Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/9K541zTwKzkXQVxivY6RtgnMtfc.roa
File:                     9K541zTwKzkXQVxivY6RtgnMtfc.roa (raw, json)
Hash identifier:          2IzU5yJObIbCyE/+ehHr5lv63aMpYtOrcZkh+bZRUaU=
Subject key identifier:   F4:AE:78:D7:34:F0:2B:39:17:41:5C:62:BD:8E:91:B6:09:CC:B5:F7
Certificate issuer:       /CN=0195727f07b758f9868476c13cf977654bf380ee
Certificate serial:       019423D6B009D2ACA59F3160D9EEFC315C27
Authority key identifier: 01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/9K541zTwKzkXQVxivY6RtgnMtfc.roa
Signing time:             Wed 01 Jan 2025 21:47:39 +0000
ROA not before:           Wed 01 Jan 2025 21:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5547
IP address blocks:        46.254.240.0/22 maxlen: 22
                          46.254.240.0/24 maxlen: 24
                          46.254.241.0/24 maxlen: 24
                          46.254.242.0/24 maxlen: 24
                          46.254.243.0/24 maxlen: 24
                          46.254.244.0/23 maxlen: 23
                          46.254.244.0/24 maxlen: 24
                          46.254.245.0/24 maxlen: 24
                          77.243.120.0/24 maxlen: 32
                          77.243.121.0/24 maxlen: 24
                          77.243.122.0/24 maxlen: 24
                          77.243.123.0/24 maxlen: 24
                          77.243.124.0/23 maxlen: 23
                          77.243.124.0/24 maxlen: 24
                          77.243.125.0/24 maxlen: 24
                          77.243.127.0/24 maxlen: 24
                          185.14.71.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:b0:09:d2:ac:a5:9f:31:60:d9:ee:fc:31:5c:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0195727f07b758f9868476c13cf977654bf380ee
        Validity
            Not Before: Jan  1 21:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4ae78d734f02b3917415c62bd8e91b609ccb5f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c9:ee:a2:98:ff:b3:8c:be:5e:c4:85:61:7a:
                    4a:58:25:b8:ae:83:a9:a1:3a:80:d2:de:96:ec:4d:
                    2a:60:bb:8d:36:d6:ef:8a:8c:09:98:47:da:f1:1a:
                    e3:ba:85:14:3e:da:71:ed:eb:a6:7f:d1:33:43:b2:
                    19:27:85:06:66:76:1c:60:f1:68:eb:6c:3d:b5:10:
                    f5:51:bb:98:20:73:07:16:d8:11:7f:c9:b9:d4:20:
                    9a:4d:1e:b4:43:86:e0:83:7c:47:60:33:f2:5b:3a:
                    55:a3:6a:af:e9:f6:a2:87:6c:62:f0:86:0c:5b:ea:
                    b2:bc:c9:8d:b5:ec:c0:38:f9:e6:b3:57:12:31:7d:
                    12:a6:70:b2:02:f0:80:8f:e0:e0:69:51:73:76:7d:
                    ca:ea:e4:ae:2c:88:3f:b0:06:df:a7:5c:35:d3:f9:
                    83:81:25:24:a0:c7:43:80:8f:b7:4f:57:f8:d9:8a:
                    76:4e:20:3a:35:d1:7a:c6:67:4e:33:86:f8:2b:9e:
                    1c:30:69:db:8e:cf:0d:81:a0:09:5a:7e:59:df:fa:
                    b1:53:0c:06:cc:d2:2f:e9:b5:92:59:91:71:97:b7:
                    83:01:02:f5:64:1c:da:31:db:b5:b1:cd:1d:d3:be:
                    00:d3:95:ec:5e:ad:40:38:87:2f:44:52:12:5c:61:
                    d1:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:AE:78:D7:34:F0:2B:39:17:41:5C:62:BD:8E:91:B6:09:CC:B5:F7
            X509v3 Authority Key Identifier:
                keyid:01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/9K541zTwKzkXQVxivY6RtgnMtfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.240.0-46.254.245.255
                  77.243.120.0-77.243.125.255
                  77.243.127.0/24
                  185.14.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:90:16:f3:f4:7e:3e:17:52:46:12:06:6f:b8:79:46:da:0e:
         0d:90:35:e5:76:55:aa:44:40:ac:0f:44:77:6c:69:8f:41:bf:
         f4:bb:ca:98:f1:d3:48:46:57:20:db:7b:77:d4:31:79:bc:14:
         c7:a9:5d:82:e1:43:02:03:52:e3:b3:57:d2:7a:65:8c:a9:93:
         e5:08:ab:c6:b7:93:56:b9:6d:01:6d:a7:64:82:99:20:71:b9:
         e7:c3:1a:e2:a8:62:e5:83:0c:05:75:36:37:f9:16:61:b1:97:
         43:73:35:0f:ff:76:a7:3f:37:ac:e8:eb:5b:1b:5a:1a:f9:2c:
         d7:c7:32:17:2c:06:52:57:d8:a3:d1:c8:33:62:f5:a4:7a:84:
         17:32:19:9d:68:fb:aa:13:6a:38:72:c2:b5:e9:e3:9d:2c:c6:
         4b:e9:b4:e0:e5:e3:81:f3:a8:ec:06:a8:6a:62:20:c3:4f:9b:
         6a:8a:d6:16:13:32:87:81:32:73:6c:be:06:33:c0:ee:87:18:
         00:82:ac:f7:4a:23:5d:2f:73:9c:8a:17:ab:68:6d:ae:1a:10:
         17:3b:dd:59:fb:d4:26:84:b3:92:c6:11:97:de:a0:4b:0d:8b:
         20:9c:c4:e3:31:2f:da:55:b9:94:2d:7d:dd:88:97:52:1a:7b:
         f8:a7:ce:51
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZQj1rAJ0qylnzFg2e78MVwnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOTU3MjdmMDdiNzU4Zjk4Njg0NzZjMTNjZjk3NzY1NGJm
MzgwZWUwHhcNMjUwMTAxMjE0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGFlNzhkNzM0ZjAyYjM5MTc0MTVjNjJiZDhlOTFiNjA5Y2NiNWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcnuopj/s4y+XsSFYXpKWCW4roOp
oTqA0t6W7E0qYLuNNtbviowJmEfa8RrjuoUUPtpx7eumf9EzQ7IZJ4UGZnYcYPFo
62w9tRD1UbuYIHMHFtgRf8m51CCaTR60Q4bgg3xHYDPyWzpVo2qv6faih2xi8IYM
W+qyvMmNtezAOPnms1cSMX0SpnCyAvCAj+DgaVFzdn3K6uSuLIg/sAbfp1w10/mD
gSUkoMdDgI+3T1f42Yp2TiA6NdF6xmdOM4b4K54cMGnbjs8NgaAJWn5Z3/qxUwwG
zNIv6bWSWZFxl7eDAQL1ZBzaMdu1sc0d074A05XsXq1AOIcvRFISXGHRRwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFPSueNc08Cs5F0FcYr2OkbYJzLX3MB8GA1UdIwQY
MBaAFAGVcn8Ht1j5hoR2wTz5d2VL84DuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAt
NjQ4MzhkZjM5NzdhLzEvOUs1NDF6VHdLemtYUVZ4aXZZNlJ0Z25NdGZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAtNjQ4MzhkZjM5Nzdh
LzEvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBAQu/vAD
BAEu/vQwDAMEA03zeAMEAU3zfAMEAE3zfwMEALkORzANBgkqhkiG9w0BAQsFAAOC
AQEAfZAW8/R+PhdSRhIGb7h5RtoODZA15XZVqkRArA9Ed2xpj0G/9LvKmPHTSEZX
INt7d9QxebwUx6ldguFDAgNS47NX0npljKmT5QirxreTVrltAW2nZIKZIHG558Ma
4qhi5YMMBXU2N/kWYbGXQ3M1D/92pz83rOjrWxtaGvks18cyFywGUlfYo9HIM2L1
pHqEFzIZnWj7qhNqOHLCtenjnSzGS+m04OXjgfOo7AaoamIgw0+baorWFhMyh4Ey
c2y+BjPA7ocYAIKs90ojXS9znIoXq2htrhoQFzvdWfvUJoSzksYRl96gSw2LIJzE
4zEv2lW5lC193YiXUhp7+KfOUQ==
-----END CERTIFICATE-----