Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/8e7e30-c2b8-4591-8cfe-7b8e9d335ca8/1/hrSr7PbVWH7aG3iOlOrw-Rxq9aI.roa
File:                     hrSr7PbVWH7aG3iOlOrw-Rxq9aI.roa (raw, json)
Hash identifier:          DNgNHzemSkvz3FrzZcfk82WFTYgcGwkk4ukyoiRGuK0=
Subject key identifier:   86:B4:AB:EC:F6:D5:58:7E:DA:1B:78:8E:94:EA:F0:F9:1C:6A:F5:A2
Certificate issuer:       /CN=f7742725862b90bda4510a02e804fef3ad1142dc
Certificate serial:       0193B44B2038663B5075E66DDB66FDC34A93
Authority key identifier: F7:74:27:25:86:2B:90:BD:A4:51:0A:02:E8:04:FE:F3:AD:11:42:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93QnJYYrkL2kUQoC6AT-860RQtw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/8e7e30-c2b8-4591-8cfe-7b8e9d335ca8/1/hrSr7PbVWH7aG3iOlOrw-Rxq9aI.roa
Signing time:             Wed 11 Dec 2024 05:57:22 +0000
ROA not before:           Wed 11 Dec 2024 05:57:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15836
IP address blocks:        5.32.168.0/21 maxlen: 24
                          87.255.64.0/19 maxlen: 24
                          185.46.60.0/22 maxlen: 24
                          185.172.28.0/22 maxlen: 22
                          185.172.28.0/24 maxlen: 24
                          185.172.29.0/24 maxlen: 24
                          185.172.30.0/24 maxlen: 24
                          185.172.31.0/24 maxlen: 24
                          188.0.224.0/20 maxlen: 20
                          212.28.64.0/19 maxlen: 24
                          217.26.160.0/20 maxlen: 24
                          2a03:a80::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:b4:4b:20:38:66:3b:50:75:e6:6d:db:66:fd:c3:4a:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7742725862b90bda4510a02e804fef3ad1142dc
        Validity
            Not Before: Dec 11 05:57:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86b4abecf6d5587eda1b788e94eaf0f91c6af5a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:4e:51:99:6e:d8:9a:0d:cf:27:f3:48:ef:3f:
                    68:20:99:f5:a1:c2:c0:de:23:93:54:d8:95:29:43:
                    fd:14:9d:6c:03:48:59:77:26:7e:7e:86:70:9e:04:
                    c2:fa:76:83:db:36:28:cd:29:31:65:e4:e3:6b:4a:
                    23:1b:bd:88:8c:8d:4b:c0:54:52:de:a8:cc:92:80:
                    6d:7c:0c:9e:1e:b8:c4:10:ea:07:97:1b:ce:e9:e0:
                    f9:c7:97:f7:e3:95:cd:8b:30:21:29:c8:c7:ea:d1:
                    13:c5:3f:68:10:ab:64:fb:fa:52:b3:94:87:e9:26:
                    1f:20:14:33:50:1d:9b:16:64:be:a4:62:04:f8:f5:
                    13:54:de:9a:ef:66:4e:b5:5d:b6:23:f6:5a:7d:3d:
                    c8:5e:58:65:98:fb:6e:61:bf:25:b9:a5:20:cc:29:
                    51:82:84:38:1e:1b:2d:66:07:35:73:e4:28:81:a8:
                    70:97:84:46:aa:07:f6:e5:8b:59:9e:37:78:a4:e7:
                    47:9f:ec:cd:26:74:14:92:a8:83:d6:0e:3c:66:da:
                    c0:60:76:22:c5:fc:f1:ac:aa:40:f4:d4:d8:81:19:
                    50:de:09:25:64:df:e1:af:7e:a2:d2:2d:1c:49:00:
                    2c:fc:6d:bf:25:80:76:12:83:23:57:85:58:51:b4:
                    11:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:B4:AB:EC:F6:D5:58:7E:DA:1B:78:8E:94:EA:F0:F9:1C:6A:F5:A2
            X509v3 Authority Key Identifier:
                keyid:F7:74:27:25:86:2B:90:BD:A4:51:0A:02:E8:04:FE:F3:AD:11:42:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93QnJYYrkL2kUQoC6AT-860RQtw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/8e7e30-c2b8-4591-8cfe-7b8e9d335ca8/1/hrSr7PbVWH7aG3iOlOrw-Rxq9aI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/8e7e30-c2b8-4591-8cfe-7b8e9d335ca8/1/93QnJYYrkL2kUQoC6AT-860RQtw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.32.168.0/21
                  87.255.64.0/19
                  185.46.60.0/22
                  185.172.28.0/22
                  188.0.224.0/20
                  212.28.64.0/19
                  217.26.160.0/20
                IPv6:
                  2a03:a80::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:c5:5e:b4:c3:a6:fc:3d:91:dd:76:74:c2:45:2a:98:ab:ff:
         8b:fb:5e:19:52:80:30:dd:62:72:cb:bf:a2:16:e1:5b:45:e9:
         a7:83:aa:11:b4:27:07:65:9c:84:5a:28:c5:dc:3c:31:75:19:
         74:97:18:08:c7:5c:aa:4c:c8:6f:74:84:c0:0a:cb:08:72:f4:
         09:6c:3c:89:2a:ce:95:67:20:7a:f6:6e:50:b0:9e:f2:7a:cf:
         67:20:3c:7f:24:aa:53:96:b0:e9:70:5c:b8:d5:89:f6:82:5d:
         eb:05:03:00:61:9a:a9:c7:67:bc:37:60:5b:02:8b:67:57:cb:
         15:21:78:7c:ef:1a:1c:ab:0a:a5:0e:c9:af:9a:7d:de:da:f2:
         89:b0:da:21:cb:78:a6:89:19:b7:37:d1:86:05:9a:bf:fa:6b:
         b4:02:9f:4c:43:ea:98:1a:a6:de:52:63:f3:28:1b:aa:7e:16:
         00:7b:bc:62:0c:ad:e6:e9:d9:c4:07:1d:8c:f6:ac:01:10:f3:
         f8:c7:f9:0e:58:64:b8:a8:3e:60:99:80:f5:c8:3e:94:35:66:
         9f:55:89:16:a6:2e:54:dd:d9:ec:02:23:89:4f:b1:52:7c:32:
         25:b9:b6:da:5c:0d:14:b2:3f:30:2e:5f:b8:43:6a:5a:ec:26:
         43:b6:ba:f2
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZO0SyA4ZjtQdeZt22b9w0qTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzQyNzI1ODYyYjkwYmRhNDUxMGEwMmU4MDRmZWYzYWQx
MTQyZGMwHhcNMjQxMjExMDU1NzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmI0YWJlY2Y2ZDU1ODdlZGExYjc4OGU5NGVhZjBmOTFjNmFmNWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU5RmW7Ymg3PJ/NI7z9oIJn1ocLA
3iOTVNiVKUP9FJ1sA0hZdyZ+foZwngTC+naD2zYozSkxZeTja0ojG72IjI1LwFRS
3qjMkoBtfAyeHrjEEOoHlxvO6eD5x5f345XNizAhKcjH6tETxT9oEKtk+/pSs5SH
6SYfIBQzUB2bFmS+pGIE+PUTVN6a72ZOtV22I/ZafT3IXlhlmPtuYb8luaUgzClR
goQ4HhstZgc1c+Qogahwl4RGqgf25YtZnjd4pOdHn+zNJnQUkqiD1g48ZtrAYHYi
xfzxrKpA9NTYgRlQ3gklZN/hr36i0i0cSQAs/G2/JYB2EoMjV4VYUbQRBQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFIa0q+z21Vh+2ht4jpTq8PkcavWiMB8GA1UdIwQY
MBaAFPd0JyWGK5C9pFEKAugE/vOtEULcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNRbkpZWXJrTDJrVVFvQzZBVC04NjBSUXR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni84ZTdlMzAtYzJiOC00NTkxLThjZmUt
N2I4ZTlkMzM1Y2E4LzEvaHJTcjdQYlZXSDdhRzNpT2xPcnctUnhxOWFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni84ZTdlMzAtYzJiOC00NTkxLThjZmUtN2I4ZTlkMzM1Y2E4
LzEvOTNRbkpZWXJrTDJrVVFvQzZBVC04NjBSUXR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDBSCoAwQF
V/9AAwQCuS48AwQCuawcAwQEvADgAwQF1BxAAwQE2RqgMA0EAgACMAcDBQAqAwqA
MA0GCSqGSIb3DQEBCwUAA4IBAQBDxV60w6b8PZHddnTCRSqYq/+L+14ZUoAw3WJy
y7+iFuFbRemng6oRtCcHZZyEWijF3DwxdRl0lxgIx1yqTMhvdITACssIcvQJbDyJ
Ks6VZyB69m5QsJ7yes9nIDx/JKpTlrDpcFy41Yn2gl3rBQMAYZqpx2e8N2BbAotn
V8sVIXh87xocqwqlDsmvmn3e2vKJsNohy3imiRm3N9GGBZq/+mu0Ap9MQ+qYGqbe
UmPzKBuqfhYAe7xiDK3m6dnEBx2M9qwBEPP4x/kOWGS4qD5gmYD1yD6UNWafVYkW
pi5U3dnsAiOJT7FSfDIlubbaXA0Usj8wLl+4Q2pa7CZDtrry
-----END CERTIFICATE-----