Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/SiZIShqgNqX8HAwZHazZNECjby8.roa
File:                     SiZIShqgNqX8HAwZHazZNECjby8.roa (raw, json)
Hash identifier:          pRsgCD3V+Trdu45mh9GvK7xoM8z4mazBwLyC1V4JY0Q=
Subject key identifier:   4A:26:48:4A:1A:A0:36:A5:FC:1C:0C:19:1D:AC:D9:34:40:A3:6F:2F
Certificate issuer:       /CN=04a2ae2cd094333018c41daafb474c6cfa80d07d
Certificate serial:       0194228D8494E809D7138B942C24584BCB92
Authority key identifier: 04:A2:AE:2C:D0:94:33:30:18:C4:1D:AA:FB:47:4C:6C:FA:80:D0:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BKKuLNCUMzAYxB2q-0dMbPqA0H0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/SiZIShqgNqX8HAwZHazZNECjby8.roa
Signing time:             Wed 01 Jan 2025 15:48:07 +0000
ROA not before:           Wed 01 Jan 2025 15:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43451
IP address blocks:        31.24.176.0/21 maxlen: 22
                          78.41.168.0/21 maxlen: 22
                          81.92.248.0/21 maxlen: 22
                          93.174.176.0/21 maxlen: 22
                          185.22.212.0/22 maxlen: 23
                          185.134.212.0/22 maxlen: 22
                          185.213.144.0/22 maxlen: 23
                          188.121.160.0/19 maxlen: 20
                          2a03:a200::/32 maxlen: 32
                          2a0b:f100::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:84:94:e8:09:d7:13:8b:94:2c:24:58:4b:cb:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04a2ae2cd094333018c41daafb474c6cfa80d07d
        Validity
            Not Before: Jan  1 15:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a26484a1aa036a5fc1c0c191dacd93440a36f2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d2:cc:73:10:8e:f4:3f:37:75:dc:b4:49:d2:
                    bc:f9:3e:54:c6:2f:b5:19:c5:a3:d2:e0:57:11:b9:
                    69:c0:65:96:4d:d6:c3:19:e7:bc:a3:67:d1:d6:22:
                    67:81:84:07:a1:9b:f5:b0:0b:c1:b2:fb:aa:bd:12:
                    7b:09:1b:f8:27:a8:b1:9f:60:47:92:ad:e3:14:03:
                    50:23:b9:a1:37:98:c1:d6:5a:f9:c7:66:41:af:50:
                    ff:02:12:1d:10:78:62:e0:9d:e2:a2:bd:ae:19:68:
                    91:ae:69:0f:96:60:ec:a1:dd:04:32:5d:ed:d3:f7:
                    eb:22:2c:f7:b1:01:44:29:79:0a:d8:92:bb:fe:ce:
                    ef:17:81:0c:01:df:f5:89:56:d6:ba:81:3a:19:1e:
                    ad:72:0b:e2:0c:b1:19:ab:3c:df:a1:5f:33:df:7b:
                    19:79:08:30:79:c0:19:15:fa:0e:53:8a:94:23:7b:
                    f1:08:a5:8c:ff:3f:a6:0f:8d:ed:8c:7f:9d:73:10:
                    12:b5:13:0f:cc:0a:8c:8c:5d:68:f0:ea:6d:2d:b5:
                    2a:84:63:6c:58:d2:13:c3:b3:86:28:a5:73:39:00:
                    78:fa:84:59:73:ee:de:23:61:43:1a:2c:f2:11:a0:
                    57:8c:6f:58:a2:94:18:f0:86:f9:96:7c:28:34:0b:
                    74:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:26:48:4A:1A:A0:36:A5:FC:1C:0C:19:1D:AC:D9:34:40:A3:6F:2F
            X509v3 Authority Key Identifier:
                keyid:04:A2:AE:2C:D0:94:33:30:18:C4:1D:AA:FB:47:4C:6C:FA:80:D0:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BKKuLNCUMzAYxB2q-0dMbPqA0H0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/SiZIShqgNqX8HAwZHazZNECjby8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/BKKuLNCUMzAYxB2q-0dMbPqA0H0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.176.0/21
                  78.41.168.0/21
                  81.92.248.0/21
                  93.174.176.0/21
                  185.22.212.0/22
                  185.134.212.0/22
                  185.213.144.0/22
                  188.121.160.0/19
                IPv6:
                  2a03:a200::/32
                  2a0b:f100::/29

    Signature Algorithm: sha256WithRSAEncryption
         be:59:d6:eb:05:5e:b1:a1:fb:05:35:b0:17:1d:c7:46:bf:26:
         ce:1b:80:bb:55:ee:24:e2:99:56:59:72:f3:65:50:81:a7:c6:
         71:d0:f5:3b:69:99:c6:93:3f:f2:3c:3f:3a:d9:b3:9e:d6:d8:
         2e:db:83:c0:e4:7c:48:e0:c5:91:0c:5b:72:03:da:5f:84:62:
         42:a0:bb:cd:05:99:0e:c2:ca:f1:70:d4:05:62:ac:36:ce:97:
         73:00:a3:2e:24:6f:14:3a:61:29:2c:0d:07:ba:d2:49:6f:79:
         b5:a0:40:5a:7e:6e:05:17:71:9c:0c:58:7f:a4:20:05:ca:cf:
         f4:6b:64:f4:9b:ab:f7:fb:3d:e7:fe:c0:92:e8:f5:a8:b1:84:
         91:a2:3c:ac:53:87:81:dc:68:75:d6:d8:0a:5c:d9:b8:67:70:
         cc:c4:13:2e:93:e3:86:3d:65:01:05:56:95:48:f1:84:99:34:
         93:93:9f:11:27:35:09:d6:44:51:32:68:1f:6c:d3:5f:87:b1:
         a4:5a:42:62:fe:c3:94:05:a0:fe:3c:2a:ec:9b:76:1a:ff:0e:
         43:0b:ec:58:c7:48:d6:43:b9:60:8d:bd:f4:f7:9e:aa:78:a9:
         c9:a6:bd:80:06:f7:b9:5a:92:da:cd:73:2d:e0:63:4b:22:b9:
         36:17:9b:ea
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZQijYSU6AnXE4uULCRYS8uSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YTJhZTJjZDA5NDMzMzAxOGM0MWRhYWZiNDc0YzZjZmE4
MGQwN2QwHhcNMjUwMTAxMTU0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTI2NDg0YTFhYTAzNmE1ZmMxYzBjMTkxZGFjZDkzNDQwYTM2ZjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNLMcxCO9D83ddy0SdK8+T5Uxi+1
GcWj0uBXEblpwGWWTdbDGee8o2fR1iJngYQHoZv1sAvBsvuqvRJ7CRv4J6ixn2BH
kq3jFANQI7mhN5jB1lr5x2ZBr1D/AhIdEHhi4J3ior2uGWiRrmkPlmDsod0EMl3t
0/frIiz3sQFEKXkK2JK7/s7vF4EMAd/1iVbWuoE6GR6tcgviDLEZqzzfoV8z33sZ
eQgwecAZFfoOU4qUI3vxCKWM/z+mD43tjH+dcxAStRMPzAqMjF1o8OptLbUqhGNs
WNITw7OGKKVzOQB4+oRZc+7eI2FDGizyEaBXjG9YopQY8Ib5lnwoNAt0uwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFEomSEoaoDal/BwMGR2s2TRAo28vMB8GA1UdIwQY
MBaAFASirizQlDMwGMQdqvtHTGz6gNB9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQktLdUxOQ1VNekFZeEIycS0wZE1iUHFBMEgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS82MzRhMTItZTU4Yy00NTVjLTg5MzMt
NmU2ZThkOTMwM2U5LzEvU2laSVNocWdOcVg4SEF3WkhhelpORUNqYnk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS82MzRhMTItZTU4Yy00NTVjLTg5MzMtNmU2ZThkOTMwM2U5
LzEvQktLdUxOQ1VNekFZeEIycS0wZE1iUHFBMEgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQDHxiwAwQD
TimoAwQDUVz4AwQDXa6wAwQCuRbUAwQCuYbUAwQCudWQAwQFvHmgMBQEAgACMA4D
BQAqA6IAAwUDKgvxADANBgkqhkiG9w0BAQsFAAOCAQEAvlnW6wVesaH7BTWwFx3H
Rr8mzhuAu1XuJOKZVlly82VQgafGcdD1O2mZxpM/8jw/OtmzntbYLtuDwOR8SODF
kQxbcgPaX4RiQqC7zQWZDsLK8XDUBWKsNs6XcwCjLiRvFDphKSwNB7rSSW95taBA
Wn5uBRdxnAxYf6QgBcrP9Gtk9Jur9/s95/7Akuj1qLGEkaI8rFOHgdxoddbYClzZ
uGdwzMQTLpPjhj1lAQVWlUjxhJk0k5OfESc1CdZEUTJoH2zTX4expFpCYv7DlAWg
/jwq7Jt2Gv8OQwvsWMdI1kO5YI299Peeqnipyaa9gAb3uVqS2s1zLeBjSyK5Nheb
6g==
-----END CERTIFICATE-----