Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/2d125f-1a60-468d-a93a-c5b6aecb6c9c/1/PUu9JBqT0q_kMegzLpokDy8FZpg.roa
File:                     PUu9JBqT0q_kMegzLpokDy8FZpg.roa (raw, json)
Hash identifier:          GZSimUwCl58YJS+NoDvHAGPvWk0bb2fLNY1EJxjHl3U=
Subject key identifier:   3D:4B:BD:24:1A:93:D2:AF:E4:31:E8:33:2E:9A:24:0F:2F:05:66:98
Certificate issuer:       /CN=d25f2cd1a9f0da435f2e3b3ee70e64fdaf4b6121
Certificate serial:       019427B609146AA47C2029E4887488774E56
Authority key identifier: D2:5F:2C:D1:A9:F0:DA:43:5F:2E:3B:3E:E7:0E:64:FD:AF:4B:61:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0l8s0anw2kNfLjs-5w5k_a9LYSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/2d125f-1a60-468d-a93a-c5b6aecb6c9c/1/PUu9JBqT0q_kMegzLpokDy8FZpg.roa
Signing time:             Thu 02 Jan 2025 15:50:28 +0000
ROA not before:           Thu 02 Jan 2025 15:50:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38176
IP address blocks:        31.47.88.0/21 maxlen: 21
                          31.47.88.0/24 maxlen: 24
                          31.47.89.0/24 maxlen: 24
                          31.47.90.0/24 maxlen: 24
                          31.47.91.0/24 maxlen: 24
                          31.47.92.0/24 maxlen: 24
                          31.47.93.0/24 maxlen: 24
                          31.47.94.0/24 maxlen: 24
                          31.47.95.0/24 maxlen: 24
                          185.198.104.0/24 maxlen: 24
                          185.198.105.0/24 maxlen: 24
                          185.198.106.0/23 maxlen: 23
                          185.198.106.0/24 maxlen: 24
                          185.198.107.0/24 maxlen: 24
                          2a0a:1a40::/34 maxlen: 34
                          2a0a:1a40:4000::/34 maxlen: 34
                          2a0a:1a40:8000::/34 maxlen: 34
                          2a0a:1a40:c000::/34 maxlen: 34
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:09:14:6a:a4:7c:20:29:e4:88:74:88:77:4e:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d25f2cd1a9f0da435f2e3b3ee70e64fdaf4b6121
        Validity
            Not Before: Jan  2 15:50:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d4bbd241a93d2afe431e8332e9a240f2f056698
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:12:fe:ed:a8:25:2e:ee:f3:dd:53:9d:5f:58:
                    90:03:d4:e5:6e:8d:2d:ca:b9:8b:5e:7c:1f:9b:d8:
                    4a:81:f6:7f:38:01:fb:00:1f:79:f0:12:18:95:8a:
                    ed:dd:4c:b2:37:12:25:8f:ca:2f:fe:42:93:42:fe:
                    f2:8f:aa:40:24:39:7f:27:88:38:ba:d6:0d:9d:3d:
                    23:6f:23:c0:fb:7d:58:2b:e6:d1:46:11:dd:ff:00:
                    19:19:ed:cc:5e:bd:d2:1d:5e:75:fb:23:09:1f:df:
                    4a:3f:43:73:46:5e:a3:77:1f:74:ec:e9:66:01:be:
                    4a:b3:0c:57:f2:26:43:c7:eb:33:bf:8f:0b:95:1f:
                    8e:42:b6:49:07:b0:5a:64:48:79:a5:62:f5:99:b6:
                    10:80:bb:70:e2:02:c9:b6:b3:df:d9:fa:30:61:04:
                    68:75:fa:90:79:12:27:28:da:6d:0f:06:dc:61:14:
                    8e:3a:66:c9:bd:0f:cf:f1:d1:3c:65:a7:1c:fa:ed:
                    55:2c:a2:bf:43:c3:cf:ea:b1:b7:ce:4c:06:c6:9a:
                    2c:5d:95:6e:fe:60:4b:42:65:cd:b5:18:70:5e:f4:
                    b4:fc:e2:b2:55:d6:e8:a3:12:50:c6:8f:ec:36:45:
                    a3:0a:fe:5f:07:65:fa:b0:85:f7:a7:69:f3:8f:d4:
                    c3:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:4B:BD:24:1A:93:D2:AF:E4:31:E8:33:2E:9A:24:0F:2F:05:66:98
            X509v3 Authority Key Identifier:
                keyid:D2:5F:2C:D1:A9:F0:DA:43:5F:2E:3B:3E:E7:0E:64:FD:AF:4B:61:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0l8s0anw2kNfLjs-5w5k_a9LYSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2d125f-1a60-468d-a93a-c5b6aecb6c9c/1/PUu9JBqT0q_kMegzLpokDy8FZpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2d125f-1a60-468d-a93a-c5b6aecb6c9c/1/0l8s0anw2kNfLjs-5w5k_a9LYSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.47.88.0/21
                  185.198.104.0/22
                IPv6:
                  2a0a:1a40::/32

    Signature Algorithm: sha256WithRSAEncryption
         ab:4c:76:f5:c9:8c:88:ae:a9:26:fc:37:03:ef:21:2b:02:8b:
         59:ef:a9:4c:9c:4c:d7:31:6e:ae:80:bc:08:be:95:8b:e5:00:
         7c:fe:7e:2f:71:73:f1:b2:1a:44:90:2d:47:d0:32:bd:cd:a5:
         7f:86:3b:dd:ed:cf:e4:06:06:19:58:46:5f:98:03:19:0d:55:
         6d:89:94:c6:0f:54:cd:6c:27:7c:78:28:a5:79:8e:ea:15:3f:
         70:19:91:7e:48:1b:f6:d7:5b:0b:88:8f:d2:f2:dc:04:e2:13:
         8a:e0:4b:d7:98:cb:72:89:61:ed:a4:4d:ed:45:0b:0b:9f:a5:
         48:c7:48:c5:17:38:21:e7:ea:73:5b:b1:1e:d0:eb:92:ae:d4:
         ab:50:49:2d:c7:40:17:b4:50:40:b8:a9:e4:df:c8:03:20:77:
         a4:f7:28:75:03:7d:65:ce:43:c8:88:ce:d0:73:1c:05:24:d5:
         c1:49:42:27:ed:98:30:d0:e8:08:ff:c8:b7:8d:ab:19:46:cd:
         f3:99:92:ec:8e:3f:94:83:83:8b:81:53:29:96:89:17:0c:e6:
         80:1f:00:f8:0f:fb:69:8a:e0:ac:3f:e8:0c:e3:92:2c:f3:51:
         a3:a5:86:c6:11:14:d3:ab:c2:dd:72:b7:ea:3e:0c:26:6d:22:
         82:58:e9:bf
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQntgkUaqR8ICnkiHSId05WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNWYyY2QxYTlmMGRhNDM1ZjJlM2IzZWU3MGU2NGZkYWY0
YjYxMjEwHhcNMjUwMTAyMTU1MDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDRiYmQyNDFhOTNkMmFmZTQzMWU4MzMyZTlhMjQwZjJmMDU2Njk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBL+7aglLu7z3VOdX1iQA9Tlbo0t
yrmLXnwfm9hKgfZ/OAH7AB958BIYlYrt3UyyNxIlj8ov/kKTQv7yj6pAJDl/J4g4
utYNnT0jbyPA+31YK+bRRhHd/wAZGe3MXr3SHV51+yMJH99KP0NzRl6jdx907Olm
Ab5KswxX8iZDx+szv48LlR+OQrZJB7BaZEh5pWL1mbYQgLtw4gLJtrPf2fowYQRo
dfqQeRInKNptDwbcYRSOOmbJvQ/P8dE8Zacc+u1VLKK/Q8PP6rG3zkwGxposXZVu
/mBLQmXNtRhwXvS0/OKyVdbooxJQxo/sNkWjCv5fB2X6sIX3p2nzj9TDmwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFD1LvSQak9Kv5DHoMy6aJA8vBWaYMB8GA1UdIwQY
MBaAFNJfLNGp8NpDXy47PucOZP2vS2EhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGw4czBhbncya05mTGpzLTV3NWtfYTlMWVNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8yZDEyNWYtMWE2MC00NjhkLWE5M2Et
YzViNmFlY2I2YzljLzEvUFV1OUpCcVQwcV9rTWVnekxwb2tEeThGWnBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8yZDEyNWYtMWE2MC00NjhkLWE5M2EtYzViNmFlY2I2Yzlj
LzEvMGw4czBhbncya05mTGpzLTV3NWtfYTlMWVNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDHy9YAwQC
ucZoMA0EAgACMAcDBQAqChpAMA0GCSqGSIb3DQEBCwUAA4IBAQCrTHb1yYyIrqkm
/DcD7yErAotZ76lMnEzXMW6ugLwIvpWL5QB8/n4vcXPxshpEkC1H0DK9zaV/hjvd
7c/kBgYZWEZfmAMZDVVtiZTGD1TNbCd8eCileY7qFT9wGZF+SBv211sLiI/S8twE
4hOK4EvXmMtyiWHtpE3tRQsLn6VIx0jFFzgh5+pzW7Ee0OuSrtSrUEktx0AXtFBA
uKnk38gDIHek9yh1A31lzkPIiM7QcxwFJNXBSUIn7Zgw0OgI/8i3jasZRs3zmZLs
jj+Ug4OLgVMplokXDOaAHwD4D/tpiuCsP+gM45Is81GjpYbGERTTq8LdcrfqPgwm
bSKCWOm/
-----END CERTIFICATE-----