Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/b039bc-213b-457c-96ae-3181db911a13/1/KXd_5OhpNxA2dAEUBM7BRlNmng0.roa
File:                     KXd_5OhpNxA2dAEUBM7BRlNmng0.roa (raw, json)
Hash identifier:          naKbPeMlQvH49cTjg2nRiud0MzlhFN73NWmhIANkiB0=
Subject key identifier:   29:77:7F:E4:E8:69:37:10:36:74:01:14:04:CE:C1:46:53:66:9E:0D
Certificate issuer:       /CN=0d0874b333e35df14fd970e189581da093bc8093
Certificate serial:       019488381DCC5AC510ECEAFDFC65A55CB7BC
Authority key identifier: 0D:08:74:B3:33:E3:5D:F1:4F:D9:70:E1:89:58:1D:A0:93:BC:80:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQh0szPjXfFP2XDhiVgdoJO8gJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/b039bc-213b-457c-96ae-3181db911a13/1/KXd_5OhpNxA2dAEUBM7BRlNmng0.roa
Signing time:             Tue 21 Jan 2025 09:36:06 +0000
ROA not before:           Tue 21 Jan 2025 09:36:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199496
IP address blocks:        95.129.248.0/21 maxlen: 32
                          185.13.76.0/22 maxlen: 32
                          185.65.156.0/22 maxlen: 32
                          185.165.252.0/22 maxlen: 32
                          185.165.254.0/24 maxlen: 24
                          185.165.255.0/24 maxlen: 24
                          185.235.220.0/22 maxlen: 32
                          185.249.76.0/22 maxlen: 32
                          2a00:83e0::/32 maxlen: 64
                          2a02:f4c0::/29 maxlen: 64
                          2a09:d00::/29 maxlen: 64

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:88:38:1d:cc:5a:c5:10:ec:ea:fd:fc:65:a5:5c:b7:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d0874b333e35df14fd970e189581da093bc8093
        Validity
            Not Before: Jan 21 09:36:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29777fe4e86937103674011404cec14653669e0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d0:c0:d6:2e:2e:36:88:91:ba:dd:9d:ef:bf:
                    df:53:c5:42:89:a9:5d:a8:89:58:49:fd:7d:44:0e:
                    d4:a2:8a:cd:65:e1:91:e7:2c:b3:bf:ff:81:96:5b:
                    87:93:e9:1e:3d:61:43:ca:d6:f0:b5:aa:95:49:d2:
                    a2:23:68:19:3d:f1:b2:1f:4b:f2:86:2d:dc:92:f3:
                    05:4e:56:82:d3:0b:ef:3b:73:fc:aa:3d:90:f0:f8:
                    cd:8c:ee:0a:10:a7:b5:c6:5b:fb:a5:f9:08:e3:40:
                    d1:52:67:47:35:90:42:c0:34:cc:ea:c6:6d:8f:ad:
                    b5:08:32:1c:61:66:e5:4a:fa:79:5f:08:36:fc:02:
                    19:e2:67:1d:c4:53:57:3c:ee:c5:41:b9:0a:1a:8f:
                    22:d0:f7:3a:5a:1a:49:5d:f3:9f:4d:af:09:fc:7c:
                    bf:c7:f5:c1:bd:ae:a2:84:98:09:7c:b6:b9:0b:7f:
                    24:fa:45:02:41:eb:d6:b7:d5:d6:6d:b8:a6:cb:fa:
                    7c:8a:b6:b2:ae:2f:2d:b2:ca:7a:3f:bd:80:0e:bc:
                    bd:42:92:9b:4e:4c:84:2e:e6:90:75:cb:30:48:f4:
                    a8:09:00:80:b7:c8:2b:c9:02:c8:ea:8b:e7:2f:da:
                    4e:98:8a:cc:0f:93:fa:ae:68:e1:7e:69:7d:c1:57:
                    31:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:77:7F:E4:E8:69:37:10:36:74:01:14:04:CE:C1:46:53:66:9E:0D
            X509v3 Authority Key Identifier:
                keyid:0D:08:74:B3:33:E3:5D:F1:4F:D9:70:E1:89:58:1D:A0:93:BC:80:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQh0szPjXfFP2XDhiVgdoJO8gJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/b039bc-213b-457c-96ae-3181db911a13/1/KXd_5OhpNxA2dAEUBM7BRlNmng0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/b039bc-213b-457c-96ae-3181db911a13/1/DQh0szPjXfFP2XDhiVgdoJO8gJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.129.248.0/21
                  185.13.76.0/22
                  185.65.156.0/22
                  185.165.252.0/22
                  185.235.220.0/22
                  185.249.76.0/22
                IPv6:
                  2a00:83e0::/32
                  2a02:f4c0::/29
                  2a09:d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:b9:68:c1:73:a5:94:5c:b0:c3:6e:9b:0b:09:5b:58:0c:e7:
         98:25:6d:bc:af:34:f9:08:59:a5:43:9b:67:e2:e4:ec:ce:4c:
         fb:85:91:d0:38:20:03:00:65:fa:ed:09:22:ce:46:65:34:7c:
         77:a0:8a:7c:28:73:3b:ac:ea:bc:06:65:38:59:03:29:79:94:
         63:5f:0b:8b:dd:bd:ee:47:ee:b1:9e:71:13:0f:7d:b4:04:89:
         39:81:bb:5e:9a:10:58:7f:40:56:30:16:8a:af:79:ef:d1:08:
         28:95:ed:12:50:50:4d:e6:99:f8:81:4e:49:dd:ff:9a:f6:87:
         04:a4:6f:b4:1c:7c:34:dc:37:b6:40:aa:26:68:17:66:43:69:
         48:09:f3:16:d1:0d:a7:75:8c:ce:ef:65:89:5f:6d:e3:df:2b:
         b7:e2:b8:e7:45:04:b4:85:5b:17:a9:82:40:9b:11:e8:96:1f:
         73:e4:62:98:3f:af:26:9b:00:c9:08:37:ea:a2:ee:ab:70:44:
         61:95:f4:77:f7:b8:9e:30:c8:11:4b:44:da:73:fc:56:74:4d:
         94:f7:b0:d8:5d:70:b4:a2:e4:4b:76:4e:68:b4:fb:a4:90:83:
         b6:cb:4f:77:56:a7:5c:dd:81:5f:be:e0:d6:43:11:0a:10:b1:
         d9:c5:eb:f4
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZSIOB3MWsUQ7Or9/GWlXLe8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMDg3NGIzMzNlMzVkZjE0ZmQ5NzBlMTg5NTgxZGEwOTNi
YzgwOTMwHhcNMjUwMTIxMDkzNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTc3N2ZlNGU4NjkzNzEwMzY3NDAxMTQwNGNlYzE0NjUzNjY5ZTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNDA1i4uNoiRut2d77/fU8VCiald
qIlYSf19RA7UoorNZeGR5yyzv/+BlluHk+kePWFDytbwtaqVSdKiI2gZPfGyH0vy
hi3ckvMFTlaC0wvvO3P8qj2Q8PjNjO4KEKe1xlv7pfkI40DRUmdHNZBCwDTM6sZt
j621CDIcYWblSvp5Xwg2/AIZ4mcdxFNXPO7FQbkKGo8i0Pc6WhpJXfOfTa8J/Hy/
x/XBva6ihJgJfLa5C38k+kUCQevWt9XWbbimy/p8irayri8tssp6P72ADry9QpKb
TkyELuaQdcswSPSoCQCAt8gryQLI6ovnL9pOmIrMD5P6rmjhfml9wVcxewIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFCl3f+ToaTcQNnQBFATOwUZTZp4NMB8GA1UdIwQY
MBaAFA0IdLMz413xT9lw4YlYHaCTvICTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFFoMHN6UGpYZkZQMlhEaGlWZ2RvSk84Z0pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9iMDM5YmMtMjEzYi00NTdjLTk2YWUt
MzE4MWRiOTExYTEzLzEvS1hkXzVPaHBOeEEyZEFFVUJNN0JSbE5tbmcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9iMDM5YmMtMjEzYi00NTdjLTk2YWUtMzE4MWRiOTExYTEz
LzEvRFFoMHN6UGpYZkZQMlhEaGlWZ2RvSk84Z0pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTAqBAIAATAkAwQDX4H4AwQC
uQ1MAwQCuUGcAwQCuaX8AwQCuevcAwQCuflMMBsEAgACMBUDBQAqAIPgAwUDKgL0
wAMFAyoJDQAwDQYJKoZIhvcNAQELBQADggEBAIW5aMFzpZRcsMNumwsJW1gM55gl
bbyvNPkIWaVDm2fi5OzOTPuFkdA4IAMAZfrtCSLORmU0fHeginwoczus6rwGZThZ
Ayl5lGNfC4vdve5H7rGecRMPfbQEiTmBu16aEFh/QFYwFoqvee/RCCiV7RJQUE3m
mfiBTknd/5r2hwSkb7QcfDTcN7ZAqiZoF2ZDaUgJ8xbRDad1jM7vZYlfbePfK7fi
uOdFBLSFWxepgkCbEeiWH3PkYpg/ryabAMkIN+qi7qtwRGGV9Hf3uJ4wyBFLRNpz
/FZ0TZT3sNhdcLSi5Et2Tmi0+6SQg7bLT3dWp1zdgV++4NZDEQoQsdnF6/Q=
-----END CERTIFICATE-----