Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/irgE62FP9Bqdx-R9O0eEoVyTzLI.roa
File:                     irgE62FP9Bqdx-R9O0eEoVyTzLI.roa (raw, json)
Hash identifier:          0pRO/jK057L8IhiSQynfBabsD9kG6isQLRH5rIY40d0=
Subject key identifier:   8A:B8:04:EB:61:4F:F4:1A:9D:C7:E4:7D:3B:47:84:A1:5C:93:CC:B2
Certificate issuer:       /CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
Certificate serial:       01935D54F8FBC5FC09B9E348DF3855E00748
Authority key identifier: D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/irgE62FP9Bqdx-R9O0eEoVyTzLI.roa
Signing time:             Sun 24 Nov 2024 08:41:09 +0000
ROA not before:           Sun 24 Nov 2024 08:41:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197889
IP address blocks:        77.221.32.0/20 maxlen: 20
                          77.221.32.0/22 maxlen: 22
                          77.221.32.0/23 maxlen: 23
                          77.221.32.0/24 maxlen: 24
                          77.221.33.0/24 maxlen: 24
                          77.221.34.0/23 maxlen: 23
                          77.221.34.0/24 maxlen: 24
                          77.221.35.0/24 maxlen: 24
                          77.221.43.0/24 maxlen: 24
                          77.221.44.0/23 maxlen: 23
                          77.221.46.0/23 maxlen: 23
                          77.221.49.0/24 maxlen: 24
                          77.221.52.0/23 maxlen: 23
                          77.221.54.0/23 maxlen: 24
                          77.221.56.0/23 maxlen: 23
                          77.221.62.0/24 maxlen: 24
                          2a10:4940::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:5d:54:f8:fb:c5:fc:09:b9:e3:48:df:38:55:e0:07:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
        Validity
            Not Before: Nov 24 08:41:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ab804eb614ff41a9dc7e47d3b4784a15c93ccb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e6:22:08:3b:77:11:d2:76:fb:8f:fb:1c:35:
                    9c:40:6c:5a:3c:b2:42:67:43:ec:55:c0:57:0e:e5:
                    a4:c8:95:c7:96:6e:67:ce:11:d8:a5:08:4e:06:ae:
                    c2:22:53:28:76:02:2b:44:e9:08:08:9d:ae:b6:94:
                    37:d0:83:7f:87:e7:c9:48:8c:5c:78:35:9a:07:f4:
                    cb:61:14:ad:36:9a:20:41:49:b8:0e:e1:d4:4b:fe:
                    eb:cd:d4:a4:17:c2:35:47:be:31:79:20:83:15:58:
                    51:af:e9:b7:29:e7:bc:1d:c4:5f:af:24:04:4c:b8:
                    1d:9f:44:0c:2f:78:7e:f7:ef:32:2c:40:ba:9d:8b:
                    39:57:82:7f:50:56:c7:d2:16:c5:21:05:7f:20:44:
                    9b:67:e1:09:58:3a:78:76:60:75:06:a6:a1:b5:61:
                    a8:7d:33:04:0a:e6:b7:b5:4b:3a:1c:1d:27:77:82:
                    6b:1c:b5:42:88:5b:bb:c5:83:64:0c:e7:5a:6e:83:
                    f0:79:45:cb:8a:1b:37:41:08:58:0a:35:66:09:41:
                    96:c7:18:03:96:9e:9b:87:f9:c1:60:58:d7:f2:f6:
                    63:3e:1c:8d:4d:eb:f3:ea:28:53:65:d5:29:d2:00:
                    22:d8:f7:1e:c6:cb:df:a7:81:79:26:db:8d:31:8a:
                    de:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:B8:04:EB:61:4F:F4:1A:9D:C7:E4:7D:3B:47:84:A1:5C:93:CC:B2
            X509v3 Authority Key Identifier:
                keyid:D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/irgE62FP9Bqdx-R9O0eEoVyTzLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.32.0/20
                  77.221.49.0/24
                  77.221.52.0-77.221.57.255
                  77.221.62.0/24
                IPv6:
                  2a10:4940::/32

    Signature Algorithm: sha256WithRSAEncryption
         aa:da:0f:5c:9a:01:ff:0c:3c:3e:e4:3d:d7:13:c3:df:0f:1b:
         57:92:ca:d2:f6:68:dd:92:8d:84:09:9c:db:0b:9a:25:fb:bb:
         c9:56:05:73:c1:1b:ce:ba:9d:cd:d4:3b:bd:35:15:18:4f:8a:
         86:84:ae:ec:34:21:37:c8:a1:c0:29:fe:98:7e:c3:06:a1:bb:
         25:f3:de:f6:1c:57:16:98:f2:bd:44:ce:83:92:30:bf:b0:ac:
         59:e2:79:35:27:ed:7b:35:92:3f:91:fb:55:81:5a:0c:9a:87:
         06:b4:d7:8a:51:8f:3d:ab:f4:e5:8d:c0:3e:52:38:eb:44:6b:
         c4:fe:ad:fa:28:31:42:58:e7:56:28:2b:f6:39:53:e3:84:85:
         5d:c1:e2:df:0a:88:5a:81:97:ee:a6:4f:60:45:a5:ee:dc:b3:
         24:73:0d:46:6f:f4:79:5b:74:cc:17:b2:98:89:61:e6:b9:08:
         9a:b0:9a:2e:a1:12:c9:16:02:f2:3b:5c:f4:ba:f1:e2:3c:49:
         b2:f1:a2:18:72:fb:9c:34:8e:85:f2:2f:53:34:6e:3e:ea:78:
         d9:47:ba:7c:6e:ca:00:23:53:bd:d8:88:30:37:2d:19:dc:64:
         e6:0e:67:66:c0:c5:0a:c2:03:33:43:bf:c4:bb:e6:5e:9d:e1:
         e4:48:60:86
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZNdVPj7xfwJueNI3zhV4AdIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDM2NDIwNzZkMjdlMjUyZmE5MGJmMWE0Mjk2ZjhiY2Q5
ZDBjZjEwHhcNMjQxMTI0MDg0MTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWI4MDRlYjYxNGZmNDFhOWRjN2U0N2QzYjQ3ODRhMTVjOTNjY2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeYiCDt3EdJ2+4/7HDWcQGxaPLJC
Z0PsVcBXDuWkyJXHlm5nzhHYpQhOBq7CIlModgIrROkICJ2utpQ30IN/h+fJSIxc
eDWaB/TLYRStNpogQUm4DuHUS/7rzdSkF8I1R74xeSCDFVhRr+m3Kee8HcRfryQE
TLgdn0QML3h+9+8yLEC6nYs5V4J/UFbH0hbFIQV/IESbZ+EJWDp4dmB1BqahtWGo
fTMECua3tUs6HB0nd4JrHLVCiFu7xYNkDOdaboPweUXLihs3QQhYCjVmCUGWxxgD
lp6bh/nBYFjX8vZjPhyNTevz6ihTZdUp0gAi2Pcexsvfp4F5JtuNMYrewQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFIq4BOthT/QancfkfTtHhKFck8yyMB8GA1UdIwQY
MBaAFNcDZCB20n4lL6kL8aQpb4vNnQzxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGIt
NjU0NTA1YTJkMDQ1LzEvaXJnRTYyRlA5QnFkeC1SOU8wZUVvVnlUekxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGItNjU0NTA1YTJkMDQ1
LzEvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgAwQETd0gAwQA
Td0xMAwDBAJN3TQDBAFN3TgDBABN3T4wDQQCAAIwBwMFACoQSUAwDQYJKoZIhvcN
AQELBQADggEBAKraD1yaAf8MPD7kPdcTw98PG1eSytL2aN2SjYQJnNsLmiX7u8lW
BXPBG866nc3UO701FRhPioaEruw0ITfIocAp/ph+wwahuyXz3vYcVxaY8r1EzoOS
ML+wrFnieTUn7Xs1kj+R+1WBWgyahwa014pRjz2r9OWNwD5SOOtEa8T+rfooMUJY
51YoK/Y5U+OEhV3B4t8KiFqBl+6mT2BFpe7csyRzDUZv9HlbdMwXspiJYea5CJqw
mi6hEskWAvI7XPS68eI8SbLxohhy+5w0joXyL1M0bj7qeNlHunxuygAjU73YiDA3
LRncZOYOZ2bAxQrCAzNDv8S75l6d4eRIYIY=
-----END CERTIFICATE-----