Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/S7cvUB4j_UAWLlorKkQpKplvSek.roa
File:                     S7cvUB4j_UAWLlorKkQpKplvSek.roa (raw, json)
Hash identifier:          BzDMJKCxDcsJF5G/pnwJpmaeHc/VSanQaPg+mRpgeIU=
Subject key identifier:   4B:B7:2F:50:1E:23:FD:40:16:2E:5A:2B:2A:44:29:2A:99:6F:49:E9
Certificate issuer:       /CN=69a4d6916b93159aa80984a9b3774683bb550ebd
Certificate serial:       01956586FC201AAE25BD3D3C8C6AA1DC766A
Authority key identifier: 69:A4:D6:91:6B:93:15:9A:A8:09:84:A9:B3:77:46:83:BB:55:0E:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aaTWkWuTFZqoCYSps3dGg7tVDr0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/S7cvUB4j_UAWLlorKkQpKplvSek.roa
Signing time:             Wed 05 Mar 2025 08:58:19 +0000
ROA not before:           Wed 05 Mar 2025 08:58:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41535
IP address blocks:        62.113.80.0/22 maxlen: 22
                          62.213.86.0/24 maxlen: 24
                          77.221.130.0/24 maxlen: 24
                          89.253.192.0/21 maxlen: 21
                          89.253.200.0/21 maxlen: 21
                          89.253.202.0/24 maxlen: 24
                          89.253.203.0/24 maxlen: 24
                          89.253.208.0/21 maxlen: 21
                          89.253.216.0/21 maxlen: 21
                          89.253.224.0/21 maxlen: 21
                          89.253.232.0/21 maxlen: 21
                          89.253.240.0/21 maxlen: 21
                          89.253.248.0/21 maxlen: 21
                          109.120.162.0/24 maxlen: 24
                          109.120.167.0/24 maxlen: 24
                          109.120.172.0/24 maxlen: 24
                          193.32.198.0/23 maxlen: 23

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:65:86:fc:20:1a:ae:25:bd:3d:3c:8c:6a:a1:dc:76:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69a4d6916b93159aa80984a9b3774683bb550ebd
        Validity
            Not Before: Mar  5 08:58:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4bb72f501e23fd40162e5a2b2a44292a996f49e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:3b:75:a1:21:14:e4:c4:79:ba:f8:87:df:ba:
                    47:2a:77:50:a7:68:eb:91:30:d7:d7:85:e5:1b:40:
                    1b:ae:38:3c:57:e1:9a:37:f2:bb:4d:ad:14:77:4f:
                    b6:3e:73:1c:f7:dd:f5:78:08:79:3f:50:d4:81:7b:
                    c5:ec:ec:04:8a:58:ee:15:37:53:88:95:de:be:3a:
                    39:7b:4e:7e:1c:00:57:66:d0:fc:f9:4a:54:5a:6d:
                    27:09:ed:76:62:e8:6d:e5:1b:9e:f4:c6:65:68:94:
                    07:c7:6d:3b:00:b1:7f:3c:ec:63:5b:50:04:d6:dd:
                    1d:85:d8:93:7e:37:14:5f:89:03:fe:5c:80:f5:fd:
                    db:57:1d:e1:d8:97:b4:e8:a7:f0:8d:c2:4b:a8:0f:
                    59:f5:bc:38:7d:b0:e4:81:a8:86:36:05:6a:69:fe:
                    b0:6f:a9:c2:0a:00:e3:7a:1c:00:68:ac:01:10:c8:
                    4b:76:5b:d6:05:b7:70:98:51:99:ac:29:81:78:75:
                    ac:fa:02:8a:b6:7d:fa:3c:fa:b5:a8:cf:ad:ac:9a:
                    8e:0c:b5:b8:a5:9c:2f:a0:58:cc:62:00:18:26:1d:
                    9d:bd:48:cf:7b:25:80:8e:01:f4:30:f4:09:5f:c5:
                    2b:d1:97:99:1f:1d:cb:65:92:11:08:7b:3b:45:93:
                    73:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:B7:2F:50:1E:23:FD:40:16:2E:5A:2B:2A:44:29:2A:99:6F:49:E9
            X509v3 Authority Key Identifier:
                keyid:69:A4:D6:91:6B:93:15:9A:A8:09:84:A9:B3:77:46:83:BB:55:0E:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aaTWkWuTFZqoCYSps3dGg7tVDr0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/S7cvUB4j_UAWLlorKkQpKplvSek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/aaTWkWuTFZqoCYSps3dGg7tVDr0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.113.80.0/22
                  62.213.86.0/24
                  77.221.130.0/24
                  89.253.192.0/18
                  109.120.162.0/24
                  109.120.167.0/24
                  109.120.172.0/24
                  193.32.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:eb:d9:e1:86:a5:28:18:98:72:72:c6:89:04:b1:f9:c1:60:
         56:80:1b:8d:05:c1:d8:cd:98:19:83:93:40:1f:4c:67:2d:64:
         bd:32:06:d4:ba:9e:da:2f:99:32:da:82:2e:56:b8:0d:95:a8:
         2c:e8:27:1a:60:26:3c:63:4c:ce:01:24:d8:3e:de:34:da:0d:
         d0:13:7f:b8:e1:88:c5:e3:02:e5:6f:f4:e0:a6:cb:69:90:df:
         45:02:99:1f:70:49:f8:4e:23:c7:91:7d:6d:41:a4:6f:e0:9a:
         06:f2:70:93:e7:c0:0a:c8:5a:32:6f:c1:e1:2a:08:8e:6a:c9:
         66:09:94:db:ed:3a:82:fe:67:97:52:47:60:76:8b:05:80:1b:
         75:b8:07:e3:50:db:47:e2:a4:97:d2:b9:ca:3a:97:86:d9:66:
         0f:03:a1:95:61:9b:e0:e3:6f:3f:c5:15:d2:69:38:c9:e6:3a:
         6e:29:3c:5c:57:92:25:fd:70:5f:8b:70:10:e4:72:fb:4c:39:
         62:99:dd:04:cd:e5:e8:da:6d:1c:b7:be:1d:b0:11:d1:26:90:
         a6:82:11:da:97:88:c9:ad:d8:88:76:16:94:7e:a3:26:43:ed:
         10:bd:31:83:cf:f4:7e:9d:94:f2:5c:34:94:06:e2:e9:55:b7:
         86:ce:bb:fd
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZVlhvwgGq4lvT08jGqh3HZqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5YTRkNjkxNmI5MzE1OWFhODA5ODRhOWIzNzc0NjgzYmI1
NTBlYmQwHhcNMjUwMzA1MDg1ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmI3MmY1MDFlMjNmZDQwMTYyZTVhMmIyYTQ0MjkyYTk5NmY0OWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDt1oSEU5MR5uviH37pHKndQp2jr
kTDX14XlG0Abrjg8V+GaN/K7Ta0Ud0+2PnMc9931eAh5P1DUgXvF7OwEiljuFTdT
iJXevjo5e05+HABXZtD8+UpUWm0nCe12Yuht5Rue9MZlaJQHx207ALF/POxjW1AE
1t0dhdiTfjcUX4kD/lyA9f3bVx3h2Je06KfwjcJLqA9Z9bw4fbDkgaiGNgVqaf6w
b6nCCgDjehwAaKwBEMhLdlvWBbdwmFGZrCmBeHWs+gKKtn36PPq1qM+trJqODLW4
pZwvoFjMYgAYJh2dvUjPeyWAjgH0MPQJX8Ur0ZeZHx3LZZIRCHs7RZNztwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFEu3L1AeI/1AFi5aKypEKSqZb0npMB8GA1UdIwQY
MBaAFGmk1pFrkxWaqAmEqbN3RoO7VQ69MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWFUV2tXdVRGWnFvQ1lTcHMzZEdnN3RWRHIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9jMDMxZTUtZmM2Ny00MWY1LThlYmUt
MzE5NzExMDA5N2M5LzEvUzdjdlVCNGpfVUFXTGxvcktrUXBLcGx2U2VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9jMDMxZTUtZmM2Ny00MWY1LThlYmUtMzE5NzExMDA5N2M5
LzEvYWFUV2tXdVRGWnFvQ1lTcHMzZEdnN3RWRHIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCPnFQAwQA
PtVWAwQATd2CAwQGWf3AAwQAbXiiAwQAbXinAwQAbXisAwQBwSDGMA0GCSqGSIb3
DQEBCwUAA4IBAQB/69nhhqUoGJhycsaJBLH5wWBWgBuNBcHYzZgZg5NAH0xnLWS9
MgbUup7aL5ky2oIuVrgNlags6CcaYCY8Y0zOASTYPt402g3QE3+44YjF4wLlb/Tg
pstpkN9FApkfcEn4TiPHkX1tQaRv4JoG8nCT58AKyFoyb8HhKgiOaslmCZTb7TqC
/meXUkdgdosFgBt1uAfjUNtH4qSX0rnKOpeG2WYPA6GVYZvg428/xRXSaTjJ5jpu
KTxcV5Il/XBfi3AQ5HL7TDlimd0EzeXo2m0ct74dsBHRJpCmghHal4jJrdiIdhaU
fqMmQ+0QvTGDz/R+nZTyXDSUBuLpVbeGzrv9
-----END CERTIFICATE-----