Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/IlOsEMD7ILB9j5FhhZ10NN6XXx0.roa
File:                     IlOsEMD7ILB9j5FhhZ10NN6XXx0.roa (raw, json)
Hash identifier:          gwOuiCu86d+6YjbDxDzDd3u72bl4nQy8FzU+NPDlo3k=
Subject key identifier:   22:53:AC:10:C0:FB:20:B0:7D:8F:91:61:85:9D:74:34:DE:97:5F:1D
Certificate issuer:       /CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Certificate serial:       0194228D9C419FF43A964B16903B3DEBCA86
Authority key identifier: DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/IlOsEMD7ILB9j5FhhZ10NN6XXx0.roa
Signing time:             Wed 01 Jan 2025 15:48:13 +0000
ROA not before:           Wed 01 Jan 2025 15:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25521
IP address blocks:        46.30.160.0/21 maxlen: 24
                          82.193.96.0/19 maxlen: 24
                          91.224.24.0/23 maxlen: 24
                          93.188.32.0/21 maxlen: 24
                          176.115.96.0/21 maxlen: 24
                          185.223.112.0/22 maxlen: 24
                          193.0.216.0/22 maxlen: 24
                          193.106.136.0/22 maxlen: 24
                          195.64.148.0/23 maxlen: 24
                          2a02:2610::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:9c:41:9f:f4:3a:96:4b:16:90:3b:3d:eb:ca:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
        Validity
            Not Before: Jan  1 15:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2253ac10c0fb20b07d8f9161859d7434de975f1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c7:99:1a:bc:ed:82:ce:25:d1:ac:cf:9e:5d:
                    e3:cf:72:4e:cc:e5:15:81:be:98:ff:21:4f:9d:3c:
                    fe:cf:6a:7b:08:b0:b9:ee:9f:31:9b:3a:b6:f1:5a:
                    66:65:2b:34:e1:bc:0d:7b:f2:96:46:59:2c:59:17:
                    a7:67:89:fe:8e:f1:67:d7:fb:97:53:e4:e2:39:34:
                    09:db:bd:8d:b6:f3:3c:7a:ea:75:f6:f8:ae:a9:29:
                    bb:81:93:78:2d:81:8f:e6:10:45:fa:09:ec:ba:a3:
                    04:c2:50:73:1e:a1:4f:92:b1:b3:1b:3e:ba:e3:cf:
                    10:24:d6:12:eb:55:65:a9:c2:e4:b9:08:3d:8b:ec:
                    bf:c9:f8:73:c1:34:78:92:33:c5:55:e2:db:80:6c:
                    f0:ac:21:aa:a9:99:d2:1f:65:71:65:7b:03:54:29:
                    26:5f:cb:e2:d7:7d:33:ac:5b:d7:d5:74:2f:1f:d8:
                    42:be:d9:e4:d1:7c:ba:a7:1b:2d:86:21:66:66:b5:
                    dd:38:7f:98:72:b2:6f:06:b6:5a:e7:6d:86:51:20:
                    15:f8:87:48:ad:9f:f6:cf:63:b2:79:89:69:45:90:
                    6e:85:4f:c3:08:03:fe:47:b9:90:82:01:6f:2f:ff:
                    4f:2d:ef:9f:42:a3:9e:51:da:56:84:d7:c4:76:e2:
                    a3:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:53:AC:10:C0:FB:20:B0:7D:8F:91:61:85:9D:74:34:DE:97:5F:1D
            X509v3 Authority Key Identifier:
                keyid:DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/IlOsEMD7ILB9j5FhhZ10NN6XXx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.30.160.0/21
                  82.193.96.0/19
                  91.224.24.0/23
                  93.188.32.0/21
                  176.115.96.0/21
                  185.223.112.0/22
                  193.0.216.0/22
                  193.106.136.0/22
                  195.64.148.0/23
                IPv6:
                  2a02:2610::/32

    Signature Algorithm: sha256WithRSAEncryption
         8d:81:08:04:ac:2e:8a:5e:c5:3e:4c:de:7f:e8:df:ca:f1:f5:
         61:f8:61:99:8a:eb:25:aa:68:28:08:47:78:bd:95:55:0f:44:
         ea:e5:ba:85:74:e2:57:d9:a0:73:ad:6a:dd:c6:0c:4b:bf:50:
         fe:19:d6:10:5f:82:f6:79:66:2d:2f:61:59:6f:ae:92:b4:58:
         90:24:31:69:6b:87:d8:c3:c9:6e:ca:3b:b6:65:50:62:c4:ae:
         00:a6:d7:21:95:0e:37:75:ab:1f:08:66:70:d0:54:d8:f2:34:
         b6:69:51:28:43:d3:30:25:7b:ad:53:3e:4d:c4:87:42:bf:56:
         ee:45:de:0a:b8:20:b6:23:42:6d:39:92:f0:0e:49:d6:24:dd:
         35:ce:bb:98:c7:1c:1a:f8:e7:b3:f3:f2:35:5a:d9:e4:bb:29:
         5a:c3:ed:1f:e7:81:69:7b:39:13:7b:2b:84:16:20:4b:37:ad:
         a6:ea:00:bf:17:cb:7d:c1:89:0d:33:09:25:49:9a:ab:b4:72:
         ea:07:47:72:52:67:85:c9:ce:8a:1a:7a:ef:79:e9:bd:9e:dd:
         3a:07:28:5f:f1:38:66:52:9f:27:73:27:97:f9:a5:7d:83:23:
         40:0d:0d:45:77:d0:04:09:4a:c5:53:7a:c7:a2:df:d2:6c:90:
         e3:38:d2:b5
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZQijZxBn/Q6lksWkDs968qGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMWRhZWNkMzBhZWI3NDY1MmJiZGRhNWRhZDk2NzZjZTQ4
OGFhNDkwHhcNMjUwMTAxMTU0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjUzYWMxMGMwZmIyMGIwN2Q4ZjkxNjE4NTlkNzQzNGRlOTc1ZjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMeZGrztgs4l0azPnl3jz3JOzOUV
gb6Y/yFPnTz+z2p7CLC57p8xmzq28VpmZSs04bwNe/KWRlksWRenZ4n+jvFn1/uX
U+TiOTQJ272NtvM8eup19viuqSm7gZN4LYGP5hBF+gnsuqMEwlBzHqFPkrGzGz66
488QJNYS61VlqcLkuQg9i+y/yfhzwTR4kjPFVeLbgGzwrCGqqZnSH2VxZXsDVCkm
X8vi130zrFvX1XQvH9hCvtnk0Xy6pxsthiFmZrXdOH+YcrJvBrZa522GUSAV+IdI
rZ/2z2OyeYlpRZBuhU/DCAP+R7mQggFvL/9PLe+fQqOeUdpWhNfEduKjUwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFCJTrBDA+yCwfY+RYYWddDTel18dMB8GA1UdIwQY
MBaAFN0drs0wrrdGUrvdpdrZZ2zkiKpJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTct
MDYwYWMwODkwOTY2LzEvSWxPc0VNRDdJTEI5ajVGaGhaMTBOTjZYWHgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTctMDYwYWMwODkwOTY2
LzEvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDLh6gAwQF
UsFgAwQBW+AYAwQDXbwgAwQDsHNgAwQCud9wAwQCwQDYAwQCwWqIAwQBw0CUMA0E
AgACMAcDBQAqAiYQMA0GCSqGSIb3DQEBCwUAA4IBAQCNgQgErC6KXsU+TN5/6N/K
8fVh+GGZiuslqmgoCEd4vZVVD0Tq5bqFdOJX2aBzrWrdxgxLv1D+GdYQX4L2eWYt
L2FZb66StFiQJDFpa4fYw8luyju2ZVBixK4AptchlQ43dasfCGZw0FTY8jS2aVEo
Q9MwJXutUz5NxIdCv1buRd4KuCC2I0JtOZLwDknWJN01zruYxxwa+Oez8/I1Wtnk
uylaw+0f54FpezkTeyuEFiBLN62m6gC/F8t9wYkNMwklSZqrtHLqB0dyUmeFyc6K
Gnrveem9nt06Byhf8ThmUp8ncyeX+aV9gyNADQ1Fd9AECUrFU3rHot/SbJDjONK1
-----END CERTIFICATE-----