Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/QzeYJ0KS9RnXOpGwg30dLB7QNtM.roa
File:                     QzeYJ0KS9RnXOpGwg30dLB7QNtM.roa (raw, json)
Hash identifier:          GvxqUqeToEyuHItwEPwmlJxDN8bC2ihCXeSL11W/nwA=
Subject key identifier:   43:37:98:27:42:92:F5:19:D7:3A:91:B0:83:7D:1D:2C:1E:D0:36:D3
Certificate issuer:       /CN=f5d9a9282c9d2547c566634f3bacccbcf2588827
Certificate serial:       0195AB1EAF4F72BAE7B916861524F2C0D945
Authority key identifier: F5:D9:A9:28:2C:9D:25:47:C5:66:63:4F:3B:AC:CC:BC:F2:58:88:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9dmpKCydJUfFZmNPO6zMvPJYiCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/QzeYJ0KS9RnXOpGwg30dLB7QNtM.roa
Signing time:             Tue 18 Mar 2025 21:17:49 +0000
ROA not before:           Tue 18 Mar 2025 21:17:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35042
IP address blocks:        88.214.25.0/24 maxlen: 24
                          91.228.101.0/24 maxlen: 24
                          185.55.240.0/22 maxlen: 22
                          185.55.243.0/24 maxlen: 24
                          193.24.208.0/22 maxlen: 22
                          193.24.208.0/23 maxlen: 23
                          193.24.210.0/24 maxlen: 24
                          194.24.160.0/24 maxlen: 24
                          2a00:1910::/32 maxlen: 32
                          2a00:1911::/32 maxlen: 32
                          2a00:1912::/32 maxlen: 32
                          2a00:1913::/32 maxlen: 32
                          2a09:8700::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ab:1e:af:4f:72:ba:e7:b9:16:86:15:24:f2:c0:d9:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5d9a9282c9d2547c566634f3bacccbcf2588827
        Validity
            Not Before: Mar 18 21:17:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=433798274292f519d73a91b0837d1d2c1ed036d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:40:a5:39:71:9d:ec:d7:f2:a0:e8:f3:d8:41:
                    ce:ef:71:89:fc:fb:92:6b:f7:e2:3f:fe:cc:c1:c3:
                    a1:63:41:bd:c6:fc:4b:b7:59:f1:01:18:74:1a:82:
                    01:f5:4c:71:ee:f6:40:5c:27:55:01:82:15:e1:b1:
                    02:b4:8d:a1:20:fa:c7:6b:91:9f:86:9a:08:cd:f0:
                    c5:f4:c5:d8:b9:34:dd:a1:bf:a0:e0:fa:56:7b:61:
                    d2:77:d8:ea:52:7d:35:07:aa:c0:0e:3c:40:78:97:
                    79:ea:fa:7e:75:66:b7:23:8e:0c:db:99:3a:9d:bf:
                    f2:07:f0:74:6d:b8:18:08:d1:86:d6:75:9b:a2:8a:
                    2b:1a:94:97:7d:cd:75:3e:11:f2:42:88:9d:4d:a7:
                    28:be:50:b3:3f:38:3b:ff:e3:17:f4:85:1d:46:2b:
                    4f:54:df:48:83:04:07:61:22:af:43:36:a4:50:a1:
                    0f:9d:8e:69:f1:fb:f5:67:a3:62:76:59:c6:c9:32:
                    09:5b:e1:78:4d:8c:83:cf:07:b5:57:72:39:fc:5d:
                    54:f1:9f:61:0d:17:79:2a:b0:97:73:95:20:9b:b5:
                    db:ce:fa:a0:95:4b:45:ed:75:26:01:84:1e:bb:99:
                    a0:90:73:ab:4a:49:1a:15:29:f7:83:39:5f:34:00:
                    21:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:37:98:27:42:92:F5:19:D7:3A:91:B0:83:7D:1D:2C:1E:D0:36:D3
            X509v3 Authority Key Identifier:
                keyid:F5:D9:A9:28:2C:9D:25:47:C5:66:63:4F:3B:AC:CC:BC:F2:58:88:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9dmpKCydJUfFZmNPO6zMvPJYiCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/QzeYJ0KS9RnXOpGwg30dLB7QNtM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/9dmpKCydJUfFZmNPO6zMvPJYiCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.214.25.0/24
                  91.228.101.0/24
                  185.55.240.0/22
                  193.24.208.0/22
                  194.24.160.0/24
                IPv6:
                  2a00:1910::/30
                  2a09:8700::/32

    Signature Algorithm: sha256WithRSAEncryption
         b2:b8:64:0c:51:1f:71:39:0d:a5:96:9c:cd:5c:07:e0:65:c2:
         86:49:ed:c7:b5:c1:c3:15:29:59:3c:89:9b:62:2e:ec:0f:25:
         66:3e:f7:36:8f:89:ea:cc:b3:bf:72:ba:68:e0:6b:d9:13:00:
         43:94:59:e9:fc:e5:b5:1e:3d:19:16:7a:bb:88:2c:cb:3f:31:
         84:0c:9e:40:52:3a:9b:da:8e:df:6e:85:79:df:a9:30:29:d0:
         80:59:fe:26:af:ec:3c:f3:75:b8:09:d0:95:59:58:50:0f:fb:
         11:e2:a6:c7:fd:0b:ff:15:ac:c4:87:f8:c5:bc:ac:6c:c4:6d:
         92:82:e3:16:b8:15:55:d6:bf:45:4f:f9:24:02:cc:b6:d5:8d:
         56:57:1f:65:39:c2:6d:2f:9d:dd:d7:b5:1a:2b:56:e4:ea:f9:
         40:92:b8:e0:95:37:80:b1:8d:95:31:0b:b1:c9:be:34:45:24:
         a6:3b:a0:d4:ca:90:04:b1:d1:16:11:fa:38:71:6e:fd:7d:07:
         ec:14:44:27:94:63:e9:6c:df:7e:8c:97:b3:ab:cf:df:81:d1:
         a3:04:b4:a9:cb:b2:63:76:ee:6d:3b:eb:8a:d9:0a:38:15:61:
         14:10:08:c6:d3:45:83:f8:94:73:36:2e:f9:04:89:b0:31:64:
         34:78:02:9e
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZWrHq9PcrrnuRaGFSTywNlFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZDlhOTI4MmM5ZDI1NDdjNTY2NjM0ZjNiYWNjY2JjZjI1
ODg4MjcwHhcNMjUwMzE4MjExNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzM3OTgyNzQyOTJmNTE5ZDczYTkxYjA4MzdkMWQyYzFlZDAzNmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkClOXGd7NfyoOjz2EHO73GJ/PuS
a/fiP/7MwcOhY0G9xvxLt1nxARh0GoIB9Uxx7vZAXCdVAYIV4bECtI2hIPrHa5Gf
hpoIzfDF9MXYuTTdob+g4PpWe2HSd9jqUn01B6rADjxAeJd56vp+dWa3I44M25k6
nb/yB/B0bbgYCNGG1nWbooorGpSXfc11PhHyQoidTacovlCzPzg7/+MX9IUdRitP
VN9IgwQHYSKvQzakUKEPnY5p8fv1Z6NidlnGyTIJW+F4TYyDzwe1V3I5/F1U8Z9h
DRd5KrCXc5Ugm7XbzvqglUtF7XUmAYQeu5mgkHOrSkkaFSn3gzlfNAAh9QIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFEM3mCdCkvUZ1zqRsIN9HSwe0DbTMB8GA1UdIwQY
MBaAFPXZqSgsnSVHxWZjTzuszLzyWIgnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWRtcEtDeWRKVWZGWm1OUE82ek12UEpZaUNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8wZDA3NTUtMTg5Ny00N2VmLThkZjct
OGNmNDFjYWZkY2UyLzEvUXplWUowS1M5Um5YT3BHd2czMGRMQjdRTnRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8wZDA3NTUtMTg5Ny00N2VmLThkZjctOGNmNDFjYWZkY2Uy
LzEvOWRtcEtDeWRKVWZGWm1OUE82ek12UEpZaUNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAkBAIAATAeAwQAWNYZAwQA
W+RlAwQCuTfwAwQCwRjQAwQAwhigMBQEAgACMA4DBQIqABkQAwUAKgmHADANBgkq
hkiG9w0BAQsFAAOCAQEAsrhkDFEfcTkNpZaczVwH4GXChkntx7XBwxUpWTyJm2Iu
7A8lZj73No+J6syzv3K6aOBr2RMAQ5RZ6fzltR49GRZ6u4gsyz8xhAyeQFI6m9qO
326Fed+pMCnQgFn+Jq/sPPN1uAnQlVlYUA/7EeKmx/0L/xWsxIf4xbysbMRtkoLj
FrgVVda/RU/5JALMttWNVlcfZTnCbS+d3de1GitW5Or5QJK44JU3gLGNlTELscm+
NEUkpjug1MqQBLHRFhH6OHFu/X0H7BREJ5Rj6WzffoyXs6vP34HRowS0qcuyY3bu
bTvritkKOBVhFBAIxtNFg/iUczYu+QSJsDFkNHgCng==
-----END CERTIFICATE-----