Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/bBOmHEG9XWs4THn8zHaAaHkEnrM.roa
File:                     bBOmHEG9XWs4THn8zHaAaHkEnrM.roa (raw, json)
Hash identifier:          WXIgdeZA2i1aZMABd+s7darQqsU83CpDwtg9MEpPXbc=
Subject key identifier:   6C:13:A6:1C:41:BD:5D:6B:38:4C:79:FC:CC:76:80:68:79:04:9E:B3
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       01961BF6F79ECC6497C4BD0B50D7168FBEB9
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/bBOmHEG9XWs4THn8zHaAaHkEnrM.roa
Signing time:             Wed 09 Apr 2025 19:11:32 +0000
ROA not before:           Wed 09 Apr 2025 19:11:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59729
IP address blocks:        5.42.192.0/24 maxlen: 24
                          5.42.195.0/24 maxlen: 24
                          5.42.209.0/24 maxlen: 24
                          5.42.210.0/24 maxlen: 24
                          91.213.230.0/24 maxlen: 24
                          193.9.20.0/24 maxlen: 24
                          193.200.199.0/24 maxlen: 24
                          194.26.204.0/24 maxlen: 24
                          194.55.170.0/24 maxlen: 24
                          212.18.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1b:f6:f7:9e:cc:64:97:c4:bd:0b:50:d7:16:8f:be:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr  9 19:11:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c13a61c41bd5d6b384c79fccc76806879049eb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:91:79:31:db:d1:73:58:0b:bd:d6:84:35:f2:
                    e4:94:01:16:2a:dd:7c:e4:07:a1:db:ad:5e:5e:2e:
                    76:fd:49:eb:a3:2e:7f:f0:21:25:07:3d:cb:3a:7f:
                    7f:8d:45:db:a0:7e:ff:51:65:8e:1f:da:4b:e2:02:
                    65:36:ee:4f:36:95:50:5d:18:7d:10:07:73:56:ad:
                    54:67:60:c3:f8:45:35:6b:68:eb:38:63:96:ad:0a:
                    82:7b:d5:e8:1a:b7:6b:5c:65:52:d3:39:81:ad:0a:
                    20:d3:66:d3:e3:fe:5b:15:ff:1d:be:37:c9:75:47:
                    e2:31:04:22:de:ae:e3:e9:dc:6f:e9:48:cb:fa:2b:
                    f5:59:9f:1f:54:ed:12:47:92:33:b8:2f:5d:95:40:
                    61:ee:ff:03:aa:2f:31:ed:db:78:29:21:47:ff:61:
                    92:56:bf:61:36:bb:68:0c:9a:31:11:e9:3c:a7:fa:
                    df:7c:fe:6c:3a:ca:60:b5:50:d7:1a:9c:6b:3d:25:
                    4e:f2:c4:03:33:d7:37:a8:91:66:ff:df:2b:f1:8f:
                    7f:bb:d2:97:a5:2e:61:ee:56:a8:34:dc:3c:7c:83:
                    4a:dd:eb:29:81:82:33:84:98:2d:2b:ba:b9:d5:73:
                    49:a8:5f:db:4b:7c:6b:93:d2:b6:2e:0e:10:95:40:
                    60:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:13:A6:1C:41:BD:5D:6B:38:4C:79:FC:CC:76:80:68:79:04:9E:B3
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/bBOmHEG9XWs4THn8zHaAaHkEnrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.192.0/24
                  5.42.195.0/24
                  5.42.209.0-5.42.210.255
                  91.213.230.0/24
                  193.9.20.0/24
                  193.200.199.0/24
                  194.26.204.0/24
                  194.55.170.0/24
                  212.18.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:49:31:eb:9a:b6:67:c2:cd:80:71:a6:42:24:87:14:1c:1e:
         e0:b6:55:f3:06:3d:76:92:0c:9a:a5:b7:e4:86:c2:f2:ce:df:
         2b:16:26:06:fc:ff:bc:cc:ab:d7:ff:a5:45:0b:82:dc:05:eb:
         8f:ea:6d:61:70:f9:cf:da:f4:65:18:c5:f5:75:6a:7f:f0:03:
         6c:1f:56:eb:80:48:05:00:89:56:36:7e:17:71:96:bc:f7:97:
         da:56:eb:5f:75:50:16:8a:c0:38:56:eb:65:79:f1:7f:cb:6d:
         cf:69:32:a2:70:d9:52:a1:79:ee:9e:c5:33:98:34:e2:3d:9a:
         f2:4c:ca:d3:5b:8e:72:32:cb:81:98:73:b7:74:9d:52:75:66:
         7d:12:41:96:2d:ea:72:9d:dd:8d:44:dc:33:bc:37:d5:e0:e0:
         82:43:64:5f:5c:f2:d1:8c:fb:a1:3e:dd:9b:34:09:13:d7:00:
         0d:4d:af:a1:cd:01:52:a0:74:1f:b4:8c:c9:b5:aa:a8:a6:e4:
         24:9d:da:0c:fb:41:32:75:59:8c:dd:d3:51:43:94:03:da:78:
         15:a4:59:e3:d2:8f:42:73:66:9b:00:26:99:da:0d:da:98:32:
         77:bd:d6:de:05:b3:ee:40:b6:c5:63:9b:ee:cd:66:3e:93:da:
         8d:eb:c1:96
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZYb9veezGSXxL0LUNcWj765MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwNDA5MTkxMTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzEzYTYxYzQxYmQ1ZDZiMzg0Yzc5ZmNjYzc2ODA2ODc5MDQ5ZWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZF5MdvRc1gLvdaENfLklAEWKt18
5Aeh261eXi52/Unroy5/8CElBz3LOn9/jUXboH7/UWWOH9pL4gJlNu5PNpVQXRh9
EAdzVq1UZ2DD+EU1a2jrOGOWrQqCe9XoGrdrXGVS0zmBrQog02bT4/5bFf8dvjfJ
dUfiMQQi3q7j6dxv6UjL+iv1WZ8fVO0SR5IzuC9dlUBh7v8Dqi8x7dt4KSFH/2GS
Vr9hNrtoDJoxEek8p/rffP5sOspgtVDXGpxrPSVO8sQDM9c3qJFm/98r8Y9/u9KX
pS5h7laoNNw8fINK3espgYIzhJgtK7q51XNJqF/bS3xrk9K2Lg4QlUBgPwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFGwTphxBvV1rOEx5/Mx2gGh5BJ6zMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvYkJPbUhFRzlYV3M0VEhuOHpIYUFhSGtFbnJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQABSrAAwQA
BSrDMAwDBAAFKtEDBAAFKtIDBABb1eYDBADBCRQDBADByMcDBADCGswDBADCN6oD
BADUEngwDQYJKoZIhvcNAQELBQADggEBACJJMeuatmfCzYBxpkIkhxQcHuC2VfMG
PXaSDJqlt+SGwvLO3ysWJgb8/7zMq9f/pUULgtwF64/qbWFw+c/a9GUYxfV1an/w
A2wfVuuASAUAiVY2fhdxlrz3l9pW6191UBaKwDhW62V58X/Lbc9pMqJw2VKhee6e
xTOYNOI9mvJMytNbjnIyy4GYc7d0nVJ1Zn0SQZYt6nKd3Y1E3DO8N9Xg4IJDZF9c
8tGM+6E+3Zs0CRPXAA1Nr6HNAVKgdB+0jMm1qqim5CSd2gz7QTJ1WYzd01FDlAPa
eBWkWePSj0JzZpsAJpnaDdqYMne91t4Fs+5AtsVjm+7NZj6T2o3rwZY=
-----END CERTIFICATE-----