Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/e60828-88db-4e3b-9a47-e148235b7723/1/_RGZJkC_maX9Rk5gq7HAO40xyLk.roa
File:                     _RGZJkC_maX9Rk5gq7HAO40xyLk.roa (raw, json)
Hash identifier:          UMn242+aY7D7FSfVsCmwNFJLABV4j5b5GNVt9RDj5KE=
Subject key identifier:   FD:11:99:26:40:BF:99:A5:FD:46:4E:60:AB:B1:C0:3B:8D:31:C8:B9
Certificate issuer:       /CN=340e53014bf038ade0d77ae678ff6df34ca53dc0
Certificate serial:       019426D96657415EA01C9EDAF230DF4F0E63
Authority key identifier: 34:0E:53:01:4B:F0:38:AD:E0:D7:7A:E6:78:FF:6D:F3:4C:A5:3D:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NA5TAUvwOK3g13rmeP9t80ylPcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/e60828-88db-4e3b-9a47-e148235b7723/1/_RGZJkC_maX9Rk5gq7HAO40xyLk.roa
Signing time:             Thu 02 Jan 2025 11:49:29 +0000
ROA not before:           Thu 02 Jan 2025 11:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60191
IP address blocks:        91.223.31.0/24 maxlen: 24
                          176.123.60.0/23 maxlen: 23
                          185.47.64.0/23 maxlen: 23
                          185.47.66.0/23 maxlen: 23
                          185.206.112.0/22 maxlen: 22
                          185.223.53.0/24 maxlen: 24
                          193.162.104.0/24 maxlen: 24
                          213.108.112.0/21 maxlen: 21
                          2a01:8a60::/32 maxlen: 32
                          2a01:8a60:100::/40 maxlen: 40

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:66:57:41:5e:a0:1c:9e:da:f2:30:df:4f:0e:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=340e53014bf038ade0d77ae678ff6df34ca53dc0
        Validity
            Not Before: Jan  2 11:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd11992640bf99a5fd464e60abb1c03b8d31c8b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f1:38:a1:31:be:29:52:2f:63:b2:9f:0b:29:
                    0c:de:ec:3f:a2:6b:7f:5f:01:fd:3b:cd:b3:40:64:
                    f7:74:49:49:e3:23:02:cf:2d:75:52:93:1d:0c:cd:
                    dd:72:a1:6c:40:92:a1:a2:be:aa:f4:6d:5f:dc:c5:
                    97:4f:0a:a9:0c:17:93:b4:d1:e3:b6:e7:c2:16:58:
                    72:5a:db:7a:04:52:fb:55:e4:fc:bf:3f:1a:06:90:
                    61:d6:fe:b7:50:7d:67:1a:44:c7:77:72:78:40:54:
                    39:5c:0e:dd:ed:37:61:77:56:0a:1b:c4:17:2f:42:
                    60:bc:85:c1:78:c6:6b:74:ad:ee:00:2d:d5:3e:c6:
                    50:5a:45:88:e6:9b:46:27:45:6a:38:4a:f9:e8:fb:
                    e6:b8:88:c2:c5:d8:bb:f5:03:47:38:07:61:e0:67:
                    2a:f9:92:8f:ee:ca:ed:3d:ea:d2:47:b1:d3:21:e6:
                    5f:4a:58:ff:9e:99:6f:c0:2b:13:9b:1e:86:c2:5f:
                    d3:19:1a:40:2c:80:54:9f:02:71:03:6e:df:f4:1d:
                    f0:7e:7f:e2:73:2b:2a:6c:bb:c3:80:9a:29:87:5f:
                    45:76:05:8e:9e:52:38:0a:6c:b5:e0:8d:4c:78:7e:
                    27:35:38:77:c9:27:6c:fb:78:b6:8b:48:56:0c:69:
                    47:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:11:99:26:40:BF:99:A5:FD:46:4E:60:AB:B1:C0:3B:8D:31:C8:B9
            X509v3 Authority Key Identifier:
                keyid:34:0E:53:01:4B:F0:38:AD:E0:D7:7A:E6:78:FF:6D:F3:4C:A5:3D:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NA5TAUvwOK3g13rmeP9t80ylPcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/e60828-88db-4e3b-9a47-e148235b7723/1/_RGZJkC_maX9Rk5gq7HAO40xyLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/e60828-88db-4e3b-9a47-e148235b7723/1/NA5TAUvwOK3g13rmeP9t80ylPcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.31.0/24
                  176.123.60.0/23
                  185.47.64.0/22
                  185.206.112.0/22
                  185.223.53.0/24
                  193.162.104.0/24
                  213.108.112.0/21
                IPv6:
                  2a01:8a60::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:cd:cf:72:a8:39:c7:47:29:23:51:fe:67:3f:5d:43:39:09:
         44:d1:c1:dc:82:ff:38:2f:86:4b:27:fb:5c:69:0a:da:f5:71:
         e8:4d:60:ee:0f:9c:aa:b6:f7:22:d5:ae:55:cf:94:e9:4d:62:
         c9:26:4e:13:68:67:04:5c:60:aa:f9:ab:c0:e6:86:2c:e1:55:
         15:b8:4b:23:7c:8f:4b:23:10:7f:88:0a:b5:14:d9:d4:81:d8:
         24:45:f2:d9:57:f1:12:ce:66:a9:0f:af:64:54:4b:71:f5:73:
         c8:67:66:39:ac:37:a0:7d:b6:9f:d9:b2:7f:23:1e:d0:0e:12:
         04:77:97:7f:65:4b:13:0f:58:03:70:28:8f:13:f1:35:46:5a:
         7b:52:56:ce:21:4f:9b:af:0a:44:4d:4a:54:34:18:b4:c4:85:
         93:cf:1a:22:93:cb:3f:78:ec:0d:0b:1d:f6:46:8f:c8:3d:2f:
         50:75:39:8f:d1:6f:61:08:e3:d0:17:03:cc:ff:3b:93:69:0a:
         7f:21:10:3a:38:dc:92:bb:1d:0f:53:3e:60:ea:01:ac:ad:24:
         c6:33:a9:3c:c0:5d:68:15:4c:f2:2f:5f:bd:e2:91:1e:fb:cf:
         fb:fb:82:14:da:a9:86:25:9e:f0:19:92:61:f8:09:69:df:58:
         78:d7:f5:90
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZQm2WZXQV6gHJ7a8jDfTw5jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MGU1MzAxNGJmMDM4YWRlMGQ3N2FlNjc4ZmY2ZGYzNGNh
NTNkYzAwHhcNMjUwMTAyMTE0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDExOTkyNjQwYmY5OWE1ZmQ0NjRlNjBhYmIxYzAzYjhkMzFjOGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/E4oTG+KVIvY7KfCykM3uw/omt/
XwH9O82zQGT3dElJ4yMCzy11UpMdDM3dcqFsQJKhor6q9G1f3MWXTwqpDBeTtNHj
tufCFlhyWtt6BFL7VeT8vz8aBpBh1v63UH1nGkTHd3J4QFQ5XA7d7Tdhd1YKG8QX
L0JgvIXBeMZrdK3uAC3VPsZQWkWI5ptGJ0VqOEr56PvmuIjCxdi79QNHOAdh4Gcq
+ZKP7srtPerSR7HTIeZfSlj/nplvwCsTmx6Gwl/TGRpALIBUnwJxA27f9B3wfn/i
cysqbLvDgJoph19FdgWOnlI4Cmy14I1MeH4nNTh3ySds+3i2i0hWDGlHmwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFP0RmSZAv5ml/UZOYKuxwDuNMci5MB8GA1UdIwQY
MBaAFDQOUwFL8Dit4Nd65nj/bfNMpT3AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkE1VEFVdndPSzNnMTNybWVQOXQ4MHlsUGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9lNjA4MjgtODhkYi00ZTNiLTlhNDct
ZTE0ODIzNWI3NzIzLzEvX1JHWkprQ19tYVg5Ums1Z3E3SEFPNDB4eUxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9lNjA4MjgtODhkYi00ZTNiLTlhNDctZTE0ODIzNWI3NzIz
LzEvTkE1VEFVdndPSzNnMTNybWVQOXQ4MHlsUGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQAW98fAwQB
sHs8AwQCuS9AAwQCuc5wAwQAud81AwQAwaJoAwQD1WxwMA0EAgACMAcDBQAqAYpg
MA0GCSqGSIb3DQEBCwUAA4IBAQBvzc9yqDnHRykjUf5nP11DOQlE0cHcgv84L4ZL
J/tcaQra9XHoTWDuD5yqtvci1a5Vz5TpTWLJJk4TaGcEXGCq+avA5oYs4VUVuEsj
fI9LIxB/iAq1FNnUgdgkRfLZV/ESzmapD69kVEtx9XPIZ2Y5rDegfbaf2bJ/Ix7Q
DhIEd5d/ZUsTD1gDcCiPE/E1Rlp7UlbOIU+brwpETUpUNBi0xIWTzxoik8s/eOwN
Cx32Ro/IPS9QdTmP0W9hCOPQFwPM/zuTaQp/IRA6ONySux0PUz5g6gGsrSTGM6k8
wF1oFUzyL1+94pEe+8/7+4IU2qmGJZ7wGZJh+Alp31h41/WQ
-----END CERTIFICATE-----