Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/qthrebr-v1IWeqSrT9AeYqstaDk.roa
File:                     qthrebr-v1IWeqSrT9AeYqstaDk.roa (raw, json)
Hash identifier:          DPL9WcMNI+TsTDagJsEchXMuxd7Nz1dhpWlTxjl+984=
Subject key identifier:   AA:D8:6B:79:BA:FE:BF:52:16:7A:A4:AB:4F:D0:1E:62:AB:2D:68:39
Certificate issuer:       /CN=9241ad0e7fc22bfbab567be89f63d9805e5eb9aa
Certificate serial:       0194266BEF783443BC595681F054CAA62D46
Authority key identifier: 92:41:AD:0E:7F:C2:2B:FB:AB:56:7B:E8:9F:63:D9:80:5E:5E:B9:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kkGtDn_CK_urVnvon2PZgF5euao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/qthrebr-v1IWeqSrT9AeYqstaDk.roa
Signing time:             Thu 02 Jan 2025 09:49:55 +0000
ROA not before:           Thu 02 Jan 2025 09:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59545
IP address blocks:        92.63.160.0/21 maxlen: 24
                          92.63.160.0/24 maxlen: 24
                          92.63.161.0/24 maxlen: 24
                          92.63.162.0/24 maxlen: 24
                          92.63.163.0/24 maxlen: 24
                          109.205.199.0/24 maxlen: 32
                          141.138.144.0/21 maxlen: 24
                          141.138.145.0/24 maxlen: 24
                          141.138.146.0/24 maxlen: 24
                          141.138.147.0/24 maxlen: 24
                          141.138.148.0/24 maxlen: 24
                          141.138.149.0/24 maxlen: 24
                          141.138.151.0/24 maxlen: 24
                          178.20.248.0/21 maxlen: 24
                          185.69.100.0/22 maxlen: 24
                          2a01:a680::/32 maxlen: 64
                          2a01:a680:a1::/48 maxlen: 64
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:ef:78:34:43:bc:59:56:81:f0:54:ca:a6:2d:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9241ad0e7fc22bfbab567be89f63d9805e5eb9aa
        Validity
            Not Before: Jan  2 09:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aad86b79bafebf52167aa4ab4fd01e62ab2d6839
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:96:d4:9a:33:7e:1e:23:c2:f2:25:e2:07:bc:
                    13:41:65:f9:d0:69:3f:ae:01:ac:89:24:23:c4:95:
                    59:da:aa:b2:ed:8b:e6:e6:84:cb:e5:27:a3:0d:2c:
                    46:10:26:a6:63:0d:e6:cf:fe:15:83:59:ac:9e:ed:
                    a6:3d:7c:e4:9e:d4:d7:f9:b4:87:26:e1:13:82:0f:
                    79:7c:b5:29:3b:34:c2:ad:47:7a:1f:a3:44:bc:6a:
                    d8:0f:37:60:10:ec:2d:5e:dc:b7:04:dd:03:a4:b1:
                    7d:27:f9:0f:8f:a4:53:03:f3:0b:bb:37:7e:46:f7:
                    09:a9:70:15:55:03:88:48:8d:a5:54:57:c3:14:97:
                    2e:10:f4:72:0b:ba:5e:f5:c8:8d:a7:6f:74:99:97:
                    9a:30:a4:bd:9b:94:2b:41:8d:6c:94:27:ea:f2:4d:
                    db:ba:07:02:98:9e:f1:83:78:34:b9:08:7d:da:5d:
                    37:ff:1e:22:06:7d:e2:4e:fc:9d:52:08:72:46:b1:
                    09:5e:36:67:79:47:48:3f:27:e0:1e:d0:ab:b8:98:
                    58:44:47:41:9e:78:14:0f:76:4a:5b:f3:04:85:eb:
                    5f:bf:2c:63:d9:be:45:e4:e5:c2:93:e2:c8:72:63:
                    ec:96:06:b3:00:88:64:a3:03:21:77:5f:90:09:db:
                    b0:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:D8:6B:79:BA:FE:BF:52:16:7A:A4:AB:4F:D0:1E:62:AB:2D:68:39
            X509v3 Authority Key Identifier:
                keyid:92:41:AD:0E:7F:C2:2B:FB:AB:56:7B:E8:9F:63:D9:80:5E:5E:B9:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kkGtDn_CK_urVnvon2PZgF5euao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/qthrebr-v1IWeqSrT9AeYqstaDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/kkGtDn_CK_urVnvon2PZgF5euao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.63.160.0/21
                  109.205.199.0/24
                  141.138.144.0/21
                  178.20.248.0/21
                  185.69.100.0/22
                IPv6:
                  2a01:a680::/32

    Signature Algorithm: sha256WithRSAEncryption
         4d:f2:da:9e:7f:40:b4:ed:84:0b:74:ae:df:4f:bc:2f:0c:64:
         17:03:e8:db:6f:c3:b0:ce:6b:1f:66:80:75:ec:3d:5f:13:f1:
         56:6c:d7:52:4a:4f:00:e9:ba:20:92:eb:30:cc:23:a4:08:ae:
         20:e4:44:ff:ba:08:32:11:e0:76:60:c8:6f:df:f8:0f:b9:0e:
         6b:d3:74:3d:5b:f8:ce:92:9a:e6:6e:b5:7a:90:28:a6:d0:99:
         9d:1c:e3:6d:72:29:8c:c8:fd:84:78:41:b2:ad:68:4b:97:a8:
         c5:f9:ea:7e:9c:9e:e0:d0:cc:37:43:27:76:4f:9a:ca:c1:3c:
         41:8d:6e:bb:e8:38:de:aa:05:e2:32:67:0a:8f:43:63:3c:34:
         a6:15:38:9e:78:8d:7a:ee:2a:f5:83:63:aa:94:81:0f:de:55:
         e3:1f:ac:c6:5e:dc:e3:f7:ff:4d:df:fe:fd:42:26:28:c8:e8:
         47:28:ad:d3:60:05:ee:89:35:27:7c:22:5a:d6:b4:4b:2e:01:
         93:a0:36:fb:65:79:c4:5b:14:f4:c5:c7:d2:cc:08:b2:fd:82:
         3a:e7:e5:26:29:86:a7:ca:e7:ca:35:9f:57:2e:63:0c:15:4b:
         e0:7f:20:d0:9f:0b:fa:9a:7d:cb:5f:21:fc:e5:fa:b3:a0:d5:
         e8:05:89:22
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQma+94NEO8WVaB8FTKpi1GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNDFhZDBlN2ZjMjJiZmJhYjU2N2JlODlmNjNkOTgwNWU1
ZWI5YWEwHhcNMjUwMTAyMDk0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWQ4NmI3OWJhZmViZjUyMTY3YWE0YWI0ZmQwMWU2MmFiMmQ2ODM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJbUmjN+HiPC8iXiB7wTQWX50Gk/
rgGsiSQjxJVZ2qqy7Yvm5oTL5SejDSxGECamYw3mz/4Vg1msnu2mPXzkntTX+bSH
JuETgg95fLUpOzTCrUd6H6NEvGrYDzdgEOwtXty3BN0DpLF9J/kPj6RTA/MLuzd+
RvcJqXAVVQOISI2lVFfDFJcuEPRyC7pe9ciNp290mZeaMKS9m5QrQY1slCfq8k3b
ugcCmJ7xg3g0uQh92l03/x4iBn3iTvydUghyRrEJXjZneUdIPyfgHtCruJhYREdB
nngUD3ZKW/MEhetfvyxj2b5F5OXCk+LIcmPslgazAIhkowMhd1+QCduwNQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFKrYa3m6/r9SFnqkq0/QHmKrLWg5MB8GA1UdIwQY
MBaAFJJBrQ5/wiv7q1Z76J9j2YBeXrmqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2tHdERuX0NLX3VyVm52b24yUFpnRjVldWFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9mYjFhNmQtNDEzOC00YzRmLWFlZDkt
NDU0NGM2MTA5NzI5LzEvcXRocmVici12MUlXZXFTclQ5QWVZcXN0YURrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9mYjFhNmQtNDEzOC00YzRmLWFlZDktNDU0NGM2MTA5NzI5
LzEva2tHdERuX0NLX3VyVm52b24yUFpnRjVldWFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDXD+gAwQA
bc3HAwQDjYqQAwQDshT4AwQCuUVkMA0EAgACMAcDBQAqAaaAMA0GCSqGSIb3DQEB
CwUAA4IBAQBN8tqef0C07YQLdK7fT7wvDGQXA+jbb8OwzmsfZoB17D1fE/FWbNdS
Sk8A6bogkuswzCOkCK4g5ET/uggyEeB2YMhv3/gPuQ5r03Q9W/jOkprmbrV6kCim
0JmdHONtcimMyP2EeEGyrWhLl6jF+ep+nJ7g0Mw3Qyd2T5rKwTxBjW676DjeqgXi
MmcKj0NjPDSmFTieeI167ir1g2OqlIEP3lXjH6zGXtzj9/9N3/79QiYoyOhHKK3T
YAXuiTUnfCJa1rRLLgGToDb7ZXnEWxT0xcfSzAiy/YI65+UmKYanyufKNZ9XLmMM
FUvgfyDQnwv6mn3LXyH85fqzoNXoBYki
-----END CERTIFICATE-----