Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/_OBCt42Qgl4wI2H058mG4uDYUOw.roa
File:                     _OBCt42Qgl4wI2H058mG4uDYUOw.roa (raw, json)
Hash identifier:          jWbxYRFs270K2f9wkh6LdpAj2cDPsQg7s0mhGOvBxRQ=
Subject key identifier:   FC:E0:42:B7:8D:90:82:5E:30:23:61:F4:E7:C9:86:E2:E0:D8:50:EC
Certificate issuer:       /CN=6f3d89a81fc299f39c092e4f6d0173a9a9cfbc65
Certificate serial:       01942143B67620E3F5E1F183220AE31C5820
Authority key identifier: 6F:3D:89:A8:1F:C2:99:F3:9C:09:2E:4F:6D:01:73:A9:A9:CF:BC:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bz2JqB_CmfOcCS5PbQFzqanPvGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/_OBCt42Qgl4wI2H058mG4uDYUOw.roa
Signing time:             Wed 01 Jan 2025 09:47:53 +0000
ROA not before:           Wed 01 Jan 2025 09:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16024
IP address blocks:        46.28.32.0/21 maxlen: 24
                          149.232.184.0/22 maxlen: 24
                          149.232.190.0/23 maxlen: 24
                          149.232.244.0/22 maxlen: 24
                          149.232.248.0/22 maxlen: 24
                          156.67.56.0/23 maxlen: 23
                          156.67.56.0/24 maxlen: 24
                          156.67.57.0/24 maxlen: 24
                          185.47.232.0/22 maxlen: 24
                          185.159.32.0/22 maxlen: 24
                          217.70.160.0/20 maxlen: 24
                          2a02:1670::/29 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:b6:76:20:e3:f5:e1:f1:83:22:0a:e3:1c:58:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f3d89a81fc299f39c092e4f6d0173a9a9cfbc65
        Validity
            Not Before: Jan  1 09:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fce042b78d90825e302361f4e7c986e2e0d850ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:dd:11:f3:5c:79:ef:37:73:6e:f6:28:12:5c:
                    8f:ee:0b:c9:2b:7b:52:3f:95:9b:3c:d3:89:6e:06:
                    42:8d:69:cd:af:6a:14:6a:b9:13:25:69:73:6b:66:
                    11:2b:c2:fc:5c:ba:5e:cc:d2:f2:a3:52:56:d6:01:
                    c2:69:a9:31:c6:9f:06:95:57:51:eb:4c:eb:e4:c7:
                    57:ce:17:c9:f8:63:4b:a1:77:07:51:2f:8e:6c:91:
                    21:87:6a:80:e0:e6:41:b2:5f:f4:e9:04:ea:3f:37:
                    ad:a5:59:90:66:dd:4c:94:df:8a:52:78:58:a1:a2:
                    e7:3b:da:29:ed:5c:bd:d4:2d:0a:47:da:ec:e5:fa:
                    61:3b:a7:81:90:0a:64:df:55:cd:2d:ab:89:7d:6d:
                    ad:a7:e4:b8:02:ef:5a:ed:6e:95:5b:14:a7:bf:84:
                    3f:78:54:d5:8c:cb:be:88:df:fc:8d:8e:3d:25:9d:
                    2a:6e:09:c0:bf:93:ce:c7:a7:80:a3:83:64:ef:f0:
                    3d:51:08:99:f9:33:c9:97:ee:ae:6c:e4:d5:c3:24:
                    e4:0f:bf:82:d4:b0:ca:09:fb:f3:79:da:84:fb:65:
                    d0:cf:c3:00:96:c7:e0:54:11:87:48:81:73:b6:75:
                    cc:fc:fd:51:f3:30:2b:4b:e8:7d:4b:d7:8c:e1:0b:
                    29:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:E0:42:B7:8D:90:82:5E:30:23:61:F4:E7:C9:86:E2:E0:D8:50:EC
            X509v3 Authority Key Identifier:
                keyid:6F:3D:89:A8:1F:C2:99:F3:9C:09:2E:4F:6D:01:73:A9:A9:CF:BC:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bz2JqB_CmfOcCS5PbQFzqanPvGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/_OBCt42Qgl4wI2H058mG4uDYUOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/bz2JqB_CmfOcCS5PbQFzqanPvGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.32.0/21
                  149.232.184.0/22
                  149.232.190.0/23
                  149.232.244.0-149.232.251.255
                  156.67.56.0/23
                  185.47.232.0/22
                  185.159.32.0/22
                  217.70.160.0/20
                IPv6:
                  2a02:1670::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:5b:df:b9:11:af:bd:76:01:5c:f7:a8:65:e3:2c:ea:ed:ff:
         19:17:16:d7:4d:0f:d4:87:a0:3b:da:47:7a:a8:32:b9:15:3c:
         7b:f0:a6:d0:c0:7f:d2:41:3d:be:68:08:e3:b5:b5:1f:c8:5b:
         fa:c2:e9:0c:22:1e:33:b0:f6:87:36:75:3f:82:c4:15:69:64:
         62:2b:d4:e3:4a:66:33:e9:99:33:ce:7e:84:d1:f0:34:ba:42:
         83:42:20:69:45:56:e0:e2:7e:ac:ec:0b:2c:75:d8:bc:3c:19:
         bc:f9:61:71:79:e1:f9:89:98:c9:8b:12:ba:85:93:b6:9c:0d:
         89:6d:88:ee:1e:74:50:cc:3b:63:b6:8b:f2:5e:c0:6e:a8:83:
         66:eb:2d:08:3f:b2:79:c2:b3:d2:7a:ac:e8:20:c7:bd:c9:a0:
         9f:d6:10:ff:64:5e:df:b2:0c:68:6a:4b:6f:59:51:e7:cd:32:
         af:84:5d:4e:9d:d4:37:29:92:5b:31:32:bf:87:e6:4b:29:72:
         96:09:6c:ce:f8:1d:31:53:8c:c0:dd:01:2e:35:57:da:b4:1a:
         8d:17:65:1a:59:8d:c4:05:27:b3:aa:6d:94:38:95:60:36:91:
         cf:ed:f1:71:fd:4a:44:b1:8a:04:e1:dd:6d:8b:8b:c6:fe:ed:
         96:5f:30:b2
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZQhQ7Z2IOP14fGDIgrjHFggMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmM2Q4OWE4MWZjMjk5ZjM5YzA5MmU0ZjZkMDE3M2E5YTlj
ZmJjNjUwHhcNMjUwMTAxMDk0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2UwNDJiNzhkOTA4MjVlMzAyMzYxZjRlN2M5ODZlMmUwZDg1MGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnt0R81x57zdzbvYoElyP7gvJK3tS
P5WbPNOJbgZCjWnNr2oUarkTJWlza2YRK8L8XLpezNLyo1JW1gHCaakxxp8GlVdR
60zr5MdXzhfJ+GNLoXcHUS+ObJEhh2qA4OZBsl/06QTqPzetpVmQZt1MlN+KUnhY
oaLnO9op7Vy91C0KR9rs5fphO6eBkApk31XNLauJfW2tp+S4Au9a7W6VWxSnv4Q/
eFTVjMu+iN/8jY49JZ0qbgnAv5POx6eAo4Nk7/A9UQiZ+TPJl+6ubOTVwyTkD7+C
1LDKCfvzedqE+2XQz8MAlsfgVBGHSIFztnXM/P1R8zArS+h9S9eM4QspTwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPzgQreNkIJeMCNh9OfJhuLg2FDsMB8GA1UdIwQY
MBaAFG89iagfwpnznAkuT20Bc6mpz7xlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnoySnFCX0NtZk9jQ1M1UGJRRnpxYW5QdkdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8wNWUwZWUtYWUwMy00MTI0LWI2NzAt
MzA5YjdiOTYwZDE0LzEvX09CQ3Q0MlFnbDR3STJIMDU4bUc0dURZVU93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8wNWUwZWUtYWUwMy00MTI0LWI2NzAtMzA5YjdiOTYwZDE0
LzEvYnoySnFCX0NtZk9jQ1M1UGJRRnpxYW5QdkdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwQDLhwgAwQC
lei4AwQBlei+MAwDBAKV6PQDBAKV6PgDBAGcQzgDBAK5L+gDBAK5nyADBATZRqAw
DQQCAAIwBwMFAyoCFnAwDQYJKoZIhvcNAQELBQADggEBAHtb37kRr712AVz3qGXj
LOrt/xkXFtdND9SHoDvaR3qoMrkVPHvwptDAf9JBPb5oCOO1tR/IW/rC6QwiHjOw
9oc2dT+CxBVpZGIr1ONKZjPpmTPOfoTR8DS6QoNCIGlFVuDifqzsCyx12Lw8Gbz5
YXF54fmJmMmLErqFk7acDYltiO4edFDMO2O2i/JewG6og2brLQg/snnCs9J6rOgg
x73JoJ/WEP9kXt+yDGhqS29ZUefNMq+EXU6d1DcpklsxMr+H5kspcpYJbM74HTFT
jMDdAS41V9q0Go0XZRpZjcQFJ7OqbZQ4lWA2kc/t8XH9SkSxigTh3W2Li8b+7ZZf
MLI=
-----END CERTIFICATE-----