Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/91d629-7d1f-45bd-a1e1-931cf798e412/1/9uvjekcau3PbfLrEyZwNzBwQO7Q.roa
File:                     9uvjekcau3PbfLrEyZwNzBwQO7Q.roa (raw, json)
Hash identifier:          mH0HAaOf2X0fWHcxqJaO7mLzzy3VZpb8eqMe7h725z0=
Subject key identifier:   F6:EB:E3:7A:47:1A:BB:73:DB:7C:BA:C4:C9:9C:0D:CC:1C:10:3B:B4
Certificate issuer:       /CN=eab066c6e1800a3f5bd2e406e9a620d2a0f6f653
Certificate serial:       019425FC6C3D5F86209388EDEDE28C68DC8D
Authority key identifier: EA:B0:66:C6:E1:80:0A:3F:5B:D2:E4:06:E9:A6:20:D2:A0:F6:F6:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6rBmxuGACj9b0uQG6aYg0qD29lM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/91d629-7d1f-45bd-a1e1-931cf798e412/1/9uvjekcau3PbfLrEyZwNzBwQO7Q.roa
Signing time:             Thu 02 Jan 2025 07:48:07 +0000
ROA not before:           Thu 02 Jan 2025 07:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     559
IP address blocks:        147.86.0.0/16 maxlen: 16
                          192.152.98.0/24 maxlen: 24
                          193.8.136.0/23 maxlen: 23
                          193.73.125.0/24 maxlen: 24
                          193.135.240.0/21 maxlen: 21
                          193.222.241.0/24 maxlen: 24
                          193.222.242.0/23 maxlen: 23
                          193.222.244.0/22 maxlen: 22
                          193.222.248.0/23 maxlen: 23
                          193.222.250.0/24 maxlen: 24
                          2a0b:1200::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:6c:3d:5f:86:20:93:88:ed:ed:e2:8c:68:dc:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eab066c6e1800a3f5bd2e406e9a620d2a0f6f653
        Validity
            Not Before: Jan  2 07:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6ebe37a471abb73db7cbac4c99c0dcc1c103bb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:e2:a7:44:23:5c:9d:2b:2c:d2:0d:d0:bf:16:
                    95:38:40:3e:69:c7:20:b4:fc:1b:74:2d:01:30:f1:
                    06:ff:0f:a5:89:b5:78:b2:11:4e:47:64:58:60:d6:
                    d7:d8:3b:6e:e2:24:f2:9e:7f:a1:7a:a9:fb:b8:80:
                    46:01:51:49:1d:51:f3:9a:12:e7:78:73:e5:ce:dc:
                    c5:a2:53:25:f2:9e:8b:7b:3a:31:0a:66:d5:6f:d0:
                    75:48:57:e2:2a:7c:66:65:fb:b5:cb:26:68:bf:3a:
                    9f:91:7f:fd:94:1f:98:98:92:8e:5a:ba:88:2a:5e:
                    63:61:e8:40:79:99:9c:fc:1c:0e:b5:22:ce:10:1c:
                    e9:d1:ac:93:85:21:2f:2f:08:f3:17:b4:ec:52:5d:
                    2c:90:7b:76:93:6c:34:39:7e:3e:9f:ea:59:79:ca:
                    87:a0:0b:81:37:46:4f:17:08:5e:8d:aa:c1:b5:3b:
                    95:e8:2f:72:18:7a:bd:e6:3e:db:4d:07:36:8c:0b:
                    a6:be:21:f5:83:a6:f4:5c:5c:e8:97:52:fa:33:3d:
                    77:88:e1:ab:6f:88:99:54:ac:dc:bc:fc:eb:5b:ff:
                    b6:07:fa:ef:b2:9a:f4:a5:06:4d:96:8c:30:c6:db:
                    55:6a:8a:14:16:96:63:ec:c0:ae:ff:c5:58:76:fc:
                    f1:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:EB:E3:7A:47:1A:BB:73:DB:7C:BA:C4:C9:9C:0D:CC:1C:10:3B:B4
            X509v3 Authority Key Identifier:
                keyid:EA:B0:66:C6:E1:80:0A:3F:5B:D2:E4:06:E9:A6:20:D2:A0:F6:F6:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6rBmxuGACj9b0uQG6aYg0qD29lM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/91d629-7d1f-45bd-a1e1-931cf798e412/1/9uvjekcau3PbfLrEyZwNzBwQO7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/91d629-7d1f-45bd-a1e1-931cf798e412/1/6rBmxuGACj9b0uQG6aYg0qD29lM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.86.0.0/16
                  192.152.98.0/24
                  193.8.136.0/23
                  193.73.125.0/24
                  193.135.240.0/21
                  193.222.241.0-193.222.250.255
                IPv6:
                  2a0b:1200::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:33:0c:e7:7b:bf:41:50:68:18:17:62:f4:56:fa:2f:31:91:
         44:de:6c:90:57:dd:15:45:00:5c:76:5a:ba:27:f9:2c:66:fb:
         3f:c8:af:9a:ce:c7:63:51:32:2f:e3:9a:46:62:5a:c5:a0:c2:
         db:08:29:ab:3d:b0:11:e7:22:99:5d:b9:3b:10:bd:91:d1:cc:
         14:6a:57:8f:60:31:5d:81:10:0d:3b:1d:cf:c8:3a:72:1f:9d:
         0a:d2:55:a2:35:f7:45:98:50:63:95:fd:8c:ec:3c:9e:f9:e8:
         e6:43:0f:40:60:d7:c9:d5:ce:73:5d:55:d4:6f:f9:9a:4b:56:
         a3:0c:96:15:44:b4:fe:5c:41:7e:c1:fb:04:ea:c5:a1:14:04:
         7d:07:fc:c7:0d:39:33:7f:9c:f9:b0:05:7f:2b:e7:76:67:4f:
         cf:85:ce:15:36:04:20:0b:8a:7d:e4:3c:2f:37:64:d2:7d:16:
         7b:6c:80:95:8a:36:8f:38:dc:ff:25:de:ea:69:4e:9e:3e:50:
         45:8a:11:5b:70:c6:45:2a:8a:e6:41:4b:eb:f3:10:f8:85:cb:
         51:5f:ab:68:9f:1d:b2:3c:c3:aa:db:a5:fc:90:e1:67:31:c3:
         ac:90:b5:49:f9:5a:b9:80:49:63:f6:ff:0a:7e:05:23:38:ee:
         93:74:7a:7e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZQl/Gw9X4Ygk4jt7eKMaNyNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYjA2NmM2ZTE4MDBhM2Y1YmQyZTQwNmU5YTYyMGQyYTBm
NmY2NTMwHhcNMjUwMTAyMDc0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmViZTM3YTQ3MWFiYjczZGI3Y2JhYzRjOTljMGRjYzFjMTAzYmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+KnRCNcnSss0g3QvxaVOEA+accg
tPwbdC0BMPEG/w+libV4shFOR2RYYNbX2Dtu4iTynn+heqn7uIBGAVFJHVHzmhLn
eHPlztzFolMl8p6LezoxCmbVb9B1SFfiKnxmZfu1yyZovzqfkX/9lB+YmJKOWrqI
Kl5jYehAeZmc/BwOtSLOEBzp0ayThSEvLwjzF7TsUl0skHt2k2w0OX4+n+pZecqH
oAuBN0ZPFwhejarBtTuV6C9yGHq95j7bTQc2jAumviH1g6b0XFzol1L6Mz13iOGr
b4iZVKzcvPzrW/+2B/rvspr0pQZNlowwxttVaooUFpZj7MCu/8VYdvzxWwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFPbr43pHGrtz23y6xMmcDcwcEDu0MB8GA1UdIwQY
MBaAFOqwZsbhgAo/W9LkBummINKg9vZTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnJCbXh1R0FDajliMHVRRzZhWWcwcUQyOWxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi85MWQ2MjktN2QxZi00NWJkLWExZTEt
OTMxY2Y3OThlNDEyLzEvOXV2amVrY2F1M1BiZkxyRXlad056QndRTzdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi85MWQ2MjktN2QxZi00NWJkLWExZTEtOTMxY2Y3OThlNDEy
LzEvNnJCbXh1R0FDajliMHVRRzZhWWcwcUQyOWxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAxBAIAATArAwMAk1YDBADA
mGIDBAHBCIgDBADBSX0DBAPBh/AwDAMEAMHe8QMEAMHe+jANBAIAAjAHAwUDKgsS
ADANBgkqhkiG9w0BAQsFAAOCAQEASTMM53u/QVBoGBdi9Fb6LzGRRN5skFfdFUUA
XHZauif5LGb7P8ivms7HY1EyL+OaRmJaxaDC2wgpqz2wEecimV25OxC9kdHMFGpX
j2AxXYEQDTsdz8g6ch+dCtJVojX3RZhQY5X9jOw8nvno5kMPQGDXydXOc11V1G/5
mktWowyWFUS0/lxBfsH7BOrFoRQEfQf8xw05M3+c+bAFfyvndmdPz4XOFTYEIAuK
feQ8Lzdk0n0We2yAlYo2jzjc/yXe6mlOnj5QRYoRW3DGRSqK5kFL6/MQ+IXLUV+r
aJ8dsjzDqtul/JDhZzHDrJC1SflauYBJY/b/Cn4FIzjuk3R6fg==
-----END CERTIFICATE-----