Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/MrukXcFUqEow256KAYyeIYLRZog.roa
File:                     MrukXcFUqEow256KAYyeIYLRZog.roa (raw, json)
Hash identifier:          XtBjKt0dD05c3nHn8KPQ936/hM8bld6aPmDpQ0/ANLw=
Subject key identifier:   32:BB:A4:5D:C1:54:A8:4A:30:DB:9E:8A:01:8C:9E:21:82:D1:66:88
Certificate issuer:       /CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
Certificate serial:       019427B56112B1A47831CDBE9FCB92E93CB2
Authority key identifier: 66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/MrukXcFUqEow256KAYyeIYLRZog.roa
Signing time:             Thu 02 Jan 2025 15:49:45 +0000
ROA not before:           Thu 02 Jan 2025 15:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12599
IP address blocks:        212.64.192.0/24 maxlen: 24
                          212.64.194.0/24 maxlen: 24
                          212.64.197.0/24 maxlen: 24
                          212.64.198.0/24 maxlen: 24
                          212.64.200.0/24 maxlen: 24
                          212.64.203.0/24 maxlen: 24
                          212.64.204.0/24 maxlen: 24
                          212.64.205.0/24 maxlen: 24
                          212.64.206.0/24 maxlen: 24
                          212.64.207.0/24 maxlen: 24
                          212.64.208.0/24 maxlen: 24
                          212.64.209.0/24 maxlen: 24
                          212.64.212.0/24 maxlen: 24
                          212.64.220.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:61:12:b1:a4:78:31:cd:be:9f:cb:92:e9:3c:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
        Validity
            Not Before: Jan  2 15:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32bba45dc154a84a30db9e8a018c9e2182d16688
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7f:be:2f:b7:da:05:b3:85:3c:ef:a8:52:38:
                    35:b8:7e:3a:dd:9f:8c:10:19:85:e9:6d:ec:87:61:
                    bc:a0:f8:52:4e:73:2e:13:dc:b1:2c:4a:25:ec:3d:
                    86:70:06:a2:e0:d5:a6:73:44:45:0f:3f:75:83:19:
                    d2:e3:c1:99:b5:dd:e0:7a:5c:01:6d:85:20:de:4b:
                    84:4c:e3:da:b1:17:91:1f:61:a4:0a:bd:42:66:fb:
                    e8:7d:e7:ae:6f:69:2f:2d:ee:0d:92:b7:de:46:d7:
                    0d:21:48:99:95:a2:b7:32:cf:09:b8:1b:95:7d:04:
                    7b:fa:80:2e:23:86:02:9a:73:88:29:01:e8:a5:23:
                    c9:73:b7:6c:f6:e0:23:7a:5e:3a:39:18:89:aa:4b:
                    eb:dc:0b:73:0d:3a:8d:b2:f7:17:d8:85:60:6d:2b:
                    c6:af:4e:dd:95:1c:2b:80:42:f7:2d:bd:f9:17:bd:
                    db:8f:2a:cf:ed:e3:fc:a2:d5:fe:97:bb:6f:e6:4c:
                    2e:a0:f9:48:07:d6:27:83:91:e7:61:ce:b8:2a:c3:
                    7c:bb:9c:a9:fa:4c:92:8f:ae:f2:87:2a:c8:96:43:
                    9f:d0:c8:e0:3d:03:2c:37:3e:88:6b:70:f2:5e:d0:
                    dd:37:ca:93:04:f2:ae:66:98:ad:ff:69:8d:30:39:
                    35:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:BB:A4:5D:C1:54:A8:4A:30:DB:9E:8A:01:8C:9E:21:82:D1:66:88
            X509v3 Authority Key Identifier:
                keyid:66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/MrukXcFUqEow256KAYyeIYLRZog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.192.0/24
                  212.64.194.0/24
                  212.64.197.0-212.64.198.255
                  212.64.200.0/24
                  212.64.203.0-212.64.209.255
                  212.64.212.0/24
                  212.64.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:31:04:76:53:96:02:2e:46:e3:06:02:d6:2f:d0:1f:75:dd:
         3e:fc:ca:15:7c:86:da:8e:00:1b:9e:17:70:af:f5:44:4a:9c:
         21:e7:9e:8b:8e:ca:03:84:3c:88:51:f5:45:32:e1:c4:d7:4d:
         73:9a:13:d4:c3:4b:86:c0:9a:72:a5:1a:b6:ad:01:d8:22:21:
         51:8d:0c:e4:b5:dd:4c:ce:f1:47:ac:80:6d:9a:1f:33:ab:1d:
         63:a5:ac:6e:61:de:5c:98:3b:99:49:51:32:a1:22:03:0b:3e:
         b1:91:97:34:66:16:81:6b:b5:a5:4b:b4:d9:7b:28:5a:62:da:
         4e:ed:3b:db:06:29:b0:b8:0f:e6:9a:26:14:3a:b1:ab:16:7c:
         39:1c:3f:21:f6:51:df:7a:2c:77:50:7c:92:36:b8:b2:49:2e:
         d0:b2:d6:e5:1b:2d:4c:da:6d:4a:1f:2a:21:b5:87:41:0b:0a:
         e2:1b:3c:ee:b4:1d:37:c1:84:37:ec:3b:ea:8d:a7:1f:9c:e9:
         e3:89:e9:ba:b5:49:31:55:2f:bf:c0:a3:30:d1:ba:46:b6:bd:
         21:1d:db:82:32:69:aa:4c:b7:fc:db:85:a1:f2:44:a2:e2:ed:
         3e:b9:50:67:48:51:e3:a6:25:ab:23:39:21:47:47:b0:c0:ce:
         30:4c:c9:0a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZQntWESsaR4Mc2+n8uS6TyyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDBmODljZTIyNjQ1Yjk3Mjk3ZDc4MDM3MjZkYzJmYjBl
NWY0YjkwHhcNMjUwMTAyMTU0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmJiYTQ1ZGMxNTRhODRhMzBkYjllOGEwMThjOWUyMTgyZDE2Njg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsn++L7faBbOFPO+oUjg1uH463Z+M
EBmF6W3sh2G8oPhSTnMuE9yxLEol7D2GcAai4NWmc0RFDz91gxnS48GZtd3gelwB
bYUg3kuETOPasReRH2GkCr1CZvvofeeub2kvLe4NkrfeRtcNIUiZlaK3Ms8JuBuV
fQR7+oAuI4YCmnOIKQHopSPJc7ds9uAjel46ORiJqkvr3AtzDTqNsvcX2IVgbSvG
r07dlRwrgEL3Lb35F73bjyrP7eP8otX+l7tv5kwuoPlIB9Yng5HnYc64KsN8u5yp
+kySj67yhyrIlkOf0MjgPQMsNz6Ia3DyXtDdN8qTBPKuZpit/2mNMDk1lQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFDK7pF3BVKhKMNueigGMniGC0WaIMB8GA1UdIwQY
MBaAFGZA+JziJkW5cpfXgDcm3C+w5fS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEt
NDRhYjdhOWQ3ZGVhLzEvTXJ1a1hjRlVxRW93MjU2S0FZeWVJWUxSWm9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEtNDRhYjdhOWQ3ZGVh
LzEvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQA1EDAAwQA
1EDCMAwDBADUQMUDBADUQMYDBADUQMgwDAMEANRAywMEAdRA0AMEANRA1AMEANRA
3DANBgkqhkiG9w0BAQsFAAOCAQEAbjEEdlOWAi5G4wYC1i/QH3XdPvzKFXyG2o4A
G54XcK/1REqcIeeei47KA4Q8iFH1RTLhxNdNc5oT1MNLhsCacqUatq0B2CIhUY0M
5LXdTM7xR6yAbZofM6sdY6WsbmHeXJg7mUlRMqEiAws+sZGXNGYWgWu1pUu02Xso
WmLaTu072wYpsLgP5pomFDqxqxZ8ORw/IfZR33osd1B8kja4skku0LLW5RstTNpt
Sh8qIbWHQQsK4hs87rQdN8GEN+w76o2nH5zp44npurVJMVUvv8CjMNG6Rra9IR3b
gjJpqky3/NuFofJEouLtPrlQZ0hR46YlqyM5IUdHsMDOMEzJCg==
-----END CERTIFICATE-----