Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/7e4f08-6730-4051-9792-494f4c4da426/1/572na8_zoYemqPBejFGMRRPd8ps.roa
File:                     572na8_zoYemqPBejFGMRRPd8ps.roa (raw, json)
Hash identifier:          vVsm+nWWBvjJ+3tIYusnSlDq71JJ2TZXjTfrysKXq88=
Subject key identifier:   E7:BD:A7:6B:CF:F3:A1:87:A6:A8:F0:5E:8C:51:8C:45:13:DD:F2:9B
Certificate issuer:       /CN=1d0672c99f87f05cd83f0b627d31871fe80be01f
Certificate serial:       01941FFA87E5B79E63318249C27044B64068
Authority key identifier: 1D:06:72:C9:9F:87:F0:5C:D8:3F:0B:62:7D:31:87:1F:E8:0B:E0:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQZyyZ-H8FzYPwtifTGHH-gL4B8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/7e4f08-6730-4051-9792-494f4c4da426/1/572na8_zoYemqPBejFGMRRPd8ps.roa
Signing time:             Wed 01 Jan 2025 03:48:19 +0000
ROA not before:           Wed 01 Jan 2025 03:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28919
IP address blocks:        77.223.0.0/22 maxlen: 24
                          80.93.32.0/20 maxlen: 24
                          86.111.56.0/22 maxlen: 24
                          89.41.128.0/21 maxlen: 24
                          94.24.56.0/21 maxlen: 24
                          185.66.48.0/22 maxlen: 24
                          185.163.144.0/22 maxlen: 24
                          185.164.112.0/22 maxlen: 24
                          213.182.224.0/19 maxlen: 24
                          2a03:c680::/29 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:87:e5:b7:9e:63:31:82:49:c2:70:44:b6:40:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d0672c99f87f05cd83f0b627d31871fe80be01f
        Validity
            Not Before: Jan  1 03:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7bda76bcff3a187a6a8f05e8c518c4513ddf29b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:74:8a:45:41:aa:25:ed:2e:80:66:37:4d:e0:
                    8e:6f:4f:76:be:4e:cb:c3:42:19:99:52:d4:63:bb:
                    ed:82:6e:23:f3:bb:a9:c3:43:82:ef:46:5b:fc:68:
                    19:37:61:47:47:b7:92:ff:96:ac:a3:06:68:95:52:
                    a9:d3:5f:f7:5a:fe:e5:c4:4f:25:9a:b4:c6:76:60:
                    b5:f4:80:c8:39:ef:e8:7b:7a:10:d1:5e:58:25:24:
                    90:b0:73:f0:75:de:46:ad:79:92:31:d6:ee:b1:35:
                    bd:e1:ba:90:64:5f:f9:79:f9:5e:ec:9e:f2:61:67:
                    e7:bd:d0:ee:fa:eb:10:e5:4f:ec:e7:65:b9:be:54:
                    49:89:8b:67:f1:39:08:3c:e5:40:cd:37:8c:98:6f:
                    64:99:01:b7:a2:4e:75:c1:31:4b:4c:ff:3a:9a:48:
                    cb:5c:12:85:56:2a:ac:09:ee:d3:e7:df:e1:98:bd:
                    e2:68:d6:66:3b:cf:02:8b:3f:91:1d:d1:24:6b:90:
                    11:ec:15:75:ff:9b:aa:0e:11:4b:2d:91:df:59:54:
                    fe:e7:04:75:79:1b:cb:43:2b:49:c3:2b:28:5e:a3:
                    d1:6c:38:71:a8:cc:e9:ce:02:ce:6e:f7:7b:2b:70:
                    d9:45:be:6f:0f:ed:e8:c4:1b:f8:9a:91:b4:c9:b5:
                    35:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:BD:A7:6B:CF:F3:A1:87:A6:A8:F0:5E:8C:51:8C:45:13:DD:F2:9B
            X509v3 Authority Key Identifier:
                keyid:1D:06:72:C9:9F:87:F0:5C:D8:3F:0B:62:7D:31:87:1F:E8:0B:E0:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQZyyZ-H8FzYPwtifTGHH-gL4B8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/7e4f08-6730-4051-9792-494f4c4da426/1/572na8_zoYemqPBejFGMRRPd8ps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/7e4f08-6730-4051-9792-494f4c4da426/1/HQZyyZ-H8FzYPwtifTGHH-gL4B8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.223.0.0/22
                  80.93.32.0/20
                  86.111.56.0/22
                  89.41.128.0/21
                  94.24.56.0/21
                  185.66.48.0/22
                  185.163.144.0/22
                  185.164.112.0/22
                  213.182.224.0/19
                IPv6:
                  2a03:c680::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:c5:f3:25:8f:5e:e7:e2:c0:87:33:35:72:3c:7d:e1:22:20:
         56:49:cd:83:ac:85:47:36:7d:e7:54:57:ba:0b:bc:81:52:a8:
         a7:de:6a:ab:61:64:3b:9a:a5:ef:6b:4e:9c:47:27:3b:b0:a6:
         51:13:f1:b3:7c:a3:5b:98:42:d3:6d:d2:d7:48:ff:01:8b:92:
         43:ea:22:3e:c7:82:67:73:66:cd:08:c6:5b:c4:1f:29:c7:e4:
         3d:52:64:67:80:2a:83:ff:6d:58:f8:b7:3a:35:7d:5b:cf:42:
         53:b2:fc:b6:f0:26:d1:f4:0f:f7:ad:6d:ca:99:1d:38:3c:2b:
         17:18:6c:19:70:2f:42:3a:04:16:d0:9b:f2:3f:85:52:bc:0e:
         5d:e4:3e:83:f9:d6:f9:18:0c:cf:ac:0f:98:29:f6:f5:5b:1e:
         a9:81:27:8e:46:5e:a6:4c:11:25:4a:b8:da:ec:38:a5:bd:ae:
         e0:12:c1:21:a6:e5:02:c7:33:7d:1d:c6:78:70:33:ff:55:b5:
         76:cf:09:d4:2b:14:27:a7:19:bd:55:bf:94:c5:da:c4:e2:26:
         f0:71:74:07:54:1a:6d:58:5a:23:5a:6f:1e:5f:15:d4:c1:f0:
         37:42:cf:68:ae:ed:01:99:d9:db:f3:aa:09:af:64:ee:c4:fb:
         02:18:7f:02
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZQf+oflt55jMYJJwnBEtkBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDY3MmM5OWY4N2YwNWNkODNmMGI2MjdkMzE4NzFmZTgw
YmUwMWYwHhcNMjUwMTAxMDM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2JkYTc2YmNmZjNhMTg3YTZhOGYwNWU4YzUxOGM0NTEzZGRmMjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnSKRUGqJe0ugGY3TeCOb092vk7L
w0IZmVLUY7vtgm4j87upw0OC70Zb/GgZN2FHR7eS/5asowZolVKp01/3Wv7lxE8l
mrTGdmC19IDIOe/oe3oQ0V5YJSSQsHPwdd5GrXmSMdbusTW94bqQZF/5efle7J7y
YWfnvdDu+usQ5U/s52W5vlRJiYtn8TkIPOVAzTeMmG9kmQG3ok51wTFLTP86mkjL
XBKFViqsCe7T59/hmL3iaNZmO88Ciz+RHdEka5AR7BV1/5uqDhFLLZHfWVT+5wR1
eRvLQytJwysoXqPRbDhxqMzpzgLObvd7K3DZRb5vD+3oxBv4mpG0ybU1lwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFOe9p2vP86GHpqjwXoxRjEUT3fKbMB8GA1UdIwQY
MBaAFB0Gcsmfh/Bc2D8LYn0xhx/oC+AfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFaeXlaLUg4RnpZUHd0aWZUR0hILWdMNEI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi83ZTRmMDgtNjczMC00MDUxLTk3OTIt
NDk0ZjRjNGRhNDI2LzEvNTcybmE4X3pvWWVtcVBCZWpGR01SUlBkOHBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi83ZTRmMDgtNjczMC00MDUxLTk3OTItNDk0ZjRjNGRhNDI2
LzEvSFFaeXlaLUg4RnpZUHd0aWZUR0hILWdMNEI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQCTd8AAwQE
UF0gAwQCVm84AwQDWSmAAwQDXhg4AwQCuUIwAwQCuaOQAwQCuaRwAwQF1bbgMA0E
AgACMAcDBQMqA8aAMA0GCSqGSIb3DQEBCwUAA4IBAQAHxfMlj17n4sCHMzVyPH3h
IiBWSc2DrIVHNn3nVFe6C7yBUqin3mqrYWQ7mqXva06cRyc7sKZRE/GzfKNbmELT
bdLXSP8Bi5JD6iI+x4Jnc2bNCMZbxB8px+Q9UmRngCqD/21Y+Lc6NX1bz0JTsvy2
8CbR9A/3rW3KmR04PCsXGGwZcC9COgQW0JvyP4VSvA5d5D6D+db5GAzPrA+YKfb1
Wx6pgSeORl6mTBElSrja7Dilva7gEsEhpuUCxzN9HcZ4cDP/VbV2zwnUKxQnpxm9
Vb+UxdrE4ibwcXQHVBptWFojWm8eXxXUwfA3Qs9oru0Bmdnb86oJr2TuxPsCGH8C
-----END CERTIFICATE-----