Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/wa92ho6_TOaY7ldqJSaYCa_XBQs.roa
File:                     wa92ho6_TOaY7ldqJSaYCa_XBQs.roa (raw, json)
Hash identifier:          uu+6gbbAJilj/6MKax6vLpnZpiiIVCtzv4wgRcQIz20=
Subject key identifier:   C1:AF:76:86:8E:BF:4C:E6:98:EE:57:6A:25:26:98:09:AF:D7:05:0B
Certificate issuer:       /CN=b32ee2b39712377b4bfec9e66ac7e6e908efceec
Certificate serial:       019420D6679774887909AE550D80D453C693
Authority key identifier: B3:2E:E2:B3:97:12:37:7B:4B:FE:C9:E6:6A:C7:E6:E9:08:EF:CE:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sy7is5cSN3tL_snmasfm6Qjvzuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/wa92ho6_TOaY7ldqJSaYCa_XBQs.roa
Signing time:             Wed 01 Jan 2025 07:48:29 +0000
ROA not before:           Wed 01 Jan 2025 07:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60175
IP address blocks:        89.63.0.0/16 maxlen: 24
                          89.63.0.0/20 maxlen: 20
                          89.63.16.0/20 maxlen: 20
                          89.63.20.0/24 maxlen: 24
                          185.35.12.0/22 maxlen: 22
                          195.4.128.0/19 maxlen: 19
                          195.4.145.0/24 maxlen: 24
                          195.4.160.0/20 maxlen: 20
                          195.4.184.0/21 maxlen: 21
                          195.4.192.0/20 maxlen: 20
                          195.4.199.0/24 maxlen: 24
                          195.4.208.0/21 maxlen: 21
                          2a00:dca0::/29 maxlen: 29

Validation:               Failed, unable to get certificate CRL

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:67:97:74:88:79:09:ae:55:0d:80:d4:53:c6:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b32ee2b39712377b4bfec9e66ac7e6e908efceec
        Validity
            Not Before: Jan  1 07:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1af76868ebf4ce698ee576a25269809afd7050b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5b:ad:99:51:67:58:36:e8:ba:d4:6e:bc:d6:
                    cb:92:a8:1e:ac:da:2a:9c:0a:2d:b3:7a:a7:85:6b:
                    cb:73:0c:c2:f2:d7:53:7c:4d:3d:5b:e0:d7:ac:02:
                    75:a3:d0:06:98:0f:94:e1:2e:6e:9e:77:c6:60:17:
                    dd:a3:61:8d:90:ea:e7:dd:17:45:6a:61:04:92:f1:
                    28:1c:24:f8:df:27:33:67:94:0b:0e:4c:95:b0:f4:
                    39:6a:59:84:b8:c7:15:5b:4b:65:3b:cf:2d:be:e7:
                    90:20:15:26:e4:31:92:ac:3c:29:17:17:d8:f0:26:
                    74:39:03:cb:bd:f7:30:71:1e:e4:43:b6:9e:68:3e:
                    e4:69:5f:25:e0:90:51:bd:0f:dd:3e:4e:e5:49:25:
                    af:a4:7d:60:bf:2d:03:de:4f:49:8d:47:09:bd:60:
                    6d:ce:d4:fd:dd:23:d5:26:87:73:20:f6:04:c0:d6:
                    d9:8f:ee:3e:a6:35:5b:b0:08:55:2f:4c:70:1f:c7:
                    6a:2d:12:1b:1c:fa:84:92:2b:cf:e8:74:3c:5c:14:
                    2b:f5:57:80:f8:98:d0:49:f1:47:b7:86:70:e6:6b:
                    d7:c8:e6:70:d2:38:8b:ce:d9:e3:d6:77:4b:1c:bd:
                    e8:9b:32:70:0a:9f:77:a9:3d:9d:2a:3b:25:8a:82:
                    ea:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:AF:76:86:8E:BF:4C:E6:98:EE:57:6A:25:26:98:09:AF:D7:05:0B
            X509v3 Authority Key Identifier:
                keyid:B3:2E:E2:B3:97:12:37:7B:4B:FE:C9:E6:6A:C7:E6:E9:08:EF:CE:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sy7is5cSN3tL_snmasfm6Qjvzuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/wa92ho6_TOaY7ldqJSaYCa_XBQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/sy7is5cSN3tL_snmasfm6Qjvzuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.63.0.0/16
                  185.35.12.0/22
                  195.4.128.0-195.4.175.255
                  195.4.184.0-195.4.215.255
                IPv6:
                  2a00:dca0::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:51:ec:66:65:02:d8:40:61:a0:70:c6:b9:ef:ed:af:8a:40:
         58:db:05:cb:72:28:3f:fe:3c:73:f0:6f:d5:24:2e:d3:65:9a:
         25:77:f7:0c:4a:ad:09:ce:50:fb:86:79:e1:a6:78:c6:a3:66:
         e5:b4:9d:3a:8d:a8:df:87:7c:3d:03:92:84:dc:4c:82:c4:ae:
         2d:f8:a3:30:e3:c5:e7:d1:5f:37:19:0c:c2:79:79:30:ef:90:
         98:72:e4:1c:95:66:c7:64:f0:68:ac:56:52:66:9b:7d:b9:0f:
         df:09:87:2f:59:3a:b2:e9:f7:4b:d6:47:1f:4c:97:0c:24:4a:
         24:0e:93:5e:7a:c7:cf:9b:af:9d:28:c1:d7:d5:a7:db:7d:48:
         97:5f:64:16:f0:b9:88:6a:d9:83:82:61:5c:25:b6:b8:f3:b6:
         c0:f3:f7:40:d9:a9:cc:fa:b9:68:c3:84:d4:a2:66:00:ac:3a:
         32:05:66:1a:7c:41:ef:33:bf:83:eb:3e:76:89:4a:59:fe:52:
         6a:68:33:4e:ec:d1:53:49:68:ff:7f:de:56:9f:40:53:b3:e6:
         ff:ab:78:3b:39:75:09:96:26:08:24:c0:ef:8a:3a:c0:a7:f4:
         86:28:6f:5b:44:76:c3:ce:76:84:7e:38:15:c3:f1:38:11:d1:
         3f:af:36:b4
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZQg1meXdIh5Ca5VDYDUU8aTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMmVlMmIzOTcxMjM3N2I0YmZlYzllNjZhYzdlNmU5MDhl
ZmNlZWMwHhcNMjUwMTAxMDc0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWFmNzY4NjhlYmY0Y2U2OThlZTU3NmEyNTI2OTgwOWFmZDcwNTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFutmVFnWDboutRuvNbLkqgerNoq
nAots3qnhWvLcwzC8tdTfE09W+DXrAJ1o9AGmA+U4S5unnfGYBfdo2GNkOrn3RdF
amEEkvEoHCT43yczZ5QLDkyVsPQ5almEuMcVW0tlO88tvueQIBUm5DGSrDwpFxfY
8CZ0OQPLvfcwcR7kQ7aeaD7kaV8l4JBRvQ/dPk7lSSWvpH1gvy0D3k9JjUcJvWBt
ztT93SPVJodzIPYEwNbZj+4+pjVbsAhVL0xwH8dqLRIbHPqEkivP6HQ8XBQr9VeA
+JjQSfFHt4Zw5mvXyOZw0jiLztnj1ndLHL3omzJwCp93qT2dKjslioLqowIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFMGvdoaOv0zmmO5XaiUmmAmv1wULMB8GA1UdIwQY
MBaAFLMu4rOXEjd7S/7J5mrH5ukI787sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3k3aXM1Y1NOM3RMX3NubWFzZm02UWp2enV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9kZmE1MWItNDZhYS00MDg0LWEzNDMt
ZjAxNmNhNWRhMjE5LzEvd2E5MmhvNl9UT2FZN2xkcUpTYVlDYV9YQlFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9kZmE1MWItNDZhYS00MDg0LWEzNDMtZjAxNmNhNWRhMjE5
LzEvc3k3aXM1Y1NOM3RMX3NubWFzZm02UWp2enV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAtBAIAATAnAwMAWT8DBAK5
IwwwDAMEB8MEgAMEBMMEoDAMAwQDwwS4AwQDwwTQMA0EAgACMAcDBQMqANygMA0G
CSqGSIb3DQEBCwUAA4IBAQBFUexmZQLYQGGgcMa57+2vikBY2wXLcig//jxz8G/V
JC7TZZold/cMSq0JzlD7hnnhpnjGo2bltJ06jajfh3w9A5KE3EyCxK4t+KMw48Xn
0V83GQzCeXkw75CYcuQclWbHZPBorFZSZpt9uQ/fCYcvWTqy6fdL1kcfTJcMJEok
DpNeesfPm6+dKMHX1afbfUiXX2QW8LmIatmDgmFcJba487bA8/dA2anM+rlow4TU
omYArDoyBWYafEHvM7+D6z52iUpZ/lJqaDNO7NFTSWj/f95Wn0BTs+b/q3g7OXUJ
liYIJMDvijrAp/SGKG9bRHbDznaEfjgVw/E4EdE/rza0
-----END CERTIFICATE-----