Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/61facc-669f-4456-963f-1e436dcb85c5/1/dfcipKIHJhkLM8tES7y9qnzOa0g.roa
File:                     dfcipKIHJhkLM8tES7y9qnzOa0g.roa (raw, json)
Hash identifier:          hdMZ+zVZPKGH8nt9Efyy+7bQ/S/VggiNWiYJsxgZkUA=
Subject key identifier:   75:F7:22:A4:A2:07:26:19:0B:33:CB:44:4B:BC:BD:AA:7C:CE:6B:48
Certificate issuer:       /CN=21c394c9b3a36b69f9ee5f8936a2f51b95eaceb4
Certificate serial:       0194228D104C506B81387CCD3F959E63AD7B
Authority key identifier: 21:C3:94:C9:B3:A3:6B:69:F9:EE:5F:89:36:A2:F5:1B:95:EA:CE:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IcOUybOja2n57l-JNqL1G5XqzrQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/61facc-669f-4456-963f-1e436dcb85c5/1/dfcipKIHJhkLM8tES7y9qnzOa0g.roa
Signing time:             Wed 01 Jan 2025 15:47:37 +0000
ROA not before:           Wed 01 Jan 2025 15:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51569
IP address blocks:        45.132.208.0/22 maxlen: 24
                          83.139.202.0/23 maxlen: 24
                          83.139.212.0/22 maxlen: 24
                          83.139.216.0/22 maxlen: 24
                          83.139.220.0/23 maxlen: 24
                          83.139.224.0/20 maxlen: 24
                          83.139.242.0/23 maxlen: 24
                          83.139.244.0/23 maxlen: 24
                          85.31.160.0/21 maxlen: 24
                          2a0c:48c0::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:10:4c:50:6b:81:38:7c:cd:3f:95:9e:63:ad:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21c394c9b3a36b69f9ee5f8936a2f51b95eaceb4
        Validity
            Not Before: Jan  1 15:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75f722a4a20726190b33cb444bbcbdaa7cce6b48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:de:18:0f:e8:71:33:ee:c9:f5:55:b7:e0:d7:
                    15:d3:c1:21:9b:c1:16:53:06:46:be:50:be:6f:2c:
                    6d:85:43:0d:27:19:41:51:aa:8d:a7:e4:db:78:b0:
                    9b:94:60:a4:d2:8d:05:a2:f3:3b:f1:b9:0a:3d:60:
                    ce:34:23:4a:a5:7f:04:65:7b:fb:ac:37:89:04:4d:
                    75:c1:a0:7f:15:47:6a:b8:df:0d:91:2b:3e:1d:1d:
                    2e:0d:5f:63:7c:4e:ee:1f:e1:83:4b:20:14:9c:45:
                    52:62:ff:00:62:fb:2a:15:a8:43:d3:31:d4:74:5b:
                    8d:8e:91:c0:e0:c6:a5:cc:08:01:c7:fb:54:24:79:
                    12:57:e8:92:d7:e4:3d:98:8b:c5:b5:fd:39:50:94:
                    94:d6:27:9e:1b:2d:0d:9c:09:c5:0c:f7:9b:08:88:
                    46:6e:b5:7f:9e:ec:89:4d:84:01:04:36:c6:b1:78:
                    ca:d1:e0:0a:ae:19:2b:28:97:54:9a:69:3d:29:d9:
                    27:ef:2f:26:94:7d:31:c5:95:c1:86:0f:b5:11:9f:
                    2d:5c:6a:69:17:7f:a9:a5:ed:a4:25:4d:4c:23:5b:
                    ce:5b:a2:59:2f:fe:5d:bd:16:0f:0a:ad:c9:c7:9e:
                    48:76:51:39:0d:52:1a:3f:7e:61:b3:f8:dc:57:da:
                    fb:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:F7:22:A4:A2:07:26:19:0B:33:CB:44:4B:BC:BD:AA:7C:CE:6B:48
            X509v3 Authority Key Identifier:
                keyid:21:C3:94:C9:B3:A3:6B:69:F9:EE:5F:89:36:A2:F5:1B:95:EA:CE:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IcOUybOja2n57l-JNqL1G5XqzrQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/61facc-669f-4456-963f-1e436dcb85c5/1/dfcipKIHJhkLM8tES7y9qnzOa0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/61facc-669f-4456-963f-1e436dcb85c5/1/IcOUybOja2n57l-JNqL1G5XqzrQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.208.0/22
                  83.139.202.0/23
                  83.139.212.0-83.139.221.255
                  83.139.224.0/20
                  83.139.242.0-83.139.245.255
                  85.31.160.0/21
                IPv6:
                  2a0c:48c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         40:bf:46:e2:ae:59:79:b3:7b:c1:dc:12:a1:3f:ea:b3:de:58:
         4f:fc:86:99:6d:aa:9c:e3:0f:af:ab:7f:1f:ba:ea:13:41:df:
         b5:e3:0e:63:e5:bc:4e:f7:ce:d9:4b:04:80:ec:34:93:7c:71:
         b1:d8:e7:b0:c1:cb:c4:59:87:22:00:11:1e:ab:0b:9d:0a:67:
         4e:fb:92:06:99:33:85:0b:14:9e:2d:3c:72:e5:a9:d7:00:f3:
         6b:ef:ff:63:48:48:f4:1a:c7:ce:1b:19:7a:aa:5c:5d:35:55:
         d0:c5:9e:bb:64:7a:fe:42:0d:c5:10:a1:af:2a:57:35:85:5d:
         41:71:fc:3b:f5:8a:db:45:17:1c:99:d9:68:cd:87:2a:08:50:
         51:40:10:15:27:3a:42:fb:ff:fc:a1:42:6a:c7:88:7c:76:61:
         1c:e5:42:9a:00:c5:90:be:ba:50:fc:64:3e:cb:42:28:0b:55:
         64:4c:b8:c0:04:96:50:23:c7:f2:83:52:70:28:1b:bf:5f:1c:
         15:8c:a1:42:87:9a:69:15:98:28:b3:80:54:ea:53:72:b3:d4:
         77:9a:96:9c:22:f7:f6:9e:ae:93:fc:71:78:b8:16:a3:4a:1e:
         cc:3c:a4:c7:c8:b4:95:43:4c:e0:67:db:61:42:3f:88:ad:ae:
         ae:c7:48:7a
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAZQijRBMUGuBOHzNP5WeY617MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYzM5NGM5YjNhMzZiNjlmOWVlNWY4OTM2YTJmNTFiOTVl
YWNlYjQwHhcNMjUwMTAxMTU0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWY3MjJhNGEyMDcyNjE5MGIzM2NiNDQ0YmJjYmRhYTdjY2U2YjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAld4YD+hxM+7J9VW34NcV08Ehm8EW
UwZGvlC+byxthUMNJxlBUaqNp+TbeLCblGCk0o0FovM78bkKPWDONCNKpX8EZXv7
rDeJBE11waB/FUdquN8NkSs+HR0uDV9jfE7uH+GDSyAUnEVSYv8AYvsqFahD0zHU
dFuNjpHA4MalzAgBx/tUJHkSV+iS1+Q9mIvFtf05UJSU1ieeGy0NnAnFDPebCIhG
brV/nuyJTYQBBDbGsXjK0eAKrhkrKJdUmmk9Kdkn7y8mlH0xxZXBhg+1EZ8tXGpp
F3+ppe2kJU1MI1vOW6JZL/5dvRYPCq3Jx55IdlE5DVIaP35hs/jcV9r7ywIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFHX3IqSiByYZCzPLREu8vap8zmtIMB8GA1UdIwQY
MBaAFCHDlMmzo2tp+e5fiTai9RuV6s60MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWNPVXliT2phMm41N2wtSk5xTDFHNVhxenJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC82MWZhY2MtNjY5Zi00NDU2LTk2M2Yt
MWU0MzZkY2I4NWM1LzEvZGZjaXBLSUhKaGtMTTh0RVM3eTlxbnpPYTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC82MWZhY2MtNjY5Zi00NDU2LTk2M2YtMWU0MzZkY2I4NWM1
LzEvSWNPVXliT2phMm41N2wtSk5xTDFHNVhxenJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzA6BAIAATA0AwQCLYTQAwQB
U4vKMAwDBAJTi9QDBAFTi9wDBARTi+AwDAMEAVOL8gMEAVOL9AMEA1UfoDANBAIA
AjAHAwUDKgxIwDANBgkqhkiG9w0BAQsFAAOCAQEAQL9G4q5ZebN7wdwSoT/qs95Y
T/yGmW2qnOMPr6t/H7rqE0HfteMOY+W8TvfO2UsEgOw0k3xxsdjnsMHLxFmHIgAR
HqsLnQpnTvuSBpkzhQsUni08cuWp1wDza+//Y0hI9BrHzhsZeqpcXTVV0MWeu2R6
/kINxRChrypXNYVdQXH8O/WK20UXHJnZaM2HKghQUUAQFSc6Qvv//KFCaseIfHZh
HOVCmgDFkL66UPxkPstCKAtVZEy4wASWUCPH8oNScCgbv18cFYyhQoeaaRWYKLOA
VOpTcrPUd5qWnCL39p6uk/xxeLgWo0oezDykx8i0lUNM4GfbYUI/iK2ursdIeg==
-----END CERTIFICATE-----