Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/9d8598-e9e2-4709-b535-6b04aadeef10/1/660TeS3Zn3DLQGxj61zAMaI5cys.roa
File:                     660TeS3Zn3DLQGxj61zAMaI5cys.roa (raw, json)
Hash identifier:          /OIs6zbcslTXyME8vlZ0u2I1w3H0JKAUoh5g6JxOOP4=
Subject key identifier:   EB:AD:13:79:2D:D9:9F:70:CB:40:6C:63:EB:5C:C0:31:A2:39:73:2B
Certificate issuer:       /CN=086282e751286fbbecc75ea6edcc254192c55c76
Certificate serial:       0194206808356B73E698693E155EC8D6B6D7
Authority key identifier: 08:62:82:E7:51:28:6F:BB:EC:C7:5E:A6:ED:CC:25:41:92:C5:5C:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CGKC51Eob7vsx16m7cwlQZLFXHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/9d8598-e9e2-4709-b535-6b04aadeef10/1/660TeS3Zn3DLQGxj61zAMaI5cys.roa
Signing time:             Wed 01 Jan 2025 05:47:56 +0000
ROA not before:           Wed 01 Jan 2025 05:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34086
IP address blocks:        46.29.96.0/21 maxlen: 24
                          82.192.98.0/23 maxlen: 24
                          93.188.240.0/21 maxlen: 24
                          94.100.240.0/20 maxlen: 24
                          160.44.0.0/16 maxlen: 24
                          160.44.192.0/20 maxlen: 24
                          160.44.192.0/21 maxlen: 21
                          160.44.200.0/21 maxlen: 21
                          185.9.216.0/22 maxlen: 24
                          217.150.144.0/20 maxlen: 24
                          2a00:da8::/32 maxlen: 32
                          2a00:da8:fffb::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:08:35:6b:73:e6:98:69:3e:15:5e:c8:d6:b6:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=086282e751286fbbecc75ea6edcc254192c55c76
        Validity
            Not Before: Jan  1 05:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebad13792dd99f70cb406c63eb5cc031a239732b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:05:5f:6b:d8:00:f8:ce:46:fe:7f:25:13:fe:
                    40:52:63:1d:30:cf:ca:f6:56:7f:64:f3:3e:50:bd:
                    97:40:e9:29:d8:72:88:d4:8e:72:9d:85:60:59:db:
                    43:93:65:7f:d7:b5:b6:5c:4a:de:51:e8:2b:cd:61:
                    d0:77:07:80:70:ef:b5:72:d2:1e:af:f2:83:d7:06:
                    eb:60:43:ba:bc:5c:d5:d4:c6:0e:27:22:8d:83:ec:
                    26:ba:92:c2:c9:59:79:2d:ed:f9:39:93:39:bf:38:
                    37:8e:3d:76:c0:06:5a:4f:6a:06:51:cb:9f:99:6a:
                    e7:4c:1c:cb:fd:c6:87:09:5b:4c:dd:6a:2a:d1:01:
                    60:00:84:84:8f:b8:70:6e:0a:91:e9:df:9e:43:8f:
                    cf:a0:40:b5:dc:0a:08:4e:e8:cd:68:b5:dd:ed:e4:
                    de:95:0c:e7:c4:f9:9d:f0:e6:42:ba:33:34:9f:9a:
                    13:82:b5:7c:c5:03:7a:7c:5a:68:27:77:87:17:f5:
                    90:f1:90:93:c6:a7:ad:b2:63:2e:71:96:ac:98:4d:
                    6b:92:0a:9c:0f:a6:c6:78:ef:ea:bf:d7:e5:39:3d:
                    d2:a4:c1:c3:53:a3:23:93:0f:00:36:4b:a8:f7:91:
                    45:66:db:12:32:a7:ee:ef:cc:2f:d8:69:38:50:4f:
                    6c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:AD:13:79:2D:D9:9F:70:CB:40:6C:63:EB:5C:C0:31:A2:39:73:2B
            X509v3 Authority Key Identifier:
                keyid:08:62:82:E7:51:28:6F:BB:EC:C7:5E:A6:ED:CC:25:41:92:C5:5C:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CGKC51Eob7vsx16m7cwlQZLFXHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/9d8598-e9e2-4709-b535-6b04aadeef10/1/660TeS3Zn3DLQGxj61zAMaI5cys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/9d8598-e9e2-4709-b535-6b04aadeef10/1/CGKC51Eob7vsx16m7cwlQZLFXHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.96.0/21
                  82.192.98.0/23
                  93.188.240.0/21
                  94.100.240.0/20
                  160.44.0.0/16
                  185.9.216.0/22
                  217.150.144.0/20
                IPv6:
                  2a00:da8::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:b3:59:c9:ed:8c:2c:4e:cd:87:a7:0b:19:df:2a:bd:67:90:
         ae:d8:96:10:3d:fe:e6:09:71:c2:a5:83:bf:8c:ac:3b:e1:3c:
         bf:ca:4e:18:3f:88:b3:fe:69:7c:23:09:61:0a:06:cc:47:fc:
         51:f3:18:7a:89:76:76:71:c7:04:d9:5c:85:6d:37:74:92:9f:
         21:80:c6:6d:4f:ba:e3:b7:85:b6:98:fd:bf:88:43:9b:44:bb:
         e5:ec:fa:fe:48:b6:ab:38:08:c0:6d:a1:1c:6b:4c:ea:6d:3d:
         a9:53:fb:a1:4c:c2:53:68:41:ac:d0:91:d1:d2:61:62:94:c7:
         dc:7b:74:f7:60:97:a7:6c:83:a8:5d:21:c7:f6:a3:28:57:a1:
         2e:35:1a:0c:c4:f0:0c:d1:d2:ec:cc:d7:8f:54:80:60:6f:ca:
         8e:5a:6e:60:43:fc:c7:76:18:4e:06:ff:75:4b:f9:fc:a3:81:
         61:f7:1e:9f:e1:15:c0:4e:c3:9a:7b:d8:16:dd:ae:ac:80:90:
         a1:d5:ac:f0:33:29:7e:0c:4a:b3:d2:8e:21:80:fe:94:2d:79:
         3c:fc:31:07:1c:65:2f:f0:83:ec:fe:c0:6c:f5:7d:bc:26:61:
         dd:c8:4b:fe:e0:9a:27:e8:16:a0:8d:21:70:7a:d5:1a:29:8a:
         93:1f:40:1c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZQgaAg1a3PmmGk+FV7I1rbXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NjI4MmU3NTEyODZmYmJlY2M3NWVhNmVkY2MyNTQxOTJj
NTVjNzYwHhcNMjUwMTAxMDU0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmFkMTM3OTJkZDk5ZjcwY2I0MDZjNjNlYjVjYzAzMWEyMzk3MzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQVfa9gA+M5G/n8lE/5AUmMdMM/K
9lZ/ZPM+UL2XQOkp2HKI1I5ynYVgWdtDk2V/17W2XEreUegrzWHQdweAcO+1ctIe
r/KD1wbrYEO6vFzV1MYOJyKNg+wmupLCyVl5Le35OZM5vzg3jj12wAZaT2oGUcuf
mWrnTBzL/caHCVtM3Woq0QFgAISEj7hwbgqR6d+eQ4/PoEC13AoITujNaLXd7eTe
lQznxPmd8OZCujM0n5oTgrV8xQN6fFpoJ3eHF/WQ8ZCTxqetsmMucZasmE1rkgqc
D6bGeO/qv9flOT3SpMHDU6Mjkw8ANkuo95FFZtsSMqfu78wv2Gk4UE9sOwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFOutE3kt2Z9wy0BsY+tcwDGiOXMrMB8GA1UdIwQY
MBaAFAhigudRKG+77Mdepu3MJUGSxVx2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0dLQzUxRW9iN3ZzeDE2bTdjd2xRWkxGWEhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS85ZDg1OTgtZTllMi00NzA5LWI1MzUt
NmIwNGFhZGVlZjEwLzEvNjYwVGVTM1puM0RMUUd4ajYxekFNYUk1Y3lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS85ZDg1OTgtZTllMi00NzA5LWI1MzUtNmIwNGFhZGVlZjEw
LzEvQ0dLQzUxRW9iN3ZzeDE2bTdjd2xRWkxGWEhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAvBAIAATApAwQDLh1gAwQB
UsBiAwQDXbzwAwQEXmTwAwMAoCwDBAK5CdgDBATZlpAwDQQCAAIwBwMFACoADagw
DQYJKoZIhvcNAQELBQADggEBAB+zWcntjCxOzYenCxnfKr1nkK7YlhA9/uYJccKl
g7+MrDvhPL/KThg/iLP+aXwjCWEKBsxH/FHzGHqJdnZxxwTZXIVtN3SSnyGAxm1P
uuO3hbaY/b+IQ5tEu+Xs+v5Itqs4CMBtoRxrTOptPalT+6FMwlNoQazQkdHSYWKU
x9x7dPdgl6dsg6hdIcf2oyhXoS41GgzE8AzR0uzM149UgGBvyo5abmBD/Md2GE4G
/3VL+fyjgWH3Hp/hFcBOw5p72BbdrqyAkKHVrPAzKX4MSrPSjiGA/pQteTz8MQcc
ZS/wg+z+wGz1fbwmYd3IS/7gmifoFqCNIXB61RopipMfQBw=
-----END CERTIFICATE-----