Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/3hNsC21NA9Hwr25r-fGna5Nwzp0.roa
File:                     3hNsC21NA9Hwr25r-fGna5Nwzp0.roa (raw, json)
Hash identifier:          I4wrXZcOGpk4AKJJHd1xXl/IgLzHY6TZGCvrm+4cYDU=
Subject key identifier:   DE:13:6C:0B:6D:4D:03:D1:F0:AF:6E:6B:F9:F1:A7:6B:93:70:CE:9D
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       018D61D8370F3D6AF6279075637C0A72B0A4
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/3hNsC21NA9Hwr25r-fGna5Nwzp0.roa
Signing time:             Wed 31 Jan 2024 23:26:16 +0000
ROA not before:           Wed 31 Jan 2024 23:26:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61431
IP address blocks:        95.181.214.0/24 maxlen: 24
                          95.181.215.0/24 maxlen: 24
                          109.196.128.0/24 maxlen: 24
                          109.196.129.0/24 maxlen: 24
                          109.196.130.0/24 maxlen: 24
                          109.196.131.0/24 maxlen: 24
                          109.196.133.0/24 maxlen: 24
                          109.196.134.0/24 maxlen: 24
                          109.196.135.0/24 maxlen: 24
                          109.196.136.0/23 maxlen: 23
                          109.196.138.0/23 maxlen: 23
                          109.196.140.0/24 maxlen: 24
                          109.196.141.0/24 maxlen: 24
                          109.196.142.0/24 maxlen: 24
                          109.196.143.0/24 maxlen: 24
                          188.68.5.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:61:d8:37:0f:3d:6a:f6:27:90:75:63:7c:0a:72:b0:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan 31 23:26:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de136c0b6d4d03d1f0af6e6bf9f1a76b9370ce9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:45:27:df:89:cb:ee:c2:7f:27:dc:f6:64:b2:
                    46:a8:bc:d0:e9:56:bf:38:c2:be:b4:a5:b8:9e:2c:
                    b8:8c:ba:15:4d:8e:49:b1:77:5d:6b:60:95:38:39:
                    d1:4b:2d:7a:c2:b8:a8:ed:84:ab:a3:24:ac:2f:6b:
                    00:77:69:32:ee:63:2e:b0:fe:04:84:8a:fc:d0:dd:
                    b7:3b:92:bb:76:48:b5:17:eb:11:c0:b1:85:67:74:
                    e1:19:f5:33:67:8c:79:9a:76:ea:64:4d:91:da:b3:
                    05:a8:f2:b4:d0:33:10:fb:81:5f:91:85:39:86:99:
                    1b:ff:f6:31:39:a2:fd:45:93:5e:ae:14:1a:e8:30:
                    bd:d8:2f:06:ed:30:98:ce:9d:6f:48:8b:71:05:c3:
                    1f:10:8f:9e:b4:0f:77:81:32:28:48:8b:99:83:c5:
                    d1:82:f4:a6:1b:2f:8b:88:7d:44:2e:5f:4f:57:6f:
                    4e:1e:97:97:80:b6:25:60:83:aa:e3:5b:dc:de:fc:
                    02:bf:f3:22:fa:c3:cf:7c:e3:c1:7b:df:e8:f4:00:
                    a8:75:dd:34:07:f1:e7:3e:58:ca:c0:ca:3c:21:fe:
                    c7:80:e9:fb:a8:c3:ee:86:aa:81:4f:0e:5d:ab:5a:
                    81:19:a2:b2:8e:4b:95:80:8a:f2:c5:dd:8e:0e:4e:
                    17:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:13:6C:0B:6D:4D:03:D1:F0:AF:6E:6B:F9:F1:A7:6B:93:70:CE:9D
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/3hNsC21NA9Hwr25r-fGna5Nwzp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.214.0/23
                  109.196.128.0/22
                  109.196.133.0-109.196.143.255
                  188.68.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:33:b9:44:79:20:3f:c5:94:ee:79:a6:dd:18:38:77:fe:42:
         4a:e9:1e:41:56:fd:71:83:50:02:1f:b1:39:ff:d9:4d:99:d2:
         59:4e:ae:b6:74:fd:a3:d2:b3:21:f3:48:4e:69:55:90:53:0a:
         52:66:0a:73:0d:57:95:a8:ad:15:12:bc:2b:4c:2d:b8:c3:c1:
         98:f4:7a:e6:cc:84:43:93:70:96:29:da:7b:04:ce:b9:96:3b:
         54:5d:2e:c3:87:3d:c0:a7:bf:13:c9:6f:40:95:c9:9d:5c:e1:
         a1:9d:9e:0b:0c:47:0a:87:5f:d0:a3:06:db:79:12:16:50:bd:
         5f:a1:5b:58:35:d5:22:10:98:e3:e4:89:97:0f:fc:56:62:34:
         a7:90:2b:72:13:49:3a:2d:93:d7:07:8b:b6:44:cb:71:05:37:
         cb:d8:44:a8:9a:dd:12:c5:5d:03:56:8c:54:ea:25:bb:da:23:
         d2:f7:27:d6:7b:dd:0f:67:ab:65:77:92:cf:92:7a:df:b6:8f:
         57:7a:4e:f9:71:83:03:e0:c6:9d:41:7c:b2:73:2b:e4:5a:58:
         b5:82:3b:61:dd:eb:79:32:22:d3:d8:b7:cb:ea:aa:80:b7:94:
         ff:6b:73:5a:8f:50:39:61:f5:2e:ab:57:6a:e6:7a:8b:1f:54:
         bb:e4:b8:b7
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAY1h2DcPPWr2J5B1Y3wKcrCkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjQwMTMxMjMyNjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTEzNmMwYjZkNGQwM2QxZjBhZjZlNmJmOWYxYTc2YjkzNzBjZTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiEUn34nL7sJ/J9z2ZLJGqLzQ6Va/
OMK+tKW4niy4jLoVTY5JsXdda2CVODnRSy16wrio7YSroySsL2sAd2ky7mMusP4E
hIr80N23O5K7dki1F+sRwLGFZ3ThGfUzZ4x5mnbqZE2R2rMFqPK00DMQ+4FfkYU5
hpkb//YxOaL9RZNerhQa6DC92C8G7TCYzp1vSItxBcMfEI+etA93gTIoSIuZg8XR
gvSmGy+LiH1ELl9PV29OHpeXgLYlYIOq41vc3vwCv/Mi+sPPfOPBe9/o9ACodd00
B/HnPljKwMo8If7HgOn7qMPuhqqBTw5dq1qBGaKyjkuVgIryxd2ODk4X0QIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFN4TbAttTQPR8K9ua/nxp2uTcM6dMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvM2hOc0MyMU5BOUh3cjI1ci1mR25hNU53enAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQBX7XWAwQC
bcSAMAwDBABtxIUDBARtxIADBAC8RAUwDQYJKoZIhvcNAQELBQADggEBAIYzuUR5
ID/FlO55pt0YOHf+QkrpHkFW/XGDUAIfsTn/2U2Z0llOrrZ0/aPSsyHzSE5pVZBT
ClJmCnMNV5WorRUSvCtMLbjDwZj0eubMhEOTcJYp2nsEzrmWO1RdLsOHPcCnvxPJ
b0CVyZ1c4aGdngsMRwqHX9CjBtt5EhZQvV+hW1g11SIQmOPkiZcP/FZiNKeQK3IT
STotk9cHi7ZEy3EFN8vYRKia3RLFXQNWjFTqJbvaI9L3J9Z73Q9nq2V3ks+Set+2
j1d6TvlxgwPgxp1BfLJzK+RaWLWCO2Hd63kyItPYt8vqqoC3lP9rc1qPUDlh9S6r
V2rmeosfVLvkuLc=
-----END CERTIFICATE-----