Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/1d0152-856d-4717-8219-bf2f97f1e34f/1/0uBbhfjzQTuxZI98xWIkcb9EAVA.roa
File:                     0uBbhfjzQTuxZI98xWIkcb9EAVA.roa (raw, json)
Hash identifier:          sJHqQCVtJVeOaKdOxzCvZpcmp4dJNcKnSV28v9PT9cw=
Subject key identifier:   D2:E0:5B:85:F8:F3:41:3B:B1:64:8F:7C:C5:62:24:71:BF:44:01:50
Certificate issuer:       /CN=0191496469167c5b1d8920b98bd51af3fe35ade5
Certificate serial:       01941FFAAB932D4BF76D92D0E63313E28C68
Authority key identifier: 01:91:49:64:69:16:7C:5B:1D:89:20:B9:8B:D5:1A:F3:FE:35:AD:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AZFJZGkWfFsdiSC5i9Ua8_41reU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/1d0152-856d-4717-8219-bf2f97f1e34f/1/0uBbhfjzQTuxZI98xWIkcb9EAVA.roa
Signing time:             Wed 01 Jan 2025 03:48:29 +0000
ROA not before:           Wed 01 Jan 2025 03:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42353
IP address blocks:        178.22.136.0/21 maxlen: 21
                          178.22.136.0/23 maxlen: 23
                          178.22.136.0/24 maxlen: 24
                          178.22.137.0/24 maxlen: 24
                          178.22.139.0/24 maxlen: 24
                          178.22.140.0/23 maxlen: 23
                          178.22.140.0/24 maxlen: 24
                          178.22.141.0/24 maxlen: 24
                          178.22.142.0/23 maxlen: 24
                          178.22.143.0/24 maxlen: 24
                          185.63.140.0/24 maxlen: 24
                          185.63.141.0/24 maxlen: 24
                          185.63.142.0/24 maxlen: 24
                          185.63.143.0/24 maxlen: 24
                          194.0.210.0/24 maxlen: 24
                          2a02:28c8::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:ab:93:2d:4b:f7:6d:92:d0:e6:33:13:e2:8c:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0191496469167c5b1d8920b98bd51af3fe35ade5
        Validity
            Not Before: Jan  1 03:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2e05b85f8f3413bb1648f7cc5622471bf440150
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:36:a2:0e:a8:4b:df:fa:16:38:20:c1:2a:37:
                    a3:64:ef:92:20:cc:9f:b9:d9:2e:58:26:93:c3:ee:
                    a7:8a:92:eb:0b:53:d9:13:21:9b:51:f8:ce:1b:ba:
                    97:a2:d4:ac:d5:1f:34:47:e0:81:36:90:62:a5:f1:
                    bc:d3:db:fc:15:c3:0f:8f:7a:c0:d4:d4:a9:f7:0f:
                    61:90:d9:f5:a9:2c:c1:74:c8:16:97:f2:fd:ec:c8:
                    68:c1:a6:d0:9a:d9:72:98:15:00:e7:d0:3e:a5:d3:
                    14:c3:36:a6:a7:4f:2a:f2:ba:2e:b7:9d:f3:22:a5:
                    c5:22:17:25:bc:f8:d3:f1:89:34:dd:b8:ef:8f:6b:
                    a4:96:a4:eb:e8:0d:ec:9c:af:a1:25:72:c6:15:15:
                    6d:6d:8d:49:47:27:6d:39:a5:8d:c8:b2:5a:ac:a1:
                    98:c6:6a:4e:ed:87:db:5d:17:ab:4e:61:79:5f:b1:
                    a3:8d:49:d6:89:6e:ec:af:3e:57:20:8e:64:88:5d:
                    4f:88:db:4c:1f:3d:ee:0b:aa:ff:d9:e2:d3:d9:20:
                    4b:5f:9e:8e:bd:6b:5c:58:e5:fe:dd:9e:6b:8f:95:
                    4d:d3:48:13:6a:ce:67:75:78:cf:01:b6:12:8e:2e:
                    e2:2a:61:c5:72:cc:12:06:0a:2a:eb:8b:ee:d9:7b:
                    8a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:E0:5B:85:F8:F3:41:3B:B1:64:8F:7C:C5:62:24:71:BF:44:01:50
            X509v3 Authority Key Identifier:
                keyid:01:91:49:64:69:16:7C:5B:1D:89:20:B9:8B:D5:1A:F3:FE:35:AD:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AZFJZGkWfFsdiSC5i9Ua8_41reU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/1d0152-856d-4717-8219-bf2f97f1e34f/1/0uBbhfjzQTuxZI98xWIkcb9EAVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/1d0152-856d-4717-8219-bf2f97f1e34f/1/AZFJZGkWfFsdiSC5i9Ua8_41reU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.22.136.0/21
                  185.63.140.0/22
                  194.0.210.0/24
                IPv6:
                  2a02:28c8::/32

    Signature Algorithm: sha256WithRSAEncryption
         72:8e:53:e6:c9:38:ab:a1:31:77:70:0e:10:1e:b9:ee:64:ba:
         ae:d0:ff:94:76:ef:87:83:88:b8:44:50:cb:8e:f9:95:39:0f:
         22:93:98:bc:25:ba:40:1a:9a:f6:c9:67:b6:ff:a3:21:c7:f4:
         86:04:39:ab:45:6e:8e:de:ea:85:54:71:01:74:db:54:ab:4d:
         3f:d2:a2:fe:bb:08:c2:9a:58:3a:e5:68:ce:f0:72:3f:30:20:
         4a:99:52:df:e8:b2:34:59:b4:3f:b0:43:38:ae:09:1d:82:ee:
         4c:1a:9d:92:73:e1:ac:5c:f0:e6:a2:83:81:e7:94:53:b0:50:
         d8:12:b1:cf:11:77:4b:af:b4:8d:0c:a0:84:f6:97:45:a0:4d:
         9d:8c:0d:4b:8a:6f:5e:e9:00:06:66:7a:d5:ad:d6:56:cd:99:
         26:48:1b:7e:0a:6a:d2:d4:6e:82:46:06:40:4f:9c:13:a4:35:
         19:48:97:8a:31:64:7b:d0:c6:97:2c:7d:a9:e1:9e:f1:2d:eb:
         51:6e:87:cb:c4:e7:13:1e:03:40:67:9f:9c:ec:6b:1a:25:38:
         00:3a:39:ee:b3:bb:69:57:f1:3b:fb:c8:18:06:5b:3d:35:0f:
         cf:15:db:7c:b0:27:70:30:3f:9f:0e:3f:5b:b7:37:1d:98:85:
         34:8b:9f:94
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQf+quTLUv3bZLQ5jMT4oxoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOTE0OTY0NjkxNjdjNWIxZDg5MjBiOThiZDUxYWYzZmUz
NWFkZTUwHhcNMjUwMTAxMDM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmUwNWI4NWY4ZjM0MTNiYjE2NDhmN2NjNTYyMjQ3MWJmNDQwMTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3DaiDqhL3/oWOCDBKjejZO+SIMyf
udkuWCaTw+6nipLrC1PZEyGbUfjOG7qXotSs1R80R+CBNpBipfG809v8FcMPj3rA
1NSp9w9hkNn1qSzBdMgWl/L97MhowabQmtlymBUA59A+pdMUwzamp08q8rout53z
IqXFIhclvPjT8Yk03bjvj2uklqTr6A3snK+hJXLGFRVtbY1JRydtOaWNyLJarKGY
xmpO7YfbXRerTmF5X7GjjUnWiW7srz5XII5kiF1PiNtMHz3uC6r/2eLT2SBLX56O
vWtcWOX+3Z5rj5VN00gTas5ndXjPAbYSji7iKmHFcswSBgoq64vu2XuK0QIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFNLgW4X480E7sWSPfMViJHG/RAFQMB8GA1UdIwQY
MBaAFAGRSWRpFnxbHYkguYvVGvP+Na3lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVpGSlpHa1dmRnNkaVNDNWk5VWE4XzQxcmVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS8xZDAxNTItODU2ZC00NzE3LTgyMTkt
YmYyZjk3ZjFlMzRmLzEvMHVCYmhmanpRVHV4Wkk5OHhXSWtjYjlFQVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS8xZDAxNTItODU2ZC00NzE3LTgyMTktYmYyZjk3ZjFlMzRm
LzEvQVpGSlpHa1dmRnNkaVNDNWk5VWE4XzQxcmVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDshaIAwQC
uT+MAwQAwgDSMA0EAgACMAcDBQAqAijIMA0GCSqGSIb3DQEBCwUAA4IBAQByjlPm
yTiroTF3cA4QHrnuZLqu0P+Udu+Hg4i4RFDLjvmVOQ8ik5i8JbpAGpr2yWe2/6Mh
x/SGBDmrRW6O3uqFVHEBdNtUq00/0qL+uwjCmlg65WjO8HI/MCBKmVLf6LI0WbQ/
sEM4rgkdgu5MGp2Sc+GsXPDmooOB55RTsFDYErHPEXdLr7SNDKCE9pdFoE2djA1L
im9e6QAGZnrVrdZWzZkmSBt+CmrS1G6CRgZAT5wTpDUZSJeKMWR70MaXLH2p4Z7x
LetRbofLxOcTHgNAZ5+c7GsaJTgAOjnus7tpV/E7+8gYBls9NQ/PFdt8sCdwMD+f
Dj9btzcdmIU0i5+U
-----END CERTIFICATE-----