Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/592cf0-03df-4886-b061-284f7c9622b5/1/cRAAzm69rK1x2VXcQUJ_DYkM5W0.roa
File:                     cRAAzm69rK1x2VXcQUJ_DYkM5W0.roa (raw, json)
Hash identifier:          QMURLhpiB70UAjkJMuKHXFWklTM0r8n8ucBI0KCwX8g=
Subject key identifier:   71:10:00:CE:6E:BD:AC:AD:71:D9:55:DC:41:42:7F:0D:89:0C:E5:6D
Certificate issuer:       /CN=b13099c38b6477a68c98019ff6e0040808078b90
Certificate serial:       0194228E1BF61DE02D5B06BBEE02BE4206CC
Authority key identifier: B1:30:99:C3:8B:64:77:A6:8C:98:01:9F:F6:E0:04:08:08:07:8B:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sTCZw4tkd6aMmAGf9uAECAgHi5A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/592cf0-03df-4886-b061-284f7c9622b5/1/cRAAzm69rK1x2VXcQUJ_DYkM5W0.roa
Signing time:             Wed 01 Jan 2025 15:48:46 +0000
ROA not before:           Wed 01 Jan 2025 15:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206347
IP address blocks:        37.48.225.0/24 maxlen: 24
                          37.48.226.0/23 maxlen: 23
                          37.48.228.0/24 maxlen: 24
                          37.48.231.0/24 maxlen: 24
                          138.124.160.0/20 maxlen: 24
                          138.124.175.0/24 maxlen: 24
                          185.32.92.0/22 maxlen: 24
                          185.67.232.0/22 maxlen: 24
                          185.102.132.0/22 maxlen: 24
                          185.193.168.0/22 maxlen: 24
                          2a0b:de40::/29 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:1b:f6:1d:e0:2d:5b:06:bb:ee:02:be:42:06:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b13099c38b6477a68c98019ff6e0040808078b90
        Validity
            Not Before: Jan  1 15:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=711000ce6ebdacad71d955dc41427f0d890ce56d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:bd:23:f6:d0:ab:7d:66:ea:76:55:c5:cb:1a:
                    6b:68:38:88:7e:ee:65:19:f8:f3:55:15:cb:fe:d8:
                    e6:ff:e3:8e:b3:d8:62:66:f1:d5:18:f8:f1:b0:1a:
                    02:46:ba:42:40:98:58:8d:8b:44:ab:6e:58:1f:3c:
                    ae:b0:85:57:ea:10:1a:dc:e2:9f:b4:5b:16:c2:30:
                    2f:37:b0:50:0f:73:9b:17:fd:36:74:60:02:ee:01:
                    3f:6f:33:78:f6:72:c6:79:bd:22:f1:ef:34:5e:11:
                    0b:64:2f:f1:c3:95:11:1e:33:2a:7d:87:94:b3:db:
                    cc:51:c4:4e:8d:b1:30:6f:8a:58:13:40:dd:44:f0:
                    cc:e7:8d:64:34:67:a5:6e:eb:d1:e4:b8:f2:45:40:
                    6e:ea:3f:21:14:6c:be:14:c1:8d:05:9d:36:49:48:
                    52:3d:fb:36:63:1d:26:54:31:0b:8e:7b:ce:d4:d0:
                    dd:6d:f9:2b:3f:5f:d6:11:f0:ad:58:b5:b5:78:0c:
                    6d:f3:0e:94:6b:f4:c2:00:d3:e6:e4:36:28:56:9f:
                    d6:f0:47:22:10:dc:95:de:c0:8c:d4:b0:19:af:0c:
                    98:df:77:42:ea:39:5d:6b:4d:45:fa:1e:41:23:03:
                    97:11:d5:48:e4:af:30:c4:f8:b6:e6:8b:d2:04:ce:
                    17:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:10:00:CE:6E:BD:AC:AD:71:D9:55:DC:41:42:7F:0D:89:0C:E5:6D
            X509v3 Authority Key Identifier:
                keyid:B1:30:99:C3:8B:64:77:A6:8C:98:01:9F:F6:E0:04:08:08:07:8B:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sTCZw4tkd6aMmAGf9uAECAgHi5A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/592cf0-03df-4886-b061-284f7c9622b5/1/cRAAzm69rK1x2VXcQUJ_DYkM5W0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/592cf0-03df-4886-b061-284f7c9622b5/1/sTCZw4tkd6aMmAGf9uAECAgHi5A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.48.225.0-37.48.228.255
                  37.48.231.0/24
                  138.124.160.0/20
                  185.32.92.0/22
                  185.67.232.0/22
                  185.102.132.0/22
                  185.193.168.0/22
                IPv6:
                  2a0b:de40::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:d7:0c:8b:39:23:42:98:46:99:ca:4d:4c:c7:f3:ee:53:f6:
         67:16:8c:17:0b:43:ae:e9:4e:7b:4c:43:5d:4e:e9:d4:30:b2:
         5c:aa:ad:ad:63:fe:fc:c0:b2:58:e5:fd:3f:d2:3f:99:24:12:
         b8:7b:cb:cb:cf:1d:ca:d4:0d:6a:ff:1f:7c:f3:ed:12:ba:32:
         14:43:92:62:ec:7a:45:56:09:a3:0e:63:e3:c6:45:13:b3:1d:
         0b:d0:31:50:e4:0f:b0:f1:ae:b9:ca:8a:1d:50:f2:1d:57:03:
         7e:81:03:70:af:44:7d:fd:8d:d8:f7:f7:1a:1f:98:0c:43:e4:
         10:c9:c3:8d:62:13:dc:21:e3:78:09:fb:8b:dd:fd:20:08:49:
         8e:f5:ee:1d:18:dd:96:e5:fb:f6:d6:78:fe:a6:c0:8b:7c:08:
         3d:43:ce:08:21:7a:21:47:46:a6:2e:b9:35:b2:7f:12:b0:2b:
         8a:dc:db:6c:23:3b:5f:0b:62:6e:4e:2b:fe:44:db:a8:54:93:
         4d:7e:d2:92:8f:33:49:67:65:04:8f:e9:9b:f6:b1:75:13:f6:
         23:b0:ea:3f:ec:94:07:68:ef:3f:51:9e:fa:e9:a2:ee:fa:a1:
         4c:cd:28:b4:90:90:6c:3c:13:e2:5f:36:27:5c:57:41:f6:12:
         30:c0:c1:eb
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZQijhv2HeAtWwa77gK+QgbMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMzA5OWMzOGI2NDc3YTY4Yzk4MDE5ZmY2ZTAwNDA4MDgw
NzhiOTAwHhcNMjUwMTAxMTU0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTEwMDBjZTZlYmRhY2FkNzFkOTU1ZGM0MTQyN2YwZDg5MGNlNTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2L0j9tCrfWbqdlXFyxpraDiIfu5l
GfjzVRXL/tjm/+OOs9hiZvHVGPjxsBoCRrpCQJhYjYtEq25YHzyusIVX6hAa3OKf
tFsWwjAvN7BQD3ObF/02dGAC7gE/bzN49nLGeb0i8e80XhELZC/xw5URHjMqfYeU
s9vMUcROjbEwb4pYE0DdRPDM541kNGelbuvR5LjyRUBu6j8hFGy+FMGNBZ02SUhS
Pfs2Yx0mVDELjnvO1NDdbfkrP1/WEfCtWLW1eAxt8w6Ua/TCANPm5DYoVp/W8Eci
ENyV3sCM1LAZrwyY33dC6jlda01F+h5BIwOXEdVI5K8wxPi25ovSBM4XsQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFHEQAM5uvaytcdlV3EFCfw2JDOVtMB8GA1UdIwQY
MBaAFLEwmcOLZHemjJgBn/bgBAgIB4uQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1RDWnc0dGtkNmFNbUFHZjl1QUVDQWdIaTVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy81OTJjZjAtMDNkZi00ODg2LWIwNjEt
Mjg0ZjdjOTYyMmI1LzEvY1JBQXptNjlySzF4MlZYY1FVSl9EWWtNNVcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy81OTJjZjAtMDNkZi00ODg2LWIwNjEtMjg0ZjdjOTYyMmI1
LzEvc1RDWnc0dGtkNmFNbUFHZjl1QUVDQWdIaTVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyMAwDBAAlMOED
BAAlMOQDBAAlMOcDBASKfKADBAK5IFwDBAK5Q+gDBAK5ZoQDBAK5wagwDQQCAAIw
BwMFAyoL3kAwDQYJKoZIhvcNAQELBQADggEBAJjXDIs5I0KYRpnKTUzH8+5T9mcW
jBcLQ67pTntMQ11O6dQwslyqra1j/vzAsljl/T/SP5kkErh7y8vPHcrUDWr/H3zz
7RK6MhRDkmLsekVWCaMOY+PGRROzHQvQMVDkD7DxrrnKih1Q8h1XA36BA3CvRH39
jdj39xofmAxD5BDJw41iE9wh43gJ+4vd/SAISY717h0Y3Zbl+/bWeP6mwIt8CD1D
zggheiFHRqYuuTWyfxKwK4rc22wjO18LYm5OK/5E26hUk01+0pKPM0lnZQSP6Zv2
sXUT9iOw6j/slAdo7z9Rnvrpou76oUzNKLSQkGw8E+JfNidcV0H2EjDAwes=
-----END CERTIFICATE-----