Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/zYd_cPkM9NVsX7bTQ07hSv4bWMk.roa
File:                     zYd_cPkM9NVsX7bTQ07hSv4bWMk.roa (raw, json)
Hash identifier:          7m24y9mQHGr+u8/2znCaziY9Qt7M+iB4zeF7KEcBtdg=
Subject key identifier:   CD:87:7F:70:F9:0C:F4:D5:6C:5F:B6:D3:43:4E:E1:4A:FE:1B:58:C9
Certificate issuer:       /CN=297c508d23b38315bbf45b726d22050a46127b8c
Certificate serial:       019425FD54906B2C8514E0CAA162CE9990E4
Authority key identifier: 29:7C:50:8D:23:B3:83:15:BB:F4:5B:72:6D:22:05:0A:46:12:7B:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXxQjSOzgxW79FtybSIFCkYSe4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/zYd_cPkM9NVsX7bTQ07hSv4bWMk.roa
Signing time:             Thu 02 Jan 2025 07:49:06 +0000
ROA not before:           Thu 02 Jan 2025 07:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20926
IP address blocks:        79.98.16.0/21 maxlen: 24
                          80.74.64.0/20 maxlen: 24
                          84.239.64.0/18 maxlen: 24
                          141.101.56.0/22 maxlen: 24
                          185.10.176.0/22 maxlen: 24
                          185.47.240.0/22 maxlen: 24
                          2a00:6900::/44 maxlen: 48
                          2a00:6900:f0::/48 maxlen: 48
                          2a00:6901::/32 maxlen: 48
                          2a03:5d40::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:54:90:6b:2c:85:14:e0:ca:a1:62:ce:99:90:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297c508d23b38315bbf45b726d22050a46127b8c
        Validity
            Not Before: Jan  2 07:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd877f70f90cf4d56c5fb6d3434ee14afe1b58c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:c0:42:4d:fa:f3:fc:cd:f6:d2:b3:62:99:63:
                    a1:75:2f:9b:06:63:4f:ba:c7:dc:b5:02:26:1d:e0:
                    3a:3e:23:0f:26:85:6c:bb:83:06:5a:c6:83:ba:5b:
                    07:3b:54:47:cc:1d:83:e9:85:0f:6b:e3:df:83:51:
                    5f:a6:03:78:ab:53:f6:92:7a:2c:b1:77:02:d7:27:
                    a9:c2:b1:f1:33:0c:5e:a2:dc:70:3b:d6:65:b5:4f:
                    eb:9f:20:64:28:3a:58:d7:9a:dd:6e:58:c7:52:8f:
                    28:4b:3e:64:79:b0:21:05:76:4e:b2:0c:d3:2a:ae:
                    35:a0:41:80:38:6d:a3:8e:29:ef:8c:f0:63:58:37:
                    3a:d7:51:ae:b2:63:3e:c1:ed:75:b6:0d:dc:83:27:
                    52:52:e7:12:71:92:db:3c:bf:59:ab:a5:7f:63:a2:
                    0b:87:04:ac:9c:0a:59:b3:ac:82:bb:2d:62:59:52:
                    ac:54:2a:74:43:fd:3d:52:5b:06:ec:ec:c1:cf:ff:
                    07:86:16:e5:32:1c:52:29:34:6f:54:b0:41:33:b1:
                    ba:d4:64:a6:d4:ba:15:84:85:05:a3:2d:e7:d4:56:
                    51:0f:24:fa:3d:56:29:89:d6:04:0b:75:fd:be:aa:
                    ec:8e:cb:4f:d8:d8:e3:90:b4:92:2f:7e:d8:2c:e3:
                    42:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:87:7F:70:F9:0C:F4:D5:6C:5F:B6:D3:43:4E:E1:4A:FE:1B:58:C9
            X509v3 Authority Key Identifier:
                keyid:29:7C:50:8D:23:B3:83:15:BB:F4:5B:72:6D:22:05:0A:46:12:7B:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXxQjSOzgxW79FtybSIFCkYSe4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/zYd_cPkM9NVsX7bTQ07hSv4bWMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/KXxQjSOzgxW79FtybSIFCkYSe4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.98.16.0/21
                  80.74.64.0/20
                  84.239.64.0/18
                  141.101.56.0/22
                  185.10.176.0/22
                  185.47.240.0/22
                IPv6:
                  2a00:6900::/44
                  2a00:6900:f0::/48
                  2a00:6901::/32
                  2a03:5d40::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:9a:af:75:ce:a4:f5:8f:47:f6:64:70:c2:a5:a6:50:d0:00:
         5d:23:48:17:3a:a4:5d:78:20:0c:25:5d:53:ec:bd:09:85:2d:
         06:00:f7:05:36:e1:ff:a4:8a:07:35:b2:0d:07:da:f4:8c:97:
         b7:a3:a7:f1:17:11:52:a8:30:65:67:80:d4:53:a9:5d:c2:68:
         62:a5:da:39:12:01:c0:38:a1:da:ac:20:ce:6b:b1:db:2e:5e:
         04:fe:01:d9:53:45:7e:30:d9:32:b7:41:1a:6d:5d:8b:a3:b9:
         e3:1c:80:0e:26:ae:9d:62:d1:f5:89:2d:74:50:e6:4f:05:c6:
         d7:74:9c:3e:66:65:cb:ce:a9:f8:16:01:de:23:4d:4c:6b:f2:
         ab:a6:ec:6f:10:4c:b3:a9:f2:81:a3:be:45:a3:01:25:e9:9e:
         bc:5e:c7:f1:5b:7c:1c:fc:5a:65:84:10:b1:c1:3a:d0:01:13:
         bc:0e:23:f9:79:d9:55:d1:03:13:87:b7:df:99:cc:71:42:56:
         1d:30:8f:ed:e1:c2:97:c5:5f:20:62:4f:b6:6d:ff:28:a4:28:
         26:9b:eb:3e:e7:f9:59:e1:8d:bd:8f:98:b3:e3:5f:c7:3a:07:
         91:6e:11:80:07:aa:78:eb:84:7f:82:de:8f:04:8d:bd:0e:23:
         be:99:b5:38
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZQl/VSQayyFFODKoWLOmZDkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2M1MDhkMjNiMzgzMTViYmY0NWI3MjZkMjIwNTBhNDYx
MjdiOGMwHhcNMjUwMTAyMDc0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDg3N2Y3MGY5MGNmNGQ1NmM1ZmI2ZDM0MzRlZTE0YWZlMWI1OGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08BCTfrz/M320rNimWOhdS+bBmNP
usfctQImHeA6PiMPJoVsu4MGWsaDulsHO1RHzB2D6YUPa+Pfg1FfpgN4q1P2knos
sXcC1yepwrHxMwxeotxwO9ZltU/rnyBkKDpY15rdbljHUo8oSz5kebAhBXZOsgzT
Kq41oEGAOG2jjinvjPBjWDc611GusmM+we11tg3cgydSUucScZLbPL9Zq6V/Y6IL
hwSsnApZs6yCuy1iWVKsVCp0Q/09UlsG7OzBz/8HhhblMhxSKTRvVLBBM7G61GSm
1LoVhIUFoy3n1FZRDyT6PVYpidYEC3X9vqrsjstP2NjjkLSSL37YLONCKQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFM2Hf3D5DPTVbF+200NO4Ur+G1jJMB8GA1UdIwQY
MBaAFCl8UI0js4MVu/Rbcm0iBQpGEnuMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1h4UWpTT3pneFc3OUZ0eWJTSUZDa1lTZTR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC84YWJlZWQtZjUzYi00Nzc2LWE4ZTIt
MzZlOWE3OWJkOTUwLzEvellkX2NQa005TlZzWDdiVFEwN2hTdjRiV01rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC84YWJlZWQtZjUzYi00Nzc2LWE4ZTItMzZlOWE3OWJkOTUw
LzEvS1h4UWpTT3pneFc3OUZ0eWJTSUZDa1lTZTR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDAqBAIAATAkAwQDT2IQAwQE
UEpAAwQGVO9AAwQCjWU4AwQCuQqwAwQCuS/wMCYEAgACMCADBwQqAGkAAAADBwAq
AGkAAPADBQAqAGkBAwUAKgNdQDANBgkqhkiG9w0BAQsFAAOCAQEAgpqvdc6k9Y9H
9mRwwqWmUNAAXSNIFzqkXXggDCVdU+y9CYUtBgD3BTbh/6SKBzWyDQfa9IyXt6On
8RcRUqgwZWeA1FOpXcJoYqXaORIBwDih2qwgzmux2y5eBP4B2VNFfjDZMrdBGm1d
i6O54xyADiaunWLR9YktdFDmTwXG13ScPmZly86p+BYB3iNNTGvyq6bsbxBMs6ny
gaO+RaMBJemevF7H8Vt8HPxaZYQQscE60AETvA4j+XnZVdEDE4e335nMcUJWHTCP
7eHCl8VfIGJPtm3/KKQoJpvrPuf5WeGNvY+Ys+NfxzoHkW4RgAeqeOuEf4LejwSN
vQ4jvpm1OA==
-----END CERTIFICATE-----