Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/1mXcyLzjkRbf9Hznb8JyWzO3osQ.roa
File:                     1mXcyLzjkRbf9Hznb8JyWzO3osQ.roa (raw, json)
Hash identifier:          f2wNSKamLqv1NifvdMo7pGYLH63iUBhW6JiyWXjIzX4=
Subject key identifier:   D6:65:DC:C8:BC:E3:91:16:DF:F4:7C:E7:6F:C2:72:5B:33:B7:A2:C4
Certificate issuer:       /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial:       019426D9B472F7AF6A9310C718CA2BF3971F
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/1mXcyLzjkRbf9Hznb8JyWzO3osQ.roa
Signing time:             Thu 02 Jan 2025 11:49:49 +0000
ROA not before:           Thu 02 Jan 2025 11:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39811
IP address blocks:        85.140.40.0/24 maxlen: 24
                          85.140.41.0/24 maxlen: 24
                          85.140.42.0/24 maxlen: 24
                          85.140.127.0/24 maxlen: 24
                          213.87.96.0/24 maxlen: 24
                          213.87.97.0/24 maxlen: 24
                          213.87.98.0/23 maxlen: 23
                          213.87.100.0/24 maxlen: 24
                          213.87.101.0/24 maxlen: 24
                          213.87.102.0/24 maxlen: 24
                          213.87.103.0/24 maxlen: 24
                          213.87.104.0/24 maxlen: 24
                          213.87.105.0/24 maxlen: 24
                          213.87.106.0/23 maxlen: 23
                          213.87.246.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:b4:72:f7:af:6a:93:10:c7:18:ca:2b:f3:97:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
        Validity
            Not Before: Jan  2 11:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d665dcc8bce39116dff47ce76fc2725b33b7a2c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:61:41:7a:0c:8c:8e:04:3f:cd:df:22:33:23:
                    f3:45:49:38:30:11:71:b2:a5:0b:d1:1f:d6:4f:81:
                    a0:36:52:85:8a:5d:d9:87:ef:d8:08:28:57:16:38:
                    00:9a:5c:8f:d9:46:c7:f6:81:19:2c:9b:3a:5f:46:
                    a1:4e:fd:df:59:b4:08:c9:a9:8a:1a:0c:50:58:4a:
                    17:47:76:35:36:26:0f:ae:15:6f:04:3e:d8:a9:03:
                    e9:6a:9a:92:fd:c3:ff:83:8b:ae:21:06:ee:87:71:
                    93:d9:af:65:15:e4:00:8c:96:64:bd:37:72:5e:21:
                    00:29:fe:03:d6:02:66:13:ca:d6:c6:9a:d2:38:96:
                    a1:06:6c:d1:d8:2b:27:2a:35:eb:00:fd:b5:65:28:
                    37:32:d3:30:48:f6:5d:3e:59:bd:93:58:ff:c5:18:
                    70:ce:25:12:3c:43:b4:ce:1d:07:3a:bb:9d:7d:42:
                    82:08:b9:06:a1:bc:ba:a2:43:39:b1:34:6d:84:49:
                    00:5e:38:4f:0b:0a:3a:e8:43:ac:a1:cd:2b:88:aa:
                    7c:79:c7:8a:af:8e:90:cd:01:bc:63:9f:80:21:71:
                    37:28:f5:88:07:70:cd:63:5a:87:84:6c:7c:89:25:
                    ea:5f:46:30:4b:43:16:fb:1b:69:a5:74:13:66:dd:
                    f3:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:65:DC:C8:BC:E3:91:16:DF:F4:7C:E7:6F:C2:72:5B:33:B7:A2:C4
            X509v3 Authority Key Identifier:
                keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/1mXcyLzjkRbf9Hznb8JyWzO3osQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.140.40.0-85.140.42.255
                  85.140.127.0/24
                  213.87.96.0-213.87.107.255
                  213.87.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:86:9a:8d:85:d4:d6:01:93:95:41:59:42:83:1c:ba:d1:43:
         d5:74:48:3c:2e:bd:79:2e:19:c7:34:cd:da:1c:40:d7:ce:01:
         0b:a0:5e:e6:d9:11:b2:09:77:4d:e9:e1:0a:11:e2:a4:92:5c:
         33:1d:03:f4:cb:e1:c5:e7:02:ce:59:dc:07:2f:14:d0:3c:8d:
         50:a6:fc:b4:7c:8d:8c:4a:3c:b7:8c:31:a5:5d:57:7e:68:94:
         94:d9:0b:14:f8:d3:b4:9f:db:dc:d7:59:6c:9f:7b:db:00:94:
         a4:7e:a1:1d:f3:0f:dd:4d:1c:7f:09:65:eb:26:10:66:4e:8a:
         a3:0e:65:ee:c5:11:38:65:ea:f8:68:eb:d3:28:b3:14:b9:4e:
         a5:86:1e:d3:57:43:fa:75:19:07:9b:11:62:83:bb:ae:ab:32:
         ad:60:30:56:b9:1a:ef:33:cb:f5:47:15:bb:f8:e9:75:f3:f3:
         b8:e7:e5:e9:4c:c5:0b:c7:0d:bc:c0:1c:db:5e:db:d2:36:e7:
         36:71:57:81:4f:a8:c1:de:8f:f1:ca:7c:39:02:1b:36:50:61:
         42:60:9d:1d:6a:05:4e:f9:a0:8f:eb:d6:ca:32:4d:49:ed:ee:
         d0:10:34:f7:2a:f1:29:89:c9:2f:c3:05:6c:71:e0:d6:4d:0d:
         86:48:96:4d
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZQm2bRy969qkxDHGMor85cfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjUwMTAyMTE0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjY1ZGNjOGJjZTM5MTE2ZGZmNDdjZTc2ZmMyNzI1YjMzYjdhMmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7GFBegyMjgQ/zd8iMyPzRUk4MBFx
sqUL0R/WT4GgNlKFil3Zh+/YCChXFjgAmlyP2UbH9oEZLJs6X0ahTv3fWbQIyamK
GgxQWEoXR3Y1NiYPrhVvBD7YqQPpapqS/cP/g4uuIQbuh3GT2a9lFeQAjJZkvTdy
XiEAKf4D1gJmE8rWxprSOJahBmzR2CsnKjXrAP21ZSg3MtMwSPZdPlm9k1j/xRhw
ziUSPEO0zh0HOrudfUKCCLkGoby6okM5sTRthEkAXjhPCwo66EOsoc0riKp8eceK
r46QzQG8Y5+AIXE3KPWIB3DNY1qHhGx8iSXqX0YwS0MW+xtppXQTZt3zZwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFNZl3Mi845EW3/R852/Cclszt6LEMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvMW1YY3lMemprUmJmOUh6bmI4SnlXek8zb3NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBANVjCgD
BABVjCoDBABVjH8wDAMEBdVXYAMEAtVXaAMEANVX9jANBgkqhkiG9w0BAQsFAAOC
AQEAXoaajYXU1gGTlUFZQoMcutFD1XRIPC69eS4ZxzTN2hxA184BC6Be5tkRsgl3
TenhChHipJJcMx0D9MvhxecCzlncBy8U0DyNUKb8tHyNjEo8t4wxpV1XfmiUlNkL
FPjTtJ/b3NdZbJ972wCUpH6hHfMP3U0cfwll6yYQZk6Kow5l7sUROGXq+Gjr0yiz
FLlOpYYe01dD+nUZB5sRYoO7rqsyrWAwVrka7zPL9UcVu/jpdfPzuOfl6UzFC8cN
vMAc217b0jbnNnFXgU+owd6P8cp8OQIbNlBhQmCdHWoFTvmgj+vWyjJNSe3u0BA0
9yrxKYnJL8MFbHHg1k0NhkiWTQ==
-----END CERTIFICATE-----