Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/d9b596-601e-4426-a428-46957bd8860d/1/Gn-kDrXRDHHv43q56kRDHjj8q1w.roa
File:                     Gn-kDrXRDHHv43q56kRDHjj8q1w.roa (raw, json)
Hash identifier:          Tu0d5Ny8jllovtj2b3OGyqwDSE7dzSUuYk4aE5120L8=
Subject key identifier:   1A:7F:A4:0E:B5:D1:0C:71:EF:E3:7A:B9:EA:44:43:1E:38:FC:AB:5C
Certificate issuer:       /CN=389755423f832a528c93136110f0fe4b10453582
Certificate serial:       019427486D1956586BC4899C72FABA4807E6
Authority key identifier: 38:97:55:42:3F:83:2A:52:8C:93:13:61:10:F0:FE:4B:10:45:35:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OJdVQj-DKlKMkxNhEPD-SxBFNYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/d9b596-601e-4426-a428-46957bd8860d/1/Gn-kDrXRDHHv43q56kRDHjj8q1w.roa
Signing time:             Thu 02 Jan 2025 13:50:45 +0000
ROA not before:           Thu 02 Jan 2025 13:50:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205993
IP address blocks:        46.102.190.0/24 maxlen: 24
                          86.105.186.0/24 maxlen: 24
                          89.32.202.0/24 maxlen: 24
                          89.34.0.0/24 maxlen: 24
                          89.34.4.0/24 maxlen: 24
                          89.40.138.0/24 maxlen: 24
                          185.199.228.0/23 maxlen: 23
                          185.199.230.0/23 maxlen: 23
                          188.214.140.0/24 maxlen: 24
                          188.214.155.0/24 maxlen: 24
                          188.214.193.0/24 maxlen: 24
                          2a0a:a4c0::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:6d:19:56:58:6b:c4:89:9c:72:fa:ba:48:07:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=389755423f832a528c93136110f0fe4b10453582
        Validity
            Not Before: Jan  2 13:50:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a7fa40eb5d10c71efe37ab9ea44431e38fcab5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2c:fb:15:d6:3e:86:5e:76:6a:70:8d:62:f0:
                    92:df:5e:ec:82:44:a6:23:1b:ad:65:81:92:03:02:
                    b9:01:3a:1c:9c:1d:56:a6:32:bd:91:da:9b:a9:d0:
                    ca:24:36:7b:ef:a9:c1:07:9b:af:bd:32:54:96:e8:
                    8e:b6:bf:85:b3:29:1a:5f:39:67:0b:38:03:bc:a9:
                    62:96:38:f9:ca:35:1a:50:e9:61:25:15:a7:c6:07:
                    36:1e:07:22:30:6f:bc:88:2a:72:83:bd:e1:5f:63:
                    ae:b2:bb:21:60:c3:dc:0a:0c:a0:82:d3:53:62:33:
                    9a:75:9e:19:8d:61:f5:7f:c6:23:0a:29:a7:29:21:
                    9c:9e:00:f1:69:64:86:cf:db:8a:cb:14:d8:32:e5:
                    e5:0b:65:65:e8:99:24:58:70:2a:2f:2a:08:d3:14:
                    34:d9:fd:35:a9:bf:76:9b:28:ff:9e:3c:be:83:73:
                    28:d5:e7:2f:bf:38:cf:a7:de:1d:c3:53:25:b1:a5:
                    db:67:53:8a:cc:c2:b6:79:cf:6a:83:2a:07:d9:0f:
                    57:74:05:76:2c:63:58:fd:d1:ab:85:c3:06:0c:cf:
                    ea:89:5b:ae:83:08:3d:dc:09:b4:44:d0:51:d0:d9:
                    67:ea:f7:36:50:fa:97:d5:f2:84:95:f2:bc:11:ca:
                    dc:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:7F:A4:0E:B5:D1:0C:71:EF:E3:7A:B9:EA:44:43:1E:38:FC:AB:5C
            X509v3 Authority Key Identifier:
                keyid:38:97:55:42:3F:83:2A:52:8C:93:13:61:10:F0:FE:4B:10:45:35:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OJdVQj-DKlKMkxNhEPD-SxBFNYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/d9b596-601e-4426-a428-46957bd8860d/1/Gn-kDrXRDHHv43q56kRDHjj8q1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/d9b596-601e-4426-a428-46957bd8860d/1/OJdVQj-DKlKMkxNhEPD-SxBFNYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.190.0/24
                  86.105.186.0/24
                  89.32.202.0/24
                  89.34.0.0/24
                  89.34.4.0/24
                  89.40.138.0/24
                  185.199.228.0/22
                  188.214.140.0/24
                  188.214.155.0/24
                  188.214.193.0/24
                IPv6:
                  2a0a:a4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7a:84:d0:44:91:65:f6:ab:9a:f1:d9:f8:20:79:fa:cb:d8:be:
         4f:55:67:e5:0b:79:66:a7:89:b1:af:a4:75:e3:42:eb:54:df:
         44:48:ef:23:af:27:b2:79:bb:2e:a5:84:ca:e8:61:9f:84:7c:
         55:7e:14:7d:b4:b7:c4:92:c6:06:60:1c:97:a1:92:f4:ee:1d:
         07:33:92:80:11:c2:da:7b:0a:69:d7:91:d3:9c:9c:9f:ed:70:
         db:dd:12:d4:d1:48:e9:96:04:f5:73:70:6b:b2:72:52:67:de:
         bc:07:bf:ef:28:64:d5:58:47:03:b3:18:be:67:83:04:e4:ca:
         50:de:cc:e1:c8:af:41:28:c1:4b:71:d2:14:f3:6c:8f:7a:89:
         2c:90:4a:9d:89:e0:d0:44:64:c9:3f:5a:09:1e:21:12:a2:a9:
         cc:7e:9a:14:45:87:1d:72:10:67:c7:9a:c7:e5:78:41:c7:d2:
         70:d9:e6:4d:94:79:da:d8:78:f3:8e:e8:33:ff:f1:ea:23:fe:
         75:89:4d:35:c9:3a:15:65:1e:63:c1:8a:83:00:8d:cc:de:e9:
         97:c9:d2:3e:15:d9:45:b7:9a:2d:6f:cc:2f:29:cc:ad:2d:6c:
         25:c1:c1:de:15:8a:e5:e6:d6:e9:4a:82:12:9a:d2:e8:9f:e2:
         f5:8b:21:7e
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZQnSG0ZVlhrxImccvq6SAfmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4OTc1NTQyM2Y4MzJhNTI4YzkzMTM2MTEwZjBmZTRiMTA0
NTM1ODIwHhcNMjUwMTAyMTM1MDQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTdmYTQwZWI1ZDEwYzcxZWZlMzdhYjllYTQ0NDMxZTM4ZmNhYjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCz7FdY+hl52anCNYvCS317sgkSm
IxutZYGSAwK5ATocnB1WpjK9kdqbqdDKJDZ776nBB5uvvTJUluiOtr+FsykaXzln
CzgDvKliljj5yjUaUOlhJRWnxgc2HgciMG+8iCpyg73hX2OusrshYMPcCgyggtNT
YjOadZ4ZjWH1f8YjCimnKSGcngDxaWSGz9uKyxTYMuXlC2Vl6JkkWHAqLyoI0xQ0
2f01qb92myj/njy+g3Mo1ecvvzjPp94dw1MlsaXbZ1OKzMK2ec9qgyoH2Q9XdAV2
LGNY/dGrhcMGDM/qiVuugwg93Am0RNBR0Nln6vc2UPqX1fKElfK8EcrcbQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFBp/pA610Qxx7+N6uepEQx44/KtcMB8GA1UdIwQY
MBaAFDiXVUI/gypSjJMTYRDw/ksQRTWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0pkVlFqLURLbEtNa3hOaEVQRC1TeEJGTllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9kOWI1OTYtNjAxZS00NDI2LWE0Mjgt
NDY5NTdiZDg4NjBkLzEvR24ta0RyWFJESEh2NDNxNTZrUkRIamo4cTF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9kOWI1OTYtNjAxZS00NDI2LWE0MjgtNDY5NTdiZDg4NjBk
LzEvT0pkVlFqLURLbEtNa3hOaEVQRC1TeEJGTllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQALma+AwQA
Vmm6AwQAWSDKAwQAWSIAAwQAWSIEAwQAWSiKAwQCucfkAwQAvNaMAwQAvNabAwQA
vNbBMA0EAgACMAcDBQMqCqTAMA0GCSqGSIb3DQEBCwUAA4IBAQB6hNBEkWX2q5rx
2fggefrL2L5PVWflC3lmp4mxr6R140LrVN9ESO8jryeyebsupYTK6GGfhHxVfhR9
tLfEksYGYByXoZL07h0HM5KAEcLaewpp15HTnJyf7XDb3RLU0UjplgT1c3BrsnJS
Z968B7/vKGTVWEcDsxi+Z4ME5MpQ3szhyK9BKMFLcdIU82yPeokskEqdieDQRGTJ
P1oJHiESoqnMfpoURYcdchBnx5rH5XhBx9Jw2eZNlHna2Hjzjugz//HqI/51iU01
yToVZR5jwYqDAI3M3umXydI+FdlFt5otb8wvKcytLWwlwcHeFYrl5tbpSoISmtLo
n+L1iyF+
-----END CERTIFICATE-----