Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/d8f8cf-188a-4bd0-8dba-41e7fba6d6e1/1/I5o3I21K-RSgOPv12xUBF1eTW1k.roa
File:                     I5o3I21K-RSgOPv12xUBF1eTW1k.roa (raw, json)
Hash identifier:          1nPGseQNHbttW0q1SC7GIv9CrcPJVrmhM6NdxmXarf4=
Subject key identifier:   23:9A:37:23:6D:4A:F9:14:A0:38:FB:F5:DB:15:01:17:57:93:5B:59
Certificate issuer:       /CN=d29dc792adfcfe88c79e7958fbfec525630b62f9
Certificate serial:       0194228D0A9D18E42B6F37AC3F38B1028841
Authority key identifier: D2:9D:C7:92:AD:FC:FE:88:C7:9E:79:58:FB:FE:C5:25:63:0B:62:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0p3Hkq38_ojHnnlY-_7FJWMLYvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/d8f8cf-188a-4bd0-8dba-41e7fba6d6e1/1/I5o3I21K-RSgOPv12xUBF1eTW1k.roa
Signing time:             Wed 01 Jan 2025 15:47:36 +0000
ROA not before:           Wed 01 Jan 2025 15:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60757
IP address blocks:        45.132.84.0/24 maxlen: 24
                          45.143.89.0/24 maxlen: 24
                          85.92.120.0/24 maxlen: 24
                          85.92.121.0/24 maxlen: 24
                          85.92.122.0/24 maxlen: 24
                          85.92.123.0/24 maxlen: 24
                          185.217.188.0/24 maxlen: 24
                          185.217.189.0/24 maxlen: 24
                          185.217.190.0/24 maxlen: 24
                          185.217.191.0/24 maxlen: 24
                          2a0d:bcc0::/32 maxlen: 48
                          2a0d:bcc1::/32 maxlen: 48
                          2a0d:bcc2::/32 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:0a:9d:18:e4:2b:6f:37:ac:3f:38:b1:02:88:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d29dc792adfcfe88c79e7958fbfec525630b62f9
        Validity
            Not Before: Jan  1 15:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=239a37236d4af914a038fbf5db15011757935b59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b7:64:e9:7d:c3:58:f5:93:80:9b:23:49:f0:
                    39:d9:26:9a:89:20:c9:ca:6b:19:30:0e:66:7e:5f:
                    89:95:46:1f:4e:4d:8e:3a:ce:d5:46:10:56:e7:e4:
                    c7:be:38:b9:20:1f:55:f5:0f:08:54:90:f0:8e:3a:
                    be:5e:3c:59:5b:ac:48:50:9f:35:4c:41:fd:46:65:
                    0b:76:8e:f5:12:47:66:ec:fd:ba:17:a5:e2:c5:0d:
                    98:00:9e:5a:fc:46:c1:a3:c3:d4:be:a5:8f:c8:28:
                    c1:f6:54:5b:ba:11:c6:3a:a6:10:e2:99:2e:97:2c:
                    8f:8f:68:9a:18:1c:b2:e5:41:37:69:fa:c3:e8:7b:
                    cf:14:15:d4:79:17:1f:8f:4e:ad:6c:bb:3e:29:9a:
                    f9:15:ba:7c:9b:86:08:a9:c2:a8:ea:e0:ab:75:05:
                    14:34:ab:b3:48:c0:18:b3:bb:a9:58:a6:3d:29:90:
                    94:9d:8b:c4:0b:29:3a:bf:19:db:94:f6:34:b5:a8:
                    9f:e6:5d:32:a5:4f:ea:3c:51:de:d1:38:5e:6d:e4:
                    1f:6e:55:70:95:00:29:5b:ed:6e:8b:1c:f0:4e:83:
                    5f:62:ed:96:4f:ea:8c:14:b2:42:af:40:4d:a0:6f:
                    dc:c7:24:97:8b:dd:3e:29:8b:ff:b0:46:77:cb:c0:
                    9b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:9A:37:23:6D:4A:F9:14:A0:38:FB:F5:DB:15:01:17:57:93:5B:59
            X509v3 Authority Key Identifier:
                keyid:D2:9D:C7:92:AD:FC:FE:88:C7:9E:79:58:FB:FE:C5:25:63:0B:62:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0p3Hkq38_ojHnnlY-_7FJWMLYvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/d8f8cf-188a-4bd0-8dba-41e7fba6d6e1/1/I5o3I21K-RSgOPv12xUBF1eTW1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/d8f8cf-188a-4bd0-8dba-41e7fba6d6e1/1/0p3Hkq38_ojHnnlY-_7FJWMLYvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.84.0/24
                  45.143.89.0/24
                  85.92.120.0/22
                  185.217.188.0/22
                IPv6:
                  2a0d:bcc0::-2a0d:bcc2:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         5f:22:04:44:69:a8:85:6b:a0:3a:92:a5:05:9a:a1:f8:64:e9:
         3a:f0:98:e2:e3:3a:e3:61:ff:56:30:90:a8:c1:9d:f4:9d:fd:
         eb:85:59:0d:d0:f3:11:c7:16:ad:05:5a:d6:8e:bd:07:24:20:
         6a:42:cb:75:d4:53:0b:33:19:bd:c0:0a:28:22:72:1a:4c:00:
         6d:f1:58:93:5d:2c:4c:6c:e2:06:a5:c7:44:30:b6:8b:c1:b9:
         07:42:ec:c9:e0:42:1b:cf:ee:72:db:32:5f:6e:c8:63:6a:a1:
         0b:16:45:d2:22:87:41:6c:ac:d9:43:75:10:c6:76:a2:3d:d7:
         df:31:f1:ee:2c:31:f1:da:41:f4:27:66:b7:8d:47:40:79:58:
         8c:15:b2:b9:62:27:c6:1e:02:b2:84:4a:c5:e0:9d:99:6d:a3:
         0e:e3:2a:85:d5:a8:cc:c1:ac:23:df:17:1f:dd:59:f7:7e:ad:
         be:a6:7a:42:70:2a:55:30:d1:a0:af:2e:c2:44:4a:d9:c7:dc:
         88:bd:e8:fc:5c:53:f0:d9:e9:e2:95:7d:0e:46:3c:e1:fe:b8:
         0d:91:da:0b:d4:e8:5a:58:00:4f:10:5e:f1:91:90:6a:89:bf:
         e8:4e:ab:2a:1f:14:09:54:b7:cf:54:e0:fb:74:a0:fb:11:4e:
         b6:f3:bd:e0
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQijQqdGOQrbzesPzixAohBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyOWRjNzkyYWRmY2ZlODhjNzllNzk1OGZiZmVjNTI1NjMw
YjYyZjkwHhcNMjUwMTAxMTU0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzlhMzcyMzZkNGFmOTE0YTAzOGZiZjVkYjE1MDExNzU3OTM1YjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7dk6X3DWPWTgJsjSfA52SaaiSDJ
ymsZMA5mfl+JlUYfTk2OOs7VRhBW5+THvji5IB9V9Q8IVJDwjjq+XjxZW6xIUJ81
TEH9RmULdo71Ekdm7P26F6XixQ2YAJ5a/EbBo8PUvqWPyCjB9lRbuhHGOqYQ4pku
lyyPj2iaGByy5UE3afrD6HvPFBXUeRcfj06tbLs+KZr5Fbp8m4YIqcKo6uCrdQUU
NKuzSMAYs7upWKY9KZCUnYvECyk6vxnblPY0taif5l0ypU/qPFHe0ThebeQfblVw
lQApW+1uixzwToNfYu2WT+qMFLJCr0BNoG/cxySXi90+KYv/sEZ3y8CbQwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFCOaNyNtSvkUoDj79dsVARdXk1tZMB8GA1UdIwQY
MBaAFNKdx5Kt/P6Ix555WPv+xSVjC2L5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHAzSGtxMzhfb2pIbm5sWS1fN0ZKV01MWXZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kOGY4Y2YtMTg4YS00YmQwLThkYmEt
NDFlN2ZiYTZkNmUxLzEvSTVvM0kyMUstUlNnT1B2MTJ4VUJGMWVUVzFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kOGY4Y2YtMTg4YS00YmQwLThkYmEtNDFlN2ZiYTZkNmUx
LzEvMHAzSGtxMzhfb2pIbm5sWS1fN0ZKV01MWXZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAeBAIAATAYAwQALYRUAwQA
LY9ZAwQCVVx4AwQCudm8MBYEAgACMBAwDgMFBioNvMADBQAqDbzCMA0GCSqGSIb3
DQEBCwUAA4IBAQBfIgREaaiFa6A6kqUFmqH4ZOk68Jji4zrjYf9WMJCowZ30nf3r
hVkN0PMRxxatBVrWjr0HJCBqQst11FMLMxm9wAooInIaTABt8ViTXSxMbOIGpcdE
MLaLwbkHQuzJ4EIbz+5y2zJfbshjaqELFkXSIodBbKzZQ3UQxnaiPdffMfHuLDHx
2kH0J2a3jUdAeViMFbK5YifGHgKyhErF4J2ZbaMO4yqF1ajMwawj3xcf3Vn3fq2+
pnpCcCpVMNGgry7CRErZx9yIvej8XFPw2enilX0ORjzh/rgNkdoL1OhaWABPEF7x
kZBqib/oTqsqHxQJVLfPVOD7dKD7EU62873g
-----END CERTIFICATE-----