Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/bc0a25-933a-4f5a-a5f3-9dcfd2ef3023/1/X3cBm-bUicyfFJqgonvv5YPR0as.roa
File:                     X3cBm-bUicyfFJqgonvv5YPR0as.roa (raw, json)
Hash identifier:          rTFNiYNaR2kyVCJnNKtV2FC0xebNHSVdMCo68CKPbSc=
Subject key identifier:   5F:77:01:9B:E6:D4:89:CC:9F:14:9A:A0:A2:7B:EF:E5:83:D1:D1:AB
Certificate issuer:       /CN=dd5f2e7cc2c687f58c0d1f6132bb2dcfdf38cb64
Certificate serial:       018CC64B500493A1EB32B3818514D6BAEA51
Authority key identifier: DD:5F:2E:7C:C2:C6:87:F5:8C:0D:1F:61:32:BB:2D:CF:DF:38:CB:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3V8ufMLGh_WMDR9hMrstz984y2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/bc0a25-933a-4f5a-a5f3-9dcfd2ef3023/1/X3cBm-bUicyfFJqgonvv5YPR0as.roa
Signing time:             Mon 01 Jan 2024 18:31:13 +0000
ROA not before:           Mon 01 Jan 2024 18:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39402
IP address blocks:        109.75.64.0/24 maxlen: 24
                          109.75.71.0/24 maxlen: 24
                          109.75.69.0/24 maxlen: 24
                          109.75.70.0/24 maxlen: 24
                          109.75.68.0/24 maxlen: 24
                          109.75.66.0/24 maxlen: 24
                          109.75.67.0/24 maxlen: 24
                          109.75.65.0/24 maxlen: 24
                          109.75.73.0/24 maxlen: 24
                          109.75.74.0/24 maxlen: 24
                          109.75.72.0/24 maxlen: 24
                          109.75.78.0/24 maxlen: 24
                          109.75.76.0/24 maxlen: 24
                          109.75.77.0/24 maxlen: 24
                          109.75.75.0/24 maxlen: 24
                          109.75.79.0/24 maxlen: 24
                          185.204.51.0/24 maxlen: 24
                          185.204.50.0/24 maxlen: 24
                          185.204.48.0/24 maxlen: 24
                          185.204.49.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:50:04:93:a1:eb:32:b3:81:85:14:d6:ba:ea:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd5f2e7cc2c687f58c0d1f6132bb2dcfdf38cb64
        Validity
            Not Before: Jan  1 18:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f77019be6d489cc9f149aa0a27befe583d1d1ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:8a:f2:d1:ac:e9:39:c4:00:f0:15:47:a7:00:
                    bc:1a:8d:01:9a:c1:5b:c1:0b:df:59:fa:8e:4a:cc:
                    ec:76:6d:0b:f6:43:d7:5e:dd:c1:7a:c1:e9:7e:ab:
                    79:8c:a6:de:27:0b:25:b4:f9:9f:33:0a:46:f1:69:
                    ef:7f:11:17:fc:a7:38:59:da:4b:ba:54:29:a6:f2:
                    cd:ca:b4:4d:2d:ae:b3:99:7e:db:c3:2f:35:30:41:
                    84:12:fe:87:23:96:9e:a7:ac:d3:5b:07:8c:23:5f:
                    67:8a:c4:d4:81:c9:dc:a5:c0:03:f9:92:91:12:76:
                    77:16:8a:2a:8d:a6:99:48:e0:7a:c4:91:97:d9:8c:
                    6e:78:21:b3:49:28:97:d9:33:5f:92:7e:c2:87:17:
                    0a:2d:9e:88:d5:10:43:9c:97:1d:f7:d9:0a:bc:2f:
                    3f:1a:36:20:b5:1d:2a:3f:53:3a:d7:d6:2c:b0:c5:
                    99:36:1b:04:04:48:59:63:41:40:65:b6:67:94:ab:
                    ed:eb:59:7f:04:77:9b:6e:9d:be:95:44:21:87:80:
                    0c:42:2c:31:62:ca:e4:d2:22:2d:15:11:c3:d2:2f:
                    e7:a2:d0:db:a1:a5:38:7f:a7:af:93:46:5d:dc:49:
                    89:b6:62:5a:f2:18:cd:37:7e:9b:64:7f:7f:ed:f3:
                    8c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:77:01:9B:E6:D4:89:CC:9F:14:9A:A0:A2:7B:EF:E5:83:D1:D1:AB
            X509v3 Authority Key Identifier:
                keyid:DD:5F:2E:7C:C2:C6:87:F5:8C:0D:1F:61:32:BB:2D:CF:DF:38:CB:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3V8ufMLGh_WMDR9hMrstz984y2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/bc0a25-933a-4f5a-a5f3-9dcfd2ef3023/1/X3cBm-bUicyfFJqgonvv5YPR0as.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/bc0a25-933a-4f5a-a5f3-9dcfd2ef3023/1/3V8ufMLGh_WMDR9hMrstz984y2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.75.64.0/20
                  185.204.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:82:b4:c6:72:7b:a4:2d:aa:42:39:b4:26:d7:aa:f4:ae:50:
         a1:07:99:a1:07:f6:fb:15:ab:3f:36:31:88:39:b0:77:db:b6:
         cf:9d:71:4f:ed:38:9d:bd:56:37:45:86:c4:0d:07:34:50:e9:
         69:2c:13:fe:60:65:16:59:fc:f9:36:ac:6e:7f:7b:2b:68:e4:
         16:9c:65:0d:9c:f6:ba:3c:be:a8:54:1f:f4:5a:43:4a:85:03:
         50:4a:eb:da:51:92:e9:ae:c4:ef:93:96:3f:09:e4:dc:22:c5:
         28:71:a9:b9:6f:28:be:df:6a:87:25:8e:7c:6a:c2:1d:cf:6a:
         64:86:1f:96:26:bc:77:e1:a3:aa:17:a6:8c:de:2d:c5:f7:0a:
         65:b1:97:68:01:d3:5e:d4:c8:08:74:bc:f0:b1:1d:e9:ec:d5:
         19:eb:6a:54:c3:46:c8:26:5c:e2:19:f9:39:25:90:10:93:56:
         cb:85:ee:cf:77:3d:16:52:fb:4e:76:aa:2d:a3:ff:85:c1:98:
         56:42:12:50:eb:cb:9e:79:7b:ad:f9:0b:f7:6d:3b:46:d8:6b:
         41:f3:af:04:6c:ae:25:e1:3a:2c:74:8a:eb:8f:dc:43:e3:04:
         a8:d3:8c:62:19:74:bc:70:dc:15:65:9d:dd:8f:2d:de:c3:46:
         74:d0:1f:94
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS1AEk6HrMrOBhRTWuupRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNWYyZTdjYzJjNjg3ZjU4YzBkMWY2MTMyYmIyZGNmZGYz
OGNiNjQwHhcNMjQwMTAxMTgzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Zjc3MDE5YmU2ZDQ4OWNjOWYxNDlhYTBhMjdiZWZlNTgzZDFkMWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIry0azpOcQA8BVHpwC8Go0BmsFb
wQvfWfqOSszsdm0L9kPXXt3BesHpfqt5jKbeJwsltPmfMwpG8WnvfxEX/Kc4WdpL
ulQppvLNyrRNLa6zmX7bwy81MEGEEv6HI5aep6zTWweMI19nisTUgcncpcAD+ZKR
EnZ3FooqjaaZSOB6xJGX2YxueCGzSSiX2TNfkn7ChxcKLZ6I1RBDnJcd99kKvC8/
GjYgtR0qP1M619YssMWZNhsEBEhZY0FAZbZnlKvt61l/BHebbp2+lUQhh4AMQiwx
Ysrk0iItFRHD0i/notDboaU4f6evk0Zd3EmJtmJa8hjNN36bZH9/7fOMNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF93AZvm1InMnxSaoKJ77+WD0dGrMB8GA1UdIwQY
MBaAFN1fLnzCxof1jA0fYTK7Lc/fOMtkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1Y4dWZNTEdoX1dNRFI5aE1yc3R6OTg0eTJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9iYzBhMjUtOTMzYS00ZjVhLWE1ZjMt
OWRjZmQyZWYzMDIzLzEvWDNjQm0tYlVpY3lmRkpxZ29udnY1WVBSMGFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9iYzBhMjUtOTMzYS00ZjVhLWE1ZjMtOWRjZmQyZWYzMDIz
LzEvM1Y4dWZNTEdoX1dNRFI5aE1yc3R6OTg0eTJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEbUtAAwQC
ucwwMA0GCSqGSIb3DQEBCwUAA4IBAQAygrTGcnukLapCObQm16r0rlChB5mhB/b7
Fas/NjGIObB327bPnXFP7TidvVY3RYbEDQc0UOlpLBP+YGUWWfz5Nqxuf3sraOQW
nGUNnPa6PL6oVB/0WkNKhQNQSuvaUZLprsTvk5Y/CeTcIsUocam5byi+32qHJY58
asIdz2pkhh+WJrx34aOqF6aM3i3F9wplsZdoAdNe1MgIdLzwsR3p7NUZ62pUw0bI
JlziGfk5JZAQk1bLhe7Pdz0WUvtOdqoto/+FwZhWQhJQ68ueeXut+Qv3bTtG2GtB
868EbK4l4TosdIrrj9xD4wSo04xiGXS8cNwVZZ3djy3ew0Z00B+U
-----END CERTIFICATE-----