Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bd0d13-e983-4ff9-b507-5e656f1b4876/1/Ghw61h9q0dZx9p33fCHZwLJ--4g.roa
File:                     Ghw61h9q0dZx9p33fCHZwLJ--4g.roa (raw, json)
Hash identifier:          XENiDzusC8HHdBPr6eoujfkQa5XCC/wJpP0SovK6s5s=
Subject key identifier:   1A:1C:3A:D6:1F:6A:D1:D6:71:F6:9D:F7:7C:21:D9:C0:B2:7E:FB:88
Certificate issuer:       /CN=be49fb190f4bd0f5815a8e579f366ad58d5d41f9
Certificate serial:       019424B384FC30C4FDE087486D0C4BC908E2
Authority key identifier: BE:49:FB:19:0F:4B:D0:F5:81:5A:8E:57:9F:36:6A:D5:8D:5D:41:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vkn7GQ9L0PWBWo5XnzZq1Y1dQfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bd0d13-e983-4ff9-b507-5e656f1b4876/1/Ghw61h9q0dZx9p33fCHZwLJ--4g.roa
Signing time:             Thu 02 Jan 2025 01:48:52 +0000
ROA not before:           Thu 02 Jan 2025 01:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43463
IP address blocks:        91.224.93.0/24 maxlen: 24
                          185.36.80.0/24 maxlen: 24
                          185.36.82.0/24 maxlen: 24
                          185.36.83.0/24 maxlen: 24
                          185.244.249.0/24 maxlen: 24
                          185.244.250.0/24 maxlen: 24
                          185.244.251.0/24 maxlen: 24
                          185.255.192.0/22 maxlen: 22
                          193.46.83.0/24 maxlen: 24
                          2a00:ea60:200::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:84:fc:30:c4:fd:e0:87:48:6d:0c:4b:c9:08:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be49fb190f4bd0f5815a8e579f366ad58d5d41f9
        Validity
            Not Before: Jan  2 01:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a1c3ad61f6ad1d671f69df77c21d9c0b27efb88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9a:54:27:ec:df:74:39:bc:04:82:9e:1a:91:
                    21:df:a4:65:ee:52:80:c1:a0:ca:d6:80:be:e4:ee:
                    fb:f6:61:e5:51:d7:54:47:3f:38:1d:e8:02:cd:51:
                    17:4b:3b:3e:0a:aa:cf:9e:66:4c:6c:c6:f3:c5:ea:
                    bf:4e:1a:94:c1:9f:05:98:f8:c8:d0:78:82:60:5f:
                    ba:74:52:77:dc:d9:81:03:67:1c:78:d2:b3:29:6b:
                    1c:63:8e:f0:09:8a:09:3a:41:20:b2:10:ce:71:a5:
                    76:7b:7c:a3:50:9e:66:21:fd:d9:b2:25:01:b2:5c:
                    a8:c5:01:4d:5d:14:33:2f:f4:f8:55:de:e7:42:b1:
                    d0:98:f8:84:c5:45:46:dc:70:6a:32:93:72:20:35:
                    a8:40:26:27:65:91:da:cd:24:d1:24:1e:9c:3b:12:
                    84:6e:d9:32:ec:ae:d4:98:85:a6:39:11:ef:f1:c9:
                    ad:d4:6c:ff:d9:bf:c3:d7:92:d0:6d:53:11:bd:7b:
                    00:4d:b1:5e:e0:a9:45:5a:95:2b:5c:83:64:20:89:
                    f0:73:8a:53:17:ab:4f:39:84:9d:82:a0:fb:c0:50:
                    7d:0f:7b:56:a5:6a:b1:fa:84:c6:6a:d0:61:da:4d:
                    fe:ef:71:29:e8:d3:ef:de:d0:62:02:12:02:74:12:
                    46:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:1C:3A:D6:1F:6A:D1:D6:71:F6:9D:F7:7C:21:D9:C0:B2:7E:FB:88
            X509v3 Authority Key Identifier:
                keyid:BE:49:FB:19:0F:4B:D0:F5:81:5A:8E:57:9F:36:6A:D5:8D:5D:41:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vkn7GQ9L0PWBWo5XnzZq1Y1dQfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bd0d13-e983-4ff9-b507-5e656f1b4876/1/Ghw61h9q0dZx9p33fCHZwLJ--4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bd0d13-e983-4ff9-b507-5e656f1b4876/1/vkn7GQ9L0PWBWo5XnzZq1Y1dQfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.93.0/24
                  185.36.80.0/24
                  185.36.82.0/23
                  185.244.249.0-185.244.251.255
                  185.255.192.0/22
                  193.46.83.0/24
                IPv6:
                  2a00:ea60:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         7a:45:48:89:6a:57:7b:cf:02:f6:f7:98:df:54:92:91:db:44:
         51:f4:98:3f:44:cf:c2:f5:52:7e:42:c8:3b:2e:e2:ce:0b:f9:
         10:84:25:29:47:09:3a:68:c4:5c:c7:0e:17:23:da:c6:30:0e:
         99:45:6a:ad:35:bf:76:a8:cc:89:b0:af:21:7f:43:bb:0b:70:
         1e:cd:56:99:35:ef:af:63:8f:3c:4e:2f:da:eb:cb:ae:3a:69:
         25:6d:87:87:bf:5e:3b:f5:00:b0:a9:35:e3:0f:55:3b:1d:3c:
         16:c2:da:1f:63:58:34:47:bd:d6:a6:cf:f5:4b:3b:af:fd:6b:
         2a:e7:e4:75:67:c5:10:8d:c5:2e:7d:42:f8:ad:8b:98:da:64:
         68:07:d5:5d:5f:2e:04:69:41:92:33:61:fd:aa:13:4e:ab:54:
         cd:ca:15:40:8c:28:af:87:74:11:71:a2:ea:88:d2:00:59:5c:
         27:0e:95:a1:7d:66:6b:ea:44:e2:7e:9f:81:1e:a9:6f:bf:63:
         41:ae:ea:cf:5a:65:02:d5:60:35:11:f6:8a:17:ef:85:68:cf:
         d7:7e:4c:79:b6:6d:07:ce:4f:ec:a9:e6:47:0c:25:64:87:80:
         62:aa:79:0a:fb:03:e3:98:dc:54:b1:28:33:b9:19:48:73:f3:
         ca:4a:43:8d
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZQks4T8MMT94IdIbQxLyQjiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNDlmYjE5MGY0YmQwZjU4MTVhOGU1NzlmMzY2YWQ1OGQ1
ZDQxZjkwHhcNMjUwMTAyMDE0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTFjM2FkNjFmNmFkMWQ2NzFmNjlkZjc3YzIxZDljMGIyN2VmYjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZpUJ+zfdDm8BIKeGpEh36Rl7lKA
waDK1oC+5O779mHlUddURz84HegCzVEXSzs+CqrPnmZMbMbzxeq/ThqUwZ8FmPjI
0HiCYF+6dFJ33NmBA2cceNKzKWscY47wCYoJOkEgshDOcaV2e3yjUJ5mIf3ZsiUB
slyoxQFNXRQzL/T4Vd7nQrHQmPiExUVG3HBqMpNyIDWoQCYnZZHazSTRJB6cOxKE
btky7K7UmIWmORHv8cmt1Gz/2b/D15LQbVMRvXsATbFe4KlFWpUrXINkIInwc4pT
F6tPOYSdgqD7wFB9D3tWpWqx+oTGatBh2k3+73Ep6NPv3tBiAhICdBJGlwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFBocOtYfatHWcfad93wh2cCyfvuIMB8GA1UdIwQY
MBaAFL5J+xkPS9D1gVqOV582atWNXUH5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmtuN0dROUwwUFdCV281WG56WnExWTFkUWZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZDBkMTMtZTk4My00ZmY5LWI1MDct
NWU2NTZmMWI0ODc2LzEvR2h3NjFoOXEwZFp4OXAzM2ZDSFp3TEotLTRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZDBkMTMtZTk4My00ZmY5LWI1MDctNWU2NTZmMWI0ODc2
LzEvdmtuN0dROUwwUFdCV281WG56WnExWTFkUWZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAyBAIAATAsAwQAW+BdAwQA
uSRQAwQBuSRSMAwDBAC59PkDBAK59PgDBAK5/8ADBADBLlMwDgQCAAIwCAMGACoA
6mACMA0GCSqGSIb3DQEBCwUAA4IBAQB6RUiJald7zwL295jfVJKR20RR9Jg/RM/C
9VJ+Qsg7LuLOC/kQhCUpRwk6aMRcxw4XI9rGMA6ZRWqtNb92qMyJsK8hf0O7C3Ae
zVaZNe+vY488Ti/a68uuOmklbYeHv1479QCwqTXjD1U7HTwWwtofY1g0R73Wps/1
Szuv/Wsq5+R1Z8UQjcUufUL4rYuY2mRoB9VdXy4EaUGSM2H9qhNOq1TNyhVAjCiv
h3QRcaLqiNIAWVwnDpWhfWZr6kTifp+BHqlvv2NBrurPWmUC1WA1EfaKF++FaM/X
fkx5tm0Hzk/sqeZHDCVkh4BiqnkK+wPjmNxUsSgzuRlIc/PKSkON
-----END CERTIFICATE-----