Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/62a947-cfb8-4d3d-b308-41e73c1ebae1/1/k4A3cCl51iCG2KeggiWTAeyxiv8.roa
File:                     k4A3cCl51iCG2KeggiWTAeyxiv8.roa (raw, json)
Hash identifier:          h0SGu5KkNYwSaAJB0Xe4I84XGZJFlf4gg5OKIDobJRs=
Subject key identifier:   93:80:37:70:29:79:D6:20:86:D8:A7:A0:82:25:93:01:EC:B1:8A:FF
Certificate issuer:       /CN=dfb8d9140502c9e035305189bf658234db14f54c
Certificate serial:       01942067D1AD81439360CE7B4AED9BF4F26B
Authority key identifier: DF:B8:D9:14:05:02:C9:E0:35:30:51:89:BF:65:82:34:DB:14:F5:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/37jZFAUCyeA1MFGJv2WCNNsU9Uw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/62a947-cfb8-4d3d-b308-41e73c1ebae1/1/k4A3cCl51iCG2KeggiWTAeyxiv8.roa
Signing time:             Wed 01 Jan 2025 05:47:42 +0000
ROA not before:           Wed 01 Jan 2025 05:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212175
IP address blocks:        79.135.120.0/23 maxlen: 24
                          185.225.9.0/24 maxlen: 24
                          194.110.239.0/24 maxlen: 24
                          212.104.134.0/23 maxlen: 24
                          212.104.138.0/23 maxlen: 24
                          213.254.166.0/23 maxlen: 24
                          213.254.168.0/23 maxlen: 24
                          2a10:9e80::/29 maxlen: 64
                          2a12:df40::/29 maxlen: 64

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:d1:ad:81:43:93:60:ce:7b:4a:ed:9b:f4:f2:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfb8d9140502c9e035305189bf658234db14f54c
        Validity
            Not Before: Jan  1 05:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=938037702979d62086d8a7a082259301ecb18aff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:08:ed:53:22:44:c4:42:1e:97:03:70:04:f5:
                    61:d7:bf:ec:30:08:ac:e8:87:79:69:3e:fc:2a:16:
                    46:b3:1a:c8:08:c9:a6:89:6a:c8:3b:13:fd:79:14:
                    89:9f:4b:40:fa:9a:6a:d1:97:54:05:f6:96:7d:90:
                    51:ca:13:25:3b:f6:43:60:9f:39:cf:d2:51:10:71:
                    33:de:f2:b6:5b:9a:a9:cd:e4:8a:8d:75:01:fc:ca:
                    8e:70:ce:6d:52:6f:c4:81:4d:f3:15:78:43:34:73:
                    9a:51:e5:4c:d6:35:92:08:c7:d1:16:1e:c3:6e:67:
                    8e:6a:1c:a3:2c:07:0e:ba:8a:10:f3:af:bc:b7:3d:
                    10:8a:ec:7f:a6:0f:39:3c:01:64:43:92:d9:4c:e0:
                    ca:7d:19:ad:24:df:22:2c:22:cb:27:90:ce:d2:10:
                    08:3c:5c:08:32:77:f0:52:97:39:f1:af:2c:df:c0:
                    18:e7:40:02:c9:d3:b2:98:51:34:77:82:08:e9:a5:
                    07:95:54:bc:8f:16:40:1f:f4:43:0c:ed:d4:97:45:
                    e6:14:08:1e:df:50:a9:82:61:98:9a:dd:51:4d:5e:
                    47:9c:df:76:0e:3e:4a:0b:e8:97:37:a2:f1:4e:81:
                    19:6d:38:ae:62:42:14:b2:54:6c:bf:23:b8:a2:00:
                    e4:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:80:37:70:29:79:D6:20:86:D8:A7:A0:82:25:93:01:EC:B1:8A:FF
            X509v3 Authority Key Identifier:
                keyid:DF:B8:D9:14:05:02:C9:E0:35:30:51:89:BF:65:82:34:DB:14:F5:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/37jZFAUCyeA1MFGJv2WCNNsU9Uw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/62a947-cfb8-4d3d-b308-41e73c1ebae1/1/k4A3cCl51iCG2KeggiWTAeyxiv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/62a947-cfb8-4d3d-b308-41e73c1ebae1/1/37jZFAUCyeA1MFGJv2WCNNsU9Uw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.135.120.0/23
                  185.225.9.0/24
                  194.110.239.0/24
                  212.104.134.0/23
                  212.104.138.0/23
                  213.254.166.0-213.254.169.255
                IPv6:
                  2a10:9e80::/29
                  2a12:df40::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:13:de:cf:9a:25:85:59:fa:8e:c3:95:18:b9:38:59:cf:fb:
         c1:38:23:4d:16:7d:e1:91:c7:6f:6f:3a:3c:5a:60:83:1e:93:
         26:17:30:11:ec:fd:f6:72:01:dc:e1:8c:1a:e8:01:7f:f9:25:
         57:31:14:19:b2:fb:38:6e:bd:f8:b3:3e:c3:4e:bf:bb:68:ab:
         a1:a1:4b:56:cc:06:0f:95:fb:2d:1a:51:4a:db:55:d9:d5:4d:
         1d:8d:eb:64:c5:74:44:d5:1b:d0:cf:be:8f:12:f1:e9:90:a8:
         bf:7d:bf:d2:7c:a5:21:32:de:21:7a:40:99:bb:bf:45:b3:ba:
         b9:c2:8e:36:8a:4a:ae:b1:4c:90:6b:e0:c9:0e:28:48:ef:fa:
         6f:92:3b:99:c5:6e:9a:29:0c:19:73:95:60:69:5e:04:de:92:
         b1:57:39:c1:74:f7:c5:45:66:13:c6:db:a8:90:fb:81:09:ea:
         9c:c7:77:ba:01:47:b4:e4:e0:07:3b:d4:6b:f6:fe:c6:b1:cb:
         8b:0a:37:6a:9d:f4:a7:56:aa:e7:3b:ec:32:14:dd:27:18:b0:
         38:2c:15:3a:75:de:5a:d6:8f:6c:c1:e4:fa:d9:86:b3:18:b7:
         94:d3:5d:9f:de:4a:1c:c4:f8:aa:e5:20:ac:45:fe:9a:8b:15:
         23:83:ff:48
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZQgZ9GtgUOTYM57Su2b9PJrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYjhkOTE0MDUwMmM5ZTAzNTMwNTE4OWJmNjU4MjM0ZGIx
NGY1NGMwHhcNMjUwMTAxMDU0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzgwMzc3MDI5NzlkNjIwODZkOGE3YTA4MjI1OTMwMWVjYjE4YWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAjtUyJExEIelwNwBPVh17/sMAis
6Id5aT78KhZGsxrICMmmiWrIOxP9eRSJn0tA+ppq0ZdUBfaWfZBRyhMlO/ZDYJ85
z9JREHEz3vK2W5qpzeSKjXUB/MqOcM5tUm/EgU3zFXhDNHOaUeVM1jWSCMfRFh7D
bmeOahyjLAcOuooQ86+8tz0Qiux/pg85PAFkQ5LZTODKfRmtJN8iLCLLJ5DO0hAI
PFwIMnfwUpc58a8s38AY50ACydOymFE0d4II6aUHlVS8jxZAH/RDDO3Ul0XmFAge
31CpgmGYmt1RTV5HnN92Dj5KC+iXN6LxToEZbTiuYkIUslRsvyO4ogDk7QIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFJOAN3ApedYghtinoIIlkwHssYr/MB8GA1UdIwQY
MBaAFN+42RQFAsngNTBRib9lgjTbFPVMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzdqWkZBVUN5ZUExTUZHSnYyV0NOTnNVOVV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82MmE5NDctY2ZiOC00ZDNkLWIzMDgt
NDFlNzNjMWViYWUxLzEvazRBM2NDbDUxaUNHMktlZ2dpV1RBZXl4aXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82MmE5NDctY2ZiOC00ZDNkLWIzMDgtNDFlNzNjMWViYWUx
LzEvMzdqWkZBVUN5ZUExTUZHSnYyV0NOTnNVOVV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjAyBAIAATAsAwQBT4d4AwQA
ueEJAwQAwm7vAwQB1GiGAwQB1GiKMAwDBAHV/qYDBAHV/qgwFAQCAAIwDgMFAyoQ
noADBQMqEt9AMA0GCSqGSIb3DQEBCwUAA4IBAQAJE97PmiWFWfqOw5UYuThZz/vB
OCNNFn3hkcdvbzo8WmCDHpMmFzAR7P32cgHc4Ywa6AF/+SVXMRQZsvs4br34sz7D
Tr+7aKuhoUtWzAYPlfstGlFK21XZ1U0djetkxXRE1RvQz76PEvHpkKi/fb/SfKUh
Mt4hekCZu79Fs7q5wo42ikqusUyQa+DJDihI7/pvkjuZxW6aKQwZc5VgaV4E3pKx
VznBdPfFRWYTxtuokPuBCeqcx3e6AUe05OAHO9Rr9v7GscuLCjdqnfSnVqrnO+wy
FN0nGLA4LBU6dd5a1o9sweT62YazGLeU012f3kocxPiq5SCsRf6aixUjg/9I
-----END CERTIFICATE-----