Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/e21739-b00b-41c8-a645-db9c3a0c08b9/1/HNpMhKMf-UOKB_2xrTd5Ah5Jh4E.roa
File:                     HNpMhKMf-UOKB_2xrTd5Ah5Jh4E.roa (raw, json)
Hash identifier:          wTidaPS7G17Hoeusbm7EV9pgsdks7oYQI4PUUl46YEc=
Subject key identifier:   1C:DA:4C:84:A3:1F:F9:43:8A:07:FD:B1:AD:37:79:02:1E:49:87:81
Certificate issuer:       /CN=1ccd05226cb4c1979f96a06d2eb6683b5b0f6a8e
Certificate serial:       01942068706AE995D3434189E30E27D386E9
Authority key identifier: 1C:CD:05:22:6C:B4:C1:97:9F:96:A0:6D:2E:B6:68:3B:5B:0F:6A:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HM0FImy0wZeflqBtLrZoO1sPao4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/e21739-b00b-41c8-a645-db9c3a0c08b9/1/HNpMhKMf-UOKB_2xrTd5Ah5Jh4E.roa
Signing time:             Wed 01 Jan 2025 05:48:22 +0000
ROA not before:           Wed 01 Jan 2025 05:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15699
IP address blocks:        37.46.72.0/21 maxlen: 32
                          87.236.216.0/21 maxlen: 32
                          88.151.208.0/21 maxlen: 32
                          94.24.112.0/20 maxlen: 32
                          109.235.128.0/21 maxlen: 32
                          185.11.200.0/22 maxlen: 32
                          185.32.28.0/22 maxlen: 32
                          185.32.28.0/24 maxlen: 32
                          212.36.64.0/19 maxlen: 32
                          2a00:6640::/32 maxlen: 32
                          2a01:1c8::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:70:6a:e9:95:d3:43:41:89:e3:0e:27:d3:86:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ccd05226cb4c1979f96a06d2eb6683b5b0f6a8e
        Validity
            Not Before: Jan  1 05:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1cda4c84a31ff9438a07fdb1ad3779021e498781
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:aa:30:03:69:a1:61:79:cb:cb:72:6e:a5:f5:
                    8f:89:65:c7:50:b1:a9:84:08:cd:44:d2:dd:ee:6f:
                    95:10:83:b4:59:76:73:72:b1:94:fa:0d:98:0a:25:
                    c0:50:a1:fc:a2:88:6c:dc:73:6d:2a:b0:4a:73:1a:
                    e6:40:3e:e9:e4:75:46:00:6f:e7:23:c9:7c:df:f0:
                    b4:58:34:90:27:b1:07:31:4c:4e:d5:81:99:fe:e4:
                    19:a4:67:de:28:14:71:bc:ba:fc:2e:0e:60:b8:38:
                    27:e4:c3:35:ff:4d:8a:e7:6e:8f:2c:95:00:44:8a:
                    c9:09:74:93:fb:0a:fc:56:74:b7:39:db:c9:ce:f6:
                    40:bb:90:24:01:5d:cb:9a:d6:c9:0c:1c:ab:9f:9b:
                    ba:04:88:f9:14:8e:52:64:42:cb:65:33:da:3a:68:
                    8f:a0:18:94:ca:8b:24:dd:3d:4e:47:82:fc:ce:4a:
                    ab:9a:e1:2c:fb:3e:7a:fe:15:e7:0e:82:c7:0e:e6:
                    a3:01:28:38:43:64:ce:db:c7:84:e5:f2:47:9d:a9:
                    48:ef:c7:08:76:88:2c:f4:ca:f3:ab:e0:6c:cb:b3:
                    55:da:bb:6d:43:2a:5c:07:44:a1:b6:0b:17:bc:25:
                    17:c4:ad:21:b0:a1:3f:95:27:3f:3e:4b:a7:9a:88:
                    8c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:DA:4C:84:A3:1F:F9:43:8A:07:FD:B1:AD:37:79:02:1E:49:87:81
            X509v3 Authority Key Identifier:
                keyid:1C:CD:05:22:6C:B4:C1:97:9F:96:A0:6D:2E:B6:68:3B:5B:0F:6A:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HM0FImy0wZeflqBtLrZoO1sPao4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e21739-b00b-41c8-a645-db9c3a0c08b9/1/HNpMhKMf-UOKB_2xrTd5Ah5Jh4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e21739-b00b-41c8-a645-db9c3a0c08b9/1/HM0FImy0wZeflqBtLrZoO1sPao4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.72.0/21
                  87.236.216.0/21
                  88.151.208.0/21
                  94.24.112.0/20
                  109.235.128.0/21
                  185.11.200.0/22
                  185.32.28.0/22
                  212.36.64.0/19
                IPv6:
                  2a00:6640::/32
                  2a01:1c8::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:94:c6:23:01:1f:22:85:a0:12:1f:a7:9c:89:de:18:86:f2:
         79:7e:b3:77:33:19:c5:a7:dd:30:a3:cd:ea:10:82:64:ef:4c:
         23:eb:32:60:c0:a1:a5:72:77:6d:85:a5:a2:db:eb:e6:be:96:
         84:01:3e:ec:79:0d:9a:b7:7c:75:9c:ea:4d:aa:88:26:67:b2:
         4f:1c:c7:9f:c1:e4:29:80:98:46:0f:11:cf:2d:f4:f4:d5:ea:
         00:d1:84:21:7c:1a:5d:a1:54:12:03:8d:b9:f6:4d:ea:69:b2:
         6c:eb:0e:7c:a5:41:51:f1:ff:0d:54:cd:e1:62:b0:e7:73:85:
         91:e2:3e:24:1a:64:5a:42:2c:a4:a0:e1:d0:ca:da:57:16:2d:
         82:a2:3b:7c:3b:f2:b4:14:4e:03:3c:46:10:37:dd:b1:21:ed:
         9f:ea:bd:87:8e:78:6d:96:f3:9b:f1:62:6f:87:6e:d5:cc:c0:
         97:8b:a2:ca:04:2d:7e:c0:3e:ee:b0:0e:96:4d:7c:7b:74:c8:
         24:56:6b:54:97:0c:4a:63:5a:ca:ee:34:b0:58:ad:17:a8:85:
         53:2b:64:7e:8b:74:d4:d8:bb:ef:64:db:87:da:5a:e2:29:66:
         19:ba:d3:ff:3b:a7:15:1e:42:d6:84:fd:61:90:27:5d:08:4e:
         80:aa:c2:af
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZQgaHBq6ZXTQ0GJ4w4n04bpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjY2QwNTIyNmNiNGMxOTc5Zjk2YTA2ZDJlYjY2ODNiNWIw
ZjZhOGUwHhcNMjUwMTAxMDU0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2RhNGM4NGEzMWZmOTQzOGEwN2ZkYjFhZDM3NzkwMjFlNDk4NzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKowA2mhYXnLy3JupfWPiWXHULGp
hAjNRNLd7m+VEIO0WXZzcrGU+g2YCiXAUKH8oohs3HNtKrBKcxrmQD7p5HVGAG/n
I8l83/C0WDSQJ7EHMUxO1YGZ/uQZpGfeKBRxvLr8Lg5guDgn5MM1/02K526PLJUA
RIrJCXST+wr8VnS3OdvJzvZAu5AkAV3LmtbJDByrn5u6BIj5FI5SZELLZTPaOmiP
oBiUyosk3T1OR4L8zkqrmuEs+z56/hXnDoLHDuajASg4Q2TO28eE5fJHnalI78cI
dogs9Mrzq+Bsy7NV2rttQypcB0ShtgsXvCUXxK0hsKE/lSc/PkunmoiMCwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFBzaTISjH/lDigf9sa03eQIeSYeBMB8GA1UdIwQY
MBaAFBzNBSJstMGXn5agbS62aDtbD2qOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSE0wRklteTB3WmVmbHFCdExyWm9PMXNQYW80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9lMjE3MzktYjAwYi00MWM4LWE2NDUt
ZGI5YzNhMGMwOGI5LzEvSE5wTWhLTWYtVU9LQl8yeHJUZDVBaDVKaDRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9lMjE3MzktYjAwYi00MWM4LWE2NDUtZGI5YzNhMGMwOGI5
LzEvSE0wRklteTB3WmVmbHFCdExyWm9PMXNQYW80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQDJS5IAwQD
V+zYAwQDWJfQAwQEXhhwAwQDbeuAAwQCuQvIAwQCuSAcAwQF1CRAMBQEAgACMA4D
BQAqAGZAAwUAKgEByDANBgkqhkiG9w0BAQsFAAOCAQEAhZTGIwEfIoWgEh+nnIne
GIbyeX6zdzMZxafdMKPN6hCCZO9MI+syYMChpXJ3bYWlotvr5r6WhAE+7HkNmrd8
dZzqTaqIJmeyTxzHn8HkKYCYRg8Rzy309NXqANGEIXwaXaFUEgONufZN6mmybOsO
fKVBUfH/DVTN4WKw53OFkeI+JBpkWkIspKDh0MraVxYtgqI7fDvytBROAzxGEDfd
sSHtn+q9h454bZbzm/Fib4du1czAl4uiygQtfsA+7rAOlk18e3TIJFZrVJcMSmNa
yu40sFitF6iFUytkfot01Ni772Tbh9pa4ilmGbrT/zunFR5C1oT9YZAnXQhOgKrC
rw==
-----END CERTIFICATE-----