Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/27b62e-3639-4e74-affe-2b2f2b8908cc/1/Ra0sgLWf3JdJbcM4jauXm0fPx4g.roa
File:                     Ra0sgLWf3JdJbcM4jauXm0fPx4g.roa (raw, json)
Hash identifier:          ymRkXWhwSlWVwmfkCY22bMBdImNrCEWfsZ+bTko6SjM=
Subject key identifier:   45:AD:2C:80:B5:9F:DC:97:49:6D:C3:38:8D:AB:97:9B:47:CF:C7:88
Certificate issuer:       /CN=2901f5019a970ba5be0c754d20f78671818f4a2e
Certificate serial:       01942067C11FFE616512216E80458755E610
Authority key identifier: 29:01:F5:01:9A:97:0B:A5:BE:0C:75:4D:20:F7:86:71:81:8F:4A:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQH1AZqXC6W-DHVNIPeGcYGPSi4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/27b62e-3639-4e74-affe-2b2f2b8908cc/1/Ra0sgLWf3JdJbcM4jauXm0fPx4g.roa
Signing time:             Wed 01 Jan 2025 05:47:38 +0000
ROA not before:           Wed 01 Jan 2025 05:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51698
IP address blocks:        91.227.152.0/23 maxlen: 23
                          91.227.152.0/24 maxlen: 24
                          91.227.153.0/24 maxlen: 24
                          178.159.248.0/21 maxlen: 21
                          178.159.248.0/23 maxlen: 23
                          178.159.250.0/23 maxlen: 23
                          178.159.250.0/24 maxlen: 24
                          178.159.251.0/24 maxlen: 24
                          178.159.252.0/23 maxlen: 23
                          178.159.252.0/24 maxlen: 24
                          178.159.253.0/24 maxlen: 24
                          178.159.254.0/23 maxlen: 23
                          178.159.254.0/24 maxlen: 24
                          178.159.255.0/24 maxlen: 24
                          185.47.154.0/23 maxlen: 24
                          185.65.138.0/23 maxlen: 24
                          2a01:9160::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:c1:1f:fe:61:65:12:21:6e:80:45:87:55:e6:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2901f5019a970ba5be0c754d20f78671818f4a2e
        Validity
            Not Before: Jan  1 05:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45ad2c80b59fdc97496dc3388dab979b47cfc788
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:7a:b3:36:b8:5b:d9:58:a0:21:0e:a9:80:86:
                    b2:33:e6:8b:83:94:1d:37:44:19:2b:35:16:b9:ae:
                    a3:2e:55:e6:8c:ba:ce:7f:d5:ee:32:41:6c:ec:1b:
                    d3:60:6b:9f:75:ab:63:b8:05:99:8d:02:58:1d:e7:
                    0c:9a:92:aa:27:ae:5a:ab:80:c7:a1:2e:80:6a:34:
                    83:2e:47:57:d7:05:80:8c:6e:ad:a1:47:76:f0:a2:
                    91:31:b1:b7:1d:5e:fb:fd:da:5e:d6:a7:3b:1c:3e:
                    21:c2:09:f2:cc:c7:ce:08:26:f4:82:bd:a5:18:85:
                    de:f3:8c:09:a1:64:b6:dd:c0:3e:ed:4e:7f:c1:cd:
                    d3:bd:6d:e3:fe:91:f8:d5:ad:f1:f4:37:50:61:c6:
                    8f:87:ba:51:de:f4:de:86:84:7d:f9:f7:f9:98:f0:
                    5a:13:f6:7f:86:49:48:ce:cc:24:dd:65:c7:48:39:
                    36:7a:75:e0:33:88:06:d7:37:24:ca:40:40:b1:b5:
                    e3:ae:cc:61:6f:92:9d:95:b9:59:77:2e:9d:9b:ba:
                    b2:01:44:89:15:a3:cd:2b:79:90:8c:b1:7e:71:0b:
                    0a:f4:e9:91:3d:65:15:15:ce:41:17:bb:06:4b:5e:
                    bd:fe:bd:f2:b6:7f:89:66:66:dd:ad:5d:9b:de:c6:
                    5c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:AD:2C:80:B5:9F:DC:97:49:6D:C3:38:8D:AB:97:9B:47:CF:C7:88
            X509v3 Authority Key Identifier:
                keyid:29:01:F5:01:9A:97:0B:A5:BE:0C:75:4D:20:F7:86:71:81:8F:4A:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQH1AZqXC6W-DHVNIPeGcYGPSi4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/27b62e-3639-4e74-affe-2b2f2b8908cc/1/Ra0sgLWf3JdJbcM4jauXm0fPx4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/27b62e-3639-4e74-affe-2b2f2b8908cc/1/KQH1AZqXC6W-DHVNIPeGcYGPSi4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.152.0/23
                  178.159.248.0/21
                  185.47.154.0/23
                  185.65.138.0/23
                IPv6:
                  2a01:9160::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:49:88:0a:2a:17:ee:da:c1:f9:83:13:b2:16:ad:6a:3b:8e:
         72:1d:38:6b:2e:4e:46:f2:09:b0:79:6d:32:04:8d:a2:fa:da:
         58:4b:df:f6:f2:59:c0:3f:33:6c:18:99:6d:25:d8:bf:b6:87:
         8a:3e:46:cf:ed:c6:95:22:e0:80:8e:db:1f:e1:b5:73:44:f3:
         0e:99:2c:01:b1:3d:ad:25:34:c3:80:48:fb:9e:2d:09:9c:97:
         33:28:84:13:84:2f:e8:ea:7e:c3:fa:c8:0e:80:3d:81:54:f7:
         a7:b7:22:99:bd:46:e3:d9:fc:67:30:da:fd:e2:8b:b2:87:03:
         c6:d5:72:99:a8:62:af:8e:d3:d6:bd:d5:a1:7b:64:1c:45:c1:
         8e:c1:8b:14:76:7a:1f:48:ea:4d:c8:02:4d:3c:87:68:16:15:
         fa:3e:86:ae:15:1c:fe:69:fd:00:6a:8f:ee:94:aa:ae:d8:1c:
         73:07:7c:2a:7d:fa:ba:7b:c4:c7:56:ca:34:1d:0a:ec:f0:31:
         18:66:e9:f3:0f:ed:4b:ea:f6:2e:3e:f5:a2:8c:06:4b:64:8a:
         3f:36:f3:50:5b:64:1f:21:9c:d6:ca:73:a7:ce:a1:71:ca:fa:
         fb:28:1a:a5:65:1d:cb:7b:4f:42:9d:ac:e7:82:96:10:6d:15:
         f0:19:f5:11
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAZQgZ8Ef/mFlEiFugEWHVeYQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDFmNTAxOWE5NzBiYTViZTBjNzU0ZDIwZjc4NjcxODE4
ZjRhMmUwHhcNMjUwMTAxMDU0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWFkMmM4MGI1OWZkYzk3NDk2ZGMzMzg4ZGFiOTc5YjQ3Y2ZjNzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8HqzNrhb2VigIQ6pgIayM+aLg5Qd
N0QZKzUWua6jLlXmjLrOf9XuMkFs7BvTYGufdatjuAWZjQJYHecMmpKqJ65aq4DH
oS6AajSDLkdX1wWAjG6toUd28KKRMbG3HV77/dpe1qc7HD4hwgnyzMfOCCb0gr2l
GIXe84wJoWS23cA+7U5/wc3TvW3j/pH41a3x9DdQYcaPh7pR3vTehoR9+ff5mPBa
E/Z/hklIzswk3WXHSDk2enXgM4gG1zckykBAsbXjrsxhb5KdlblZdy6dm7qyAUSJ
FaPNK3mQjLF+cQsK9OmRPWUVFc5BF7sGS169/r3ytn+JZmbdrV2b3sZcBwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFEWtLIC1n9yXSW3DOI2rl5tHz8eIMB8GA1UdIwQY
MBaAFCkB9QGalwulvgx1TSD3hnGBj0ouMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FIMUFacVhDNlctREhWTklQZUdjWUdQU2k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8yN2I2MmUtMzYzOS00ZTc0LWFmZmUt
MmIyZjJiODkwOGNjLzEvUmEwc2dMV2YzSmRKYmNNNGphdVhtMGZQeDRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8yN2I2MmUtMzYzOS00ZTc0LWFmZmUtMmIyZjJiODkwOGNj
LzEvS1FIMUFacVhDNlctREhWTklQZUdjWUdQU2k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQBW+OYAwQD
sp/4AwQBuS+aAwQBuUGKMA8EAgACMAkDBwAqAZFgAAAwDQYJKoZIhvcNAQELBQAD
ggEBAA1JiAoqF+7awfmDE7IWrWo7jnIdOGsuTkbyCbB5bTIEjaL62lhL3/byWcA/
M2wYmW0l2L+2h4o+Rs/txpUi4ICO2x/htXNE8w6ZLAGxPa0lNMOASPueLQmclzMo
hBOEL+jqfsP6yA6APYFU96e3Ipm9RuPZ/Gcw2v3ii7KHA8bVcpmoYq+O09a91aF7
ZBxFwY7BixR2eh9I6k3IAk08h2gWFfo+hq4VHP5p/QBqj+6Uqq7YHHMHfCp9+rp7
xMdWyjQdCuzwMRhm6fMP7Uvq9i4+9aKMBktkij8281BbZB8hnNbKc6fOoXHK+vso
GqVlHct7T0KdrOeClhBtFfAZ9RE=
-----END CERTIFICATE-----