Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/b8OS_fUPUYCGlle81gedlVH1fvk.roa
File:                     b8OS_fUPUYCGlle81gedlVH1fvk.roa (raw, json)
Hash identifier:          rkmt/B0zlO0AjtGScJLjVBuGLDqEjfY2DmwWNu6R8vI=
Subject key identifier:   6F:C3:92:FD:F5:0F:51:80:86:96:57:BC:D6:07:9D:95:51:F5:7E:F9
Certificate issuer:       /CN=691242c33bc2e2e9e45850a0fc64ab2c7506a4b8
Certificate serial:       019423D7CF2EDAF318389C63870BF21719E1
Authority key identifier: 69:12:42:C3:3B:C2:E2:E9:E4:58:50:A0:FC:64:AB:2C:75:06:A4:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aRJCwzvC4unkWFCg_GSrLHUGpLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/b8OS_fUPUYCGlle81gedlVH1fvk.roa
Signing time:             Wed 01 Jan 2025 21:48:53 +0000
ROA not before:           Wed 01 Jan 2025 21:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61046
IP address blocks:        5.149.250.0/23 maxlen: 23
                          79.141.170.0/23 maxlen: 23
                          91.193.16.0/23 maxlen: 23
                          185.81.112.0/23 maxlen: 23
                          188.119.148.0/23 maxlen: 23
                          193.42.37.0/24 maxlen: 24
                          2a01:8640:1::/48 maxlen: 48
                          2a01:8640:7::/48 maxlen: 48
                          2a01:8640:16::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:cf:2e:da:f3:18:38:9c:63:87:0b:f2:17:19:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=691242c33bc2e2e9e45850a0fc64ab2c7506a4b8
        Validity
            Not Before: Jan  1 21:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fc392fdf50f5180869657bcd6079d9551f57ef9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ea:77:49:84:a7:1a:7f:de:66:1e:27:e2:5f:
                    38:11:0e:81:07:50:9b:ed:a6:1b:c6:97:36:f6:bd:
                    d2:fe:eb:45:bc:c2:9c:d9:f8:57:58:24:b5:91:c0:
                    ba:1c:b5:17:30:c3:94:37:fe:fe:3d:aa:48:7f:2c:
                    d2:5c:df:4b:70:3e:95:91:45:b4:7d:05:29:79:81:
                    c6:38:f0:1c:14:43:62:cb:64:aa:d5:0e:06:c5:82:
                    9e:66:81:f3:30:b2:03:2f:80:75:b5:70:92:ac:32:
                    2a:e5:91:3b:9c:8a:5d:3c:30:55:eb:fd:c7:b0:e1:
                    a2:9a:05:33:d0:b4:a7:10:d5:26:a5:54:0e:f4:5b:
                    ed:a1:ec:7c:1c:9a:34:29:9d:70:c1:5e:49:33:69:
                    39:b5:41:cd:47:64:ce:9c:f3:fa:3d:a7:9a:99:83:
                    ba:18:47:63:25:0c:3a:7a:f4:7a:de:66:46:07:3d:
                    08:c1:da:5b:ab:08:41:96:11:5b:1a:62:8f:de:67:
                    d8:11:e1:dd:0e:72:d6:37:de:1e:42:6b:18:e8:16:
                    18:d6:21:83:8e:e6:11:8d:57:84:7c:4f:d2:9f:97:
                    80:2d:40:45:58:4b:bb:c2:12:6a:fd:c5:9d:bb:41:
                    91:e0:75:0a:04:10:9a:1d:02:76:8e:3a:09:03:54:
                    f3:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:C3:92:FD:F5:0F:51:80:86:96:57:BC:D6:07:9D:95:51:F5:7E:F9
            X509v3 Authority Key Identifier:
                keyid:69:12:42:C3:3B:C2:E2:E9:E4:58:50:A0:FC:64:AB:2C:75:06:A4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aRJCwzvC4unkWFCg_GSrLHUGpLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/b8OS_fUPUYCGlle81gedlVH1fvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/aRJCwzvC4unkWFCg_GSrLHUGpLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.250.0/23
                  79.141.170.0/23
                  91.193.16.0/23
                  185.81.112.0/23
                  188.119.148.0/23
                  193.42.37.0/24
                IPv6:
                  2a01:8640:1::/48
                  2a01:8640:7::/48
                  2a01:8640:16::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:7a:29:13:ab:2c:b1:c9:c7:de:21:51:96:dd:46:a2:cd:07:
         cf:67:41:c4:7e:8e:18:48:61:dd:a9:a7:0b:9a:72:af:81:ba:
         94:b7:d5:55:bc:06:54:ac:65:5e:56:5d:c0:c5:cf:12:24:24:
         fb:51:fd:c3:92:3a:d3:95:0a:fc:ed:5f:d7:d1:fa:83:b9:26:
         74:8d:78:98:1e:54:25:ad:08:c7:21:39:cc:d2:47:f1:b1:6e:
         b9:2a:a1:25:6f:79:8e:40:02:44:d8:8c:81:f9:80:cb:b9:f2:
         7f:6c:a4:3b:c8:f8:0f:85:a0:cb:db:ea:59:77:ed:c0:c3:96:
         27:20:3b:ab:44:7f:7e:84:72:40:3b:6e:ca:4a:36:73:2c:35:
         6d:36:39:85:b6:58:e4:e6:90:28:f0:49:fe:cc:98:4c:ec:5e:
         83:ee:27:bb:28:66:63:63:f3:81:21:41:6f:fd:aa:5c:bd:f0:
         3a:ad:1e:0d:1d:7d:03:9c:fb:2b:60:21:04:12:50:15:f8:ff:
         dc:28:91:7f:c4:c6:7b:47:5f:e2:25:e0:29:2c:72:eb:b3:6a:
         dc:94:93:11:2b:fa:12:2f:5f:04:91:fa:10:cc:24:76:b0:79:
         a0:31:bd:53:ba:39:9a:cd:09:dd:25:61:ee:6a:47:2e:03:82:
         0a:5b:f5:e1
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZQj188u2vMYOJxjhwvyFxnhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MTI0MmMzM2JjMmUyZTllNDU4NTBhMGZjNjRhYjJjNzUw
NmE0YjgwHhcNMjUwMTAxMjE0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmMzOTJmZGY1MGY1MTgwODY5NjU3YmNkNjA3OWQ5NTUxZjU3ZWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwep3SYSnGn/eZh4n4l84EQ6BB1Cb
7aYbxpc29r3S/utFvMKc2fhXWCS1kcC6HLUXMMOUN/7+PapIfyzSXN9LcD6VkUW0
fQUpeYHGOPAcFENiy2Sq1Q4GxYKeZoHzMLIDL4B1tXCSrDIq5ZE7nIpdPDBV6/3H
sOGimgUz0LSnENUmpVQO9Fvtoex8HJo0KZ1wwV5JM2k5tUHNR2TOnPP6PaeamYO6
GEdjJQw6evR63mZGBz0IwdpbqwhBlhFbGmKP3mfYEeHdDnLWN94eQmsY6BYY1iGD
juYRjVeEfE/Sn5eALUBFWEu7whJq/cWdu0GR4HUKBBCaHQJ2jjoJA1TzOwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFG/Dkv31D1GAhpZXvNYHnZVR9X75MB8GA1UdIwQY
MBaAFGkSQsM7wuLp5FhQoPxkqyx1BqS4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVJKQ3d6dkM0dW5rV0ZDZ19HU3JMSFVHcExnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy82MzU2YjktYzQ5Zi00YjRkLThlMjkt
MzYyZmZlOGVlMjcwLzEvYjhPU19mVVBVWUNHbGxlODFnZWRsVkgxZnZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy82MzU2YjktYzQ5Zi00YjRkLThlMjktMzYyZmZlOGVlMjcw
LzEvYVJKQ3d6dkM0dW5rV0ZDZ19HU3JMSFVHcExnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzAqBAIAATAkAwQBBZX6AwQB
T42qAwQBW8EQAwQBuVFwAwQBvHeUAwQAwSolMCEEAgACMBsDBwAqAYZAAAEDBwAq
AYZAAAcDBwAqAYZAABYwDQYJKoZIhvcNAQELBQADggEBAIl6KROrLLHJx94hUZbd
RqLNB89nQcR+jhhIYd2ppwuacq+BupS31VW8BlSsZV5WXcDFzxIkJPtR/cOSOtOV
CvztX9fR+oO5JnSNeJgeVCWtCMchOczSR/GxbrkqoSVveY5AAkTYjIH5gMu58n9s
pDvI+A+FoMvb6ll37cDDlicgO6tEf36EckA7bspKNnMsNW02OYW2WOTmkCjwSf7M
mEzsXoPuJ7soZmNj84EhQW/9qly98DqtHg0dfQOc+ytgIQQSUBX4/9wokX/ExntH
X+Il4CkscuuzatyUkxEr+hIvXwSR+hDMJHaweaAxvVO6OZrNCd0lYe5qRy4Dggpb
9eE=
-----END CERTIFICATE-----