Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/Z17YRi9mYaQRV70cYdKNkHS2BT8.roa
File:                     Z17YRi9mYaQRV70cYdKNkHS2BT8.roa (raw, json)
Hash identifier:          XclzZEx6yvB+VuFruQwlqlWve82bQq4L6RiJRruQ7hc=
Subject key identifier:   67:5E:D8:46:2F:66:61:A4:11:57:BD:1C:61:D2:8D:90:74:B6:05:3F
Certificate issuer:       /CN=58d2d2715f43f747bea762dce166bca4b8e965eb
Certificate serial:       01941FFA7FF52CF771F26180EE2D26936E73
Authority key identifier: 58:D2:D2:71:5F:43:F7:47:BE:A7:62:DC:E1:66:BC:A4:B8:E9:65:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WNLScV9D90e-p2Lc4Wa8pLjpZes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/Z17YRi9mYaQRV70cYdKNkHS2BT8.roa
Signing time:             Wed 01 Jan 2025 03:48:17 +0000
ROA not before:           Wed 01 Jan 2025 03:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8560
IP address blocks:        81.169.190.0/24 maxlen: 24
                          85.214.6.0/24 maxlen: 24
                          85.214.10.0/24 maxlen: 24
                          85.214.12.0/24 maxlen: 24
                          85.215.32.0/19 maxlen: 24
                          85.215.64.0/20 maxlen: 24
                          85.215.96.0/19 maxlen: 24
                          85.215.128.0/17 maxlen: 24
                          185.56.148.0/22 maxlen: 24
                          192.67.197.0/24 maxlen: 24
                          2a01:239::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:7f:f5:2c:f7:71:f2:61:80:ee:2d:26:93:6e:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58d2d2715f43f747bea762dce166bca4b8e965eb
        Validity
            Not Before: Jan  1 03:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=675ed8462f6661a41157bd1c61d28d9074b6053f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:26:6c:e7:86:5f:53:0a:f4:f4:4b:be:2e:a9:
                    c9:c2:12:fe:f9:dc:0f:e8:0e:1b:48:49:3f:1e:02:
                    1c:28:cd:b4:87:56:74:18:47:c8:76:45:6f:26:b5:
                    83:e5:8a:3f:c6:e9:77:ba:bb:a2:55:f2:c2:3d:40:
                    8f:72:cc:d0:5c:a1:62:7a:64:9e:5f:91:e0:94:86:
                    6b:c2:68:53:07:45:25:8b:26:da:d0:27:0e:47:85:
                    9a:3f:cb:4f:cd:34:64:e3:58:5d:54:6a:2f:de:fe:
                    32:8b:65:1e:76:67:61:fc:eb:97:8f:4e:a2:ae:d1:
                    4c:84:69:aa:b0:f4:b7:7a:ff:06:8c:9e:64:c5:04:
                    55:e5:91:ab:65:1a:a1:c7:63:7c:c0:83:50:a9:3f:
                    0c:c1:cc:63:11:5a:0e:cd:41:b3:c8:cf:0c:39:da:
                    2e:ca:88:d5:80:8c:2a:1d:17:fc:b5:a1:88:43:56:
                    9a:9b:64:9c:e9:1e:2e:f2:ee:76:bf:78:0c:c4:d6:
                    f1:a1:d5:69:bc:58:63:11:a1:ac:0f:49:ff:ed:91:
                    1b:31:ba:e2:a3:0e:75:e7:ee:c6:af:28:80:6b:74:
                    0b:0e:ef:25:d3:54:5a:9b:dc:15:b4:60:5f:53:57:
                    10:8e:de:21:d2:aa:14:94:bf:f4:59:33:d4:d9:2d:
                    98:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:5E:D8:46:2F:66:61:A4:11:57:BD:1C:61:D2:8D:90:74:B6:05:3F
            X509v3 Authority Key Identifier:
                keyid:58:D2:D2:71:5F:43:F7:47:BE:A7:62:DC:E1:66:BC:A4:B8:E9:65:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WNLScV9D90e-p2Lc4Wa8pLjpZes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/Z17YRi9mYaQRV70cYdKNkHS2BT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/WNLScV9D90e-p2Lc4Wa8pLjpZes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.169.190.0/24
                  85.214.6.0/24
                  85.214.10.0/24
                  85.214.12.0/24
                  85.215.32.0-85.215.79.255
                  85.215.96.0-85.215.255.255
                  185.56.148.0/22
                  192.67.197.0/24
                IPv6:
                  2a01:239::/32

    Signature Algorithm: sha256WithRSAEncryption
         70:52:08:c2:5e:2e:dd:1d:ec:86:cd:63:e0:30:a1:6c:99:fa:
         c5:75:ed:fb:0c:c6:37:3a:0d:e7:5e:90:5c:45:8a:3c:6e:41:
         c9:aa:cd:16:d9:ff:7f:c0:c4:25:9b:66:fd:42:bd:e2:f3:8c:
         dc:23:77:29:d7:38:eb:4b:50:89:54:c1:1b:69:3a:e5:94:fa:
         53:7c:18:02:75:2d:32:bf:9d:98:6e:c4:be:72:f3:31:c3:08:
         17:99:35:90:c3:39:66:04:2b:c1:b9:73:39:80:d9:42:25:c8:
         5f:55:fb:7a:8a:c8:e6:51:bf:49:8f:9f:04:f1:39:7c:b7:35:
         1d:67:e3:30:48:6d:ba:b2:22:29:9a:43:b1:54:a5:4d:c4:3a:
         ba:6d:ef:ee:5f:04:6d:d3:f6:6d:7d:9e:fd:e0:47:f7:bd:61:
         f6:06:88:ec:92:ed:3a:83:cd:44:da:ab:06:22:b1:0b:8c:63:
         54:f7:09:04:02:3d:7f:f0:3b:10:79:e5:e6:40:43:dd:db:ef:
         e5:d2:a8:db:17:94:e8:67:7c:3f:51:28:55:31:74:33:74:af:
         59:50:78:a6:f4:47:1d:87:b8:3f:46:04:c1:ba:fc:50:8d:74:
         f4:0c:bb:72:f9:40:15:95:96:a0:59:4e:bd:8f:4c:e1:02:1e:
         86:65:c4:15
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZQf+n/1LPdx8mGA7i0mk25zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZDJkMjcxNWY0M2Y3NDdiZWE3NjJkY2UxNjZiY2E0Yjhl
OTY1ZWIwHhcNMjUwMTAxMDM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzVlZDg0NjJmNjY2MWE0MTE1N2JkMWM2MWQyOGQ5MDc0YjYwNTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6yZs54ZfUwr09Eu+LqnJwhL++dwP
6A4bSEk/HgIcKM20h1Z0GEfIdkVvJrWD5Yo/xul3uruiVfLCPUCPcszQXKFiemSe
X5HglIZrwmhTB0Uliyba0CcOR4WaP8tPzTRk41hdVGov3v4yi2Uedmdh/OuXj06i
rtFMhGmqsPS3ev8GjJ5kxQRV5ZGrZRqhx2N8wINQqT8MwcxjEVoOzUGzyM8MOdou
yojVgIwqHRf8taGIQ1aam2Sc6R4u8u52v3gMxNbxodVpvFhjEaGsD0n/7ZEbMbri
ow515+7GryiAa3QLDu8l01Ram9wVtGBfU1cQjt4h0qoUlL/0WTPU2S2YjQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFGde2EYvZmGkEVe9HGHSjZB0tgU/MB8GA1UdIwQY
MBaAFFjS0nFfQ/dHvqdi3OFmvKS46WXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV05MU2NWOUQ5MGUtcDJMYzRXYThwTGpwWmVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9kNjdiN2ItYzc5OC00OTAxLTgwZjkt
ZTM4MzQ1MTZmYzA4LzEvWjE3WVJpOW1ZYVFSVjcwY1lkS05rSFMyQlQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9kNjdiN2ItYzc5OC00OTAxLTgwZjktZTM4MzQ1MTZmYzA4
LzEvV05MU2NWOUQ5MGUtcDJMYzRXYThwTGpwWmVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBFBAIAATA/AwQAUam+AwQA
VdYGAwQAVdYKAwQAVdYMMAwDBAVV1yADBARV10AwCwMEBVXXYAMDA1XQAwQCuTiU
AwQAwEPFMA0EAgACMAcDBQAqAQI5MA0GCSqGSIb3DQEBCwUAA4IBAQBwUgjCXi7d
HeyGzWPgMKFsmfrFde37DMY3Og3nXpBcRYo8bkHJqs0W2f9/wMQlm2b9Qr3i84zc
I3cp1zjrS1CJVMEbaTrllPpTfBgCdS0yv52YbsS+cvMxwwgXmTWQwzlmBCvBuXM5
gNlCJchfVft6isjmUb9Jj58E8Tl8tzUdZ+MwSG26siIpmkOxVKVNxDq6be/uXwRt
0/ZtfZ794Ef3vWH2Bojsku06g81E2qsGIrELjGNU9wkEAj1/8DsQeeXmQEPd2+/l
0qjbF5ToZ3w/UShVMXQzdK9ZUHim9Ecdh7g/RgTBuvxQjXT0DLty+UAVlZagWU69
j0zhAh6GZcQV
-----END CERTIFICATE-----