Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/8Fk9kDKNu_wHTuVpwQ1FTDYEEUM.roa
File:                     8Fk9kDKNu_wHTuVpwQ1FTDYEEUM.roa (raw, json)
Hash identifier:          R9lk1OKBJor+p6Fk8Cm9760Y52YkNlkiK4HwLBjauEw=
Subject key identifier:   F0:59:3D:90:32:8D:BB:FC:07:4E:E5:69:C1:0D:45:4C:36:04:11:43
Certificate issuer:       /CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
Certificate serial:       0194221F41974A8C11FC0B81473C5371CE7D
Authority key identifier: BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/8Fk9kDKNu_wHTuVpwQ1FTDYEEUM.roa
Signing time:             Wed 01 Jan 2025 13:47:41 +0000
ROA not before:           Wed 01 Jan 2025 13:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29314
IP address blocks:        109.232.24.0/22 maxlen: 22
                          185.13.168.0/22 maxlen: 22
                          213.92.128.0/17 maxlen: 17
                          213.92.128.0/18 maxlen: 18
                          213.92.160.0/19 maxlen: 19
                          213.92.192.0/18 maxlen: 18
                          213.156.96.0/22 maxlen: 22
                          213.156.104.0/22 maxlen: 22
                          213.156.108.0/22 maxlen: 22
                          213.156.112.0/22 maxlen: 22
                          213.156.116.0/22 maxlen: 22
                          213.156.120.0/22 maxlen: 22
                          213.156.124.0/22 maxlen: 22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:41:97:4a:8c:11:fc:0b:81:47:3c:53:71:ce:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
        Validity
            Not Before: Jan  1 13:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0593d90328dbbfc074ee569c10d454c36041143
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:18:9d:4c:a1:0d:6a:9c:60:59:5c:4d:f8:78:
                    2b:0c:13:af:d5:a5:f9:ec:18:d8:0e:3f:3a:d1:45:
                    a6:0d:6e:f8:28:9c:26:80:10:62:28:2d:7f:2a:76:
                    93:82:81:78:63:4a:4b:e5:0b:22:b1:49:5a:4e:1c:
                    5a:3b:fe:0b:d4:e6:d6:fa:ad:18:f2:67:c0:35:07:
                    b5:83:0e:98:6e:13:f9:d4:41:ed:83:3c:e7:10:92:
                    ca:21:74:eb:a3:a1:ae:cf:7e:05:da:dc:65:32:c9:
                    3b:1f:db:ed:03:da:b1:41:40:06:73:64:b9:90:0d:
                    a1:b5:f8:14:80:24:51:b0:69:9a:4b:ed:cc:b5:27:
                    f9:d7:57:5c:2a:04:d2:c3:27:24:3d:39:8a:95:bf:
                    18:07:e8:94:65:fb:4f:d8:0c:89:10:d6:6c:cf:22:
                    05:a7:30:2f:14:8d:4e:a8:85:c1:69:7a:eb:4b:98:
                    92:7c:d1:08:d9:41:53:af:ae:fe:48:e5:30:c9:f8:
                    c9:c2:c3:80:b2:16:a8:a1:5c:38:61:3e:95:05:b0:
                    ba:62:cd:33:6d:30:6c:51:94:63:b5:02:86:6f:f5:
                    db:cb:38:bc:99:75:bd:68:4a:17:01:db:23:fb:4d:
                    c2:d3:6b:2d:96:e6:c3:d7:1a:8f:0a:fc:31:7d:b5:
                    72:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:59:3D:90:32:8D:BB:FC:07:4E:E5:69:C1:0D:45:4C:36:04:11:43
            X509v3 Authority Key Identifier:
                keyid:BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/8Fk9kDKNu_wHTuVpwQ1FTDYEEUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.232.24.0/22
                  185.13.168.0/22
                  213.92.128.0/17
                  213.156.96.0/22
                  213.156.104.0-213.156.127.255

    Signature Algorithm: sha256WithRSAEncryption
         19:ea:2a:34:94:35:d6:7a:51:8c:d2:1b:ba:9f:ad:33:c1:20:
         4d:87:55:48:71:7b:cc:6f:d3:e2:78:b4:78:35:64:f9:34:64:
         e9:c6:94:27:6d:16:0d:1c:c1:26:12:2d:39:57:2b:1a:65:b7:
         37:32:2d:25:39:db:5d:9d:7c:e0:9d:39:c0:98:54:52:b9:8c:
         52:da:db:4a:04:3a:2d:dd:3c:78:c6:b4:63:55:8b:86:2b:cc:
         ee:10:6d:2d:a9:a0:c6:9c:6d:c0:ef:08:aa:e8:61:67:3c:bc:
         ac:3a:7e:56:5d:69:7a:11:7a:31:d4:25:a1:9d:98:4a:4b:1b:
         b0:33:17:35:76:60:d5:af:c6:23:1f:31:a1:f6:51:54:b2:fe:
         e1:54:e5:76:3b:2e:e3:d9:5b:cc:95:35:87:8d:1f:2c:b8:5d:
         80:56:71:d4:5b:18:76:5b:0b:b6:2e:70:0d:6e:37:0b:0f:9a:
         35:ba:fe:38:7d:e9:3c:af:b0:71:79:6f:bf:0f:41:a8:dd:bc:
         68:75:cf:3e:ee:ef:51:41:ab:92:29:37:fc:80:65:97:aa:14:
         99:95:18:8b:e8:c6:79:44:99:da:b2:71:55:e8:81:77:3a:32:
         ad:af:b4:3d:57:22:ca:42:69:20:f4:91:23:f0:05:a5:95:6a:
         ee:e5:78:df
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZQiH0GXSowR/AuBRzxTcc59MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNDcwM2UwOGNhMGQ2YTMxMGNiYzY0M2ZmY2IzMDdmZjZj
ZGM2NWMwHhcNMjUwMTAxMTM0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDU5M2Q5MDMyOGRiYmZjMDc0ZWU1NjljMTBkNDU0YzM2MDQxMTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5xidTKENapxgWVxN+HgrDBOv1aX5
7BjYDj860UWmDW74KJwmgBBiKC1/KnaTgoF4Y0pL5QsisUlaThxaO/4L1ObW+q0Y
8mfANQe1gw6YbhP51EHtgzznEJLKIXTro6Guz34F2txlMsk7H9vtA9qxQUAGc2S5
kA2htfgUgCRRsGmaS+3MtSf511dcKgTSwyckPTmKlb8YB+iUZftP2AyJENZszyIF
pzAvFI1OqIXBaXrrS5iSfNEI2UFTr67+SOUwyfjJwsOAshaooVw4YT6VBbC6Ys0z
bTBsUZRjtQKGb/Xbyzi8mXW9aEoXAdsj+03C02stlubD1xqPCvwxfbVyXwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFPBZPZAyjbv8B07lacENRUw2BBFDMB8GA1UdIwQY
MBaAFLxHA+CMoNajEMvGQ//LMH/2zcZcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTct
NjZlZGEyMjhmZWM3LzEvOEZrOWtES051X3dIVHVWcHdRMUZURFlFRVVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTctNjZlZGEyMjhmZWM3
LzEvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQCbegYAwQC
uQ2oAwQH1VyAAwQC1ZxgMAwDBAPVnGgDBAfVnAAwDQYJKoZIhvcNAQELBQADggEB
ABnqKjSUNdZ6UYzSG7qfrTPBIE2HVUhxe8xv0+J4tHg1ZPk0ZOnGlCdtFg0cwSYS
LTlXKxpltzcyLSU5212dfOCdOcCYVFK5jFLa20oEOi3dPHjGtGNVi4YrzO4QbS2p
oMacbcDvCKroYWc8vKw6flZdaXoRejHUJaGdmEpLG7AzFzV2YNWvxiMfMaH2UVSy
/uFU5XY7LuPZW8yVNYeNHyy4XYBWcdRbGHZbC7YucA1uNwsPmjW6/jh96TyvsHF5
b78PQajdvGh1zz7u71FBq5IpN/yAZZeqFJmVGIvoxnlEmdqycVXogXc6Mq2vtD1X
IspCaSD0kSPwBaWVau7leN8=
-----END CERTIFICATE-----