Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/UMfIJ4EkKe8CVasCT8oXUcrQ6OI.roa
File:                     UMfIJ4EkKe8CVasCT8oXUcrQ6OI.roa (raw, json)
Hash identifier:          3LFAPPOU8Y4Xq1w7Z+BXBDIGin+QCpmvBTCL7ynmRq4=
Subject key identifier:   50:C7:C8:27:81:24:29:EF:02:55:AB:02:4F:CA:17:51:CA:D0:E8:E2
Certificate issuer:       /CN=22a5d84053e2b0c313af1e3ba5102466a5f79678
Certificate serial:       01936DFE69A3E6E618CDFD92AD9903E2B499
Authority key identifier: 22:A5:D8:40:53:E2:B0:C3:13:AF:1E:3B:A5:10:24:66:A5:F7:96:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IqXYQFPisMMTrx47pRAkZqX3lng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/UMfIJ4EkKe8CVasCT8oXUcrQ6OI.roa
Signing time:             Wed 27 Nov 2024 14:20:09 +0000
ROA not before:           Wed 27 Nov 2024 14:20:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        137.174.0.0/17 maxlen: 22
                          137.174.128.0/18 maxlen: 22
                          137.174.192.0/19 maxlen: 22
                          147.123.32.0/19 maxlen: 22
                          147.123.36.0/22 maxlen: 24
                          155.204.64.0/20 maxlen: 20
                          155.204.80.0/21 maxlen: 21
                          155.204.88.0/21 maxlen: 21
                          155.204.96.0/21 maxlen: 21
                          155.204.104.0/21 maxlen: 21
                          155.204.136.0/21 maxlen: 21
                          155.204.208.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:6d:fe:69:a3:e6:e6:18:cd:fd:92:ad:99:03:e2:b4:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22a5d84053e2b0c313af1e3ba5102466a5f79678
        Validity
            Not Before: Nov 27 14:20:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50c7c827812429ef0255ab024fca1751cad0e8e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c3:55:18:c3:19:4a:f0:23:61:24:fe:76:9a:
                    93:da:b6:b3:29:62:44:28:53:86:db:ee:49:8d:7b:
                    48:e3:04:e0:0f:a2:0f:55:c8:4c:79:e4:67:d4:75:
                    ad:53:4a:5a:56:ba:09:a7:3c:91:1c:20:08:aa:10:
                    44:ba:8e:f6:37:13:a6:88:3e:16:31:22:0f:ce:1d:
                    d3:95:25:49:23:19:25:2d:d6:44:a1:42:ab:e0:3e:
                    07:a7:bc:7a:14:66:2a:d9:69:7d:2e:fe:af:26:08:
                    ac:1d:a4:61:a3:39:b9:af:cb:39:a9:52:9d:cd:5e:
                    6d:e8:61:9f:0f:ba:53:61:f9:d3:9d:a3:77:0f:3d:
                    be:e0:62:e4:a8:e2:42:a0:15:9e:0e:aa:64:8f:25:
                    66:78:ab:db:b1:f8:dd:ac:d7:d7:20:68:e0:c4:21:
                    e1:6d:46:dd:2e:db:f0:b6:b6:10:8c:41:51:c9:30:
                    64:e8:a6:31:a6:b8:8c:6e:9f:35:03:70:e7:4e:55:
                    e6:a5:b1:c1:a0:e4:ad:9d:6d:9d:67:f1:da:33:04:
                    ca:19:67:4f:35:ad:0a:09:04:c2:c4:82:af:cf:68:
                    98:7d:3e:b2:90:0c:c0:77:d7:6c:15:ea:b3:15:1a:
                    ef:a5:0e:7f:de:e1:13:2c:02:21:49:aa:d6:d6:d0:
                    b6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:C7:C8:27:81:24:29:EF:02:55:AB:02:4F:CA:17:51:CA:D0:E8:E2
            X509v3 Authority Key Identifier:
                keyid:22:A5:D8:40:53:E2:B0:C3:13:AF:1E:3B:A5:10:24:66:A5:F7:96:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqXYQFPisMMTrx47pRAkZqX3lng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/UMfIJ4EkKe8CVasCT8oXUcrQ6OI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/IqXYQFPisMMTrx47pRAkZqX3lng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.174.0.0-137.174.223.255
                  147.123.32.0/19
                  155.204.64.0-155.204.111.255
                  155.204.136.0/21
                  155.204.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         50:40:34:bf:1f:cb:ee:00:b8:11:f9:ed:1e:c9:83:02:55:ea:
         5b:a6:62:2f:04:8f:b5:c5:be:17:73:55:fd:57:ea:92:2e:c9:
         34:1d:64:f5:a1:fd:1a:a5:c2:51:9a:95:2b:c0:fe:e6:2b:47:
         93:f5:cb:d2:08:49:2e:38:47:70:ab:e6:2e:37:62:ad:d1:ae:
         08:fb:05:08:53:59:ae:c3:60:94:42:19:60:15:ea:66:39:05:
         b2:b2:c9:f6:15:77:d5:e7:0c:56:0f:03:06:cf:16:27:cb:53:
         43:c7:d1:b9:26:fd:e5:19:54:54:d0:9b:12:03:fa:7e:61:39:
         18:43:cd:9f:28:cb:e2:5d:44:6e:88:36:de:77:91:57:0c:fd:
         99:ad:46:8c:44:f6:93:2d:b7:46:fa:37:bc:cd:55:5f:12:53:
         ae:c0:24:20:c5:15:5f:f2:7a:bf:4d:fa:d5:d2:6f:ee:7f:14:
         43:23:0a:e8:5d:de:43:c0:ad:34:f2:45:f2:10:25:c1:d5:22:
         9c:26:33:1e:bc:fc:21:90:78:fc:07:6d:d6:76:c2:86:7b:4e:
         8b:35:ba:b6:81:3f:23:44:2f:a6:b5:b9:7b:37:e3:58:0a:01:
         9e:6f:88:ca:53:7b:54:47:e2:9e:c3:f7:ba:17:0c:ad:aa:8d:
         36:00:1c:a2
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZNt/mmj5uYYzf2SrZkD4rSZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTVkODQwNTNlMmIwYzMxM2FmMWUzYmE1MTAyNDY2YTVm
Nzk2NzgwHhcNMjQxMTI3MTQyMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGM3YzgyNzgxMjQyOWVmMDI1NWFiMDI0ZmNhMTc1MWNhZDBlOGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcNVGMMZSvAjYST+dpqT2razKWJE
KFOG2+5JjXtI4wTgD6IPVchMeeRn1HWtU0paVroJpzyRHCAIqhBEuo72NxOmiD4W
MSIPzh3TlSVJIxklLdZEoUKr4D4Hp7x6FGYq2Wl9Lv6vJgisHaRhozm5r8s5qVKd
zV5t6GGfD7pTYfnTnaN3Dz2+4GLkqOJCoBWeDqpkjyVmeKvbsfjdrNfXIGjgxCHh
bUbdLtvwtrYQjEFRyTBk6KYxpriMbp81A3DnTlXmpbHBoOStnW2dZ/HaMwTKGWdP
Na0KCQTCxIKvz2iYfT6ykAzAd9dsFeqzFRrvpQ5/3uETLAIhSarW1tC2NwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFFDHyCeBJCnvAlWrAk/KF1HK0OjiMB8GA1UdIwQY
MBaAFCKl2EBT4rDDE68eO6UQJGal95Z4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFYWVFGUGlzTU1Ucng0N3BSQWtacVgzbG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9lM2ZiN2QtZGQ0Yi00ZDg1LWIwOGUt
NTkxY2FmNTM2ZWNjLzEvVU1mSUo0RWtLZThDVmFzQ1Q4b1hVY3JRNk9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9lM2ZiN2QtZGQ0Yi00ZDg1LWIwOGUtNTkxY2FmNTM2ZWNj
LzEvSXFYWVFGUGlzTU1Ucng0N3BSQWtacVgzbG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAzBAIAATAtMAsDAwGJrgME
BYmuwAMEBZN7IDAMAwQGm8xAAwQEm8xgAwQDm8yIAwQDm8zQMA0GCSqGSIb3DQEB
CwUAA4IBAQBQQDS/H8vuALgR+e0eyYMCVepbpmIvBI+1xb4Xc1X9V+qSLsk0HWT1
of0apcJRmpUrwP7mK0eT9cvSCEkuOEdwq+YuN2Kt0a4I+wUIU1muw2CUQhlgFepm
OQWyssn2FXfV5wxWDwMGzxYny1NDx9G5Jv3lGVRU0JsSA/p+YTkYQ82fKMviXURu
iDbed5FXDP2ZrUaMRPaTLbdG+je8zVVfElOuwCQgxRVf8nq/TfrV0m/ufxRDIwro
Xd5DwK008kXyECXB1SKcJjMevPwhkHj8B23WdsKGe06LNbq2gT8jRC+mtbl7N+NY
CgGeb4jKU3tUR+Kew/e6Fwytqo02AByi
-----END CERTIFICATE-----