Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/ujwUfZi-j2E7tiXxuxPwDEMg9Do.roa
File:                     ujwUfZi-j2E7tiXxuxPwDEMg9Do.roa (raw, json)
Hash identifier:          ZVTJzzTXgsjt6o/MwKVQt8mq4QnG+HkM2MYUgIyYqIM=
Subject key identifier:   BA:3C:14:7D:98:BE:8F:61:3B:B6:25:F1:BB:13:F0:0C:43:20:F4:3A
Certificate issuer:       /CN=e5d6c6e8bced40bd032d17718c1b1e39ae841ae8
Certificate serial:       019420D649727F1114A0D331357D4AEC676D
Authority key identifier: E5:D6:C6:E8:BC:ED:40:BD:03:2D:17:71:8C:1B:1E:39:AE:84:1A:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/ujwUfZi-j2E7tiXxuxPwDEMg9Do.roa
Signing time:             Wed 01 Jan 2025 07:48:21 +0000
ROA not before:           Wed 01 Jan 2025 07:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12570
IP address blocks:        80.78.144.0/20 maxlen: 20
                          88.83.224.0/19 maxlen: 19
                          89.190.40.0/21 maxlen: 21
                          89.190.48.0/20 maxlen: 20
                          109.105.32.0/19 maxlen: 19
                          185.8.188.0/22 maxlen: 22
                          212.4.128.0/19 maxlen: 19
                          212.96.160.0/19 maxlen: 19
                          213.211.32.0/19 maxlen: 19
                          2001:4ba8::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:49:72:7f:11:14:a0:d3:31:35:7d:4a:ec:67:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5d6c6e8bced40bd032d17718c1b1e39ae841ae8
        Validity
            Not Before: Jan  1 07:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba3c147d98be8f613bb625f1bb13f00c4320f43a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d8:a0:ca:e1:bf:00:69:3c:3d:7d:b2:c3:29:
                    7c:16:16:ca:e9:66:bd:d9:03:dc:85:bc:38:a8:da:
                    80:58:7f:cc:85:f3:51:2e:62:d5:7e:ee:2d:ae:56:
                    79:b1:55:f1:5b:79:eb:32:4e:c1:5e:99:a2:b2:ae:
                    b8:87:fa:96:4c:17:2d:a9:50:18:ac:a6:5a:90:91:
                    0e:35:45:63:a2:e3:ac:e0:11:c5:64:17:d9:11:f4:
                    7c:31:3b:1f:22:5f:20:8e:87:9a:7b:e2:ba:0b:b2:
                    03:81:5b:b0:46:ac:05:10:5a:69:21:ce:f5:70:04:
                    2a:b3:17:83:39:91:7e:52:71:fb:3e:49:92:05:e8:
                    80:11:56:35:9f:d4:43:f4:42:d1:72:24:e9:64:e9:
                    8a:16:89:24:9d:e1:80:c4:5e:8f:26:52:ab:21:a6:
                    89:38:75:5d:4f:c6:0f:f3:b7:7e:5d:be:a0:8e:43:
                    9a:fb:1a:7a:27:47:6e:9e:be:62:cb:6a:dd:e3:37:
                    ab:34:1f:a4:c4:42:22:5a:dc:d0:1c:c3:20:da:a0:
                    47:a4:db:f8:04:c1:ce:3b:fa:d0:7a:4d:57:46:1e:
                    b1:b0:04:f1:8b:91:78:03:f5:63:69:9d:b7:f4:71:
                    33:6d:d3:6e:91:0a:e5:de:67:4a:09:08:44:6d:c8:
                    f1:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:3C:14:7D:98:BE:8F:61:3B:B6:25:F1:BB:13:F0:0C:43:20:F4:3A
            X509v3 Authority Key Identifier:
                keyid:E5:D6:C6:E8:BC:ED:40:BD:03:2D:17:71:8C:1B:1E:39:AE:84:1A:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/ujwUfZi-j2E7tiXxuxPwDEMg9Do.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.78.144.0/20
                  88.83.224.0/19
                  89.190.40.0-89.190.63.255
                  109.105.32.0/19
                  185.8.188.0/22
                  212.4.128.0/19
                  212.96.160.0/19
                  213.211.32.0/19
                IPv6:
                  2001:4ba8::/29

    Signature Algorithm: sha256WithRSAEncryption
         a4:e2:de:d5:d1:71:38:0c:27:58:36:10:57:d4:df:84:ca:1f:
         99:18:4d:59:8b:b1:4c:41:39:71:e6:47:8a:59:58:1a:74:59:
         f2:1d:7f:95:43:b1:71:f3:1d:03:fb:01:4d:09:b6:d8:30:e8:
         ac:8a:f8:4e:45:30:51:9d:96:e4:c1:5d:a6:8f:fc:5b:45:3f:
         2f:61:30:d3:43:7d:29:5a:a8:75:b8:9e:10:89:af:4d:22:c4:
         66:a0:06:15:e1:e8:6e:bd:af:88:79:a2:b3:62:87:ff:c4:e4:
         d9:25:02:08:b5:69:da:81:c9:9b:8b:47:ae:98:2e:66:bc:06:
         05:8d:a9:9a:48:8b:6b:f5:7b:d7:35:a7:8b:f6:43:a2:c0:14:
         f1:d5:2a:4f:71:e9:ad:5d:44:76:0d:ed:90:f9:05:e3:bf:12:
         00:2f:03:2d:cc:c5:eb:c4:a5:c6:d1:49:47:84:ca:25:a1:30:
         f4:5a:56:d0:b7:28:87:07:e5:73:3d:89:56:12:e6:73:a2:1a:
         b0:75:f4:c8:1b:b1:d8:c9:8c:5e:03:81:d2:19:88:bd:e9:8b:
         bf:80:fd:1f:b1:49:26:71:f6:88:ca:5e:f6:83:d3:27:17:a3:
         15:e4:cb:38:e8:b5:00:3e:0a:89:e5:f4:b0:22:ed:2e:39:42:
         9e:82:a1:66
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZQg1klyfxEUoNMxNX1K7GdtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZDZjNmU4YmNlZDQwYmQwMzJkMTc3MThjMWIxZTM5YWU4
NDFhZTgwHhcNMjUwMTAxMDc0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTNjMTQ3ZDk4YmU4ZjYxM2JiNjI1ZjFiYjEzZjAwYzQzMjBmNDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtigyuG/AGk8PX2ywyl8FhbK6Wa9
2QPchbw4qNqAWH/MhfNRLmLVfu4trlZ5sVXxW3nrMk7BXpmisq64h/qWTBctqVAY
rKZakJEONUVjouOs4BHFZBfZEfR8MTsfIl8gjoeae+K6C7IDgVuwRqwFEFppIc71
cAQqsxeDOZF+UnH7PkmSBeiAEVY1n9RD9ELRciTpZOmKFokkneGAxF6PJlKrIaaJ
OHVdT8YP87d+Xb6gjkOa+xp6J0dunr5iy2rd4zerNB+kxEIiWtzQHMMg2qBHpNv4
BMHOO/rQek1XRh6xsATxi5F4A/VjaZ239HEzbdNukQrl3mdKCQhEbcjxDQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFLo8FH2Yvo9hO7Yl8bsT8AxDIPQ6MB8GA1UdIwQY
MBaAFOXWxui87UC9Ay0XcYwbHjmuhBroMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWRiRzZMenRRTDBETFJkeGpCc2VPYTZFR3VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wODk0ZjctZTI0ZC00NzI4LThjYWQt
YmQyNDliNjI1Nzk3LzEvdWp3VWZaaS1qMkU3dGlYeHV4UHdERU1nOURvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wODk0ZjctZTI0ZC00NzI4LThjYWQtYmQyNDliNjI1Nzk3
LzEvNWRiRzZMenRRTDBETFJkeGpCc2VPYTZFR3VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwQEUE6QAwQF
WFPgMAwDBANZvigDBAZZvgADBAVtaSADBAK5CLwDBAXUBIADBAXUYKADBAXV0yAw
DQQCAAIwBwMFAyABS6gwDQYJKoZIhvcNAQELBQADggEBAKTi3tXRcTgMJ1g2EFfU
34TKH5kYTVmLsUxBOXHmR4pZWBp0WfIdf5VDsXHzHQP7AU0Jttgw6KyK+E5FMFGd
luTBXaaP/FtFPy9hMNNDfSlaqHW4nhCJr00ixGagBhXh6G69r4h5orNih//E5Nkl
Agi1adqByZuLR66YLma8BgWNqZpIi2v1e9c1p4v2Q6LAFPHVKk9x6a1dRHYN7ZD5
BeO/EgAvAy3MxevEpcbRSUeEyiWhMPRaVtC3KIcH5XM9iVYS5nOiGrB19MgbsdjJ
jF4DgdIZiL3pi7+A/R+xSSZx9ojKXvaD0ycXoxXkyzjotQA+Conl9LAi7S45Qp6C
oWY=
-----END CERTIFICATE-----