Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/m_yuF_gKCaNoEVKUC8-fWWQ7lec.roa
File:                     m_yuF_gKCaNoEVKUC8-fWWQ7lec.roa (raw, json)
Hash identifier:          T7vZt2YpwQuwzPcw42BsApEdPgoH6UgHCbnE4qt5NfM=
Subject key identifier:   9B:FC:AE:17:F8:0A:09:A3:68:11:52:94:0B:CF:9F:59:64:3B:95:E7
Certificate issuer:       /CN=3618be04417a6bcb9f33942a631518be533ffaf4
Certificate serial:       019424B3CBC6763F142E1416BFA4E3EBA486
Authority key identifier: 36:18:BE:04:41:7A:6B:CB:9F:33:94:2A:63:15:18:BE:53:3F:FA:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nhi-BEF6a8ufM5QqYxUYvlM_-vQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/m_yuF_gKCaNoEVKUC8-fWWQ7lec.roa
Signing time:             Thu 02 Jan 2025 01:49:10 +0000
ROA not before:           Thu 02 Jan 2025 01:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42346
IP address blocks:        83.137.24.0/21 maxlen: 21
                          109.106.32.0/21 maxlen: 21
                          109.106.40.0/22 maxlen: 22
                          185.93.216.0/22 maxlen: 22
                          185.127.172.0/22 maxlen: 22
                          194.63.148.0/22 maxlen: 22
                          195.60.192.0/22 maxlen: 22
                          212.120.32.0/19 maxlen: 24
                          213.213.160.0/19 maxlen: 19
                          2a00:5480::/29 maxlen: 29
                          2a02:ab0::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:cb:c6:76:3f:14:2e:14:16:bf:a4:e3:eb:a4:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3618be04417a6bcb9f33942a631518be533ffaf4
        Validity
            Not Before: Jan  2 01:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9bfcae17f80a09a3681152940bcf9f59643b95e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:52:4a:46:75:a2:23:05:12:a2:a3:0c:4b:49:
                    fc:03:10:d5:41:a9:90:92:48:81:60:8b:52:c9:fc:
                    3e:9b:0b:6b:57:58:e4:3c:6f:02:75:5f:f1:0b:3f:
                    88:c7:1d:db:5a:8f:60:e3:c3:ce:4e:4a:ba:ae:7b:
                    38:8e:21:94:55:72:81:d5:db:44:ce:d6:3f:12:b4:
                    85:2c:59:7c:1d:fc:23:fb:8e:cc:6d:1a:9a:8d:02:
                    b5:9b:22:7a:fa:ad:39:e7:ec:a8:1b:60:24:e0:23:
                    85:1f:a5:ff:12:b1:b5:fe:64:66:90:71:21:c1:b8:
                    30:9b:d3:9f:82:94:ce:6e:df:86:69:79:58:96:f1:
                    ac:c6:94:34:25:23:c0:47:3e:f5:80:e0:4e:46:b7:
                    d3:73:5e:cc:b6:da:de:f6:f6:9b:ce:3c:98:7c:67:
                    71:40:de:b4:7d:12:30:6a:b8:d1:0c:c7:78:8a:e6:
                    7b:24:d6:00:9e:74:49:12:ea:81:31:13:cb:2c:29:
                    d4:df:42:86:09:8c:ad:e1:86:98:4e:e7:11:f6:ca:
                    4f:34:b3:9d:6e:99:a6:4b:d5:37:de:8a:78:9c:7f:
                    3a:6d:73:4e:9f:02:64:44:a1:16:b7:d2:6f:0b:7d:
                    88:e6:d3:b3:88:50:cd:4e:e1:b5:12:00:27:fc:f5:
                    e1:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:FC:AE:17:F8:0A:09:A3:68:11:52:94:0B:CF:9F:59:64:3B:95:E7
            X509v3 Authority Key Identifier:
                keyid:36:18:BE:04:41:7A:6B:CB:9F:33:94:2A:63:15:18:BE:53:3F:FA:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nhi-BEF6a8ufM5QqYxUYvlM_-vQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/m_yuF_gKCaNoEVKUC8-fWWQ7lec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/Nhi-BEF6a8ufM5QqYxUYvlM_-vQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.24.0/21
                  109.106.32.0-109.106.43.255
                  185.93.216.0/22
                  185.127.172.0/22
                  194.63.148.0/22
                  195.60.192.0/22
                  212.120.32.0/19
                  213.213.160.0/19
                IPv6:
                  2a00:5480::/29
                  2a02:ab0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9a:a3:be:7c:ac:86:bc:7c:e9:be:f6:7a:e8:8a:01:08:f4:a9:
         a9:5c:6f:3e:4e:04:b9:a5:7d:c0:41:fc:44:d8:17:2b:ab:8a:
         c4:3f:a1:0e:09:f0:e5:16:d7:2b:bc:39:ee:35:cd:dc:dd:89:
         04:2e:0b:be:a5:a0:e0:56:0a:a8:de:6a:1d:15:72:c3:80:4c:
         f4:3e:37:55:a9:26:6f:70:33:0c:3e:92:0a:ef:19:80:79:d8:
         22:81:c7:fc:a3:26:14:f5:ac:8d:e4:44:f6:e1:57:09:1f:90:
         b6:ba:a5:59:65:11:25:ba:eb:7b:8f:61:91:25:96:5b:1c:67:
         4c:61:7c:62:7b:d9:89:26:7c:a3:e3:c0:0e:04:81:9d:f5:8b:
         c1:d3:60:c3:5e:b1:ec:d3:52:b7:55:a9:ae:00:a5:20:f1:e8:
         b0:05:c5:a0:03:e6:fc:c9:3d:43:b1:41:b7:5b:67:51:63:45:
         0f:c2:c7:c9:0f:54:b8:f1:27:97:2f:2e:e9:d5:f5:f0:30:22:
         43:e4:69:ef:f9:a2:d5:9a:fa:56:77:bc:97:43:d2:b8:f2:8b:
         29:52:47:1b:13:c6:ca:72:79:03:f6:07:be:02:c1:11:8b:2d:
         d8:d2:69:c9:8c:3e:fc:0f:25:22:88:6f:c3:0a:89:1e:65:54:
         46:76:5d:eb
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZQks8vGdj8ULhQWv6Tj66SGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MThiZTA0NDE3YTZiY2I5ZjMzOTQyYTYzMTUxOGJlNTMz
ZmZhZjQwHhcNMjUwMTAyMDE0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmZjYWUxN2Y4MGEwOWEzNjgxMTUyOTQwYmNmOWY1OTY0M2I5NWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFJKRnWiIwUSoqMMS0n8AxDVQamQ
kkiBYItSyfw+mwtrV1jkPG8CdV/xCz+Ixx3bWo9g48POTkq6rns4jiGUVXKB1dtE
ztY/ErSFLFl8Hfwj+47MbRqajQK1myJ6+q055+yoG2Ak4COFH6X/ErG1/mRmkHEh
wbgwm9OfgpTObt+GaXlYlvGsxpQ0JSPARz71gOBORrfTc17Mttre9vabzjyYfGdx
QN60fRIwarjRDMd4iuZ7JNYAnnRJEuqBMRPLLCnU30KGCYyt4YaYTucR9spPNLOd
bpmmS9U33op4nH86bXNOnwJkRKEWt9JvC32I5tOziFDNTuG1EgAn/PXhZQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFJv8rhf4CgmjaBFSlAvPn1lkO5XnMB8GA1UdIwQY
MBaAFDYYvgRBemvLnzOUKmMVGL5TP/r0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmhpLUJFRjZhOHVmTTVRcVl4VVl2bE1fLXZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8yMDYxZDktNjQ5YS00MTM2LThjOTMt
MjI2OGU5N2E4YmMxLzEvbV95dUZfZ0tDYU5vRVZLVUM4LWZXV1E3bGVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8yMDYxZDktNjQ5YS00MTM2LThjOTMtMjI2OGU5N2E4YmMx
LzEvTmhpLUJFRjZhOHVmTTVRcVl4VVl2bE1fLXZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjA+BAIAATA4AwQDU4kYMAwD
BAVtaiADBAJtaigDBAK5XdgDBAK5f6wDBALCP5QDBALDPMADBAXUeCADBAXV1aAw
FAQCAAIwDgMFAyoAVIADBQMqAgqwMA0GCSqGSIb3DQEBCwUAA4IBAQCao758rIa8
fOm+9nroigEI9KmpXG8+TgS5pX3AQfxE2Bcrq4rEP6EOCfDlFtcrvDnuNc3c3YkE
Lgu+paDgVgqo3modFXLDgEz0PjdVqSZvcDMMPpIK7xmAedgigcf8oyYU9ayN5ET2
4VcJH5C2uqVZZREluut7j2GRJZZbHGdMYXxie9mJJnyj48AOBIGd9YvB02DDXrHs
01K3VamuAKUg8eiwBcWgA+b8yT1DsUG3W2dRY0UPwsfJD1S48SeXLy7p1fXwMCJD
5Gnv+aLVmvpWd7yXQ9K48ospUkcbE8bKcnkD9ge+AsERiy3Y0mnJjD78DyUiiG/D
CokeZVRGdl3r
-----END CERTIFICATE-----