Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/7c0f14-5b24-4b1b-8eb5-b4d8c2b7a103/1/8ydVbA0sRc2KQJCu7PF_TgB9YOc.roa
File:                     8ydVbA0sRc2KQJCu7PF_TgB9YOc.roa (raw, json)
Hash identifier:          ldViVOYSsfn20bEs9Oqh1Yf20Me7yZtpfiOBMHbpOTM=
Subject key identifier:   F3:27:55:6C:0D:2C:45:CD:8A:40:90:AE:EC:F1:7F:4E:00:7D:60:E7
Certificate issuer:       /CN=fe31ddef25d96c84b001a2ac5047b04e060a0ac3
Certificate serial:       019424B39F1C574186835BAEF47EE5EC836E
Authority key identifier: FE:31:DD:EF:25:D9:6C:84:B0:01:A2:AC:50:47:B0:4E:06:0A:0A:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_jHd7yXZbISwAaKsUEewTgYKCsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/7c0f14-5b24-4b1b-8eb5-b4d8c2b7a103/1/8ydVbA0sRc2KQJCu7PF_TgB9YOc.roa
Signing time:             Thu 02 Jan 2025 01:48:58 +0000
ROA not before:           Thu 02 Jan 2025 01:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3178
IP address blocks:        5.8.240.0/21 maxlen: 21
                          5.8.240.0/23 maxlen: 23
                          5.8.240.0/24 maxlen: 24
                          5.8.241.0/24 maxlen: 24
                          5.8.242.0/23 maxlen: 23
                          5.8.242.0/24 maxlen: 24
                          5.8.243.0/24 maxlen: 24
                          5.8.244.0/23 maxlen: 23
                          5.8.244.0/24 maxlen: 24
                          5.8.245.0/24 maxlen: 24
                          5.8.246.0/24 maxlen: 24
                          5.8.247.0/24 maxlen: 24
                          185.56.192.0/22 maxlen: 22
                          185.56.192.0/24 maxlen: 24
                          185.56.193.0/24 maxlen: 24
                          185.56.194.0/24 maxlen: 24
                          185.56.195.0/24 maxlen: 24
                          2a01:aa20::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:9f:1c:57:41:86:83:5b:ae:f4:7e:e5:ec:83:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe31ddef25d96c84b001a2ac5047b04e060a0ac3
        Validity
            Not Before: Jan  2 01:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f327556c0d2c45cd8a4090aeecf17f4e007d60e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:50:e2:f9:10:eb:e2:f1:3a:5c:51:f8:a4:cf:
                    00:9b:c6:e1:11:00:b7:f1:6f:d4:6a:bc:58:35:51:
                    09:08:6c:fa:f0:6c:2a:4f:1e:f8:9c:a2:a6:61:02:
                    ba:6f:4f:ce:3b:22:4f:db:41:78:22:03:45:a5:b1:
                    d6:d0:ab:d6:5d:82:04:54:ca:12:6f:0f:69:3f:79:
                    88:15:c4:0a:1f:c9:59:d8:4b:bb:94:91:8e:38:05:
                    fd:9a:1a:f0:29:cb:ac:d5:f4:34:e2:13:d4:31:f9:
                    34:18:6b:48:58:dc:1a:cb:1f:3f:6e:f7:fd:c0:cd:
                    b1:a0:03:66:04:3c:78:e1:57:fa:58:df:f9:7f:ac:
                    4a:37:f0:3a:80:bb:77:34:62:5c:fb:37:eb:f9:c2:
                    03:c9:de:65:be:f2:f4:6c:4b:d6:9b:77:5b:ea:ce:
                    f2:55:f2:e2:cf:dc:e9:bf:ce:9a:3a:26:6c:97:93:
                    a2:84:92:23:8c:07:34:e0:3e:9f:fd:d6:af:ca:43:
                    a6:f2:33:02:4c:3d:50:07:b1:e3:5b:96:b4:47:4f:
                    bd:98:23:ca:d9:56:79:c3:a3:66:c5:f8:b1:6a:b2:
                    a7:53:c6:19:3b:97:57:2f:c6:a3:ef:99:1e:91:3f:
                    4e:46:0c:2a:3c:16:1a:d0:c5:27:e9:05:70:71:40:
                    39:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:27:55:6C:0D:2C:45:CD:8A:40:90:AE:EC:F1:7F:4E:00:7D:60:E7
            X509v3 Authority Key Identifier:
                keyid:FE:31:DD:EF:25:D9:6C:84:B0:01:A2:AC:50:47:B0:4E:06:0A:0A:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_jHd7yXZbISwAaKsUEewTgYKCsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7c0f14-5b24-4b1b-8eb5-b4d8c2b7a103/1/8ydVbA0sRc2KQJCu7PF_TgB9YOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7c0f14-5b24-4b1b-8eb5-b4d8c2b7a103/1/_jHd7yXZbISwAaKsUEewTgYKCsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.240.0/21
                  185.56.192.0/22
                IPv6:
                  2a01:aa20::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:2b:4b:83:8b:12:59:36:aa:4d:28:27:a6:5b:3e:b5:63:fb:
         2c:ed:25:17:41:e6:a7:30:a1:39:03:7d:dc:68:b5:6e:c0:79:
         a4:9e:2d:1c:53:44:a8:3d:c7:cf:b8:74:24:df:b9:da:82:a2:
         f7:24:ac:77:79:76:21:9d:f4:48:0d:03:8c:8f:b9:d3:46:01:
         79:be:79:6a:8e:c8:20:07:ba:b7:f7:c0:c1:92:5c:82:0e:dd:
         15:95:c2:c0:06:75:47:91:0d:ef:ad:db:5b:31:f4:79:1f:7b:
         ff:5b:a9:33:0d:00:cc:6a:0a:cd:02:3c:31:82:9a:d3:8b:66:
         78:74:98:ce:b1:05:ee:ac:36:20:7d:cb:b3:ea:bc:2a:74:7f:
         97:cc:01:6b:48:de:01:7d:d4:65:e9:43:9c:85:e9:0c:a5:69:
         1a:b4:f8:32:ff:ef:31:e0:78:f0:a2:e0:91:8a:64:35:da:55:
         8a:b2:e7:b3:49:5d:59:f1:c5:43:fe:91:9c:6b:df:17:ce:a0:
         dd:f9:69:fc:a6:ac:bb:1e:00:f3:f7:79:74:d4:96:17:90:35:
         2b:b4:a6:37:16:99:d7:dc:93:32:62:2c:db:35:86:79:de:92:
         aa:1a:11:95:18:4c:86:0c:55:19:2d:73:5b:a3:33:c6:42:b5:
         54:91:20:15
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQks58cV0GGg1uu9H7l7INuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlMzFkZGVmMjVkOTZjODRiMDAxYTJhYzUwNDdiMDRlMDYw
YTBhYzMwHhcNMjUwMTAyMDE0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzI3NTU2YzBkMmM0NWNkOGE0MDkwYWVlY2YxN2Y0ZTAwN2Q2MGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFDi+RDr4vE6XFH4pM8Am8bhEQC3
8W/UarxYNVEJCGz68GwqTx74nKKmYQK6b0/OOyJP20F4IgNFpbHW0KvWXYIEVMoS
bw9pP3mIFcQKH8lZ2Eu7lJGOOAX9mhrwKcus1fQ04hPUMfk0GGtIWNwayx8/bvf9
wM2xoANmBDx44Vf6WN/5f6xKN/A6gLt3NGJc+zfr+cIDyd5lvvL0bEvWm3db6s7y
VfLiz9zpv86aOiZsl5OihJIjjAc04D6f/davykOm8jMCTD1QB7HjW5a0R0+9mCPK
2VZ5w6NmxfixarKnU8YZO5dXL8aj75kekT9ORgwqPBYa0MUn6QVwcUA54wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPMnVWwNLEXNikCQruzxf04AfWDnMB8GA1UdIwQY
MBaAFP4x3e8l2WyEsAGirFBHsE4GCgrDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2pIZDd5WFpiSVN3QWFLc1VFZXdUZ1lLQ3NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy83YzBmMTQtNWIyNC00YjFiLThlYjUt
YjRkOGMyYjdhMTAzLzEvOHlkVmJBMHNSYzJLUUpDdTdQRl9UZ0I5WU9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy83YzBmMTQtNWIyNC00YjFiLThlYjUtYjRkOGMyYjdhMTAz
LzEvX2pIZDd5WFpiSVN3QWFLc1VFZXdUZ1lLQ3NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDBQjwAwQC
uTjAMA0EAgACMAcDBQAqAaogMA0GCSqGSIb3DQEBCwUAA4IBAQB9K0uDixJZNqpN
KCemWz61Y/ss7SUXQeanMKE5A33caLVuwHmkni0cU0SoPcfPuHQk37nagqL3JKx3
eXYhnfRIDQOMj7nTRgF5vnlqjsggB7q398DBklyCDt0VlcLABnVHkQ3vrdtbMfR5
H3v/W6kzDQDMagrNAjwxgprTi2Z4dJjOsQXurDYgfcuz6rwqdH+XzAFrSN4BfdRl
6UOchekMpWkatPgy/+8x4HjwouCRimQ12lWKsuezSV1Z8cVD/pGca98XzqDd+Wn8
pqy7HgDz93l01JYXkDUrtKY3FpnX3JMyYizbNYZ53pKqGhGVGEyGDFUZLXNbozPG
QrVUkSAV
-----END CERTIFICATE-----