Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/f3oa0jZGJ9ftVs5Rxz-MCPeHml4.roa
File:                     f3oa0jZGJ9ftVs5Rxz-MCPeHml4.roa (raw, json)
Hash identifier:          qkslSB2n6VxwlcHPfmmTamLQ4lMnmrb4gXCcvdkJqRs=
Subject key identifier:   7F:7A:1A:D2:36:46:27:D7:ED:56:CE:51:C7:3F:8C:08:F7:87:9A:5E
Certificate issuer:       /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial:       019396759AE98AC5461F08BC1B9022987B33
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/f3oa0jZGJ9ftVs5Rxz-MCPeHml4.roa
Signing time:             Thu 05 Dec 2024 10:55:09 +0000
ROA not before:           Thu 05 Dec 2024 10:55:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199404
IP address blocks:        69.57.172.0/24 maxlen: 24
                          190.92.174.0/24 maxlen: 24
                          190.92.175.0/24 maxlen: 24
                          195.250.20.0/24 maxlen: 24
                          195.250.21.0/24 maxlen: 24
                          195.250.22.0/24 maxlen: 24
                          195.250.30.0/24 maxlen: 24
                          195.250.31.0/24 maxlen: 24
                          198.38.81.0/24 maxlen: 24
                          198.38.83.0/24 maxlen: 24
                          198.38.84.0/24 maxlen: 24
                          198.38.85.0/24 maxlen: 24
                          198.38.86.0/24 maxlen: 24
                          198.38.87.0/24 maxlen: 24
                          198.38.88.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:96:75:9a:e9:8a:c5:46:1f:08:bc:1b:90:22:98:7b:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
        Validity
            Not Before: Dec  5 10:55:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f7a1ad2364627d7ed56ce51c73f8c08f7879a5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:25:bb:d5:8d:27:0b:cb:ee:c4:68:c5:f7:a5:
                    bb:c2:13:57:82:f9:de:f2:96:09:ce:dd:c3:10:1c:
                    f9:d9:23:50:66:e3:3b:f9:b7:12:f8:67:27:20:85:
                    f5:fe:c7:4c:88:39:a1:8f:a8:94:98:6a:9b:fe:eb:
                    34:98:fa:ad:f2:18:2a:7d:c4:f9:f6:d5:01:a1:13:
                    d5:3f:84:8d:fa:ea:7f:51:44:5c:5f:19:6b:33:00:
                    76:df:4c:2e:29:a8:50:3d:06:24:ea:bb:c2:2a:4c:
                    86:60:0f:39:35:6c:09:b2:47:60:2f:c3:a5:55:6b:
                    0f:52:8c:e8:ae:18:26:a7:56:88:51:e8:77:54:07:
                    8b:44:60:29:4c:11:69:9a:c7:39:e8:71:f9:21:4f:
                    c2:03:42:24:8e:79:da:41:e7:36:31:0e:b9:55:d8:
                    94:87:1b:99:bb:eb:1b:f5:4f:2f:bb:ae:86:d1:8e:
                    bb:42:ee:97:08:f2:c4:9d:44:20:bd:d9:ea:e1:69:
                    cc:0c:cf:6b:bf:bc:8d:ee:56:00:11:04:c1:b3:a3:
                    9a:49:fe:72:85:ea:16:0d:bc:93:46:ac:9a:e0:1b:
                    6f:29:29:cb:e5:19:d6:32:1c:48:93:11:f4:9d:62:
                    70:e2:12:34:22:ad:35:be:90:b9:70:7c:06:ad:1d:
                    71:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:7A:1A:D2:36:46:27:D7:ED:56:CE:51:C7:3F:8C:08:F7:87:9A:5E
            X509v3 Authority Key Identifier:
                keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/f3oa0jZGJ9ftVs5Rxz-MCPeHml4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.57.172.0/24
                  190.92.174.0/23
                  195.250.20.0-195.250.22.255
                  195.250.30.0/23
                  198.38.81.0/24
                  198.38.83.0-198.38.88.255

    Signature Algorithm: sha256WithRSAEncryption
         16:6d:b6:9b:11:6b:64:56:6f:04:17:17:ad:52:8d:e3:09:d7:
         12:f2:1f:4f:c4:1c:45:41:dc:92:6b:77:1c:a2:8e:40:de:51:
         0f:bc:d2:5e:75:db:60:0c:76:01:0a:03:25:26:ee:33:c8:cf:
         76:77:57:6b:72:61:92:68:60:78:31:11:86:eb:5b:ea:46:4b:
         81:aa:0f:f5:32:a3:b5:11:2c:22:58:6d:9d:31:42:92:c0:87:
         cb:17:22:3a:66:ae:53:81:81:f1:12:1d:f0:4b:42:05:c6:8b:
         bf:a2:c1:c4:82:25:0a:52:fb:9c:06:3d:6e:e1:16:61:83:d3:
         43:41:6d:00:2a:4f:0e:91:45:93:e0:43:e9:61:bc:4a:df:2e:
         b0:11:b2:a5:5a:15:0c:87:a3:6a:52:7e:a0:e0:30:16:ed:37:
         a2:03:11:f3:8b:f8:47:ce:02:23:ec:cc:ac:a9:f2:74:61:38:
         ed:64:87:4b:a8:dc:1b:37:35:ab:2f:9a:79:e9:5e:25:dc:46:
         6b:f5:79:a4:80:a0:e0:25:ee:b5:37:d6:16:6a:a4:ca:17:0b:
         5e:e1:aa:5a:99:2d:20:bb:ed:ce:7e:39:6e:89:52:18:e9:00:
         f6:c8:96:71:1c:29:13:e9:16:2f:bd:6b:89:8e:81:a4:15:f4:
         ae:41:06:f8
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZOWdZrpisVGHwi8G5AimHszMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjQxMjA1MTA1NTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjdhMWFkMjM2NDYyN2Q3ZWQ1NmNlNTFjNzNmOGMwOGY3ODc5YTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCW71Y0nC8vuxGjF96W7whNXgvne
8pYJzt3DEBz52SNQZuM7+bcS+GcnIIX1/sdMiDmhj6iUmGqb/us0mPqt8hgqfcT5
9tUBoRPVP4SN+up/UURcXxlrMwB230wuKahQPQYk6rvCKkyGYA85NWwJskdgL8Ol
VWsPUozorhgmp1aIUeh3VAeLRGApTBFpmsc56HH5IU/CA0IkjnnaQec2MQ65VdiU
hxuZu+sb9U8vu66G0Y67Qu6XCPLEnUQgvdnq4WnMDM9rv7yN7lYAEQTBs6OaSf5y
heoWDbyTRqya4BtvKSnL5RnWMhxIkxH0nWJw4hI0Iq01vpC5cHwGrR1x+QIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFH96GtI2RifX7VbOUcc/jAj3h5peMB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvZjNvYTBqWkdKOWZ0VnM1Unh6LU1DUGVIbWw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQARTmsAwQB
vlyuMAwDBALD+hQDBADD+hYDBAHD+h4DBADGJlEwDAMEAMYmUwMEAMYmWDANBgkq
hkiG9w0BAQsFAAOCAQEAFm22mxFrZFZvBBcXrVKN4wnXEvIfT8QcRUHckmt3HKKO
QN5RD7zSXnXbYAx2AQoDJSbuM8jPdndXa3JhkmhgeDERhutb6kZLgaoP9TKjtREs
IlhtnTFCksCHyxciOmauU4GB8RId8EtCBcaLv6LBxIIlClL7nAY9buEWYYPTQ0Ft
ACpPDpFFk+BD6WG8St8usBGypVoVDIejalJ+oOAwFu03ogMR84v4R84CI+zMrKny
dGE47WSHS6jcGzc1qy+aeeleJdxGa/V5pICg4CXutTfWFmqkyhcLXuGqWpktILvt
zn45bolSGOkA9siWcRwpE+kWL71riY6BpBX0rkEG+A==
-----END CERTIFICATE-----