Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/589eca-3f19-4e23-a3fb-3303f71622f9/1/adNDLvUmYkNZRHIO-8EvQkOny3U.roa
File:                     adNDLvUmYkNZRHIO-8EvQkOny3U.roa (raw, json)
Hash identifier:          JFJ+lodVDeHLySNvitcsYBxq8cfuImJHPxEA0H+DjjY=
Subject key identifier:   69:D3:43:2E:F5:26:62:43:59:44:72:0E:FB:C1:2F:42:43:A7:CB:75
Certificate issuer:       /CN=6e4067d77bfea99df25ce5e08a9213d1128014cf
Certificate serial:       019426D9922676DB4A98B2ED2FD9D3633109
Authority key identifier: 6E:40:67:D7:7B:FE:A9:9D:F2:5C:E5:E0:8A:92:13:D1:12:80:14:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bkBn13v-qZ3yXOXgipIT0RKAFM8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/589eca-3f19-4e23-a3fb-3303f71622f9/1/adNDLvUmYkNZRHIO-8EvQkOny3U.roa
Signing time:             Thu 02 Jan 2025 11:49:40 +0000
ROA not before:           Thu 02 Jan 2025 11:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56730
IP address blocks:        91.227.26.0/24 maxlen: 24
                          134.0.16.0/21 maxlen: 21
                          185.27.32.0/22 maxlen: 22
                          185.42.196.0/22 maxlen: 22
                          185.53.92.0/22 maxlen: 22
                          185.164.44.0/22 maxlen: 22
                          188.114.112.0/21 maxlen: 21
                          188.114.112.0/24 maxlen: 24
                          2a03:b980::/32 maxlen: 32
                          2a03:b980:200::/40 maxlen: 40

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:92:26:76:db:4a:98:b2:ed:2f:d9:d3:63:31:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e4067d77bfea99df25ce5e08a9213d1128014cf
        Validity
            Not Before: Jan  2 11:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69d3432ef52662435944720efbc12f4243a7cb75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:94:04:5a:f4:97:7f:04:0b:4a:9c:1f:c7:4d:
                    a5:98:c4:b6:53:d1:7c:b8:20:95:2d:7f:bd:8b:c5:
                    49:02:66:c2:0c:25:e9:ff:44:45:27:dc:d3:d9:3b:
                    53:ca:f8:d2:2e:7f:9a:4d:46:6a:c0:26:2a:b6:d6:
                    6b:f5:32:42:d9:08:5c:05:8f:4b:cf:49:d8:c1:72:
                    f7:0f:4a:8d:70:5a:c7:87:70:fb:69:52:7c:82:4f:
                    25:10:27:16:3d:3d:2e:43:da:bc:ed:96:31:9a:b2:
                    c8:cd:1c:49:32:b8:33:82:f8:e3:06:9d:90:a6:fa:
                    98:cc:9b:07:5c:a7:0d:58:ec:98:dd:36:ad:7b:53:
                    1c:be:c8:cb:9b:41:b7:eb:b3:2c:1d:73:8c:cd:d1:
                    fd:a9:be:33:a1:fd:f6:d7:77:5e:64:77:11:34:f8:
                    07:91:4f:de:44:a5:5b:8b:36:1b:ad:b5:dd:0f:38:
                    bc:da:56:63:95:af:09:a5:52:dc:71:41:9b:61:d3:
                    7b:66:b8:0b:00:52:eb:d5:98:79:be:41:b6:18:ff:
                    5f:8b:d0:5a:18:19:d1:7e:62:e6:cb:cb:63:f9:51:
                    51:22:66:a3:ff:38:d2:e0:7b:be:3e:87:44:c8:f6:
                    3f:4a:b2:89:31:c0:8b:c8:59:33:f9:29:68:e7:8d:
                    10:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:D3:43:2E:F5:26:62:43:59:44:72:0E:FB:C1:2F:42:43:A7:CB:75
            X509v3 Authority Key Identifier:
                keyid:6E:40:67:D7:7B:FE:A9:9D:F2:5C:E5:E0:8A:92:13:D1:12:80:14:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bkBn13v-qZ3yXOXgipIT0RKAFM8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/589eca-3f19-4e23-a3fb-3303f71622f9/1/adNDLvUmYkNZRHIO-8EvQkOny3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/589eca-3f19-4e23-a3fb-3303f71622f9/1/bkBn13v-qZ3yXOXgipIT0RKAFM8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.26.0/24
                  134.0.16.0/21
                  185.27.32.0/22
                  185.42.196.0/22
                  185.53.92.0/22
                  185.164.44.0/22
                  188.114.112.0/21
                IPv6:
                  2a03:b980::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:1e:c6:df:48:5e:e4:35:07:04:09:70:34:17:ef:d5:4c:be:
         ba:78:e6:54:18:c6:eb:06:78:bd:8f:40:f6:9c:05:22:3f:38:
         ae:96:ff:d2:74:05:16:0b:09:ac:cf:ad:93:1f:18:2f:9e:bb:
         b4:e0:13:44:20:43:73:c7:ae:d6:73:b2:7b:70:68:ce:f1:36:
         bf:7c:22:35:65:89:24:9d:e4:53:fd:42:ef:f0:65:03:3b:c1:
         73:6e:5d:c1:a4:8f:ea:c1:13:b6:f2:bc:30:59:d3:c9:d2:e0:
         78:7c:b3:a5:64:a9:68:58:56:c3:12:d3:c2:6a:f2:73:51:23:
         74:6a:61:df:e8:4f:36:d7:c9:bf:4b:86:93:0e:c5:af:7d:0e:
         fc:6c:99:0e:86:6b:ff:ba:33:3e:42:c5:61:0a:4e:5b:ce:12:
         89:02:ad:15:54:c1:1e:d7:81:9b:2d:4d:a5:9a:f7:1e:5e:89:
         94:90:e8:99:e7:7a:97:c8:e3:31:eb:76:ea:35:c2:22:88:61:
         c2:29:8b:03:24:12:96:5a:85:bd:94:59:3a:e1:c3:8f:09:b6:
         74:b7:20:5a:ad:52:d3:b2:79:73:f3:7c:a5:a2:21:7b:ba:67:
         78:34:d6:44:06:6c:3e:91:d0:b4:12:03:1d:b6:8c:1f:1c:f6:
         d4:49:f1:ec
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZQm2ZImdttKmLLtL9nTYzEJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlNDA2N2Q3N2JmZWE5OWRmMjVjZTVlMDhhOTIxM2QxMTI4
MDE0Y2YwHhcNMjUwMTAyMTE0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWQzNDMyZWY1MjY2MjQzNTk0NDcyMGVmYmMxMmY0MjQzYTdjYjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpQEWvSXfwQLSpwfx02lmMS2U9F8
uCCVLX+9i8VJAmbCDCXp/0RFJ9zT2TtTyvjSLn+aTUZqwCYqttZr9TJC2QhcBY9L
z0nYwXL3D0qNcFrHh3D7aVJ8gk8lECcWPT0uQ9q87ZYxmrLIzRxJMrgzgvjjBp2Q
pvqYzJsHXKcNWOyY3Tate1McvsjLm0G367MsHXOMzdH9qb4zof3213deZHcRNPgH
kU/eRKVbizYbrbXdDzi82lZjla8JpVLccUGbYdN7ZrgLAFLr1Zh5vkG2GP9fi9Ba
GBnRfmLmy8tj+VFRImaj/zjS4Hu+PodEyPY/SrKJMcCLyFkz+Slo540QkwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFGnTQy71JmJDWURyDvvBL0JDp8t1MB8GA1UdIwQY
MBaAFG5AZ9d7/qmd8lzl4IqSE9ESgBTPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmtCbjEzdi1xWjN5WE9YZ2lwSVQwUktBRk04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC81ODllY2EtM2YxOS00ZTIzLWEzZmIt
MzMwM2Y3MTYyMmY5LzEvYWROREx2VW1Za05aUkhJTy04RXZRa09ueTNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC81ODllY2EtM2YxOS00ZTIzLWEzZmItMzMwM2Y3MTYyMmY5
LzEvYmtCbjEzdi1xWjN5WE9YZ2lwSVQwUktBRk04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQAW+MaAwQD
hgAQAwQCuRsgAwQCuSrEAwQCuTVcAwQCuaQsAwQDvHJwMA0EAgACMAcDBQAqA7mA
MA0GCSqGSIb3DQEBCwUAA4IBAQB+HsbfSF7kNQcECXA0F+/VTL66eOZUGMbrBni9
j0D2nAUiPziulv/SdAUWCwmsz62THxgvnru04BNEIENzx67Wc7J7cGjO8Ta/fCI1
ZYkkneRT/ULv8GUDO8Fzbl3BpI/qwRO28rwwWdPJ0uB4fLOlZKloWFbDEtPCavJz
USN0amHf6E8218m/S4aTDsWvfQ78bJkOhmv/ujM+QsVhCk5bzhKJAq0VVMEe14Gb
LU2lmvceXomUkOiZ53qXyOMx63bqNcIiiGHCKYsDJBKWWoW9lFk64cOPCbZ0tyBa
rVLTsnlz83yloiF7umd4NNZEBmw+kdC0EgMdtowfHPbUSfHs
-----END CERTIFICATE-----