Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/4fa4b4-7c96-4eb7-9940-3f2316b553f5/1/p2SVo4qsSiAegswh4Tt4B2CgnX0.roa
File:                     p2SVo4qsSiAegswh4Tt4B2CgnX0.roa (raw, json)
Hash identifier:          ZR7WcDeaKIDHi9EqUsqBzkr/KcnAMrpHKscQ/Pybjlk=
Subject key identifier:   A7:64:95:A3:8A:AC:4A:20:1E:82:CC:21:E1:3B:78:07:60:A0:9D:7D
Certificate issuer:       /CN=f9503c075a690556bd462122b24699e1b6b19278
Certificate serial:       019421B24A86FACE74EF8CF5269E19F039F8
Authority key identifier: F9:50:3C:07:5A:69:05:56:BD:46:21:22:B2:46:99:E1:B6:B1:92:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-VA8B1ppBVa9RiEiskaZ4baxkng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/4fa4b4-7c96-4eb7-9940-3f2316b553f5/1/p2SVo4qsSiAegswh4Tt4B2CgnX0.roa
Signing time:             Wed 01 Jan 2025 11:48:40 +0000
ROA not before:           Wed 01 Jan 2025 11:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60350
IP address blocks:        45.137.176.0/22 maxlen: 24
                          91.221.146.0/23 maxlen: 24
                          185.45.180.0/22 maxlen: 24
                          185.183.112.0/22 maxlen: 24
                          193.105.141.0/24 maxlen: 24
                          193.105.151.0/24 maxlen: 24
                          193.148.6.0/23 maxlen: 24
                          193.161.254.0/23 maxlen: 24
                          193.164.2.0/23 maxlen: 24
                          195.189.178.0/23 maxlen: 24
                          2a0b:c80::/29 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:4a:86:fa:ce:74:ef:8c:f5:26:9e:19:f0:39:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9503c075a690556bd462122b24699e1b6b19278
        Validity
            Not Before: Jan  1 11:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a76495a38aac4a201e82cc21e13b780760a09d7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f1:eb:00:4e:3e:9b:76:f9:97:f1:c1:2a:d0:
                    38:64:0d:79:22:48:a8:20:63:d2:e4:ab:6d:88:e9:
                    f8:8c:8d:e9:71:63:f5:68:53:b6:e9:74:19:b4:2d:
                    bb:01:6f:89:9f:c2:42:65:6a:9a:b9:82:36:79:58:
                    7d:60:2a:dc:3b:04:9e:de:19:bb:b8:a9:2c:59:a0:
                    28:58:a8:c3:63:f4:87:32:dc:45:21:a4:c9:23:54:
                    26:80:79:e9:fc:40:42:a6:9e:ad:ba:c1:bd:53:db:
                    b4:cf:16:e7:b5:41:16:dc:b6:89:51:82:b8:5d:b0:
                    51:bb:3c:dd:14:52:47:9d:ce:7e:d6:64:92:c8:94:
                    f1:93:28:9d:92:b1:9d:25:6e:bd:e5:2e:29:d1:d1:
                    b0:79:d9:28:40:b0:ca:3e:c0:e9:38:6d:31:89:6c:
                    00:2c:cf:c6:dc:de:45:47:6f:22:68:e7:30:a3:b8:
                    e9:5b:ba:03:da:dd:15:72:e6:14:98:3a:1b:b1:aa:
                    d7:bb:1b:78:a0:95:ab:f3:c8:ae:c8:6d:8d:39:8b:
                    14:b2:75:ff:9f:bc:45:c0:b5:54:de:e3:17:c5:b6:
                    94:c7:f0:c9:cc:44:e4:c2:a0:5c:75:b4:da:61:cb:
                    48:36:8a:be:f8:e5:7b:5a:57:2e:59:87:5f:b0:36:
                    d6:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:64:95:A3:8A:AC:4A:20:1E:82:CC:21:E1:3B:78:07:60:A0:9D:7D
            X509v3 Authority Key Identifier:
                keyid:F9:50:3C:07:5A:69:05:56:BD:46:21:22:B2:46:99:E1:B6:B1:92:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-VA8B1ppBVa9RiEiskaZ4baxkng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/4fa4b4-7c96-4eb7-9940-3f2316b553f5/1/p2SVo4qsSiAegswh4Tt4B2CgnX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/4fa4b4-7c96-4eb7-9940-3f2316b553f5/1/1-VA8B1ppBVa9RiEiskaZ4baxkng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.176.0/22
                  91.221.146.0/23
                  185.45.180.0/22
                  185.183.112.0/22
                  193.105.141.0/24
                  193.105.151.0/24
                  193.148.6.0/23
                  193.161.254.0/23
                  193.164.2.0/23
                  195.189.178.0/23
                IPv6:
                  2a0b:c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:4c:6f:e1:ed:e9:c8:6c:18:6b:3a:42:8d:5f:42:77:ce:82:
         33:56:3b:06:f0:f6:22:77:c1:cd:1a:91:65:23:4f:2d:5e:ed:
         e4:9f:53:19:ee:59:0f:76:1c:f0:aa:ce:4b:b4:b0:52:47:4b:
         2c:5b:fc:b0:99:e3:20:59:b2:17:a8:3f:2f:ce:03:f8:1e:52:
         3b:2e:74:af:87:79:0f:54:27:ab:e9:c3:b1:48:0b:65:9a:d0:
         a9:f4:86:eb:39:e8:95:91:da:1c:55:a6:57:3b:f2:01:36:2a:
         d2:dc:ae:83:55:1c:22:1d:80:a3:16:2d:5e:75:06:e7:ec:99:
         f1:82:8c:78:8a:1e:d6:7d:80:12:df:84:7c:fc:5b:45:3a:eb:
         67:c5:1a:87:2d:ee:d5:d9:f6:a2:0a:5c:70:92:df:52:8f:66:
         19:c5:98:9b:53:cb:95:6b:63:3d:ae:68:c7:6c:b5:a7:41:e6:
         80:7a:a2:2a:03:30:7c:8b:04:a0:0b:30:61:4a:f2:d3:37:07:
         45:65:72:85:9d:ea:aa:52:87:e3:09:e7:18:1b:3d:51:39:11:
         c5:96:29:f8:c1:e1:b8:6d:41:5a:8d:43:42:a4:08:d5:c3:fe:
         11:0a:1d:ad:8a:99:6c:00:47:b2:99:56:96:56:2c:56:b1:d6:
         f7:a1:46:8c
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZQhskqG+s5074z1Jp4Z8Dn4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NTAzYzA3NWE2OTA1NTZiZDQ2MjEyMmIyNDY5OWUxYjZi
MTkyNzgwHhcNMjUwMTAxMTE0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzY0OTVhMzhhYWM0YTIwMWU4MmNjMjFlMTNiNzgwNzYwYTA5ZDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPHrAE4+m3b5l/HBKtA4ZA15Ikio
IGPS5KttiOn4jI3pcWP1aFO26XQZtC27AW+Jn8JCZWqauYI2eVh9YCrcOwSe3hm7
uKksWaAoWKjDY/SHMtxFIaTJI1QmgHnp/EBCpp6tusG9U9u0zxbntUEW3LaJUYK4
XbBRuzzdFFJHnc5+1mSSyJTxkyidkrGdJW695S4p0dGwedkoQLDKPsDpOG0xiWwA
LM/G3N5FR28iaOcwo7jpW7oD2t0VcuYUmDobsarXuxt4oJWr88iuyG2NOYsUsnX/
n7xFwLVU3uMXxbaUx/DJzETkwqBcdbTaYctINoq++OV7WlcuWYdfsDbWzQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFKdklaOKrEogHoLMIeE7eAdgoJ19MB8GA1UdIwQY
MBaAFPlQPAdaaQVWvUYhIrJGmeG2sZJ4MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1WQThCMXBwQlZhOVJpRWlza2FaNGJheGtuZy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzUvNGZhNGI0LTdjOTYtNGViNy05OTQw
LTNmMjMxNmI1NTNmNS8xL3AyU1ZvNHFzU2lBZWdzd2g0VHQ0QjJDZ25YMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzUvNGZhNGI0LTdjOTYtNGViNy05OTQwLTNmMjMxNmI1NTNm
NS8xLzEtVkE4QjFwcEJWYTlSaUVpc2thWjRiYXhrbmcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwZAYIKwYBBQUHAQcBAf8EVTBTMEIEAgABMDwDBAItibAD
BAFb3ZIDBAK5LbQDBAK5t3ADBADBaY0DBADBaZcDBAHBlAYDBAHBof4DBAHBpAID
BAHDvbIwDQQCAAIwBwMFAyoLDIAwDQYJKoZIhvcNAQELBQADggEBAIhMb+Ht6chs
GGs6Qo1fQnfOgjNWOwbw9iJ3wc0akWUjTy1e7eSfUxnuWQ92HPCqzku0sFJHSyxb
/LCZ4yBZsheoPy/OA/geUjsudK+HeQ9UJ6vpw7FIC2Wa0Kn0hus56JWR2hxVplc7
8gE2KtLcroNVHCIdgKMWLV51BufsmfGCjHiKHtZ9gBLfhHz8W0U662fFGoct7tXZ
9qIKXHCS31KPZhnFmJtTy5VrYz2uaMdstadB5oB6oioDMHyLBKALMGFK8tM3B0Vl
coWd6qpSh+MJ5xgbPVE5EcWWKfjB4bhtQVqNQ0KkCNXD/hEKHa2KmWwAR7KZVpZW
LFax1vehRow=
-----END CERTIFICATE-----