Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/FWEh2CVzkoR8ve4VCgFWOKZaAm4.roa
File:                     FWEh2CVzkoR8ve4VCgFWOKZaAm4.roa (raw, json)
Hash identifier:          DcL3hUVNtAbwpM+YTQYkmltMCMw6Bbpk/yRRcasdDSA=
Subject key identifier:   15:61:21:D8:25:73:92:84:7C:BD:EE:15:0A:01:56:38:A6:5A:02:6E
Certificate issuer:       /CN=352f8919e6bc1ef5663489018fc875be34c0f24c
Certificate serial:       01939B8DCFB01D41BC5CD5265CA689B510FC
Authority key identifier: 35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/FWEh2CVzkoR8ve4VCgFWOKZaAm4.roa
Signing time:             Fri 06 Dec 2024 10:39:42 +0000
ROA not before:           Fri 06 Dec 2024 10:39:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35600
IP address blocks:        14.102.102.0/24 maxlen: 24
                          91.221.92.0/23 maxlen: 24
                          91.221.106.0/23 maxlen: 24
                          185.48.132.0/22 maxlen: 24
                          185.56.176.0/22 maxlen: 22
                          194.117.246.0/23 maxlen: 23
                          2001:67c:184c::/48 maxlen: 48
                          2a00:4780::/32 maxlen: 32
                          2a02:5520::/32 maxlen: 32
                          2a0e:ac80::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:9b:8d:cf:b0:1d:41:bc:5c:d5:26:5c:a6:89:b5:10:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352f8919e6bc1ef5663489018fc875be34c0f24c
        Validity
            Not Before: Dec  6 10:39:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=156121d8257392847cbdee150a015638a65a026e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:98:4c:ed:76:08:69:32:16:35:7e:ae:37:67:
                    e6:dc:be:7c:ff:22:80:ea:a2:59:a6:fb:a4:3e:92:
                    df:fa:9e:cc:c8:2b:79:bf:18:3c:7e:8f:52:70:db:
                    6e:a9:68:68:c2:64:fb:d8:90:d5:0e:92:16:85:f1:
                    a4:60:88:3c:53:07:e4:d6:2a:9b:fa:a8:28:ad:38:
                    0b:c4:f2:21:57:7e:30:2c:4f:70:5a:34:3a:05:45:
                    80:33:c2:ae:ca:55:0e:51:ea:4f:69:94:1b:85:17:
                    fe:06:bb:f6:4d:5c:07:95:c0:90:32:b7:a4:63:7f:
                    1b:88:4e:61:21:f7:cb:6c:3c:46:ac:f0:fb:7b:67:
                    08:27:e7:63:80:ab:ce:db:44:2c:67:0f:19:7d:3d:
                    dc:fc:71:4e:6c:3d:62:23:1e:f8:b3:87:54:d8:8c:
                    6f:bb:0b:53:e7:ab:cc:2e:0d:87:aa:e5:82:a7:82:
                    a1:12:f9:45:04:db:21:75:50:48:82:b5:a1:96:22:
                    12:f4:f5:1d:e9:fb:b1:8a:e2:f4:64:22:b6:ec:07:
                    f1:e9:ec:08:4c:d6:2f:64:29:ec:d2:c0:03:35:66:
                    fd:e3:91:b9:32:9d:08:b2:00:71:ab:78:07:7b:6c:
                    ec:de:d1:c4:db:af:11:f0:c5:5b:13:86:6a:e8:aa:
                    af:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:61:21:D8:25:73:92:84:7C:BD:EE:15:0A:01:56:38:A6:5A:02:6E
            X509v3 Authority Key Identifier:
                keyid:35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/FWEh2CVzkoR8ve4VCgFWOKZaAm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.102.0/24
                  91.221.92.0/23
                  91.221.106.0/23
                  185.48.132.0/22
                  185.56.176.0/22
                  194.117.246.0/23
                IPv6:
                  2001:67c:184c::/48
                  2a00:4780::/32
                  2a02:5520::/32
                  2a0e:ac80::/29

    Signature Algorithm: sha256WithRSAEncryption
         18:04:bb:8b:65:ef:ef:22:20:a7:10:3d:63:06:39:93:5f:08:
         af:bc:c4:01:61:b5:49:79:ca:ec:63:15:e5:f0:0b:f6:44:ab:
         e5:7c:fc:26:77:f3:ef:20:c3:8c:46:11:65:27:ad:0f:09:fd:
         c2:5f:c7:75:d5:8e:e9:94:c1:6e:22:a7:6a:5b:58:48:70:1a:
         1c:3f:c5:3a:09:be:91:14:20:73:7b:d6:c8:c1:d3:44:75:9e:
         32:74:d1:12:1b:62:6e:18:1c:6c:57:24:d7:e9:87:57:69:13:
         f7:27:51:e3:cf:3c:45:aa:cf:da:9b:9f:01:03:c8:8b:29:65:
         70:45:33:ab:64:4a:41:38:07:28:cb:eb:e2:bf:81:ed:0f:7d:
         72:04:54:29:36:db:75:93:2f:89:48:0a:02:42:40:3b:73:c2:
         5a:4f:63:ab:67:46:2e:a7:b9:b7:70:02:8b:87:d6:65:94:54:
         85:f4:8c:5d:f8:85:04:69:41:88:d3:88:c9:81:f3:fe:66:70:
         c8:83:cf:fe:66:97:05:09:e6:07:32:90:e6:f8:79:7b:5a:64:
         e6:95:41:47:d5:91:42:76:2e:87:ae:dc:eb:21:f8:df:95:58:
         f3:f1:b1:bf:e3:b4:0b:6e:82:53:ea:b2:8c:54:95:21:45:71:
         b8:25:21:fb
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZObjc+wHUG8XNUmXKaJtRD8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmY4OTE5ZTZiYzFlZjU2NjM0ODkwMThmYzg3NWJlMzRj
MGYyNGMwHhcNMjQxMjA2MTAzOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTYxMjFkODI1NzM5Mjg0N2NiZGVlMTUwYTAxNTYzOGE2NWEwMjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsphM7XYIaTIWNX6uN2fm3L58/yKA
6qJZpvukPpLf+p7MyCt5vxg8fo9ScNtuqWhowmT72JDVDpIWhfGkYIg8Uwfk1iqb
+qgorTgLxPIhV34wLE9wWjQ6BUWAM8KuylUOUepPaZQbhRf+Brv2TVwHlcCQMrek
Y38biE5hIffLbDxGrPD7e2cIJ+djgKvO20QsZw8ZfT3c/HFObD1iIx74s4dU2Ixv
uwtT56vMLg2HquWCp4KhEvlFBNshdVBIgrWhliIS9PUd6fuxiuL0ZCK27Afx6ewI
TNYvZCns0sADNWb945G5Mp0IsgBxq3gHe2zs3tHE268R8MVbE4Zq6KqvxQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFBVhIdglc5KEfL3uFQoBVjimWgJuMB8GA1UdIwQY
MBaAFDUviRnmvB71ZjSJAY/Idb40wPJMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAt
ZTNmY2IyM2UzNDM4LzEvRldFaDJDVnprb1I4dmU0VkNnRldPS1phQW00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAtZTNmY2IyM2UzNDM4
LzEvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjAqBAIAATAkAwQADmZmAwQB
W91cAwQBW91qAwQCuTCEAwQCuTiwAwQBwnX2MCQEAgACMB4DBwAgAQZ8GEwDBQAq
AEeAAwUAKgJVIAMFAyoOrIAwDQYJKoZIhvcNAQELBQADggEBABgEu4tl7+8iIKcQ
PWMGOZNfCK+8xAFhtUl5yuxjFeXwC/ZEq+V8/CZ38+8gw4xGEWUnrQ8J/cJfx3XV
jumUwW4ip2pbWEhwGhw/xToJvpEUIHN71sjB00R1njJ00RIbYm4YHGxXJNfph1dp
E/cnUePPPEWqz9qbnwEDyIspZXBFM6tkSkE4ByjL6+K/ge0PfXIEVCk223WTL4lI
CgJCQDtzwlpPY6tnRi6nubdwAouH1mWUVIX0jF34hQRpQYjTiMmB8/5mcMiDz/5m
lwUJ5gcykOb4eXtaZOaVQUfVkUJ2Loeu3Osh+N+VWPPxsb/jtAtuglPqsoxUlSFF
cbglIfs=
-----END CERTIFICATE-----