Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/cd9fd4-ccc5-43d6-9d58-9816c67a9262/1/Ceq8ni5DLt6rfS2QOewOZADzIpY.roa
File:                     Ceq8ni5DLt6rfS2QOewOZADzIpY.roa (raw, json)
Hash identifier:          sy82azLmDtvWPz93HHlbs3C4D4UnntFGcj5egr3ZE8c=
Subject key identifier:   09:EA:BC:9E:2E:43:2E:DE:AB:7D:2D:90:39:EC:0E:64:00:F3:22:96
Certificate issuer:       /CN=695bbd542912a66fee6a34128a3a8cf7097dc69b
Certificate serial:       01941FFA0CE855B7594D374086A9990BD758
Authority key identifier: 69:5B:BD:54:29:12:A6:6F:EE:6A:34:12:8A:3A:8C:F7:09:7D:C6:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aVu9VCkSpm_uajQSijqM9wl9xps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/cd9fd4-ccc5-43d6-9d58-9816c67a9262/1/Ceq8ni5DLt6rfS2QOewOZADzIpY.roa
Signing time:             Wed 01 Jan 2025 03:47:48 +0000
ROA not before:           Wed 01 Jan 2025 03:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50187
IP address blocks:        91.240.102.0/23 maxlen: 23
                          91.240.102.0/24 maxlen: 24
                          91.240.103.0/24 maxlen: 24
                          185.234.228.0/22 maxlen: 22
                          185.234.228.0/24 maxlen: 24
                          185.234.229.0/24 maxlen: 24
                          185.234.230.0/24 maxlen: 24
                          185.234.231.0/24 maxlen: 24
                          195.93.148.0/23 maxlen: 23
                          195.93.148.0/24 maxlen: 24
                          195.93.149.0/24 maxlen: 24
                          212.67.28.0/22 maxlen: 22
                          212.67.28.0/24 maxlen: 24
                          212.67.29.0/24 maxlen: 24
                          212.67.30.0/24 maxlen: 24
                          212.67.31.0/24 maxlen: 24
                          2a0e:26c0::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:0c:e8:55:b7:59:4d:37:40:86:a9:99:0b:d7:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=695bbd542912a66fee6a34128a3a8cf7097dc69b
        Validity
            Not Before: Jan  1 03:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=09eabc9e2e432edeab7d2d9039ec0e6400f32296
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:04:15:31:05:4a:cf:50:16:61:43:df:a9:2a:
                    c9:84:65:40:39:ef:92:24:93:0a:e5:c9:fa:12:6f:
                    2e:e3:c4:29:c9:b8:50:f3:33:de:87:d2:c6:46:d2:
                    2d:b7:82:a8:18:5f:0b:1c:7b:c0:69:30:a3:97:53:
                    99:0b:f9:71:c8:6e:ce:60:8a:1e:4b:29:be:c0:06:
                    fc:e9:95:78:0f:7d:68:76:bc:29:ce:38:c8:b1:5e:
                    aa:b7:7c:e4:e8:a8:31:3b:76:24:68:bc:83:1c:c2:
                    8c:29:72:ac:f4:9f:ef:9e:71:1a:f2:d5:eb:8b:c4:
                    49:4a:a2:7d:71:8d:bd:cb:25:d6:ea:ba:09:85:fb:
                    eb:3f:6f:1c:60:bf:2d:b8:9f:40:7a:c5:2e:07:dc:
                    de:5f:46:dc:05:08:35:02:47:05:00:c6:74:d1:70:
                    70:d9:28:65:05:da:63:53:cf:21:03:6d:2c:f1:e6:
                    93:21:cb:1c:93:2b:16:05:79:71:34:5b:3c:48:42:
                    f5:b6:a6:02:3f:27:fe:81:44:e8:d2:12:b3:f1:35:
                    1a:cf:1c:85:6a:d9:b6:e1:7d:88:cf:72:39:42:ea:
                    e6:b6:c3:64:e4:06:fe:76:2a:e0:c2:ae:9c:b3:46:
                    0f:f0:ce:37:9f:3e:80:9e:4f:8f:f2:f9:9f:d2:2a:
                    58:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:EA:BC:9E:2E:43:2E:DE:AB:7D:2D:90:39:EC:0E:64:00:F3:22:96
            X509v3 Authority Key Identifier:
                keyid:69:5B:BD:54:29:12:A6:6F:EE:6A:34:12:8A:3A:8C:F7:09:7D:C6:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aVu9VCkSpm_uajQSijqM9wl9xps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/cd9fd4-ccc5-43d6-9d58-9816c67a9262/1/Ceq8ni5DLt6rfS2QOewOZADzIpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/cd9fd4-ccc5-43d6-9d58-9816c67a9262/1/aVu9VCkSpm_uajQSijqM9wl9xps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.102.0/23
                  185.234.228.0/22
                  195.93.148.0/23
                  212.67.28.0/22
                IPv6:
                  2a0e:26c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:72:fb:d8:7e:ab:5c:25:b1:61:06:39:04:59:83:5d:90:8b:
         22:df:d6:64:34:18:a1:54:f5:ec:45:74:b8:c8:de:38:c2:5b:
         01:1c:6f:66:5d:97:9e:79:65:3d:1f:6b:49:b6:71:44:51:c5:
         a8:2e:93:36:45:cb:b5:79:5b:dd:54:6e:b3:f8:36:32:11:c5:
         74:d8:62:4c:11:9b:37:65:d9:d8:84:31:62:e8:f6:eb:8d:a2:
         0a:ce:7c:e0:07:11:95:39:0c:ea:06:c8:54:c7:84:05:92:96:
         5d:e9:13:f2:e9:e9:51:99:f3:06:32:07:39:1e:1b:13:05:15:
         4e:f0:80:60:38:57:4d:cf:29:79:05:ad:20:97:69:e2:63:fa:
         56:ec:19:41:e9:99:68:92:e4:10:87:e4:b2:e7:88:ef:a7:ba:
         8d:16:ba:27:6b:c2:1c:8f:17:61:b0:c3:73:22:80:d8:84:0a:
         18:0d:04:ae:e5:c0:7a:4c:a0:c9:4e:95:27:66:95:a5:d6:b7:
         d1:b8:85:4d:64:81:53:16:54:70:a4:32:d7:c2:d2:95:5b:b1:
         d0:44:dc:9a:e7:73:1d:ae:df:33:72:97:0c:a6:36:05:10:8f:
         16:b4:db:d2:0c:c0:31:da:55:31:6e:8a:05:f9:c4:38:41:40:
         3e:84:79:ea
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZQf+gzoVbdZTTdAhqmZC9dYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NWJiZDU0MjkxMmE2NmZlZTZhMzQxMjhhM2E4Y2Y3MDk3
ZGM2OWIwHhcNMjUwMTAxMDM0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWVhYmM5ZTJlNDMyZWRlYWI3ZDJkOTAzOWVjMGU2NDAwZjMyMjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QQVMQVKz1AWYUPfqSrJhGVAOe+S
JJMK5cn6Em8u48QpybhQ8zPeh9LGRtItt4KoGF8LHHvAaTCjl1OZC/lxyG7OYIoe
Sym+wAb86ZV4D31odrwpzjjIsV6qt3zk6KgxO3YkaLyDHMKMKXKs9J/vnnEa8tXr
i8RJSqJ9cY29yyXW6roJhfvrP28cYL8tuJ9AesUuB9zeX0bcBQg1AkcFAMZ00XBw
2ShlBdpjU88hA20s8eaTIcsckysWBXlxNFs8SEL1tqYCPyf+gUTo0hKz8TUazxyF
atm24X2Iz3I5QurmtsNk5Ab+dirgwq6cs0YP8M43nz6Ank+P8vmf0ipYHwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFAnqvJ4uQy7eq30tkDnsDmQA8yKWMB8GA1UdIwQY
MBaAFGlbvVQpEqZv7mo0Eoo6jPcJfcabMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVZ1OVZDa1NwbV91YWpRU2lqcU05d2w5eHBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9jZDlmZDQtY2NjNS00M2Q2LTlkNTgt
OTgxNmM2N2E5MjYyLzEvQ2VxOG5pNURMdDZyZlMyUU9ld09aQUR6SXBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9jZDlmZDQtY2NjNS00M2Q2LTlkNTgtOTgxNmM2N2E5MjYy
LzEvYVZ1OVZDa1NwbV91YWpRU2lqcU05d2w5eHBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQBW/BmAwQC
uerkAwQBw12UAwQC1EMcMA0EAgACMAcDBQAqDibAMA0GCSqGSIb3DQEBCwUAA4IB
AQA4cvvYfqtcJbFhBjkEWYNdkIsi39ZkNBihVPXsRXS4yN44wlsBHG9mXZeeeWU9
H2tJtnFEUcWoLpM2Rcu1eVvdVG6z+DYyEcV02GJMEZs3ZdnYhDFi6PbrjaIKznzg
BxGVOQzqBshUx4QFkpZd6RPy6elRmfMGMgc5HhsTBRVO8IBgOFdNzyl5Ba0gl2ni
Y/pW7BlB6ZlokuQQh+Sy54jvp7qNFrona8IcjxdhsMNzIoDYhAoYDQSu5cB6TKDJ
TpUnZpWl1rfRuIVNZIFTFlRwpDLXwtKVW7HQRNya53Mdrt8zcpcMpjYFEI8WtNvS
DMAx2lUxbooF+cQ4QUA+hHnq
-----END CERTIFICATE-----