Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/137002-e75f-4201-9988-991a1c714f95/1/M4l3Cf3_669djsGWrF7n0AJt83M.roa
File:                     M4l3Cf3_669djsGWrF7n0AJt83M.roa (raw, json)
Hash identifier:          MY4UMlUb6Y1AsO5cCAn8IrigWcCAqjlArLI2bOv+PX8=
Subject key identifier:   33:89:77:09:FD:FF:EB:AF:5D:8E:C1:96:AC:5E:E7:D0:02:6D:F3:73
Certificate issuer:       /CN=393cc8b7d2dc70a27d40fa459e4e56c005ccc63a
Certificate serial:       01942747EBA699F4D70AEFBD90C10F2D0FE4
Authority key identifier: 39:3C:C8:B7:D2:DC:70:A2:7D:40:FA:45:9E:4E:56:C0:05:CC:C6:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OTzIt9LccKJ9QPpFnk5WwAXMxjo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/137002-e75f-4201-9988-991a1c714f95/1/M4l3Cf3_669djsGWrF7n0AJt83M.roa
Signing time:             Thu 02 Jan 2025 13:50:12 +0000
ROA not before:           Thu 02 Jan 2025 13:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50880
IP address blocks:        78.110.0.0/20 maxlen: 20
                          78.110.0.0/24 maxlen: 24
                          78.110.1.0/24 maxlen: 24
                          78.110.2.0/24 maxlen: 24
                          78.110.3.0/24 maxlen: 24
                          78.110.4.0/24 maxlen: 24
                          78.110.5.0/24 maxlen: 24
                          78.110.6.0/24 maxlen: 24
                          78.110.7.0/24 maxlen: 24
                          78.110.8.0/24 maxlen: 24
                          78.110.9.0/24 maxlen: 24
                          78.110.10.0/24 maxlen: 24
                          78.110.11.0/24 maxlen: 24
                          78.110.12.0/24 maxlen: 24
                          78.110.13.0/24 maxlen: 24
                          78.110.14.0/24 maxlen: 24
                          78.110.15.0/24 maxlen: 24
                          185.69.208.0/24 maxlen: 24
                          185.69.209.0/24 maxlen: 24
                          185.69.210.0/24 maxlen: 24
                          185.69.211.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:eb:a6:99:f4:d7:0a:ef:bd:90:c1:0f:2d:0f:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=393cc8b7d2dc70a27d40fa459e4e56c005ccc63a
        Validity
            Not Before: Jan  2 13:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33897709fdffebaf5d8ec196ac5ee7d0026df373
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:e7:37:2d:93:3a:78:97:d7:a2:f4:7e:7d:fa:
                    9f:6b:e3:ff:e5:a4:49:ac:8f:12:b1:d9:d7:89:da:
                    0d:ac:07:64:69:63:99:b2:39:1d:7b:db:89:7a:df:
                    3a:d3:32:f7:0f:55:0b:e4:8b:ed:3b:92:05:fd:94:
                    d9:30:ab:c9:fd:09:22:8a:55:aa:df:8e:b0:b8:c6:
                    f6:5a:55:37:b8:cd:12:2c:1f:51:26:a6:ba:39:90:
                    bb:8f:bd:82:57:bb:0c:4f:9e:c9:14:54:9c:fa:4e:
                    23:fe:73:c9:9c:be:c9:4e:94:a7:a7:b8:7d:29:d3:
                    16:f3:45:d5:8e:24:a5:a5:4a:98:76:a9:fc:2b:62:
                    a6:56:92:94:66:69:34:73:d0:9a:3b:be:1b:f0:08:
                    cd:e0:de:2e:50:3b:7c:44:5c:c9:e3:21:2d:44:18:
                    91:c8:84:b8:7f:51:a9:ce:81:cc:9a:5a:97:cf:c4:
                    c4:78:d0:9f:eb:8f:de:85:db:d5:e1:4e:10:22:9e:
                    6e:95:34:97:62:7d:7d:8c:ba:c1:3a:f8:25:29:f5:
                    b4:5d:30:cf:47:a3:c8:b7:63:f5:a9:54:13:49:6f:
                    56:9f:a4:50:da:8e:08:ab:30:ed:94:5c:68:e8:94:
                    68:2a:72:b6:3a:f1:cf:0e:3a:96:cd:cf:d9:53:91:
                    10:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:89:77:09:FD:FF:EB:AF:5D:8E:C1:96:AC:5E:E7:D0:02:6D:F3:73
            X509v3 Authority Key Identifier:
                keyid:39:3C:C8:B7:D2:DC:70:A2:7D:40:FA:45:9E:4E:56:C0:05:CC:C6:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OTzIt9LccKJ9QPpFnk5WwAXMxjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/137002-e75f-4201-9988-991a1c714f95/1/M4l3Cf3_669djsGWrF7n0AJt83M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/137002-e75f-4201-9988-991a1c714f95/1/OTzIt9LccKJ9QPpFnk5WwAXMxjo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.110.0.0/20
                  185.69.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         91:19:dc:7c:30:f5:03:95:bd:a7:3b:b8:56:3f:c4:68:6a:b4:
         10:ed:c6:b4:82:05:50:0d:7f:1b:83:0e:89:f4:9f:a5:0e:44:
         06:2b:4b:42:70:5e:77:04:a3:a1:e6:fd:1e:d1:ff:ed:ac:72:
         49:b0:cd:b8:12:08:2f:c6:52:03:99:76:21:84:1f:48:52:21:
         37:bc:50:46:d5:64:f2:2f:f3:61:c7:dc:23:28:63:3a:5c:2b:
         fb:19:25:02:d1:65:87:52:b7:4c:ab:0e:c0:2c:59:d5:11:7a:
         c8:ba:0d:d3:b2:db:ae:10:74:cf:96:32:ff:71:83:26:6b:f8:
         45:af:74:10:fc:f6:3f:ad:ae:ac:65:1e:e8:c8:b3:29:62:7e:
         e2:74:d9:8b:df:e7:d0:ba:dd:46:fa:4c:96:21:56:a3:c3:76:
         67:a0:34:39:36:27:ea:54:15:29:13:8c:a5:63:0d:6a:f7:4d:
         4c:af:95:71:8f:fd:67:e9:e8:de:ae:cb:0a:54:7e:22:51:66:
         2e:88:ee:38:0a:20:62:9e:1c:af:a5:f4:0c:ef:77:c7:fa:da:
         50:1f:03:59:89:37:96:1e:3d:0c:29:e9:e2:81:64:f9:38:02:
         fd:7b:39:70:40:48:00:64:c0:0c:8e:43:41:74:cb:17:e2:89:
         36:3c:d8:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnR+ummfTXCu+9kMEPLQ/kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5M2NjOGI3ZDJkYzcwYTI3ZDQwZmE0NTllNGU1NmMwMDVj
Y2M2M2EwHhcNMjUwMTAyMTM1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzg5NzcwOWZkZmZlYmFmNWQ4ZWMxOTZhYzVlZTdkMDAyNmRmMzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ec3LZM6eJfXovR+ffqfa+P/5aRJ
rI8SsdnXidoNrAdkaWOZsjkde9uJet860zL3D1UL5IvtO5IF/ZTZMKvJ/QkiilWq
346wuMb2WlU3uM0SLB9RJqa6OZC7j72CV7sMT57JFFSc+k4j/nPJnL7JTpSnp7h9
KdMW80XVjiSlpUqYdqn8K2KmVpKUZmk0c9CaO74b8AjN4N4uUDt8RFzJ4yEtRBiR
yIS4f1GpzoHMmlqXz8TEeNCf64/ehdvV4U4QIp5ulTSXYn19jLrBOvglKfW0XTDP
R6PIt2P1qVQTSW9Wn6RQ2o4IqzDtlFxo6JRoKnK2OvHPDjqWzc/ZU5EQswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDOJdwn9/+uvXY7Blqxe59ACbfNzMB8GA1UdIwQY
MBaAFDk8yLfS3HCifUD6RZ5OVsAFzMY6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1R6SXQ5TGNjS0o5UVBwRm5rNVd3QVhNeGpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8xMzcwMDItZTc1Zi00MjAxLTk5ODgt
OTkxYTFjNzE0Zjk1LzEvTTRsM0NmM182NjlkanNHV3JGN24wQUp0ODNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8xMzcwMDItZTc1Zi00MjAxLTk5ODgtOTkxYTFjNzE0Zjk1
LzEvT1R6SXQ5TGNjS0o5UVBwRm5rNVd3QVhNeGpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQETm4AAwQC
uUXQMA0GCSqGSIb3DQEBCwUAA4IBAQCRGdx8MPUDlb2nO7hWP8RoarQQ7ca0ggVQ
DX8bgw6J9J+lDkQGK0tCcF53BKOh5v0e0f/trHJJsM24EggvxlIDmXYhhB9IUiE3
vFBG1WTyL/Nhx9wjKGM6XCv7GSUC0WWHUrdMqw7ALFnVEXrIug3TstuuEHTPljL/
cYMma/hFr3QQ/PY/ra6sZR7oyLMpYn7idNmL3+fQut1G+kyWIVajw3ZnoDQ5Nifq
VBUpE4ylYw1q901Mr5Vxj/1n6ejerssKVH4iUWYuiO44CiBinhyvpfQM73fH+tpQ
HwNZiTeWHj0MKenigWT5OAL9ezlwQEgAZMAMjkNBdMsX4ok2PNit
-----END CERTIFICATE-----