Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Kdh6u0OiNsmk_-dzycKZtiVzLXE.roa
File:                     Kdh6u0OiNsmk_-dzycKZtiVzLXE.roa (raw, json)
Hash identifier:          8HKDcoPvmw6yUPqUssO2S1EKso4x1CvTe9bG/iKZcjE=
Subject key identifier:   29:D8:7A:BB:43:A2:36:C9:A4:FF:E7:73:C9:C2:99:B6:25:73:2D:71
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       01942746FC6524BF7A297FE8958EF231412A
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Kdh6u0OiNsmk_-dzycKZtiVzLXE.roa
Signing time:             Thu 02 Jan 2025 13:49:11 +0000
ROA not before:           Thu 02 Jan 2025 13:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212165
IP address blocks:        45.87.245.0/24 maxlen: 24
                          185.224.212.0/24 maxlen: 24
                          2a10:9680::/32 maxlen: 32
                          2a10:9684::/32 maxlen: 32
                          2a10:9685::/32 maxlen: 32
                          2a11:e140::/29 maxlen: 29
                          2a12:6c40::/29 maxlen: 29
                          2a12:7f40::/29 maxlen: 29
                          2a12:92c0::/29 maxlen: 29
                          2a12:b3c0:ffff::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:fc:65:24:bf:7a:29:7f:e8:95:8e:f2:31:41:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Jan  2 13:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29d87abb43a236c9a4ffe773c9c299b625732d71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:5e:0d:8d:2e:dc:62:d6:b0:61:6c:4a:ec:c1:
                    b0:dd:81:bb:d9:ff:2c:e3:89:74:61:50:18:bd:6e:
                    9b:7e:b4:e2:97:d1:e3:c8:e8:fb:11:af:19:94:17:
                    f7:b3:09:b5:15:df:bc:d7:f5:f6:c0:c4:76:4e:d2:
                    3b:0b:64:45:e0:60:e2:80:6b:b0:4d:62:56:07:70:
                    b7:2a:05:0a:ff:b0:30:d1:38:f0:e0:de:ef:be:ae:
                    17:2c:26:19:5e:56:23:ed:a8:53:0c:11:2b:b5:63:
                    c8:80:c8:9a:06:31:f2:79:c7:1e:78:c7:ea:ae:f4:
                    5c:aa:94:59:9c:90:2b:2b:12:5d:2f:5f:ef:7c:ca:
                    ce:e3:f9:3b:a6:d9:62:c8:d2:ad:ae:4c:00:5a:dc:
                    14:2d:23:ba:46:b6:bc:8f:cd:59:3a:f8:cb:17:b4:
                    12:01:ea:4d:07:ba:a6:25:e2:db:c4:87:4f:bc:36:
                    14:a4:96:1d:00:04:75:42:a1:49:dc:bb:54:cf:75:
                    b7:30:c5:bd:cd:ae:56:cc:6c:59:7b:5e:e7:c6:51:
                    b4:24:76:b8:03:bf:a2:86:18:c7:6d:dd:de:25:64:
                    da:04:49:ff:2e:c8:0c:2a:0d:76:d6:30:f7:1d:ed:
                    eb:5e:77:c2:21:72:02:1d:11:f4:f7:4c:6b:4f:82:
                    6a:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:D8:7A:BB:43:A2:36:C9:A4:FF:E7:73:C9:C2:99:B6:25:73:2D:71
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Kdh6u0OiNsmk_-dzycKZtiVzLXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.245.0/24
                  185.224.212.0/24
                IPv6:
                  2a10:9680::/32
                  2a10:9684::/31
                  2a11:e140::/29
                  2a12:6c40::/29
                  2a12:7f40::/29
                  2a12:92c0::/29
                  2a12:b3c0:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:8e:0e:eb:70:1b:38:87:be:04:40:26:87:03:db:37:e9:86:
         92:a5:f0:7d:e4:a2:24:8f:4f:3b:17:39:e9:c1:e2:ec:ca:8f:
         bf:86:7d:b5:20:01:5f:d4:42:27:af:38:04:6a:f0:59:b6:c2:
         a5:a5:0e:80:07:60:27:45:a9:72:56:ea:1d:9d:29:ee:87:c9:
         1a:1b:6b:05:07:59:95:8a:0e:f0:63:18:f7:ff:4b:04:91:3c:
         69:2b:a5:46:42:2c:db:b7:9a:bb:00:28:92:96:a6:db:f6:97:
         2c:03:42:89:13:cc:a6:5e:ea:9b:16:2a:49:63:8f:dc:95:80:
         c0:ea:6f:ed:a8:59:44:1d:8b:fe:ba:a3:23:e6:d6:99:bc:87:
         c1:2c:7a:7f:ce:1d:1e:4e:d3:07:aa:1e:f0:1a:ef:61:dc:77:
         60:74:11:4a:cd:07:50:97:a0:1d:d4:d8:e2:3b:6f:8b:61:5d:
         88:ed:f7:fb:80:bf:80:81:06:bd:df:10:fa:44:ae:e1:14:bd:
         95:de:50:54:6f:46:86:cd:49:48:db:70:e7:f5:a6:c1:1d:cb:
         68:38:c6:0f:8f:6c:43:fd:29:5d:ab:33:b3:12:57:b3:55:a0:
         0e:f5:76:64:53:14:93:89:6c:95:d3:8f:08:d8:c2:91:db:28:
         08:04:f9:d4
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZQnRvxlJL96KX/olY7yMUEqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjUwMTAyMTM0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWQ4N2FiYjQzYTIzNmM5YTRmZmU3NzNjOWMyOTliNjI1NzMyZDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj14NjS7cYtawYWxK7MGw3YG72f8s
44l0YVAYvW6bfrTil9HjyOj7Ea8ZlBf3swm1Fd+81/X2wMR2TtI7C2RF4GDigGuw
TWJWB3C3KgUK/7Aw0Tjw4N7vvq4XLCYZXlYj7ahTDBErtWPIgMiaBjHyecceeMfq
rvRcqpRZnJArKxJdL1/vfMrO4/k7ptliyNKtrkwAWtwULSO6Rra8j81ZOvjLF7QS
AepNB7qmJeLbxIdPvDYUpJYdAAR1QqFJ3LtUz3W3MMW9za5WzGxZe17nxlG0JHa4
A7+ihhjHbd3eJWTaBEn/LsgMKg121jD3He3rXnfCIXICHRH090xrT4Jq6QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFCnYertDojbJpP/nc8nCmbYlcy1xMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvS2RoNnUwT2lOc21rXy1kenljS1p0aVZ6TFhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzASBAIAATAMAwQALVf1AwQA
ueDUMDkEAgACMDMDBQAqEJaAAwUBKhCWhAMFAyoR4UADBQMqEmxAAwUDKhJ/QAMF
AyoSksADBwAqErPA//8wDQYJKoZIhvcNAQELBQADggEBAG2ODutwGziHvgRAJocD
2zfphpKl8H3koiSPTzsXOenB4uzKj7+GfbUgAV/UQievOARq8Fm2wqWlDoAHYCdF
qXJW6h2dKe6HyRobawUHWZWKDvBjGPf/SwSRPGkrpUZCLNu3mrsAKJKWptv2lywD
QokTzKZe6psWKkljj9yVgMDqb+2oWUQdi/66oyPm1pm8h8Esen/OHR5O0weqHvAa
72Hcd2B0EUrNB1CXoB3U2OI7b4thXYjt9/uAv4CBBr3fEPpEruEUvZXeUFRvRobN
SUjbcOf1psEdy2g4xg+PbEP9KV2rM7MSV7NVoA71dmRTFJOJbJXTjwjYwpHbKAgE
+dQ=
-----END CERTIFICATE-----