Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/DiJuQ_kG7WvUzBjzRy7osCFiLa0.roa
File:                     DiJuQ_kG7WvUzBjzRy7osCFiLa0.roa (raw, json)
Hash identifier:          ZZdF3mZX0+NSB3GzJXDHjRpoKegOrxgL6WcAfOKZIVo=
Subject key identifier:   0E:22:6E:43:F9:06:ED:6B:D4:CC:18:F3:47:2E:E8:B0:21:62:2D:AD
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       01941F8C87FE259E40CF7F28D4004229C060
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/DiJuQ_kG7WvUzBjzRy7osCFiLa0.roa
Signing time:             Wed 01 Jan 2025 01:48:11 +0000
ROA not before:           Wed 01 Jan 2025 01:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198357
IP address blocks:        5.159.48.0/24 maxlen: 24
                          5.159.50.0/24 maxlen: 24
                          5.159.51.0/24 maxlen: 24
                          5.159.52.0/24 maxlen: 24
                          5.159.53.0/24 maxlen: 24
                          5.159.55.0/24 maxlen: 24
                          89.46.216.0/24 maxlen: 24
                          89.46.218.0/24 maxlen: 24
                          89.46.219.0/24 maxlen: 24
                          185.3.201.0/24 maxlen: 24
                          185.3.202.0/24 maxlen: 24
                          185.3.203.0/24 maxlen: 24
                          188.240.212.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:87:fe:25:9e:40:cf:7f:28:d4:00:42:29:c0:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jan  1 01:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e226e43f906ed6bd4cc18f3472ee8b021622dad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:33:b3:6d:fb:14:5a:e0:ff:4c:9f:ad:d4:73:
                    e9:d6:75:c0:09:44:81:f2:04:37:f9:c5:20:61:09:
                    b1:58:8f:89:5a:17:22:8c:31:8d:20:9c:6c:45:e0:
                    93:ef:fe:15:c2:6b:51:6e:d9:3d:62:85:41:9a:75:
                    45:73:5e:68:cd:47:1d:d1:8e:c8:4c:48:70:38:36:
                    d9:41:0f:0f:82:10:73:34:ad:e0:3e:ac:46:53:c2:
                    f6:44:60:32:d8:64:ad:e5:da:93:1a:77:4c:7a:72:
                    dc:48:97:90:28:59:a9:f3:bd:29:7a:5c:b8:43:10:
                    dc:73:4b:fe:96:06:ac:6e:0d:02:d0:30:1e:c1:ce:
                    18:b9:ca:cd:59:e7:44:b0:bc:16:56:b2:43:79:0a:
                    66:81:9d:47:1c:70:31:3d:13:4d:f3:bc:69:ba:2a:
                    89:bc:2d:d8:ac:57:7d:95:8c:34:99:34:1d:54:d4:
                    36:ec:ae:16:94:3c:3d:13:da:51:4b:53:cd:7b:84:
                    5a:9a:2a:16:bd:8f:35:20:c9:24:80:c6:51:09:fc:
                    4f:66:3f:0d:65:a4:ef:c6:8b:0c:21:cc:ac:c7:bb:
                    43:68:31:f6:b7:79:6e:84:c0:1d:76:f8:87:b3:88:
                    33:ce:b0:48:65:33:5d:70:16:06:13:2d:7a:b8:24:
                    ea:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:22:6E:43:F9:06:ED:6B:D4:CC:18:F3:47:2E:E8:B0:21:62:2D:AD
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/DiJuQ_kG7WvUzBjzRy7osCFiLa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.48.0/24
                  5.159.50.0-5.159.53.255
                  5.159.55.0/24
                  89.46.216.0/24
                  89.46.218.0/23
                  185.3.201.0-185.3.203.255
                  188.240.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:ff:e9:0a:be:ee:3a:3b:89:a6:39:bb:64:c6:aa:27:15:89:
         c8:bc:fd:c6:d5:8b:15:05:ba:f1:18:de:17:44:de:fe:4f:6c:
         74:da:a3:b2:9f:06:17:e0:39:c8:e0:dd:2b:16:20:c2:09:7a:
         8d:63:5a:38:e6:20:e9:39:a8:ab:c2:ab:9d:b1:f4:2d:fa:60:
         1c:f5:18:80:4d:7e:fa:f4:5b:10:a0:3e:3e:62:62:0d:2f:73:
         c6:5d:e5:bb:e6:ba:90:27:b7:8a:d7:53:16:b2:9c:72:ce:89:
         e9:9c:c6:c8:da:08:de:78:40:ad:09:8f:44:f6:c9:f5:b2:74:
         61:ae:39:aa:2e:98:ad:9a:e7:61:93:2c:93:af:2b:91:99:9c:
         a6:17:7a:89:e4:48:de:73:9f:28:47:36:c3:3e:cf:9a:2c:b5:
         b7:db:a1:92:fc:60:21:f3:1c:fd:07:e0:89:4f:39:87:bd:e4:
         05:2d:3c:95:92:cb:12:3c:ea:3b:7a:fe:27:ff:ad:44:c4:1e:
         3b:38:d8:a9:38:c8:d1:db:7d:f1:0b:6b:76:4d:03:d7:cf:91:
         05:18:06:b6:b4:87:70:fc:4d:c5:d7:96:db:51:a8:6a:c2:a3:
         f5:75:a1:64:a7:05:de:12:56:1a:cc:da:c8:73:22:38:0d:b0:
         36:f9:70:ba
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZQfjIf+JZ5Az38o1ABCKcBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjUwMTAxMDE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTIyNmU0M2Y5MDZlZDZiZDRjYzE4ZjM0NzJlZThiMDIxNjIyZGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jOzbfsUWuD/TJ+t1HPp1nXACUSB
8gQ3+cUgYQmxWI+JWhcijDGNIJxsReCT7/4VwmtRbtk9YoVBmnVFc15ozUcd0Y7I
TEhwODbZQQ8PghBzNK3gPqxGU8L2RGAy2GSt5dqTGndMenLcSJeQKFmp870pely4
QxDcc0v+lgasbg0C0DAewc4YucrNWedEsLwWVrJDeQpmgZ1HHHAxPRNN87xpuiqJ
vC3YrFd9lYw0mTQdVNQ27K4WlDw9E9pRS1PNe4RamioWvY81IMkkgMZRCfxPZj8N
ZaTvxosMIcysx7tDaDH2t3luhMAddviHs4gzzrBIZTNdcBYGEy16uCTqFwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFA4ibkP5Bu1r1MwY80cu6LAhYi2tMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvRGlKdVFfa0c3V3ZVekJqelJ5N29zQ0ZpTGEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQABZ8wMAwD
BAEFnzIDBAEFnzQDBAAFnzcDBABZLtgDBAFZLtowDAMEALkDyQMEArkDyAMEALzw
1DANBgkqhkiG9w0BAQsFAAOCAQEAav/pCr7uOjuJpjm7ZMaqJxWJyLz9xtWLFQW6
8RjeF0Te/k9sdNqjsp8GF+A5yODdKxYgwgl6jWNaOOYg6Tmoq8KrnbH0LfpgHPUY
gE1++vRbEKA+PmJiDS9zxl3lu+a6kCe3itdTFrKccs6J6ZzGyNoI3nhArQmPRPbJ
9bJ0Ya45qi6YrZrnYZMsk68rkZmcphd6ieRI3nOfKEc2wz7Pmiy1t9uhkvxgIfMc
/QfgiU85h73kBS08lZLLEjzqO3r+J/+tRMQeOzjYqTjI0dt98Qtrdk0D18+RBRgG
trSHcPxNxdeW21GoasKj9XWhZKcF3hJWGszayHMiOA2wNvlwug==
-----END CERTIFICATE-----