Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/bb3b62-3302-45aa-968a-ecbb3fc0a725/1/Fe5Gqx1aovGtXf8G6dbhghP8Zjc.roa
File:                     Fe5Gqx1aovGtXf8G6dbhghP8Zjc.roa (raw, json)
Hash identifier:          BUPkFvlzjudVBF56jR+MbrRifodIklIIzIddNH6FiAc=
Subject key identifier:   15:EE:46:AB:1D:5A:A2:F1:AD:5D:FF:06:E9:D6:E1:82:13:FC:66:37
Certificate issuer:       /CN=b172c8d4fc986deb9fceb1f0d0cae27c1c3135c3
Certificate serial:       019426D8F79305D703DC2B793D49860482C9
Authority key identifier: B1:72:C8:D4:FC:98:6D:EB:9F:CE:B1:F0:D0:CA:E2:7C:1C:31:35:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXLI1PyYbeufzrHw0MrifBwxNcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/bb3b62-3302-45aa-968a-ecbb3fc0a725/1/Fe5Gqx1aovGtXf8G6dbhghP8Zjc.roa
Signing time:             Thu 02 Jan 2025 11:49:00 +0000
ROA not before:           Thu 02 Jan 2025 11:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61310
IP address blocks:        5.63.176.0/21 maxlen: 21
                          5.63.176.0/22 maxlen: 22
                          5.63.176.0/23 maxlen: 23
                          5.63.176.0/24 maxlen: 24
                          5.63.177.0/24 maxlen: 24
                          5.63.178.0/24 maxlen: 24
                          5.63.179.0/24 maxlen: 24
                          5.63.180.0/22 maxlen: 22
                          5.63.180.0/23 maxlen: 23
                          5.63.180.0/24 maxlen: 24
                          5.63.181.0/24 maxlen: 24
                          5.63.182.0/23 maxlen: 23
                          5.63.182.0/24 maxlen: 24
                          5.63.183.0/24 maxlen: 24
                          2a04:5d80::/30 maxlen: 30
                          2a04:5d80::/31 maxlen: 31
                          2a04:5d84::/30 maxlen: 30
                          2a04:5d84::/31 maxlen: 31
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:f7:93:05:d7:03:dc:2b:79:3d:49:86:04:82:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b172c8d4fc986deb9fceb1f0d0cae27c1c3135c3
        Validity
            Not Before: Jan  2 11:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15ee46ab1d5aa2f1ad5dff06e9d6e18213fc6637
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:76:9a:89:b6:99:f8:0c:9d:bc:56:52:76:4e:
                    bf:1a:5b:08:8c:63:54:4b:ff:f3:5a:e9:01:f9:c0:
                    de:e7:6a:98:68:ac:19:f7:bc:c7:19:5c:fd:d2:81:
                    aa:aa:10:55:dc:59:c7:3c:51:29:61:de:76:a7:86:
                    ff:1f:c8:0f:62:99:01:b3:03:58:9c:85:15:a9:f2:
                    58:39:49:6b:8d:a0:87:31:0d:e9:7c:1d:86:54:00:
                    42:c1:38:34:20:27:7a:b5:31:06:be:bc:22:25:63:
                    7b:a9:d8:5b:2b:9d:1e:b2:d6:d2:87:ca:ae:7b:54:
                    6f:aa:4b:c3:b0:18:cc:fe:a2:3d:d0:72:cd:75:e5:
                    1e:fd:36:37:1d:4a:8e:29:35:da:76:dd:12:9d:81:
                    be:a8:cf:19:44:30:d9:4e:18:f1:48:a7:01:2e:5b:
                    f4:aa:db:dd:5e:32:7f:d1:0a:ce:1a:70:19:50:4d:
                    9d:8a:9f:82:1f:6f:60:81:e4:c6:78:78:8e:0e:09:
                    96:26:1a:7e:dc:2c:1e:1d:a4:85:fb:27:50:27:8b:
                    b5:fb:6d:ff:e7:68:f0:79:35:1a:93:3c:91:34:6f:
                    3a:07:82:4c:46:9d:da:cd:ba:bf:3c:a1:d1:d4:c6:
                    64:c8:a1:88:3d:4e:2d:5c:f1:59:ee:09:7a:0a:f0:
                    a9:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:EE:46:AB:1D:5A:A2:F1:AD:5D:FF:06:E9:D6:E1:82:13:FC:66:37
            X509v3 Authority Key Identifier:
                keyid:B1:72:C8:D4:FC:98:6D:EB:9F:CE:B1:F0:D0:CA:E2:7C:1C:31:35:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXLI1PyYbeufzrHw0MrifBwxNcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/bb3b62-3302-45aa-968a-ecbb3fc0a725/1/Fe5Gqx1aovGtXf8G6dbhghP8Zjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/bb3b62-3302-45aa-968a-ecbb3fc0a725/1/sXLI1PyYbeufzrHw0MrifBwxNcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.176.0/21
                IPv6:
                  2a04:5d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         17:de:c0:bb:2e:7d:14:8a:7f:af:73:f8:04:77:f4:07:3d:eb:
         1e:8f:31:6c:60:23:a9:b2:35:46:6a:62:49:a0:f1:aa:df:1d:
         7a:1d:d1:3f:8d:43:17:9d:26:22:bc:45:8a:da:3f:96:9c:49:
         e2:a7:07:1e:17:7d:67:44:70:83:d7:21:e3:84:fe:f4:84:e0:
         17:7d:b5:74:f7:b9:cc:0a:ad:c9:89:14:da:85:21:5d:cb:0c:
         e8:df:01:7c:bc:27:f2:34:bc:f3:85:81:76:bb:e0:22:27:e6:
         8e:44:9e:7b:8a:4e:14:e6:ab:3c:78:1a:b3:2c:c2:93:fb:ec:
         97:2f:25:82:6c:15:ee:0c:82:94:75:6c:78:ab:d1:e8:75:9a:
         06:de:ad:1c:8d:b2:13:a5:f1:e6:c0:e0:a3:36:fb:39:fa:33:
         0a:e8:e3:72:28:49:1c:49:07:b1:5a:a8:e8:e1:7b:cb:3c:b9:
         4d:75:f0:7f:0f:af:18:bd:b4:51:97:16:b1:c4:18:d2:d6:1c:
         d1:55:fa:79:49:5b:1a:05:ef:52:8a:73:51:52:93:8d:e5:ae:
         05:92:fc:0f:4b:ec:3e:10:e1:39:0c:e8:a9:ff:7e:52:76:84:
         68:78:01:a1:11:84:ab:25:0b:9c:a8:ab:a3:01:40:b6:dd:4a:
         ed:3c:95:69
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2PeTBdcD3Ct5PUmGBILJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNzJjOGQ0ZmM5ODZkZWI5ZmNlYjFmMGQwY2FlMjdjMWMz
MTM1YzMwHhcNMjUwMTAyMTE0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWVlNDZhYjFkNWFhMmYxYWQ1ZGZmMDZlOWQ2ZTE4MjEzZmM2NjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynaaibaZ+AydvFZSdk6/GlsIjGNU
S//zWukB+cDe52qYaKwZ97zHGVz90oGqqhBV3FnHPFEpYd52p4b/H8gPYpkBswNY
nIUVqfJYOUlrjaCHMQ3pfB2GVABCwTg0ICd6tTEGvrwiJWN7qdhbK50estbSh8qu
e1RvqkvDsBjM/qI90HLNdeUe/TY3HUqOKTXadt0SnYG+qM8ZRDDZThjxSKcBLlv0
qtvdXjJ/0QrOGnAZUE2dip+CH29ggeTGeHiODgmWJhp+3CweHaSF+ydQJ4u1+23/
52jweTUakzyRNG86B4JMRp3azbq/PKHR1MZkyKGIPU4tXPFZ7gl6CvCpDQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBXuRqsdWqLxrV3/BunW4YIT/GY3MB8GA1UdIwQY
MBaAFLFyyNT8mG3rn86x8NDK4nwcMTXDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1hMSTFQeVliZXVmenJIdzBNcmlmQnd4TmNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9iYjNiNjItMzMwMi00NWFhLTk2OGEt
ZWNiYjNmYzBhNzI1LzEvRmU1R3F4MWFvdkd0WGY4RzZkYmhnaFA4WmpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9iYjNiNjItMzMwMi00NWFhLTk2OGEtZWNiYjNmYzBhNzI1
LzEvc1hMSTFQeVliZXVmenJIdzBNcmlmQnd4TmNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDBT+wMA0E
AgACMAcDBQMqBF2AMA0GCSqGSIb3DQEBCwUAA4IBAQAX3sC7Ln0Uin+vc/gEd/QH
PesejzFsYCOpsjVGamJJoPGq3x16HdE/jUMXnSYivEWK2j+WnEnipwceF31nRHCD
1yHjhP70hOAXfbV097nMCq3JiRTahSFdywzo3wF8vCfyNLzzhYF2u+AiJ+aORJ57
ik4U5qs8eBqzLMKT++yXLyWCbBXuDIKUdWx4q9HodZoG3q0cjbITpfHmwOCjNvs5
+jMK6ONyKEkcSQexWqjo4XvLPLlNdfB/D68YvbRRlxaxxBjS1hzRVfp5SVsaBe9S
inNRUpON5a4FkvwPS+w+EOE5DOip/35SdoRoeAGhEYSrJQucqKujAUC23UrtPJVp
-----END CERTIFICATE-----