Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/338605-4db4-4ede-a310-5642353d431a/1/Rt1gtqsL3XGckE6ravfPMbXd82w.roa
File:                     Rt1gtqsL3XGckE6ravfPMbXd82w.roa (raw, json)
Hash identifier:          2JwbGC82Puo98akTLN0YA0GBgvd3GFrPbqPDWMBfEo8=
Subject key identifier:   46:DD:60:B6:AB:0B:DD:71:9C:90:4E:AB:6A:F7:CF:31:B5:DD:F3:6C
Certificate issuer:       /CN=4ad467f16d0951e430713832c6c759561e76041f
Certificate serial:       0194228DDA2CB30BC931B5E70329022D9999
Authority key identifier: 4A:D4:67:F1:6D:09:51:E4:30:71:38:32:C6:C7:59:56:1E:76:04:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/StRn8W0JUeQwcTgyxsdZVh52BB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/338605-4db4-4ede-a310-5642353d431a/1/Rt1gtqsL3XGckE6ravfPMbXd82w.roa
Signing time:             Wed 01 Jan 2025 15:48:29 +0000
ROA not before:           Wed 01 Jan 2025 15:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9074
IP address blocks:        37.131.248.0/24 maxlen: 24
                          37.131.249.0/24 maxlen: 24
                          37.131.250.0/24 maxlen: 24
                          37.131.251.0/24 maxlen: 24
                          37.131.252.0/24 maxlen: 24
                          37.131.253.0/24 maxlen: 24
                          37.131.254.0/24 maxlen: 24
                          37.131.255.0/24 maxlen: 24
                          185.248.108.0/24 maxlen: 24
                          185.248.109.0/24 maxlen: 24
                          185.248.110.0/24 maxlen: 24
                          2a0b:9bc0:1::/48 maxlen: 48
                          2a0b:9bc0:2::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:da:2c:b3:0b:c9:31:b5:e7:03:29:02:2d:99:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ad467f16d0951e430713832c6c759561e76041f
        Validity
            Not Before: Jan  1 15:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46dd60b6ab0bdd719c904eab6af7cf31b5ddf36c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:62:36:e6:77:9a:da:9b:83:d2:c2:72:b6:23:
                    23:05:e5:59:c6:15:96:91:21:8b:33:79:26:50:74:
                    2e:bf:bf:c2:d5:b1:d5:01:25:c1:20:06:a5:70:fa:
                    a3:6f:f6:6f:3c:aa:dc:6b:fb:d3:d7:52:5f:af:a7:
                    dd:94:2e:65:7f:04:82:5d:80:30:10:99:a7:f8:0c:
                    13:be:05:23:65:93:bd:05:6f:bd:72:13:19:7b:97:
                    98:e9:dd:3c:78:e0:e2:da:11:6d:0a:2c:50:87:a0:
                    e6:1b:96:ea:50:a0:84:02:76:9e:2e:92:95:a6:dd:
                    0f:7d:24:9f:a3:9e:02:67:10:d6:4c:ac:42:93:43:
                    98:49:ab:af:e0:62:49:7b:7a:1d:cc:38:05:5d:cc:
                    d5:35:24:c9:7a:15:bf:c3:58:84:56:8e:e2:1a:fe:
                    94:e4:ff:29:a9:99:51:f1:a0:db:57:75:af:74:bf:
                    33:4f:b1:d1:99:b2:38:c7:e3:b5:ff:29:4e:48:4d:
                    0b:9c:9e:f9:5e:44:d7:2f:55:15:a3:bf:07:8f:e7:
                    d6:72:e8:1c:95:84:ed:09:b2:4d:3a:fc:86:56:67:
                    b8:d0:71:ef:80:4a:ec:98:2c:60:ca:12:21:56:f5:
                    26:a3:d4:ea:6d:ba:03:6a:18:1d:f1:49:37:c0:40:
                    7b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:DD:60:B6:AB:0B:DD:71:9C:90:4E:AB:6A:F7:CF:31:B5:DD:F3:6C
            X509v3 Authority Key Identifier:
                keyid:4A:D4:67:F1:6D:09:51:E4:30:71:38:32:C6:C7:59:56:1E:76:04:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/StRn8W0JUeQwcTgyxsdZVh52BB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/338605-4db4-4ede-a310-5642353d431a/1/Rt1gtqsL3XGckE6ravfPMbXd82w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/338605-4db4-4ede-a310-5642353d431a/1/StRn8W0JUeQwcTgyxsdZVh52BB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.131.248.0/21
                  185.248.108.0-185.248.110.255
                IPv6:
                  2a0b:9bc0:1::-2a0b:9bc0:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         3c:cb:33:aa:bd:5e:4d:7d:b0:85:fa:a9:9a:e7:28:9b:49:5c:
         30:50:56:e4:7e:13:0d:72:b5:35:08:7b:7c:33:cf:2e:c2:38:
         10:09:bf:12:cd:28:01:22:a6:fe:3d:aa:26:57:cf:68:42:bb:
         2f:65:03:05:f2:91:2b:bc:9b:1c:f2:36:50:d6:1c:d4:2c:80:
         49:85:0e:d7:6f:03:1c:6b:16:9d:fd:91:5d:52:48:57:88:2f:
         eb:2b:5e:eb:89:43:1c:14:d4:ac:97:8f:ee:b9:99:c4:89:ee:
         ad:34:22:a7:91:f6:27:24:3e:66:6c:d7:22:a7:72:26:96:2e:
         f0:e1:36:fe:e7:22:bb:f5:90:bc:e0:29:1f:f8:28:13:f1:7e:
         fb:9b:7a:c4:10:13:a2:fb:84:d9:aa:41:ef:a0:1d:d0:b2:bf:
         dc:32:69:1d:e5:74:07:0f:19:a1:d1:5f:39:57:68:fe:57:c6:
         4d:36:22:23:89:0d:6c:f4:86:97:a8:5d:8c:d4:27:3e:ae:a5:
         b7:cb:8e:97:3e:19:3a:cf:1c:34:07:81:a5:d8:a7:b3:34:7e:
         53:b5:00:e1:30:fc:ec:94:70:e2:84:5b:e7:c5:9d:88:01:10:
         d5:85:ab:c4:ad:0f:3d:b2:3e:eb:e7:25:6c:7c:3d:e0:44:2d:
         60:a9:80:96
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQijdosswvJMbXnAykCLZmZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhZDQ2N2YxNmQwOTUxZTQzMDcxMzgzMmM2Yzc1OTU2MWU3
NjA0MWYwHhcNMjUwMTAxMTU0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmRkNjBiNmFiMGJkZDcxOWM5MDRlYWI2YWY3Y2YzMWI1ZGRmMzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmI25nea2puD0sJytiMjBeVZxhWW
kSGLM3kmUHQuv7/C1bHVASXBIAalcPqjb/ZvPKrca/vT11Jfr6fdlC5lfwSCXYAw
EJmn+AwTvgUjZZO9BW+9chMZe5eY6d08eODi2hFtCixQh6DmG5bqUKCEAnaeLpKV
pt0PfSSfo54CZxDWTKxCk0OYSauv4GJJe3odzDgFXczVNSTJehW/w1iEVo7iGv6U
5P8pqZlR8aDbV3WvdL8zT7HRmbI4x+O1/ylOSE0LnJ75XkTXL1UVo78Hj+fWcugc
lYTtCbJNOvyGVme40HHvgErsmCxgyhIhVvUmo9TqbboDahgd8Uk3wEB7zQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFEbdYLarC91xnJBOq2r3zzG13fNsMB8GA1UdIwQY
MBaAFErUZ/FtCVHkMHE4MsbHWVYedgQfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3RSbjhXMEpVZVF3Y1RneXhzZFpWaDUyQkI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8zMzg2MDUtNGRiNC00ZWRlLWEzMTAt
NTY0MjM1M2Q0MzFhLzEvUnQxZ3Rxc0wzWEdja0U2cmF2ZlBNYlhkODJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8zMzg2MDUtNGRiNC00ZWRlLWEzMTAtNTY0MjM1M2Q0MzFh
LzEvU3RSbjhXMEpVZVF3Y1RneXhzZFpWaDUyQkI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAaBAIAATAUAwQDJYP4MAwD
BAK5+GwDBAC5+G4wGgQCAAIwFDASAwcAKgubwAABAwcAKgubwAACMA0GCSqGSIb3
DQEBCwUAA4IBAQA8yzOqvV5NfbCF+qma5yibSVwwUFbkfhMNcrU1CHt8M88uwjgQ
Cb8SzSgBIqb+PaomV89oQrsvZQMF8pErvJsc8jZQ1hzULIBJhQ7XbwMcaxad/ZFd
UkhXiC/rK17riUMcFNSsl4/uuZnEie6tNCKnkfYnJD5mbNcip3Imli7w4Tb+5yK7
9ZC84Ckf+CgT8X77m3rEEBOi+4TZqkHvoB3Qsr/cMmkd5XQHDxmh0V85V2j+V8ZN
NiIjiQ1s9IaXqF2M1Cc+rqW3y46XPhk6zxw0B4Gl2KezNH5TtQDhMPzslHDihFvn
xZ2IARDVhavErQ89sj7r5yVsfD3gRC1gqYCW
-----END CERTIFICATE-----