Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/364b94-6ca4-4f9a-88a5-8b3d527c49e4/1/MEQXUjQVSgBa6fkz1d4Pqn8Zrh8.roa
File:                     MEQXUjQVSgBa6fkz1d4Pqn8Zrh8.roa (raw, json)
Hash identifier:          nyNXzcw7HH80pO4xP3i+Qt5XwCaB64b06vXaFAegGJg=
Subject key identifier:   30:44:17:52:34:15:4A:00:5A:E9:F9:33:D5:DE:0F:AA:7F:19:AE:1F
Certificate issuer:       /CN=58bf7f3ad53f29a3c43f0ad82017a05368c0104a
Certificate serial:       018AF820F3E26B9903A23BDA1A69CADC08EA
Authority key identifier: 58:BF:7F:3A:D5:3F:29:A3:C4:3F:0A:D8:20:17:A0:53:68:C0:10:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WL9_OtU_KaPEPwrYIBegU2jAEEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/364b94-6ca4-4f9a-88a5-8b3d527c49e4/1/MEQXUjQVSgBa6fkz1d4Pqn8Zrh8.roa
Signing time:             Wed 04 Oct 2023 00:40:23 +0000
ROA not before:           Wed 04 Oct 2023 00:40:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        193.109.198.0/24 maxlen: 24
                          193.109.194.0/24 maxlen: 24
                          193.109.196.0/24 maxlen: 24
                          85.237.204.0/24 maxlen: 24
                          85.237.206.0/23 maxlen: 23
                          85.237.202.0/24 maxlen: 24
                          85.237.208.0/23 maxlen: 23
                          85.237.208.0/24 maxlen: 24
                          85.237.209.0/24 maxlen: 24
                          85.237.220.0/23 maxlen: 23
                          185.139.26.0/24 maxlen: 24
                          85.158.58.0/23 maxlen: 23
                          85.158.58.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:f8:20:f3:e2:6b:99:03:a2:3b:da:1a:69:ca:dc:08:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58bf7f3ad53f29a3c43f0ad82017a05368c0104a
        Validity
            Not Before: Oct  4 00:40:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3044175234154a005ae9f933d5de0faa7f19ae1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e5:d4:dd:a6:1b:a3:2e:ef:1d:2d:a4:3d:58:
                    b7:7b:ef:21:16:fd:4d:f8:4b:c8:7d:74:af:08:e8:
                    45:ba:7b:8d:f7:34:89:c4:cd:ae:e6:6e:ea:7b:bb:
                    cf:c4:dd:cd:fb:8c:4c:c3:bb:db:de:0b:18:f6:f8:
                    ec:31:91:6a:83:90:06:94:2a:b3:87:df:37:3d:af:
                    5b:73:ce:f1:4a:ad:e3:fb:5d:6f:e3:7e:5c:16:74:
                    a2:e7:10:6d:83:a4:23:02:1f:71:0a:0b:58:04:14:
                    c6:d6:f6:61:7b:6d:82:18:18:38:cb:71:27:cc:06:
                    47:71:af:e7:57:1d:5f:17:1f:55:58:21:75:f2:ea:
                    09:b9:98:40:26:3c:98:f1:45:f3:94:19:62:46:b8:
                    60:df:29:36:5f:88:67:1a:a4:0b:52:78:ec:52:ab:
                    77:40:46:a8:c2:69:65:3c:f9:0a:9b:b5:32:0d:81:
                    88:06:7f:c3:06:e2:b9:38:77:d5:20:05:cc:45:e3:
                    9f:2f:eb:ee:63:9e:c3:fe:41:d0:fe:bd:4f:e1:e3:
                    c5:8d:d9:b2:94:16:a5:15:99:7c:1b:f5:1b:ff:d4:
                    65:d1:b3:cd:38:83:ec:85:06:e5:32:2b:26:b8:6e:
                    72:96:eb:e3:a1:9e:81:da:d7:0d:36:bc:97:d4:56:
                    f1:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:44:17:52:34:15:4A:00:5A:E9:F9:33:D5:DE:0F:AA:7F:19:AE:1F
            X509v3 Authority Key Identifier:
                keyid:58:BF:7F:3A:D5:3F:29:A3:C4:3F:0A:D8:20:17:A0:53:68:C0:10:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WL9_OtU_KaPEPwrYIBegU2jAEEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/364b94-6ca4-4f9a-88a5-8b3d527c49e4/1/MEQXUjQVSgBa6fkz1d4Pqn8Zrh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/364b94-6ca4-4f9a-88a5-8b3d527c49e4/1/WL9_OtU_KaPEPwrYIBegU2jAEEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.58.0/23
                  85.237.202.0/24
                  85.237.204.0/24
                  85.237.206.0-85.237.209.255
                  85.237.220.0/23
                  185.139.26.0/24
                  193.109.194.0/24
                  193.109.196.0/24
                  193.109.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:44:62:7f:83:72:00:cd:48:e9:95:ca:1b:5e:e5:68:04:7b:
         64:2d:2c:bd:28:59:5c:1c:80:69:32:2e:83:41:29:b5:da:76:
         f6:f5:fa:bb:b5:27:8e:cb:a4:da:2a:f1:c9:3f:d3:cc:97:7a:
         ca:9d:ff:d9:30:c8:34:dc:20:0d:35:39:00:82:e9:46:6b:db:
         49:78:ae:f9:dc:c0:4c:70:d3:1e:d6:d7:2a:47:ad:2c:2a:85:
         4b:1e:b0:6a:78:8c:c4:05:57:4e:7e:85:26:7c:f7:16:9a:00:
         b7:58:88:b2:3f:df:f6:c2:fc:89:7e:df:c4:f1:eb:cb:6e:3c:
         4a:8a:2b:88:ac:55:c7:0d:89:17:79:80:ef:f1:44:b6:57:d9:
         ae:15:4e:af:1e:be:e4:31:21:f1:d1:68:33:75:ab:9d:90:a9:
         c7:cb:b8:a9:fc:ba:d1:33:0a:01:7b:c4:8f:57:0c:bc:50:f0:
         2b:b3:b7:40:ec:06:91:89:73:1d:1b:a0:f2:0e:34:20:d7:f5:
         d4:f0:e4:9b:bf:d6:c6:8c:56:ff:9c:4e:21:b5:65:35:fe:a4:
         4e:04:3d:a5:69:24:93:37:17:de:4c:96:6a:8c:00:5d:b0:6d:
         a0:8e:e7:fc:ef:73:df:38:f8:57:88:c0:53:40:8e:a3:fb:21:
         83:64:39:a6
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYr4IPPia5kDojvaGmnK3AjqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YmY3ZjNhZDUzZjI5YTNjNDNmMGFkODIwMTdhMDUzNjhj
MDEwNGEwHhcNMjMxMDA0MDA0MDIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDQ0MTc1MjM0MTU0YTAwNWFlOWY5MzNkNWRlMGZhYTdmMTlhZTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOXU3aYboy7vHS2kPVi3e+8hFv1N
+EvIfXSvCOhFunuN9zSJxM2u5m7qe7vPxN3N+4xMw7vb3gsY9vjsMZFqg5AGlCqz
h983Pa9bc87xSq3j+11v435cFnSi5xBtg6QjAh9xCgtYBBTG1vZhe22CGBg4y3En
zAZHca/nVx1fFx9VWCF18uoJuZhAJjyY8UXzlBliRrhg3yk2X4hnGqQLUnjsUqt3
QEaowmllPPkKm7UyDYGIBn/DBuK5OHfVIAXMReOfL+vuY57D/kHQ/r1P4ePFjdmy
lBalFZl8G/Ub/9Rl0bPNOIPshQblMismuG5yluvjoZ6B2tcNNryX1FbxSQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFDBEF1I0FUoAWun5M9XeD6p/Ga4fMB8GA1UdIwQY
MBaAFFi/fzrVPymjxD8K2CAXoFNowBBKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0w5X090VV9LYVBFUHdyWUlCZWdVMmpBRUVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zNjRiOTQtNmNhNC00ZjlhLTg4YTUt
OGIzZDUyN2M0OWU0LzEvTUVRWFVqUVZTZ0JhNmZrejFkNFBxbjhacmg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zNjRiOTQtNmNhNC00ZjlhLTg4YTUtOGIzZDUyN2M0OWU0
LzEvV0w5X090VV9LYVBFUHdyWUlCZWdVMmpBRUVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQBVZ46AwQA
Ve3KAwQAVe3MMAwDBAFV7c4DBAFV7dADBAFV7dwDBAC5ixoDBADBbcIDBADBbcQD
BADBbcYwDQYJKoZIhvcNAQELBQADggEBAHtEYn+DcgDNSOmVyhte5WgEe2QtLL0o
WVwcgGkyLoNBKbXadvb1+ru1J47LpNoq8ck/08yXesqd/9kwyDTcIA01OQCC6UZr
20l4rvncwExw0x7W1ypHrSwqhUsesGp4jMQFV05+hSZ89xaaALdYiLI/3/bC/Il+
38Tx68tuPEqKK4isVccNiRd5gO/xRLZX2a4VTq8evuQxIfHRaDN1q52QqcfLuKn8
utEzCgF7xI9XDLxQ8Cuzt0DsBpGJcx0boPIONCDX9dTw5Ju/1saMVv+cTiG1ZTX+
pE4EPaVpJJM3F95MlmqMAF2wbaCO5/zvc984+FeIwFNAjqP7IYNkOaY=
-----END CERTIFICATE-----