Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/yFf2Zz0VjYagA0shVIplpiusWp4.roa
File:                     yFf2Zz0VjYagA0shVIplpiusWp4.roa (raw, json)
Hash identifier:          Sonq+rZh7+zVQsS+x3AiHiTrq12H+Dw70vUAQVtyO0E=
Subject key identifier:   C8:57:F6:67:3D:15:8D:86:A0:03:4B:21:54:8A:65:A6:2B:AC:5A:9E
Certificate issuer:       /CN=1e4a2020b82d0294e90a2d6b2c0f28d1173b6465
Certificate serial:       01942445644C08A4DE64FA74894FD02DA7CD
Authority key identifier: 1E:4A:20:20:B8:2D:02:94:E9:0A:2D:6B:2C:0F:28:D1:17:3B:64:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HkogILgtApTpCi1rLA8o0Rc7ZGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/yFf2Zz0VjYagA0shVIplpiusWp4.roa
Signing time:             Wed 01 Jan 2025 23:48:34 +0000
ROA not before:           Wed 01 Jan 2025 23:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44453
IP address blocks:        5.132.137.0/24 maxlen: 32
                          5.132.161.0/24 maxlen: 32
                          5.132.162.0/23 maxlen: 23
                          5.132.162.0/24 maxlen: 32
                          5.132.163.0/24 maxlen: 24
                          5.132.189.0/24 maxlen: 24
                          5.132.190.0/24 maxlen: 32
                          5.198.144.0/20 maxlen: 20
                          128.204.128.0/19 maxlen: 24
                          128.204.135.0/24 maxlen: 24
                          185.2.156.0/22 maxlen: 22
                          2a03:3180::/32 maxlen: 32
                          2a03:3180::/36 maxlen: 36
                          2a03:3180:4000::/36 maxlen: 36
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:64:4c:08:a4:de:64:fa:74:89:4f:d0:2d:a7:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e4a2020b82d0294e90a2d6b2c0f28d1173b6465
        Validity
            Not Before: Jan  1 23:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c857f6673d158d86a0034b21548a65a62bac5a9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:43:4c:d2:ed:d5:ce:1b:e4:5c:85:de:55:fc:
                    75:00:86:cf:0b:26:82:2e:2a:4e:4c:b0:c1:8f:6b:
                    1f:57:ea:5f:9a:22:e0:b9:b4:33:e3:29:21:32:53:
                    d0:23:4e:2e:eb:70:d1:24:14:7f:05:56:90:4d:13:
                    bf:f2:7a:bb:86:06:99:bf:31:52:f7:0b:6b:37:ae:
                    a7:0b:fe:a6:f6:31:13:d5:f7:31:17:15:be:5b:d9:
                    3f:56:10:cd:59:ca:bc:5b:31:0c:7a:13:a7:91:34:
                    7b:cf:69:79:18:1f:d6:ac:b3:9f:d3:b9:5a:2a:a4:
                    d5:83:c6:ff:3e:70:c5:60:bb:ef:a4:29:fa:9d:dd:
                    4c:91:1c:de:12:23:63:75:eb:1b:ff:1f:a0:68:7e:
                    e6:df:11:b8:e6:59:b4:a7:b6:6f:fe:f0:e8:45:0f:
                    ca:fb:7d:34:78:6a:3a:50:2e:c1:a1:4b:ef:45:23:
                    b3:df:79:a2:79:b3:53:28:2e:15:22:5b:00:56:92:
                    e5:f9:a0:2a:77:bf:79:5b:bc:3f:16:ca:24:60:f3:
                    18:96:c6:fc:2d:c4:57:f8:3e:32:2e:b0:65:15:6f:
                    03:87:75:26:36:db:a1:a2:2d:80:24:30:59:8f:af:
                    8e:00:6c:57:dd:d6:1b:27:f9:b5:18:56:24:ac:c0:
                    58:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:57:F6:67:3D:15:8D:86:A0:03:4B:21:54:8A:65:A6:2B:AC:5A:9E
            X509v3 Authority Key Identifier:
                keyid:1E:4A:20:20:B8:2D:02:94:E9:0A:2D:6B:2C:0F:28:D1:17:3B:64:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HkogILgtApTpCi1rLA8o0Rc7ZGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/yFf2Zz0VjYagA0shVIplpiusWp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/HkogILgtApTpCi1rLA8o0Rc7ZGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.132.137.0/24
                  5.132.161.0-5.132.163.255
                  5.132.189.0-5.132.190.255
                  5.198.144.0/20
                  128.204.128.0/19
                  185.2.156.0/22
                IPv6:
                  2a03:3180::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:99:7f:00:ab:d4:48:48:a1:6b:de:53:c7:ce:50:fb:40:4d:
         9b:45:df:ea:8c:e5:aa:e4:78:1b:11:42:a0:0e:9d:5e:c2:87:
         ec:48:e7:de:66:53:e6:6c:fa:c4:00:a4:47:dd:39:c2:fe:dc:
         97:2f:cc:d6:11:ec:41:e1:a7:c9:5a:c1:0c:1a:08:e8:52:9c:
         fe:e6:3b:1b:80:74:9a:46:5f:cd:2c:53:50:a6:c2:de:ee:e5:
         ec:e7:81:19:1e:13:63:73:45:34:ab:01:9f:cb:8e:8f:bf:24:
         28:e5:a4:d8:19:6d:af:fa:fe:8d:25:44:5c:b6:2d:85:11:c1:
         2a:83:18:bc:17:86:2c:a1:f4:64:59:8c:2a:a4:fc:ab:1d:1d:
         f4:01:2a:02:a1:b3:c0:0a:49:7f:43:7f:4a:fd:8a:68:a2:01:
         a2:07:39:ac:fb:75:14:d6:7d:c6:e8:54:63:ac:56:4b:94:94:
         35:5e:26:8a:03:5d:b0:06:47:21:41:64:f6:a7:81:4f:45:74:
         20:40:1e:33:e4:d9:90:0a:47:92:06:1c:12:a6:10:81:3e:cb:
         52:56:47:95:95:4b:89:1a:79:87:1c:a7:04:2b:e1:81:ce:c0:
         81:82:95:8e:77:25:02:94:cc:b6:71:bc:96:dd:ec:c9:ab:08:
         b9:36:fc:b5
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAZQkRWRMCKTeZPp0iU/QLafNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNGEyMDIwYjgyZDAyOTRlOTBhMmQ2YjJjMGYyOGQxMTcz
YjY0NjUwHhcNMjUwMTAxMjM0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODU3ZjY2NzNkMTU4ZDg2YTAwMzRiMjE1NDhhNjVhNjJiYWM1YTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmENM0u3VzhvkXIXeVfx1AIbPCyaC
LipOTLDBj2sfV+pfmiLgubQz4ykhMlPQI04u63DRJBR/BVaQTRO/8nq7hgaZvzFS
9wtrN66nC/6m9jET1fcxFxW+W9k/VhDNWcq8WzEMehOnkTR7z2l5GB/WrLOf07la
KqTVg8b/PnDFYLvvpCn6nd1MkRzeEiNjdesb/x+gaH7m3xG45lm0p7Zv/vDoRQ/K
+300eGo6UC7BoUvvRSOz33miebNTKC4VIlsAVpLl+aAqd795W7w/FsokYPMYlsb8
LcRX+D4yLrBlFW8Dh3UmNtuhoi2AJDBZj6+OAGxX3dYbJ/m1GFYkrMBY9QIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFMhX9mc9FY2GoANLIVSKZaYrrFqeMB8GA1UdIwQY
MBaAFB5KICC4LQKU6QotaywPKNEXO2RlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGtvZ0lMZ3RBcFRwQ2kxckxBOG8wUmM3WkdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy80YzQ4YmItMzY2Yy00MWY1LTliMmQt
NTMwNDQwYzRmYTI5LzEveUZmMlp6MFZqWWFnQTBzaFZJcGxwaXVzV3A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy80YzQ4YmItMzY2Yy00MWY1LTliMmQtNTMwNDQwYzRmYTI5
LzEvSGtvZ0lMZ3RBcFRwQ2kxckxBOG8wUmM3WkdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzA6BAIAATA0AwQABYSJMAwD
BAAFhKEDBAIFhKAwDAMEAAWEvQMEAAWEvgMEBAXGkAMEBYDMgAMEArkCnDANBAIA
AjAHAwUAKgMxgDANBgkqhkiG9w0BAQsFAAOCAQEAaJl/AKvUSEiha95Tx85Q+0BN
m0Xf6ozlquR4GxFCoA6dXsKH7Ejn3mZT5mz6xACkR905wv7cly/M1hHsQeGnyVrB
DBoI6FKc/uY7G4B0mkZfzSxTUKbC3u7l7OeBGR4TY3NFNKsBn8uOj78kKOWk2Blt
r/r+jSVEXLYthRHBKoMYvBeGLKH0ZFmMKqT8qx0d9AEqAqGzwApJf0N/Sv2KaKIB
ogc5rPt1FNZ9xuhUY6xWS5SUNV4migNdsAZHIUFk9qeBT0V0IEAeM+TZkApHkgYc
EqYQgT7LUlZHlZVLiRp5hxynBCvhgc7AgYKVjnclApTMtnG8lt3syasIuTb8tQ==
-----END CERTIFICATE-----