Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/136492-21de-4ab2-a436-88c2cd00848d/1/2NIjgppmhuxRYrz3DLITLBRmQ5Y.roa
File:                     2NIjgppmhuxRYrz3DLITLBRmQ5Y.roa (raw, json)
Hash identifier:          pfK3DW+mhfPMlrHb+zKcoWL6SLQiJQcLNvXFegBqlig=
Subject key identifier:   D8:D2:23:82:9A:66:86:EC:51:62:BC:F7:0C:B2:13:2C:14:66:43:96
Certificate issuer:       /CN=db0a55a3ed6aaeff9ab02253917ac99d1537026c
Certificate serial:       01942144032EA4936F9572E1C3EF565A5990
Authority key identifier: DB:0A:55:A3:ED:6A:AE:FF:9A:B0:22:53:91:7A:C9:9D:15:37:02:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2wpVo-1qrv-asCJTkXrJnRU3Amw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/136492-21de-4ab2-a436-88c2cd00848d/1/2NIjgppmhuxRYrz3DLITLBRmQ5Y.roa
Signing time:             Wed 01 Jan 2025 09:48:12 +0000
ROA not before:           Wed 01 Jan 2025 09:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34402
IP address blocks:        91.203.52.0/22 maxlen: 22
                          91.203.52.0/24 maxlen: 24
                          91.203.53.0/24 maxlen: 24
                          91.203.54.0/24 maxlen: 24
                          91.203.55.0/24 maxlen: 24
                          91.227.56.0/22 maxlen: 22
                          91.227.56.0/24 maxlen: 24
                          91.227.57.0/24 maxlen: 24
                          91.227.58.0/24 maxlen: 24
                          91.227.59.0/24 maxlen: 24
                          195.225.76.0/22 maxlen: 22
                          195.225.76.0/24 maxlen: 24
                          195.225.77.0/24 maxlen: 24
                          195.225.78.0/24 maxlen: 24
                          195.225.79.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:03:2e:a4:93:6f:95:72:e1:c3:ef:56:5a:59:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db0a55a3ed6aaeff9ab02253917ac99d1537026c
        Validity
            Not Before: Jan  1 09:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8d223829a6686ec5162bcf70cb2132c14664396
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:46:25:34:72:34:20:01:28:73:fd:ab:fc:16:
                    ea:25:b8:3d:17:05:25:e8:5f:ad:c3:ce:92:57:de:
                    77:84:5f:e6:5e:a1:bb:ab:1e:c3:21:0d:93:f2:24:
                    a6:df:4e:aa:ec:4a:c0:82:86:34:af:aa:e3:5c:d8:
                    f8:cb:1b:0b:6a:06:b6:ff:bb:c5:ad:91:9d:5f:99:
                    87:4f:76:81:83:46:5e:42:83:f3:fb:d7:1e:50:b6:
                    15:fd:f4:f1:fa:6b:c3:10:08:7e:87:8d:b6:a8:07:
                    65:7a:1e:f3:c4:d0:ea:e3:7f:95:e3:db:75:4b:1f:
                    fa:b5:75:c3:77:53:31:ab:33:96:11:0f:ce:bc:a2:
                    9f:7d:bf:f5:6b:88:96:e7:2b:cc:49:ca:89:a0:0b:
                    c3:d1:08:36:76:37:31:2e:42:61:5b:93:03:79:d2:
                    4e:02:ee:9c:de:77:16:65:b5:4b:06:ed:28:27:49:
                    ac:11:b3:f9:79:b1:13:5f:9c:66:27:c7:9b:13:33:
                    1d:ce:cc:a6:09:5e:e2:7e:db:16:d0:c9:7b:7c:99:
                    c9:0f:a7:e8:26:d1:3c:ae:d7:92:1f:a4:74:e6:85:
                    9d:75:68:a1:f8:2e:9d:42:44:40:ab:e7:d0:0c:19:
                    2c:e7:bb:a8:3b:7f:f6:1f:03:6e:b5:c9:9a:93:85:
                    42:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:D2:23:82:9A:66:86:EC:51:62:BC:F7:0C:B2:13:2C:14:66:43:96
            X509v3 Authority Key Identifier:
                keyid:DB:0A:55:A3:ED:6A:AE:FF:9A:B0:22:53:91:7A:C9:9D:15:37:02:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2wpVo-1qrv-asCJTkXrJnRU3Amw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/136492-21de-4ab2-a436-88c2cd00848d/1/2NIjgppmhuxRYrz3DLITLBRmQ5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/136492-21de-4ab2-a436-88c2cd00848d/1/2wpVo-1qrv-asCJTkXrJnRU3Amw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.52.0/22
                  91.227.56.0/22
                  195.225.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:86:00:7f:1b:6f:f9:22:9f:3f:e0:ae:ed:9e:61:70:0c:81:
         75:af:04:a3:d7:d1:57:01:c1:1f:29:82:90:d3:5e:19:b6:03:
         95:dd:58:c3:d8:4b:eb:20:09:c5:56:18:6d:a8:35:c1:53:80:
         0e:c0:24:a4:7e:f1:f1:d0:b0:4b:cf:74:88:31:a6:87:7c:89:
         79:76:d7:cb:7f:b2:8a:b7:81:d8:08:89:b2:61:24:bc:9d:e1:
         07:30:41:ec:a6:77:be:c1:00:0a:b1:2a:1e:6a:88:48:dd:96:
         f3:23:ef:74:cf:ab:bd:39:e6:01:5b:8a:8e:0f:bd:96:3c:b3:
         9a:f2:ec:4f:0f:bf:c5:60:ea:93:a8:1f:50:b5:cc:b0:87:64:
         49:b7:ca:14:10:a4:38:87:5f:33:2b:f3:7c:b1:f1:c7:11:50:
         a2:89:a0:12:19:98:94:7f:a9:f4:bd:ea:49:c4:00:47:1a:15:
         80:5e:dd:dd:f8:74:fd:31:ab:1c:9e:9a:15:d1:1f:7f:ac:43:
         4b:63:e0:52:63:d1:fa:59:5d:c2:56:06:b6:a2:cf:7d:87:83:
         db:6d:24:95:22:bd:9d:ca:c3:ce:90:a2:69:f5:95:00:aa:56:
         3c:36:3b:eb:51:5f:f8:48:85:ef:b9:d7:ea:f9:b6:9d:fc:01:
         97:a3:e7:2f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhRAMupJNvlXLhw+9WWlmQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMGE1NWEzZWQ2YWFlZmY5YWIwMjI1MzkxN2FjOTlkMTUz
NzAyNmMwHhcNMjUwMTAxMDk0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGQyMjM4MjlhNjY4NmVjNTE2MmJjZjcwY2IyMTMyYzE0NjY0Mzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEYlNHI0IAEoc/2r/BbqJbg9FwUl
6F+tw86SV953hF/mXqG7qx7DIQ2T8iSm306q7ErAgoY0r6rjXNj4yxsLaga2/7vF
rZGdX5mHT3aBg0ZeQoPz+9ceULYV/fTx+mvDEAh+h422qAdleh7zxNDq43+V49t1
Sx/6tXXDd1MxqzOWEQ/OvKKffb/1a4iW5yvMScqJoAvD0Qg2djcxLkJhW5MDedJO
Au6c3ncWZbVLBu0oJ0msEbP5ebETX5xmJ8ebEzMdzsymCV7iftsW0Ml7fJnJD6fo
JtE8rteSH6R05oWddWih+C6dQkRAq+fQDBks57uoO3/2HwNutcmak4VC3QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNjSI4KaZobsUWK89wyyEywUZkOWMB8GA1UdIwQY
MBaAFNsKVaPtaq7/mrAiU5F6yZ0VNwJsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMndwVm8tMXFydi1hc0NKVGtYckpuUlUzQW13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8xMzY0OTItMjFkZS00YWIyLWE0MzYt
ODhjMmNkMDA4NDhkLzEvMk5JamdwcG1odXhSWXJ6M0RMSVRMQlJtUTVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8xMzY0OTItMjFkZS00YWIyLWE0MzYtODhjMmNkMDA4NDhk
LzEvMndwVm8tMXFydi1hc0NKVGtYckpuUlUzQW13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW8s0AwQC
W+M4AwQCw+FMMA0GCSqGSIb3DQEBCwUAA4IBAQBihgB/G2/5Ip8/4K7tnmFwDIF1
rwSj19FXAcEfKYKQ014ZtgOV3VjD2EvrIAnFVhhtqDXBU4AOwCSkfvHx0LBLz3SI
MaaHfIl5dtfLf7KKt4HYCImyYSS8neEHMEHspne+wQAKsSoeaohI3ZbzI+90z6u9
OeYBW4qOD72WPLOa8uxPD7/FYOqTqB9Qtcywh2RJt8oUEKQ4h18zK/N8sfHHEVCi
iaASGZiUf6n0vepJxABHGhWAXt3d+HT9MascnpoV0R9/rENLY+BSY9H6WV3CVga2
os99h4PbbSSVIr2dysPOkKJp9ZUAqlY8NjvrUV/4SIXvudfq+bad/AGXo+cv
-----END CERTIFICATE-----