Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/Kono4NS__M55MkKXYg1vIhrkn9w.roa
File:                     Kono4NS__M55MkKXYg1vIhrkn9w.roa (raw, json)
Hash identifier:          C0h7EddNPNZtV6rHXNRObJ8fNb4tY/Vya5HqUx1MmxA=
Subject key identifier:   2A:89:E8:E0:D4:BF:FC:CE:79:32:42:97:62:0D:6F:22:1A:E4:9F:DC
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       01944A64AB5E007355E41D8DF8DDC2D8F4B1
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/Kono4NS__M55MkKXYg1vIhrkn9w.roa
Signing time:             Thu 09 Jan 2025 09:28:18 +0000
ROA not before:           Thu 09 Jan 2025 09:28:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25374
IP address blocks:        79.124.10.0/23 maxlen: 24
                          79.124.10.0/24 maxlen: 24
                          79.124.11.0/24 maxlen: 24
                          79.124.12.0/24 maxlen: 24
                          79.124.18.0/23 maxlen: 24
                          79.124.18.0/24 maxlen: 24
                          79.124.19.0/24 maxlen: 24
                          79.124.46.0/24 maxlen: 24
                          80.72.84.0/22 maxlen: 24
                          130.185.230.0/23 maxlen: 24
                          130.185.230.0/24 maxlen: 24
                          130.185.231.0/24 maxlen: 24
                          130.185.233.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:64:ab:5e:00:73:55:e4:1d:8d:f8:dd:c2:d8:f4:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  9 09:28:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a89e8e0d4bffcce79324297620d6f221ae49fdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ef:5d:2f:8c:0a:00:27:ff:7c:ba:3c:85:88:
                    31:06:36:df:28:9b:53:26:f5:4a:fa:d2:66:e6:f1:
                    3a:1e:f0:7a:d5:f7:13:76:b9:af:bf:48:3c:5f:42:
                    7e:8d:64:e0:70:f3:a1:1c:bc:81:9d:6b:45:dd:75:
                    7e:2e:a1:87:ed:3b:cf:20:2b:8b:db:ed:cb:32:34:
                    67:58:a5:ee:1b:cb:b8:35:c7:5c:c7:18:95:10:58:
                    60:0a:2e:5c:4d:4b:fb:1f:c6:20:2b:30:cf:e2:22:
                    20:dc:93:3b:02:20:ee:38:0a:48:70:23:af:9c:be:
                    5f:84:c4:e3:0c:d4:7c:99:a3:30:38:e7:2f:24:eb:
                    51:4b:2c:1c:7f:24:cf:f7:fa:e1:f3:ab:70:87:a9:
                    0a:de:d8:e7:9b:2a:eb:14:99:4f:5c:5d:7c:5f:f8:
                    18:f5:cc:1b:7c:c0:96:80:f4:85:03:3e:84:f1:9c:
                    41:ae:4d:2d:4c:21:71:1f:f6:15:85:bb:8e:67:08:
                    c7:f3:c5:1a:d8:a5:ec:a0:30:ef:f0:ad:36:75:85:
                    b1:f8:79:ec:2c:0a:9c:5f:df:f9:19:85:83:d3:6a:
                    06:cf:04:9f:a4:b8:1c:48:55:a5:55:e5:b5:a1:8f:
                    e1:69:c3:f0:b9:97:cb:2d:7c:0c:9a:08:d9:4d:b0:
                    83:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:89:E8:E0:D4:BF:FC:CE:79:32:42:97:62:0D:6F:22:1A:E4:9F:DC
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/Kono4NS__M55MkKXYg1vIhrkn9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.124.10.0-79.124.12.255
                  79.124.18.0/23
                  79.124.46.0/24
                  80.72.84.0/22
                  130.185.230.0/23
                  130.185.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:c8:72:55:77:32:3f:70:9a:91:f0:09:8c:45:f1:1f:99:a4:
         10:11:bd:d2:97:74:a9:fe:38:c2:e7:03:1a:e5:b0:22:93:b0:
         92:05:73:b2:e4:1b:dc:50:58:12:47:3e:a8:6e:f6:74:01:7f:
         95:ad:b9:0f:de:48:63:be:f0:09:dd:6d:34:55:e9:cb:0b:e8:
         d8:79:82:24:8f:94:41:3c:7d:ba:41:5a:99:f5:a1:0b:a0:e2:
         35:95:6d:c4:0c:cd:69:ae:e9:6e:f0:31:b9:bb:e3:0e:37:0a:
         7a:fc:3f:ca:71:66:4b:8d:64:b1:47:77:ee:ae:f4:34:ef:63:
         72:81:2e:fd:dc:b3:b4:0d:2a:b0:d6:6b:14:39:35:35:44:64:
         9c:dd:76:bc:0e:8f:cc:4d:3c:c0:99:db:68:1a:3a:5b:58:27:
         c1:71:1c:2b:b9:a7:32:5a:24:62:aa:ea:0f:3d:d2:aa:b1:d5:
         16:41:cc:f5:d9:6b:20:78:13:c7:4f:b4:58:17:ba:64:ac:76:
         fc:1d:3f:09:ca:84:d2:79:32:32:e5:d5:07:e9:e2:b3:8f:3c:
         33:72:b6:df:cb:83:8d:03:28:1b:5e:3d:b1:86:c8:c8:42:ad:
         66:43:81:f4:c7:fc:e1:c5:e9:2a:14:8b:03:25:39:13:ba:b2:
         15:d2:37:5f
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZRKZKteAHNV5B2N+N3C2PSxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTA5MDkyODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTg5ZThlMGQ0YmZmY2NlNzkzMjQyOTc2MjBkNmYyMjFhZTQ5ZmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAye9dL4wKACf/fLo8hYgxBjbfKJtT
JvVK+tJm5vE6HvB61fcTdrmvv0g8X0J+jWTgcPOhHLyBnWtF3XV+LqGH7TvPICuL
2+3LMjRnWKXuG8u4NcdcxxiVEFhgCi5cTUv7H8YgKzDP4iIg3JM7AiDuOApIcCOv
nL5fhMTjDNR8maMwOOcvJOtRSywcfyTP9/rh86twh6kK3tjnmyrrFJlPXF18X/gY
9cwbfMCWgPSFAz6E8ZxBrk0tTCFxH/YVhbuOZwjH88Ua2KXsoDDv8K02dYWx+Hns
LAqcX9/5GYWD02oGzwSfpLgcSFWlVeW1oY/hacPwuZfLLXwMmgjZTbCDtQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFCqJ6ODUv/zOeTJCl2INbyIa5J/cMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvS29ubzROU19fTTU1TWtLWFlnMXZJaHJrbjl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsMAwDBAFPfAoD
BABPfAwDBAFPfBIDBABPfC4DBAJQSFQDBAGCueYDBACCuekwDQYJKoZIhvcNAQEL
BQADggEBACbIclV3Mj9wmpHwCYxF8R+ZpBARvdKXdKn+OMLnAxrlsCKTsJIFc7Lk
G9xQWBJHPqhu9nQBf5WtuQ/eSGO+8AndbTRV6csL6Nh5giSPlEE8fbpBWpn1oQug
4jWVbcQMzWmu6W7wMbm74w43Cnr8P8pxZkuNZLFHd+6u9DTvY3KBLv3cs7QNKrDW
axQ5NTVEZJzddrwOj8xNPMCZ22gaOltYJ8FxHCu5pzJaJGKq6g890qqx1RZBzPXZ
ayB4E8dPtFgXumSsdvwdPwnKhNJ5MjLl1Qfp4rOPPDNytt/Lg40DKBtePbGGyMhC
rWZDgfTH/OHF6SoUiwMlORO6shXSN18=
-----END CERTIFICATE-----