Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/c4abfe-a8e6-4a14-8b5c-d0e0f213936c/1/Iu34C6WTJwsC1Fqt5jh4X7IhtoM.roa
File:                     Iu34C6WTJwsC1Fqt5jh4X7IhtoM.roa (raw, json)
Hash identifier:          pYBTjTgLbQQp6tqJYSrST6Bcv/MloC/SDIFHbD5N2uA=
Subject key identifier:   22:ED:F8:0B:A5:93:27:0B:02:D4:5A:AD:E6:38:78:5F:B2:21:B6:83
Certificate issuer:       /CN=6311a69c8172044854931f100a59bd089cb8881a
Certificate serial:       0194221FB86C7E4B85D264AF75940CF2FA89
Authority key identifier: 63:11:A6:9C:81:72:04:48:54:93:1F:10:0A:59:BD:08:9C:B8:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YxGmnIFyBEhUkx8QClm9CJy4iBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/c4abfe-a8e6-4a14-8b5c-d0e0f213936c/1/Iu34C6WTJwsC1Fqt5jh4X7IhtoM.roa
Signing time:             Wed 01 Jan 2025 13:48:11 +0000
ROA not before:           Wed 01 Jan 2025 13:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137
IP address blocks:        131.154.0.0/16 maxlen: 16
                          141.108.0.0/16 maxlen: 16
                          192.84.127.0/24 maxlen: 24
                          192.84.128.0/20 maxlen: 20
                          192.84.144.0/21 maxlen: 21
                          192.84.152.0/22 maxlen: 22
                          192.84.156.0/24 maxlen: 24
                          192.135.8.0/21 maxlen: 21
                          192.135.16.0/20 maxlen: 20
                          192.135.32.0/23 maxlen: 23
                          192.135.34.0/24 maxlen: 24
                          192.135.35.0/24 maxlen: 24
                          192.135.36.0/24 maxlen: 24
                          192.135.37.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b8:6c:7e:4b:85:d2:64:af:75:94:0c:f2:fa:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6311a69c8172044854931f100a59bd089cb8881a
        Validity
            Not Before: Jan  1 13:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22edf80ba593270b02d45aade638785fb221b683
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e4:6f:79:1f:bb:bb:c1:9d:76:4e:73:ba:7b:
                    45:2f:70:c9:b0:63:2e:6b:5e:8f:47:0b:c5:75:f3:
                    94:96:c2:60:45:c2:2f:61:52:7a:b2:f9:5c:4a:12:
                    39:59:3e:77:d6:53:a1:08:70:4a:bc:b6:06:37:77:
                    3f:e2:67:f7:57:5b:18:f8:31:e7:3c:35:45:25:5d:
                    b4:06:70:86:e0:c5:dd:5f:34:e5:8a:46:5b:d8:ab:
                    f0:24:c6:9c:5b:aa:80:73:e4:ba:d8:3c:5b:cd:2d:
                    10:bc:ef:eb:c5:08:06:79:61:4e:30:ca:96:17:16:
                    7b:f3:03:18:43:41:27:e7:0c:b6:a8:22:9a:84:07:
                    f8:fd:91:93:49:9b:e4:31:29:ec:c3:ae:4e:8d:70:
                    47:29:7d:ce:61:d2:8a:ec:e4:19:ec:bd:c1:f2:92:
                    3e:e0:3e:2c:4a:e1:13:6d:64:83:82:80:b1:7e:38:
                    52:8c:b7:98:a3:47:8b:ff:ed:60:3b:1e:79:77:bb:
                    b0:74:78:71:75:00:d3:78:b4:ff:6c:2f:c6:48:df:
                    12:6a:91:c0:a8:07:80:c3:bd:53:a7:94:11:3f:c8:
                    30:67:7e:6f:39:10:5c:64:06:95:ea:df:c7:41:ba:
                    91:b5:b9:c1:80:c3:b0:6e:29:c4:53:18:78:75:3e:
                    00:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:ED:F8:0B:A5:93:27:0B:02:D4:5A:AD:E6:38:78:5F:B2:21:B6:83
            X509v3 Authority Key Identifier:
                keyid:63:11:A6:9C:81:72:04:48:54:93:1F:10:0A:59:BD:08:9C:B8:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YxGmnIFyBEhUkx8QClm9CJy4iBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/c4abfe-a8e6-4a14-8b5c-d0e0f213936c/1/Iu34C6WTJwsC1Fqt5jh4X7IhtoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/c4abfe-a8e6-4a14-8b5c-d0e0f213936c/1/YxGmnIFyBEhUkx8QClm9CJy4iBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.154.0.0/16
                  141.108.0.0/16
                  192.84.127.0-192.84.156.255
                  192.135.8.0-192.135.37.255

    Signature Algorithm: sha256WithRSAEncryption
         b6:6a:e7:61:dd:89:23:fd:6b:78:b0:8f:51:20:34:77:a1:04:
         0d:0e:b2:dc:0e:4a:ac:5e:95:f8:6b:b4:9f:18:03:3e:c3:f5:
         b3:af:db:95:63:b8:a1:0f:a0:bf:3f:d3:8c:c1:1f:9d:5b:86:
         69:26:14:e5:e4:39:7e:ab:52:58:17:04:78:89:93:01:54:4c:
         4c:66:33:1e:93:a1:81:fb:93:64:ed:b1:0f:9d:50:ed:ef:62:
         b6:e9:f5:74:dc:76:a8:70:79:ec:1f:97:8e:85:35:d1:a2:be:
         10:81:3d:7c:03:21:f2:42:6a:ee:98:de:9a:95:be:65:3e:9d:
         01:fc:13:99:eb:02:db:af:d7:5a:61:60:34:82:ad:6a:2e:c7:
         ef:07:e5:fe:ee:9e:f2:2a:81:4c:96:33:e8:1c:47:92:ce:29:
         1b:a9:a3:70:6c:c3:50:d8:88:50:77:43:a8:e8:41:be:0b:79:
         b8:b4:8c:44:aa:49:32:44:b2:ef:56:6a:86:af:14:80:60:25:
         68:a5:20:04:b0:b3:3a:d2:a0:31:44:69:1c:4a:38:d4:98:13:
         8d:ed:f2:8a:ba:96:9b:be:e2:b0:27:b1:c7:02:e2:5e:16:9a:
         77:da:b5:4f:47:c2:0f:96:d2:1b:83:6c:9b:f4:b0:56:5a:bd:
         6b:df:de:02
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZQiH7hsfkuF0mSvdZQM8vqJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMTFhNjljODE3MjA0NDg1NDkzMWYxMDBhNTliZDA4OWNi
ODg4MWEwHhcNMjUwMTAxMTM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmVkZjgwYmE1OTMyNzBiMDJkNDVhYWRlNjM4Nzg1ZmIyMjFiNjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveRveR+7u8Gddk5zuntFL3DJsGMu
a16PRwvFdfOUlsJgRcIvYVJ6svlcShI5WT531lOhCHBKvLYGN3c/4mf3V1sY+DHn
PDVFJV20BnCG4MXdXzTlikZb2KvwJMacW6qAc+S62DxbzS0QvO/rxQgGeWFOMMqW
FxZ78wMYQ0En5wy2qCKahAf4/ZGTSZvkMSnsw65OjXBHKX3OYdKK7OQZ7L3B8pI+
4D4sSuETbWSDgoCxfjhSjLeYo0eL/+1gOx55d7uwdHhxdQDTeLT/bC/GSN8SapHA
qAeAw71Tp5QRP8gwZ35vORBcZAaV6t/HQbqRtbnBgMOwbinEUxh4dT4ADwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFCLt+AulkycLAtRareY4eF+yIbaDMB8GA1UdIwQY
MBaAFGMRppyBcgRIVJMfEApZvQicuIgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXhHbW5JRnlCRWhVa3g4UUNsbTlDSnk0aUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9jNGFiZmUtYThlNi00YTE0LThiNWMt
ZDBlMGYyMTM5MzZjLzEvSXUzNEM2V1RKd3NDMUZxdDVqaDRYN0lodG9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9jNGFiZmUtYThlNi00YTE0LThiNWMtZDBlMGYyMTM5MzZj
LzEvWXhHbW5JRnlCRWhVa3g4UUNsbTlDSnk0aUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwMAg5oDAwCN
bDAMAwQAwFR/AwQAwFScMAwDBAPAhwgDBAHAhyQwDQYJKoZIhvcNAQELBQADggEB
ALZq52HdiSP9a3iwj1EgNHehBA0OstwOSqxelfhrtJ8YAz7D9bOv25VjuKEPoL8/
04zBH51bhmkmFOXkOX6rUlgXBHiJkwFUTExmMx6ToYH7k2TtsQ+dUO3vYrbp9XTc
dqhweewfl46FNdGivhCBPXwDIfJCau6Y3pqVvmU+nQH8E5nrAtuv11phYDSCrWou
x+8H5f7unvIqgUyWM+gcR5LOKRupo3Bsw1DYiFB3Q6joQb4Lebi0jESqSTJEsu9W
aoavFIBgJWilIASwszrSoDFEaRxKONSYE43t8oq6lpu+4rAnsccC4l4WmnfatU9H
wg+W0huDbJv0sFZavWvf3gI=
-----END CERTIFICATE-----