Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/4f43fc-4187-4bb9-905a-f0c6258b9a04/1/FvfQzenY4vuGvPjzUDTw1tjiG2s.roa
File:                     FvfQzenY4vuGvPjzUDTw1tjiG2s.roa (raw, json)
Hash identifier:          zkGEFuUXYUubPgf+SgQqduDAgySAdGnP1m7nGCOsPPE=
Subject key identifier:   16:F7:D0:CD:E9:D8:E2:FB:86:BC:F8:F3:50:34:F0:D6:D8:E2:1B:6B
Certificate issuer:       /CN=5b5bff9d41f719f62600c32d3410ddb99eccb30c
Certificate serial:       019422FC0843B053D231DD17F1F1ABAA89E5
Authority key identifier: 5B:5B:FF:9D:41:F7:19:F6:26:00:C3:2D:34:10:DD:B9:9E:CC:B3:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W1v_nUH3GfYmAMMtNBDduZ7Msww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/4f43fc-4187-4bb9-905a-f0c6258b9a04/1/FvfQzenY4vuGvPjzUDTw1tjiG2s.roa
Signing time:             Wed 01 Jan 2025 17:48:50 +0000
ROA not before:           Wed 01 Jan 2025 17:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25228
IP address blocks:        78.138.4.0/22 maxlen: 22
                          78.138.36.0/22 maxlen: 22
                          83.229.52.0/22 maxlen: 22
                          83.229.100.0/24 maxlen: 24
                          83.229.101.0/24 maxlen: 24
                          83.229.102.0/24 maxlen: 24
                          185.115.108.0/22 maxlen: 22
                          213.255.212.0/22 maxlen: 22
                          213.255.220.0/22 maxlen: 22
                          213.255.232.0/22 maxlen: 22
                          213.255.236.0/22 maxlen: 22
                          213.255.252.0/22 maxlen: 22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:08:43:b0:53:d2:31:dd:17:f1:f1:ab:aa:89:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b5bff9d41f719f62600c32d3410ddb99eccb30c
        Validity
            Not Before: Jan  1 17:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16f7d0cde9d8e2fb86bcf8f35034f0d6d8e21b6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:76:2e:87:37:41:7b:38:c3:eb:1d:53:55:e6:
                    43:0f:14:14:d0:d7:26:53:0b:66:2f:5a:62:fd:85:
                    30:f5:19:e9:45:f3:78:cf:40:88:b0:5f:29:6b:53:
                    0d:e8:0c:d9:e9:90:20:53:e5:9b:db:37:d8:41:00:
                    8f:1e:3b:36:2c:71:f9:4e:3d:59:46:1a:67:a5:65:
                    d7:8c:ed:6a:3f:29:ec:b0:fc:dd:6d:6a:4e:c8:e7:
                    da:e6:ea:9a:46:6d:45:ff:1f:91:de:ce:b3:7b:c7:
                    5d:1e:49:c0:bb:64:42:6c:8d:9a:61:fd:7b:27:86:
                    e4:bb:41:26:b7:75:50:2a:74:d1:46:14:d8:e9:6e:
                    fd:56:51:c0:30:2d:ef:5e:cd:43:c4:45:cb:0d:56:
                    1d:cc:e9:03:88:5a:2f:51:5c:52:a6:2c:38:53:86:
                    f8:48:4e:04:9e:32:ad:25:ca:4e:35:10:0b:b6:47:
                    ff:a0:36:ef:d5:04:4e:f8:10:7d:16:4a:80:fc:d6:
                    99:13:bc:c5:2e:04:78:5c:0a:56:d6:f3:27:09:1b:
                    09:dd:4b:7d:14:24:a5:39:e3:a6:d8:39:8b:34:30:
                    96:13:bd:0d:44:5c:52:06:2a:9a:21:07:8b:7c:0a:
                    92:53:45:a3:ce:c6:d3:c7:10:60:b2:ff:0b:45:cd:
                    6a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:F7:D0:CD:E9:D8:E2:FB:86:BC:F8:F3:50:34:F0:D6:D8:E2:1B:6B
            X509v3 Authority Key Identifier:
                keyid:5B:5B:FF:9D:41:F7:19:F6:26:00:C3:2D:34:10:DD:B9:9E:CC:B3:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W1v_nUH3GfYmAMMtNBDduZ7Msww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/4f43fc-4187-4bb9-905a-f0c6258b9a04/1/FvfQzenY4vuGvPjzUDTw1tjiG2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/4f43fc-4187-4bb9-905a-f0c6258b9a04/1/W1v_nUH3GfYmAMMtNBDduZ7Msww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.138.4.0/22
                  78.138.36.0/22
                  83.229.52.0/22
                  83.229.100.0-83.229.102.255
                  185.115.108.0/22
                  213.255.212.0/22
                  213.255.220.0/22
                  213.255.232.0/21
                  213.255.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:79:c7:e2:ad:58:23:66:8d:c5:8c:be:b3:7c:02:ef:c2:04:
         8c:1b:18:92:6b:87:6e:72:fb:3c:b5:5f:da:42:15:44:c4:e4:
         e2:41:69:39:43:b7:87:e4:db:ba:64:58:cb:29:16:86:16:48:
         08:26:e1:55:b0:76:38:40:91:d8:f1:80:9e:da:82:f1:10:e2:
         f4:c9:18:58:28:40:ea:06:12:3b:ed:e5:c2:04:7a:57:5c:fc:
         60:c6:d2:6c:66:5b:ce:d6:6b:e2:52:f7:7e:6d:62:80:7f:59:
         6b:6d:db:f3:47:93:39:22:ac:42:42:0b:d2:ef:84:82:46:b5:
         81:c6:9e:d2:2c:d8:9d:84:23:76:0a:5d:c0:dc:ad:4c:78:9c:
         3d:c4:8f:31:d1:63:cd:31:72:e7:ec:5d:ea:e2:93:5d:54:0a:
         99:d0:d8:2a:3d:74:39:b9:88:00:d7:a6:27:cf:71:10:53:18:
         07:d7:e0:db:f2:97:90:1f:af:05:38:70:f3:62:5f:5f:eb:e5:
         68:75:a2:3c:ad:3b:d8:c1:bc:9e:75:74:f6:5e:39:eb:f3:be:
         a0:ea:81:ba:8b:63:7b:11:a8:9b:9d:a4:4f:dd:bd:91:af:35:
         1f:68:ff:ed:75:ee:2d:f8:d0:cb:57:88:c5:8c:8b:90:e0:45:
         c3:6c:cd:d2
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZQi/AhDsFPSMd0X8fGrqonlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNWJmZjlkNDFmNzE5ZjYyNjAwYzMyZDM0MTBkZGI5OWVj
Y2IzMGMwHhcNMjUwMTAxMTc0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmY3ZDBjZGU5ZDhlMmZiODZiY2Y4ZjM1MDM0ZjBkNmQ4ZTIxYjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3YuhzdBezjD6x1TVeZDDxQU0Ncm
UwtmL1pi/YUw9RnpRfN4z0CIsF8pa1MN6AzZ6ZAgU+Wb2zfYQQCPHjs2LHH5Tj1Z
RhpnpWXXjO1qPynssPzdbWpOyOfa5uqaRm1F/x+R3s6ze8ddHknAu2RCbI2aYf17
J4bku0Emt3VQKnTRRhTY6W79VlHAMC3vXs1DxEXLDVYdzOkDiFovUVxSpiw4U4b4
SE4EnjKtJcpONRALtkf/oDbv1QRO+BB9FkqA/NaZE7zFLgR4XApW1vMnCRsJ3Ut9
FCSlOeOm2DmLNDCWE70NRFxSBiqaIQeLfAqSU0WjzsbTxxBgsv8LRc1qGwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFBb30M3p2OL7hrz481A08NbY4htrMB8GA1UdIwQY
MBaAFFtb/51B9xn2JgDDLTQQ3bmezLMMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzF2X25VSDNHZlltQU1NdE5CRGR1WjdNc3d3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi80ZjQzZmMtNDE4Ny00YmI5LTkwNWEt
ZjBjNjI1OGI5YTA0LzEvRnZmUXplblk0dnVHdlBqelVEVHcxdGppRzJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi80ZjQzZmMtNDE4Ny00YmI5LTkwNWEtZjBjNjI1OGI5YTA0
LzEvVzF2X25VSDNHZlltQU1NdE5CRGR1WjdNc3d3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQCTooEAwQC
TookAwQCU+U0MAwDBAJT5WQDBABT5WYDBAK5c2wDBALV/9QDBALV/9wDBAPV/+gD
BALV//wwDQYJKoZIhvcNAQELBQADggEBAGZ5x+KtWCNmjcWMvrN8Au/CBIwbGJJr
h25y+zy1X9pCFUTE5OJBaTlDt4fk27pkWMspFoYWSAgm4VWwdjhAkdjxgJ7agvEQ
4vTJGFgoQOoGEjvt5cIEeldc/GDG0mxmW87Wa+JS935tYoB/WWtt2/NHkzkirEJC
C9LvhIJGtYHGntIs2J2EI3YKXcDcrUx4nD3EjzHRY80xcufsXerik11UCpnQ2Co9
dDm5iADXpifPcRBTGAfX4Nvyl5AfrwU4cPNiX1/r5Wh1ojytO9jBvJ51dPZeOevz
vqDqgbqLY3sRqJudpE/dvZGvNR9o/+117i340MtXiMWMi5DgRcNszdI=
-----END CERTIFICATE-----