Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/vlkeWpW7W6LweJnwIBU2Pzn4Yoc.roa
File:                     vlkeWpW7W6LweJnwIBU2Pzn4Yoc.roa (raw, json)
Hash identifier:          Hm2823M/f1V1QJz9d0F1QqAIoJMETQ1Ee7ZtJK5Euzc=
Subject key identifier:   BE:59:1E:5A:95:BB:5B:A2:F0:78:99:F0:20:15:36:3F:39:F8:62:87
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0194B7E8AD0751D34EE7D9955A04F5812862
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/vlkeWpW7W6LweJnwIBU2Pzn4Yoc.roa
Signing time:             Thu 30 Jan 2025 15:51:06 +0000
ROA not before:           Thu 30 Jan 2025 15:51:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        194.58.155.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.224.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b7:e8:ad:07:51:d3:4e:e7:d9:95:5a:04:f5:81:28:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan 30 15:51:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be591e5a95bb5ba2f07899f02015363f39f86287
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:1b:9b:d4:e2:84:99:db:78:89:9c:a7:0a:ea:
                    37:27:4f:de:55:74:ef:94:39:d0:7f:fb:99:75:45:
                    18:87:47:0a:66:7a:c2:6f:c3:01:79:ae:51:82:aa:
                    25:b9:f4:91:a6:cd:83:cd:2b:54:8d:f9:7e:3c:04:
                    66:26:af:37:d8:2f:76:22:22:0b:29:ca:29:8c:25:
                    4c:db:ea:0c:ab:13:e3:15:e7:75:2a:1a:af:e3:49:
                    a3:45:ed:e9:da:60:e4:56:14:32:04:80:a7:b1:d3:
                    50:79:57:6b:37:e1:c8:45:9c:fa:00:23:0b:01:4b:
                    d9:11:53:6b:6c:7d:5c:9c:24:bd:9d:bf:38:a9:a2:
                    34:5d:b0:a4:fd:4b:f1:29:68:56:5d:10:a9:f7:63:
                    75:6f:fd:82:a1:bb:9f:03:d8:db:36:e2:02:a4:2d:
                    84:eb:a8:f1:aa:62:0f:23:3c:88:a9:f0:1a:d6:64:
                    d2:96:d4:10:be:11:2f:88:1b:61:43:ac:5d:60:fb:
                    77:5e:1a:65:4d:60:74:7e:97:78:bd:75:8e:c8:c6:
                    63:8e:15:a1:2b:3a:c1:80:87:66:20:00:b6:d5:05:
                    84:01:79:f6:93:20:12:22:9c:2b:d1:d4:55:a1:8f:
                    78:b5:a6:17:57:4c:f8:8f:73:97:07:86:90:b8:f1:
                    af:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:59:1E:5A:95:BB:5B:A2:F0:78:99:F0:20:15:36:3F:39:F8:62:87
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/vlkeWpW7W6LweJnwIBU2Pzn4Yoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.155.0/24
                  194.87.169.0/24
                  194.87.224.0/24
                  195.133.24.0/23
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.92.0/23
                  212.193.26.0/23
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0d:87:79:6f:76:86:de:ce:c3:28:1a:b8:56:41:54:55:f5:d6:
         67:7f:1a:8c:a3:eb:32:23:da:6b:d0:1d:ad:db:d5:7f:c8:80:
         5a:48:47:7e:2e:af:1b:ce:fa:c6:9e:a2:3d:25:4b:42:15:4e:
         7d:f4:27:aa:3a:3e:e1:cf:b8:a5:1f:14:bf:73:24:f5:5c:69:
         c9:59:a8:67:2e:35:28:7f:c4:1f:58:b5:3e:72:2e:a5:d7:60:
         66:57:95:d7:72:7c:ff:d0:f5:6f:c5:48:21:41:b3:1f:ce:5c:
         ae:22:c4:e5:b0:59:d6:68:05:d6:87:78:02:ac:be:95:f0:98:
         85:43:5d:c0:3a:dd:1e:74:fc:61:4b:72:a7:8d:39:aa:5f:e3:
         fe:13:ae:dd:ce:be:4a:80:5e:04:ff:59:e7:ca:e3:1d:41:9b:
         79:1e:60:cd:92:06:e3:c5:25:7a:18:a4:ad:47:97:21:f0:2e:
         ae:50:9b:4a:b4:61:62:7b:1a:74:7c:b1:52:72:b8:ca:36:17:
         80:2a:69:df:71:c0:11:a6:6a:5c:60:3d:69:0b:8d:51:16:e3:
         15:59:56:bf:59:b2:33:25:1b:3f:a7:3a:b6:a2:23:ec:2f:29:
         2f:01:4f:21:5c:2a:76:34:f1:e7:b4:13:a7:99:8f:72:a1:7f:
         1c:c7:0b:b3
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZS36K0HUdNO59mVWgT1gShiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTMwMTU1MTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTU5MWU1YTk1YmI1YmEyZjA3ODk5ZjAyMDE1MzYzZjM5Zjg2Mjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRub1OKEmdt4iZynCuo3J0/eVXTv
lDnQf/uZdUUYh0cKZnrCb8MBea5RgqolufSRps2DzStUjfl+PARmJq832C92IiIL
KcopjCVM2+oMqxPjFed1Khqv40mjRe3p2mDkVhQyBICnsdNQeVdrN+HIRZz6ACML
AUvZEVNrbH1cnCS9nb84qaI0XbCk/UvxKWhWXRCp92N1b/2CobufA9jbNuICpC2E
66jxqmIPIzyIqfAa1mTSltQQvhEviBthQ6xdYPt3XhplTWB0fpd4vXWOyMZjjhWh
KzrBgIdmIAC21QWEAXn2kyASIpwr0dRVoY94taYXV0z4j3OXB4aQuPGvMQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFL5ZHlqVu1ui8HiZ8CAVNj85+GKHMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdmxrZVdwVzdXNkx3ZUpud0lCVTJQem40WW9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQAwjqbAwQA
wlepAwQAwlfgAwQBw4UYAwQBw4UoAwQBw4UyAwQBw4VcAwQB1MEaMBQEAgACMA4D
BQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEADYd5b3aG3s7DKBq4VkFU
VfXWZ38ajKPrMiPaa9AdrdvVf8iAWkhHfi6vG876xp6iPSVLQhVOffQnqjo+4c+4
pR8Uv3Mk9VxpyVmoZy41KH/EH1i1PnIupddgZleV13J8/9D1b8VIIUGzH85criLE
5bBZ1mgF1od4Aqy+lfCYhUNdwDrdHnT8YUtyp405ql/j/hOu3c6+SoBeBP9Z58rj
HUGbeR5gzZIG48UlehikrUeXIfAurlCbSrRhYnsadHyxUnK4yjYXgCpp33HAEaZq
XGA9aQuNURbjFVlWv1myMyUbP6c6tqIj7C8pLwFPIVwqdjTx57QTp5mPcqF/HMcL
sw==
-----END CERTIFICATE-----