Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/Ka5Exl1GeddcELNpCklBpS5TlPs.roa
File:                     Ka5Exl1GeddcELNpCklBpS5TlPs.roa (raw, json)
Hash identifier:          kRYcEd/x8/mlJ+CtYhq56IHy4jqYQVlovD2KG8xYqY4=
Subject key identifier:   29:AE:44:C6:5D:46:79:D7:5C:10:B3:69:0A:49:41:A5:2E:53:94:FB
Certificate issuer:       /CN=c3c0591e2eb49d0559e6fce7ee2aa81f0f59ba6f
Certificate serial:       0194282586220008D26A27E59F09F2E2E27C
Authority key identifier: C3:C0:59:1E:2E:B4:9D:05:59:E6:FC:E7:EE:2A:A8:1F:0F:59:BA:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8BZHi60nQVZ5vzn7iqoHw9Zum8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/Ka5Exl1GeddcELNpCklBpS5TlPs.roa
Signing time:             Thu 02 Jan 2025 17:52:15 +0000
ROA not before:           Thu 02 Jan 2025 17:52:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39347
IP address blocks:        89.33.88.0/21 maxlen: 21
                          89.33.89.0/24 maxlen: 24
                          89.33.90.0/23 maxlen: 23
                          89.33.94.0/23 maxlen: 23
                          89.35.57.0/24 maxlen: 24
                          89.42.31.0/24 maxlen: 24
                          93.119.176.0/21 maxlen: 21
                          93.119.176.0/24 maxlen: 24
                          93.119.177.0/24 maxlen: 24
                          93.119.182.0/23 maxlen: 23
                          185.122.220.0/22 maxlen: 22
                          185.122.221.0/24 maxlen: 24
                          185.122.222.0/24 maxlen: 24
                          2a06:a880::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:86:22:00:08:d2:6a:27:e5:9f:09:f2:e2:e2:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c0591e2eb49d0559e6fce7ee2aa81f0f59ba6f
        Validity
            Not Before: Jan  2 17:52:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29ae44c65d4679d75c10b3690a4941a52e5394fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c1:9d:bd:59:7b:8d:85:67:e8:3c:72:35:62:
                    7d:ea:bb:a8:70:5a:3d:4e:e7:6b:a6:8c:08:35:ba:
                    15:90:1e:23:84:b9:87:ba:29:b2:10:1d:8a:b6:5e:
                    88:a8:8e:b8:9a:3d:26:48:0d:78:7e:79:c0:fa:52:
                    9f:43:6c:0e:ca:80:48:98:af:97:56:f3:6d:6d:f5:
                    77:b5:d7:10:a3:8c:07:7c:05:ee:29:06:96:58:72:
                    d5:f1:f1:4e:71:4f:de:24:24:ad:ff:4e:3e:1f:ee:
                    64:f5:f1:1e:68:c1:97:21:03:ea:77:c3:1a:c1:9d:
                    bc:31:82:85:24:4a:89:ea:8d:be:36:5b:2b:33:ae:
                    ee:1d:e6:50:a1:42:28:9c:52:b2:10:a5:16:6a:79:
                    8c:78:76:fe:28:8a:a4:13:35:af:63:51:47:d8:ae:
                    8f:05:73:5d:b3:e6:db:57:e6:95:81:28:66:2e:c8:
                    17:48:0d:53:ea:7d:e5:64:7b:5d:7b:74:8a:1f:76:
                    a9:56:0a:f5:66:6e:41:76:c4:31:93:4e:05:48:c7:
                    11:95:fd:da:ba:fd:bd:c1:42:c5:cd:bc:82:8a:cb:
                    3d:64:99:df:7c:85:00:9e:11:09:60:6c:64:d2:6f:
                    3c:31:b7:11:f6:1b:ea:96:d5:cd:80:e8:c7:ac:d1:
                    31:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:AE:44:C6:5D:46:79:D7:5C:10:B3:69:0A:49:41:A5:2E:53:94:FB
            X509v3 Authority Key Identifier:
                keyid:C3:C0:59:1E:2E:B4:9D:05:59:E6:FC:E7:EE:2A:A8:1F:0F:59:BA:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8BZHi60nQVZ5vzn7iqoHw9Zum8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/Ka5Exl1GeddcELNpCklBpS5TlPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/w8BZHi60nQVZ5vzn7iqoHw9Zum8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.88.0/21
                  89.35.57.0/24
                  89.42.31.0/24
                  93.119.176.0/21
                  185.122.220.0/22
                IPv6:
                  2a06:a880::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:c8:82:15:02:73:43:f0:2b:60:12:88:8b:1c:51:a7:5d:1e:
         01:b3:77:bf:93:f7:ce:2e:24:fd:8e:47:71:77:41:02:22:5d:
         10:84:3c:7a:2d:13:2c:7f:57:95:27:83:53:f0:a1:19:a9:4b:
         21:78:d9:ff:a5:3c:1c:ed:28:fd:46:9a:15:e7:d1:36:46:d9:
         8e:60:0f:53:3a:41:ba:90:ce:1b:f7:99:41:94:76:b0:0d:70:
         ee:72:d2:ac:15:59:6e:fd:b6:ba:b7:77:4f:4a:d4:34:2f:6e:
         60:25:ee:bd:25:6b:ae:4b:be:44:ba:30:60:c2:93:01:12:8b:
         d8:76:bf:14:1f:15:bd:89:fd:11:81:f6:18:8a:20:d6:f4:c9:
         74:4b:b5:62:af:c4:dc:bb:a1:56:2c:c7:94:a8:24:0c:97:c5:
         54:cb:3d:e7:6e:b1:58:43:fc:f0:d5:6d:92:74:4d:b7:78:d1:
         14:9c:01:a4:c6:e7:00:36:44:46:4a:41:dc:aa:7d:04:f1:e7:
         48:50:57:13:43:b5:9c:91:66:fa:22:fa:f8:a6:bd:61:ba:30:
         db:e4:63:c9:3f:60:66:db:d3:74:5e:eb:2e:a9:19:d7:4c:6f:
         2c:3a:f8:97:8e:53:c6:20:b1:37:7f:b7:87:b5:50:58:fc:3b:
         87:43:6a:f2
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZQoJYYiAAjSaiflnwny4uJ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzA1OTFlMmViNDlkMDU1OWU2ZmNlN2VlMmFhODFmMGY1
OWJhNmYwHhcNMjUwMTAyMTc1MjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWFlNDRjNjVkNDY3OWQ3NWMxMGIzNjkwYTQ5NDFhNTJlNTM5NGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcGdvVl7jYVn6DxyNWJ96ruocFo9
TudrpowINboVkB4jhLmHuimyEB2Ktl6IqI64mj0mSA14fnnA+lKfQ2wOyoBImK+X
VvNtbfV3tdcQo4wHfAXuKQaWWHLV8fFOcU/eJCSt/04+H+5k9fEeaMGXIQPqd8Ma
wZ28MYKFJEqJ6o2+NlsrM67uHeZQoUIonFKyEKUWanmMeHb+KIqkEzWvY1FH2K6P
BXNds+bbV+aVgShmLsgXSA1T6n3lZHtde3SKH3apVgr1Zm5BdsQxk04FSMcRlf3a
uv29wULFzbyCiss9ZJnffIUAnhEJYGxk0m88MbcR9hvqltXNgOjHrNEx2QIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFCmuRMZdRnnXXBCzaQpJQaUuU5T7MB8GA1UdIwQY
MBaAFMPAWR4utJ0FWeb85+4qqB8PWbpvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhCWkhpNjBuUVZaNXZ6bjdpcW9IdzladW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy80YjhhYWItMjA5OS00M2FmLWI0MWQt
ZTM0MDcxNzQ2NjNiLzEvS2E1RXhsMUdlZGRjRUxOcENrbEJwUzVUbFBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy80YjhhYWItMjA5OS00M2FmLWI0MWQtZTM0MDcxNzQ2NjNi
LzEvdzhCWkhpNjBuUVZaNXZ6bjdpcW9IdzladW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAkBAIAATAeAwQDWSFYAwQA
WSM5AwQAWSofAwQDXXewAwQCuXrcMA8EAgACMAkDBwAqBqiAAAAwDQYJKoZIhvcN
AQELBQADggEBAEXIghUCc0PwK2ASiIscUaddHgGzd7+T984uJP2OR3F3QQIiXRCE
PHotEyx/V5Ung1PwoRmpSyF42f+lPBztKP1GmhXn0TZG2Y5gD1M6QbqQzhv3mUGU
drANcO5y0qwVWW79trq3d09K1DQvbmAl7r0la65LvkS6MGDCkwESi9h2vxQfFb2J
/RGB9hiKINb0yXRLtWKvxNy7oVYsx5SoJAyXxVTLPedusVhD/PDVbZJ0Tbd40RSc
AaTG5wA2REZKQdyqfQTx50hQVxNDtZyRZvoi+vimvWG6MNvkY8k/YGbb03Re6y6p
GddMbyw6+JeOU8YgsTd/t4e1UFj8O4dDavI=
-----END CERTIFICATE-----