing time:             Wed 01 Jan 2025 15:48:26 +0000
ROA not before:           Wed 01 Jan 2025 15:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14537
IP address blocks:        5.62.80.0/20 maxlen: 24
                          45.85.4.0/22 maxlen: 24
                          66.84.64.0/20 maxlen: 24
                          78.24.208.0/21 maxlen: 24
                          94.125.56.0/21 maxlen: 24
                          109.202.112.0/21 maxlen: 24
                          185.28.72.0/22 maxlen: 24
                          193.31.208.0/20 maxlen: 24
                          193.33.228.0/23 maxlen: 24
                          2a03:9e00::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:cd:bd:98:d0:8e:0e:e0:c0:eb:a1:5c:e8:82:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0246e8a76d30c7c0495bc5ce8ee5110feab286e6
        Validity
            Not Before: Jan  1 15:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3dac19eb7602ccb87aea7064f0a907cd8b1af83f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:78:41:ce:01:63:53:bb:26:5d:e7:2c:bf:c0:
                    35:92:c5:45:89:c4:a6:10:a2:b2:58:2f:37:f3:df:
                    7a:98:01:25:93:6d:40:91:10:b0:a2:53:86:2e:0d:
                    78:6b:ed:64:8c:9b:91:0a:b9:3d:13:26:e5:e0:68:
                    f9:c9:d1:ee:11:3e:d3:3c:4e:58:d6:3b:a1:ef:b2:
                    2b:e2:21:6f:87:d3:28:a1:9f:34:6d:e1:e4:63:19:
                    07:5f:a1:b4:13:c1:a3:bf:69:ea:5f:ac:b4:28:5a:
                    63:86:7c:af:09:83:0e:65:70:51:e5:35:83:87:11:
                    e8:5d:62:75:68:33:70:02:fe:01:c8:a9:77:36:72:
                    62:39:67:a5:8f:fd:21:03:ee:65:5c:65:45:f5:09:
                    27:cc:c9:74:6b:ba:c7:8a:28:c3:31:58:64:66:94:
                    c2:04:f6:79:39:92:12:52:04:b5:7d:a0:8b:26:c3:
                    8e:66:ed:3e:f3:c1:6e:3c:33:87:db:ba:bc:ab:ef:
                    71:da:26:52:8e:f0:e2:6d:de:91:54:e7:78:56:f2:
                    11:6c:a6:6f:f9:3d:6b:2c:70:dd:e9:d9:65:7b:7d:
                    4d:ba:f6:38:67:0f:d6:89:c8:42:88:ed:2b:be:c9:
                    92:83:75:e6:f2:75:9e:3e:46:56:de:4c:31:35:3d:
                    3c:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:AC:19:EB:76:02:CC:B8:7A:EA:70:64:F0:A9:07:CD:8B:1A:F8:3F
            X509v3 Authority Key Identifier:
                keyid:02:46:E8:A7:6D:30:C7:C0:49:5B:C5:CE:8E:E5:11:0F:EA:B2:86:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Akbop20wx8BJW8XOjuURD-qyhuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/c0a576-a220-4de0-aac1-7b96a9997718/1/PawZ63YCzLh66nBk8KkHzYsa-D8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/c0a576-a220-4de0-aac1-7b96a9997718/1/Akbop20wx8BJW8XOjuURD-qyhuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.62.80.0/20
                  45.85.4.0/22
                  66.84.64.0/20
                  78.24.208.0/21
                  94.125.56.0/21
                  109.202.112.0/21
                  185.28.72.0/22
                  193.31.208.0/20
                  193.33.228.0/23
                IPv6:
                  2a03:9e00::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:45:9c:17:a3:6a:d3:c1:7e:c6:e2:4b:45:2e:0d:8e:0c:33:
         b9:7a:a2:cb:22:71:da:50:27:81:ad:3d:40:ed:d3:dc:7c:2a:
         9e:91:18:68:b2:2d:30:b7:d5:57:18:16:7f:e7:1b:cc:d4:12:
         92:cd:c7:51:52:d2:01:9b:a8:f6:72:34:3a:3c:41:bc:13:6b:
         66:1b:53:dc:71:4e:97:31:21:c6:1d:39:46:ca:78:ca:22:ee:
         e3:44:e5:65:31:9a:f8:c0:2b:1b:1b:e7:8c:61:62:dd:2a:ce:
         1b:bd:1e:36:26:bb:bf:06:fd:2b:2f:f2:8e:50:02:5a:03:c9:
         c0:25:78:b5:16:ae:6f:d9:d2:ab:11:08:01:f7:00:f2:c6:ce:
         7d:c8:21:47:f1:4a:6b:67:c3:e3:73:91:76:20:66:14:1c:7b:
         0a:f1:85:63:2a:a8:94:63:3c:8e:ad:87:5b:ba:c7:28:89:b0:
         b8:27:59:45:a0:75:6c:9a:31:4c:79:eb:d6:a7:ce:1d:ad:fe:
         e3:3f:e9:57:40:28:14:6b:f6:e7:08:f5:9f:35:34:6c:bf:c7:
         cb:2e:0f:a3:54:ba:b9:62:67:c5:88:a5:c1:12:21:c1:b7:5d:
         88:30:b2:f0:63:66:f1:11:16:a0:58:40:0d:ae:02:0d:f4:8c:
         6b:b6:02:4c
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZQijc29mNCODuDA66Fc6IInMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyNDZlOGE3NmQzMGM3YzA0OTViYzVjZThlZTUxMTBmZWFi
Mjg2ZTYwHhcNMjUwMTAxMTU0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGFjMTllYjc2MDJjY2I4N2FlYTcwNjRmMGE5MDdjZDhiMWFmODNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXhBzgFjU7smXecsv8A1ksVFicSm
EKKyWC838996mAElk21AkRCwolOGLg14a+1kjJuRCrk9Eybl4Gj5ydHuET7TPE5Y
1juh77Ir4iFvh9MooZ80beHkYxkHX6G0E8Gjv2nqX6y0KFpjhnyvCYMOZXBR5TWD
hxHoXWJ1aDNwAv4ByKl3NnJiOWelj/0hA+5lXGVF9QknzMl0a7rHiijDMVhkZpTC
BPZ5OZISUgS1faCLJsOOZu0+88FuPDOH27q8q+9x2iZSjvDibd6RVOd4VvIRbKZv
+T1rLHDd6dlle31NuvY4Zw/WichCiO0rvsmSg3Xm8nWePkZW3kwxNT081wIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFD2sGet2Asy4eupwZPCpB82LGvg/MB8GA1UdIwQY
MBaAFAJG6KdtMMfASVvFzo7lEQ/qsobmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWtib3AyMHd4OEJKVzhYT2p1VVJELXF5aHVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9jMGE1NzYtYTIyMC00ZGUwLWFhYzEt
N2I5NmE5OTk3NzE4LzEvUGF3WjYzWUN6TGg2Nm5CazhLa0h6WXNhLUQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9jMGE1NzYtYTIyMC00ZGUwLWFhYzEtN2I5NmE5OTk3NzE4
LzEvQWtib3AyMHd4OEJKVzhYT2p1VVJELXF5aHVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQEBT5QAwQC
LVUEAwQEQlRAAwQDThjQAwQDXn04AwQDbcpwAwQCuRxIAwQEwR/QAwQBwSHkMA0E
AgACMAcDBQAqA54AMA0GCSqGSIb3DQEBCwUAA4IBAQBGRZwXo2rTwX7G4ktFLg2O
DDO5eqLLInHaUCeBrT1A7dPcfCqekRhosi0wt9VXGBZ/5xvM1BKSzcdRUtIBm6j2
cjQ6PEG8E2tmG1PccU6XMSHGHTlGynjKIu7jROVlMZr4wCsbG+eMYWLdKs4bvR42
Jru/Bv0rL/KOUAJaA8nAJXi1Fq5v2dKrEQgB9wDyxs59yCFH8UprZ8Pjc5F2IGYU
HHsK8YVjKqiUYzyOrYdbuscoibC4J1lFoHVsmjFMeevWp84drf7jP+lXQCgUa/bn
CPWfNTRsv8fLLg+jVLq5YmfFiKXBEiHBt12IMLLwY2bxERagWEANrgIN9IxrtgJM
-----END CERTIFICATE-----