Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/rnLRbw52CzKSJxyxpDTzKpdTFJ8.roa
File:                     rnLRbw52CzKSJxyxpDTzKpdTFJ8.roa (raw, json)
Hash identifier:          4yG2FzsgapHYgeVqYL9yk6hbKBsIDEwyj9M6/JQHK0g=
Subject key identifier:   AE:72:D1:6F:0E:76:0B:32:92:27:1C:B1:A4:34:F3:2A:97:53:14:9F
Certificate issuer:       /CN=e501815c6f98f3a2b6184afebf18ea341be882ea
Certificate serial:       0194D2D86CF280CD171FAA3A598D39C02D3D
Authority key identifier: E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/rnLRbw52CzKSJxyxpDTzKpdTFJ8.roa
Signing time:             Tue 04 Feb 2025 21:23:06 +0000
ROA not before:           Tue 04 Feb 2025 21:23:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15755
IP address blocks:        185.35.21.0/24 maxlen: 24
                          185.35.22.0/24 maxlen: 24
                          185.96.168.0/24 maxlen: 24
                          185.96.171.0/24 maxlen: 24
                          185.203.32.0/24 maxlen: 24
                          185.203.33.0/24 maxlen: 24
                          185.203.34.0/24 maxlen: 24
                          185.203.35.0/24 maxlen: 24
                          2a00:7300::/32 maxlen: 32
                          2a00:7300::/48 maxlen: 48
                          2a0a:e0c0::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:d2:d8:6c:f2:80:cd:17:1f:aa:3a:59:8d:39:c0:2d:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e501815c6f98f3a2b6184afebf18ea341be882ea
        Validity
            Not Before: Feb  4 21:23:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae72d16f0e760b3292271cb1a434f32a9753149f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d2:8c:2b:b8:ad:dd:ec:00:fd:c3:de:55:cc:
                    53:7f:e1:1e:24:cd:33:ba:c6:ff:83:e2:5b:c3:f0:
                    33:9e:52:00:0f:7b:84:d7:fa:17:80:df:d7:16:c6:
                    c9:b4:33:2b:c6:9e:4e:bb:0f:3d:50:0f:23:52:fe:
                    a8:2b:ec:5e:38:e6:9e:32:ba:9d:e9:2a:c5:9e:9f:
                    6f:21:70:90:dd:bb:40:b7:52:79:27:83:2b:78:0a:
                    e9:29:8e:a6:99:fc:85:63:cc:2c:0e:c9:8f:32:1f:
                    a7:3f:73:59:15:c2:5a:76:3a:c2:3f:61:88:73:75:
                    05:fa:a9:d1:a3:cf:fc:f3:42:23:23:0c:48:57:a9:
                    3f:fc:e6:cd:4b:60:1c:5a:dc:6d:82:3d:77:69:d8:
                    d8:7b:0b:2e:64:07:19:3b:d1:9c:62:0d:f3:97:dd:
                    b3:12:6f:76:97:0c:a2:de:f0:f0:56:8f:a8:84:6c:
                    d2:cb:07:18:ac:5d:63:e9:ff:68:a6:07:1a:f1:38:
                    05:8d:b8:8f:bb:47:0f:b8:5d:60:02:26:20:63:48:
                    de:5d:86:ff:58:62:36:9d:ad:8e:6e:9e:5a:16:eb:
                    b4:63:bb:80:c0:48:4a:cc:bb:a0:ff:81:6d:7d:3e:
                    41:5d:a9:62:bf:5e:79:48:0e:a5:c3:9e:6e:2c:89:
                    eb:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:72:D1:6F:0E:76:0B:32:92:27:1C:B1:A4:34:F3:2A:97:53:14:9F
            X509v3 Authority Key Identifier:
                keyid:E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/rnLRbw52CzKSJxyxpDTzKpdTFJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/5QGBXG-Y86K2GEr-vxjqNBvoguo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.35.21.0-185.35.22.255
                  185.96.168.0/24
                  185.96.171.0/24
                  185.203.32.0/22
                IPv6:
                  2a00:7300::/32
                  2a0a:e0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:79:a2:eb:4f:53:a6:e0:53:13:b7:4e:45:f1:87:3d:be:e0:
         e0:3a:d7:8a:f0:d5:1e:1c:04:9e:c6:36:ba:0f:4f:64:a0:07:
         6c:8a:0f:55:cb:97:7e:a9:a1:3c:2d:69:ab:e6:08:c2:77:5d:
         4a:af:be:10:34:c2:9a:36:dc:ee:42:dd:73:32:82:be:70:11:
         69:53:fd:88:60:7e:6e:12:fc:60:9c:fd:42:86:7e:47:75:cf:
         22:33:69:bc:73:fb:6b:a9:2e:3b:db:cd:dc:3d:27:bc:4c:4e:
         86:db:05:7f:0c:91:82:3d:17:8a:df:d1:b2:de:72:d3:53:b4:
         c2:ed:02:25:8e:54:92:71:be:7e:d8:3b:39:c8:2e:d0:f5:d8:
         3d:0d:a2:4b:70:6f:bc:61:72:e5:9a:f1:91:6e:b2:0d:ef:25:
         85:f7:5a:89:0c:4d:c6:30:9b:e5:19:3f:18:fe:b9:5c:b9:f0:
         43:56:ee:54:0a:e1:c4:1f:25:90:98:56:36:58:ef:9d:24:5e:
         21:54:21:a5:ab:89:66:73:03:d9:d6:e5:82:74:06:52:dc:98:
         d9:18:db:3b:b5:8b:05:fa:57:26:81:e7:9b:1e:37:13:98:3b:
         88:7d:c2:da:86:e5:51:d7:55:28:21:74:6c:e7:74:dd:8e:45:
         88:8d:a8:a6
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZTS2GzygM0XH6o6WY05wC09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MDE4MTVjNmY5OGYzYTJiNjE4NGFmZWJmMThlYTM0MWJl
ODgyZWEwHhcNMjUwMjA0MjEyMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTcyZDE2ZjBlNzYwYjMyOTIyNzFjYjFhNDM0ZjMyYTk3NTMxNDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydKMK7it3ewA/cPeVcxTf+EeJM0z
usb/g+Jbw/AznlIAD3uE1/oXgN/XFsbJtDMrxp5Ouw89UA8jUv6oK+xeOOaeMrqd
6SrFnp9vIXCQ3btAt1J5J4MreArpKY6mmfyFY8wsDsmPMh+nP3NZFcJadjrCP2GI
c3UF+qnRo8/880IjIwxIV6k//ObNS2AcWtxtgj13adjYewsuZAcZO9GcYg3zl92z
Em92lwyi3vDwVo+ohGzSywcYrF1j6f9opgca8TgFjbiPu0cPuF1gAiYgY0jeXYb/
WGI2na2Obp5aFuu0Y7uAwEhKzLug/4FtfT5BXaliv155SA6lw55uLInrnwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFK5y0W8OdgsykiccsaQ08yqXUxSfMB8GA1UdIwQY
MBaAFOUBgVxvmPOithhK/r8Y6jQb6ILqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVFHQlhHLVk4NksyR0VyLXZ4anFOQnZvZ3VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81YjAyMjItZWQ2NC00ZjU1LWI0NWIt
MDA1OWY3MzdlZjA1LzEvcm5MUmJ3NTJDektTSnh5eHBEVHpLcGRURko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81YjAyMjItZWQ2NC00ZjU1LWI0NWItMDA1OWY3MzdlZjA1
LzEvNVFHQlhHLVk4NksyR0VyLXZ4anFOQnZvZ3VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAmBAIAATAgMAwDBAC5IxUD
BAC5IxYDBAC5YKgDBAC5YKsDBAK5yyAwFAQCAAIwDgMFACoAcwADBQMqCuDAMA0G
CSqGSIb3DQEBCwUAA4IBAQCGeaLrT1Om4FMTt05F8Yc9vuDgOteK8NUeHASexja6
D09koAdsig9Vy5d+qaE8LWmr5gjCd11Kr74QNMKaNtzuQt1zMoK+cBFpU/2IYH5u
EvxgnP1Chn5Hdc8iM2m8c/trqS47283cPSe8TE6G2wV/DJGCPReK39Gy3nLTU7TC
7QIljlSScb5+2Ds5yC7Q9dg9DaJLcG+8YXLlmvGRbrIN7yWF91qJDE3GMJvlGT8Y
/rlcufBDVu5UCuHEHyWQmFY2WO+dJF4hVCGlq4lmcwPZ1uWCdAZS3JjZGNs7tYsF
+lcmgeebHjcTmDuIfcLahuVR11UoIXRs53TdjkWIjaim
-----END CERTIFICATE-----