Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ZDgimuSnEV5kG7Hv0D3jnxaq3BM.roa
File:                     ZDgimuSnEV5kG7Hv0D3jnxaq3BM.roa (raw, json)
Hash identifier:          8rDiXQos7y2n+2TfFaOOrt1DRM0KTNb/vPaxjT58/mw=
Subject key identifier:   64:38:22:9A:E4:A7:11:5E:64:1B:B1:EF:D0:3D:E3:9F:16:AA:DC:13
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0194820B00AD016D8C1048E2293AEBC48600
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ZDgimuSnEV5kG7Hv0D3jnxaq3BM.roa
Signing time:             Mon 20 Jan 2025 04:49:06 +0000
ROA not before:           Mon 20 Jan 2025 04:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        37.202.204.0/24 maxlen: 24
                          37.202.205.0/24 maxlen: 24
                          37.202.208.0/23 maxlen: 24
                          37.202.210.0/24 maxlen: 24
                          37.202.212.0/23 maxlen: 24
                          151.242.14.0/24 maxlen: 24
                          151.242.20.0/24 maxlen: 24
                          151.243.162.0/24 maxlen: 24
                          151.243.222.0/24 maxlen: 24
                          151.243.234.0/24 maxlen: 24
                          151.243.254.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:82:0b:00:ad:01:6d:8c:10:48:e2:29:3a:eb:c4:86:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan 20 04:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6438229ae4a7115e641bb1efd03de39f16aadc13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:72:e6:57:f6:d5:7f:7b:c3:a6:96:cc:34:89:
                    a5:75:e7:0c:1e:c9:db:a5:d0:5e:22:7e:8f:46:1b:
                    44:c1:38:ca:51:c3:a3:b3:d8:c2:85:72:52:75:2a:
                    52:ae:b3:11:5a:ac:f1:96:1a:cd:0c:8c:e3:44:4f:
                    a2:70:98:62:ce:42:ae:d1:e9:51:6b:a2:b8:b6:7d:
                    57:b0:78:5d:ca:cb:7f:f4:fe:ea:b2:34:68:00:d6:
                    64:d4:c7:6c:42:60:ac:8a:57:1e:49:ac:2c:4d:b4:
                    1b:76:0c:d4:ec:e8:0f:71:40:07:da:3f:02:77:9e:
                    0e:dd:fd:de:b1:38:ab:b1:8c:ff:4c:28:a6:81:2c:
                    c0:a4:99:f0:34:62:53:f1:fb:0c:f4:f3:9a:10:92:
                    2e:48:7f:f6:71:45:fc:02:99:bb:87:fe:f0:5c:18:
                    6d:d9:4b:66:23:47:1f:b6:73:a5:ff:40:c3:f4:26:
                    fc:8d:e3:1b:16:1c:6f:7d:f5:55:b4:75:7d:92:a1:
                    81:ae:ac:10:01:8a:34:ef:79:8d:c7:bf:d9:2f:2e:
                    52:dc:67:81:6a:da:a6:20:f8:34:04:25:2a:a4:4b:
                    e9:ec:4f:3c:e4:80:51:cd:15:c1:e9:c6:61:74:1c:
                    67:9a:9b:5f:5a:11:d3:aa:3b:f1:90:fc:7f:2b:84:
                    13:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:38:22:9A:E4:A7:11:5E:64:1B:B1:EF:D0:3D:E3:9F:16:AA:DC:13
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ZDgimuSnEV5kG7Hv0D3jnxaq3BM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.204.0/23
                  37.202.208.0-37.202.210.255
                  37.202.212.0/23
                  151.242.14.0/24
                  151.242.20.0/24
                  151.243.162.0/24
                  151.243.222.0/24
                  151.243.234.0/24
                  151.243.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:a5:cf:77:ab:cf:05:69:fe:35:09:51:3a:ac:17:5f:1f:24:
         08:57:10:02:6e:a0:e1:e8:b7:d3:1a:13:33:fd:43:0b:57:ce:
         b6:43:c2:c0:01:63:17:83:ec:7b:76:c4:f3:e9:bf:3a:a4:b3:
         7e:d5:01:93:32:88:b7:f8:4b:fe:e3:f8:3d:7e:45:8a:d5:80:
         80:fb:0b:ef:4f:96:57:e4:84:6e:33:8a:df:80:50:6f:30:0c:
         00:14:80:e4:ea:c6:cb:28:27:17:5a:84:ee:19:75:6a:dc:14:
         62:bc:bf:47:4b:2a:e3:b7:04:08:2d:e2:b8:55:59:67:9b:05:
         aa:84:75:a5:f5:97:d6:a2:8b:e5:18:48:06:76:26:c4:1a:4b:
         43:34:66:b7:43:3a:0a:f5:0f:ae:f6:73:81:10:9f:66:cb:1e:
         3e:b6:df:50:93:91:cf:4b:b5:aa:1a:95:65:86:98:c1:6d:cb:
         c4:10:6c:15:22:41:2d:88:da:cb:bd:5f:d3:74:d2:2a:0d:64:
         e5:a0:e3:77:d9:b1:4e:d3:36:a7:58:14:f9:74:c3:ed:7d:86:
         68:e6:f3:a3:9d:5d:22:4a:1b:17:28:fc:c3:82:c8:a4:20:dc:
         5d:d2:2f:a2:f2:4b:d1:43:7d:d7:ee:11:e8:45:04:c3:42:76:
         ec:87:4a:f1
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZSCCwCtAW2MEEjiKTrrxIYAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMTIwMDQ0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDM4MjI5YWU0YTcxMTVlNjQxYmIxZWZkMDNkZTM5ZjE2YWFkYzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXLmV/bVf3vDppbMNImldecMHsnb
pdBeIn6PRhtEwTjKUcOjs9jChXJSdSpSrrMRWqzxlhrNDIzjRE+icJhizkKu0elR
a6K4tn1XsHhdyst/9P7qsjRoANZk1MdsQmCsilceSawsTbQbdgzU7OgPcUAH2j8C
d54O3f3esTirsYz/TCimgSzApJnwNGJT8fsM9POaEJIuSH/2cUX8Apm7h/7wXBht
2UtmI0cftnOl/0DD9Cb8jeMbFhxvffVVtHV9kqGBrqwQAYo073mNx7/ZLy5S3GeB
atqmIPg0BCUqpEvp7E885IBRzRXB6cZhdBxnmptfWhHTqjvxkPx/K4QTVwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFGQ4IprkpxFeZBux79A9458WqtwTMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvWkRnaW11U25FVjVrRzdIdjBEM2pueGFxM0JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQBJcrMMAwD
BAQlytADBAAlytIDBAElytQDBACX8g4DBACX8hQDBACX86IDBACX894DBACX8+oD
BACX8/4wDQYJKoZIhvcNAQELBQADggEBAIKlz3erzwVp/jUJUTqsF18fJAhXEAJu
oOHot9MaEzP9QwtXzrZDwsABYxeD7Ht2xPPpvzqks37VAZMyiLf4S/7j+D1+RYrV
gID7C+9PllfkhG4zit+AUG8wDAAUgOTqxssoJxdahO4ZdWrcFGK8v0dLKuO3BAgt
4rhVWWebBaqEdaX1l9aii+UYSAZ2JsQaS0M0ZrdDOgr1D672c4EQn2bLHj6231CT
kc9LtaoalWWGmMFty8QQbBUiQS2I2su9X9N00ioNZOWg43fZsU7TNqdYFPl0w+19
hmjm86OdXSJKGxco/MOCyKQg3F3SL6LyS9FDfdfuEehFBMNCduyHSvE=
-----END CERTIFICATE-----