Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/e22980-d5e5-41e8-a06a-7469ef203f82/1/3Pz5apja5cKJYgXJqXnfQrYcWDc.roa
File:                     3Pz5apja5cKJYgXJqXnfQrYcWDc.roa (raw, json)
Hash identifier:          tS0StXV35H98QzpAWS3J2vqaI9c0cKyaGDVnVfsQlWI=
Subject key identifier:   DC:FC:F9:6A:98:DA:E5:C2:89:62:05:C9:A9:79:DF:42:B6:1C:58:37
Certificate issuer:       /CN=c87c78b5b06a6f902c510f9b4a8f803ba32dfa84
Certificate serial:       01941F8C90616F43FDE29133F92FE2969EB6
Authority key identifier: C8:7C:78:B5:B0:6A:6F:90:2C:51:0F:9B:4A:8F:80:3B:A3:2D:FA:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yHx4tbBqb5AsUQ-bSo-AO6Mt-oQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/e22980-d5e5-41e8-a06a-7469ef203f82/1/3Pz5apja5cKJYgXJqXnfQrYcWDc.roa
Signing time:             Wed 01 Jan 2025 01:48:13 +0000
ROA not before:           Wed 01 Jan 2025 01:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203391
IP address blocks:        45.83.248.0/22 maxlen: 24
                          45.83.248.0/24 maxlen: 24
                          45.83.249.0/24 maxlen: 24
                          45.83.250.0/24 maxlen: 24
                          45.83.251.0/24 maxlen: 24
                          185.136.96.0/22 maxlen: 24
                          185.136.96.0/24 maxlen: 24
                          185.136.97.0/24 maxlen: 24
                          185.136.98.0/24 maxlen: 24
                          185.136.99.0/24 maxlen: 24
                          2a06:fb00::/29 maxlen: 48
                          2a06:fb00:1::/48 maxlen: 48
                          2a06:fb00:2::/48 maxlen: 48
                          2a06:fb00:3::/48 maxlen: 48
                          2a06:fb00:4::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:90:61:6f:43:fd:e2:91:33:f9:2f:e2:96:9e:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c87c78b5b06a6f902c510f9b4a8f803ba32dfa84
        Validity
            Not Before: Jan  1 01:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcfcf96a98dae5c2896205c9a979df42b61c5837
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7e:95:df:f3:db:92:10:7f:d6:32:19:93:fb:
                    64:55:39:a9:1d:bd:ed:8f:23:5d:a7:a2:8f:a1:48:
                    33:7f:4f:3e:50:51:f5:e8:da:1d:df:88:6c:c1:03:
                    12:c2:12:37:8f:c5:5a:b8:ad:eb:de:6e:a1:f4:55:
                    4c:59:1f:d8:2f:3b:99:43:aa:e4:be:e4:c6:fa:64:
                    70:f4:7f:d9:78:af:44:1d:72:5d:fb:69:1e:a3:94:
                    ea:4a:1f:59:f8:3c:95:ac:53:fb:9d:64:17:fa:85:
                    a9:88:a7:24:3e:bc:aa:a3:b6:c4:a5:7b:fe:10:8d:
                    86:b0:a5:33:36:af:c2:e5:a3:08:52:1b:22:d4:af:
                    79:c9:97:23:7d:65:6b:cf:c2:b3:0f:cd:54:ec:d4:
                    ab:7e:d2:c6:b1:27:35:50:5e:b9:6b:65:d5:60:11:
                    c6:cc:8a:7f:1b:dc:17:74:69:68:1f:be:e0:f9:f5:
                    d6:c6:67:8b:eb:96:18:6b:91:2d:27:c0:0a:67:7e:
                    b6:2d:19:89:5f:04:c5:35:5a:21:f0:45:23:7b:d8:
                    7c:c6:fc:56:8f:77:1f:61:30:a2:65:db:fd:57:e6:
                    38:58:36:f8:7f:a3:56:48:30:e4:51:6d:e9:c7:aa:
                    e5:47:a7:c8:83:ee:c9:c5:03:c4:34:11:ec:f2:b4:
                    90:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:FC:F9:6A:98:DA:E5:C2:89:62:05:C9:A9:79:DF:42:B6:1C:58:37
            X509v3 Authority Key Identifier:
                keyid:C8:7C:78:B5:B0:6A:6F:90:2C:51:0F:9B:4A:8F:80:3B:A3:2D:FA:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yHx4tbBqb5AsUQ-bSo-AO6Mt-oQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/e22980-d5e5-41e8-a06a-7469ef203f82/1/3Pz5apja5cKJYgXJqXnfQrYcWDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/e22980-d5e5-41e8-a06a-7469ef203f82/1/yHx4tbBqb5AsUQ-bSo-AO6Mt-oQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.248.0/22
                  185.136.96.0/22
                IPv6:
                  2a06:fb00::/29

    Signature Algorithm: sha256WithRSAEncryption
         33:e7:a5:3f:83:02:09:8d:2f:96:39:b7:77:00:9e:13:a9:a5:
         44:76:73:ca:23:2e:1d:a8:70:6a:fd:cc:87:d8:55:8d:d0:72:
         69:8b:8a:1b:d6:cc:4d:b9:51:2c:2e:b8:6b:4e:63:ae:07:35:
         c0:45:ce:3c:04:ba:cd:7b:4c:a5:42:8e:63:23:e8:c1:41:f0:
         a2:d0:4c:49:59:9d:62:4a:9a:3a:ae:43:d8:01:f0:2b:74:d7:
         19:6a:ca:f4:82:56:b5:0d:ec:68:2d:be:b6:0f:81:ec:0f:a4:
         20:7b:4b:6c:af:a1:ce:83:41:27:45:39:c1:c4:c2:b5:5f:4e:
         25:bf:cd:6d:4c:54:6b:12:a6:33:91:26:bb:66:de:ff:1b:38:
         b0:93:36:99:4a:9e:c4:9c:f8:8a:18:28:04:ab:34:cc:69:3f:
         9e:a9:69:20:2b:e4:14:6a:93:d6:f3:54:f0:45:17:0f:1f:96:
         f6:15:2f:d9:31:9e:58:df:8b:00:8f:b2:16:b4:77:14:e3:89:
         a0:96:b0:19:92:31:a6:f0:c9:8e:20:ad:50:fc:9d:0e:ac:10:
         01:fc:f1:5c:8d:1b:5f:da:57:2c:e2:ff:47:14:f2:0a:e9:dd:
         23:a9:18:25:9c:6c:64:4a:fa:2a:51:20:80:4f:95:35:4b:99:
         82:40:f9:64
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQfjJBhb0P94pEz+S/ilp62MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4N2M3OGI1YjA2YTZmOTAyYzUxMGY5YjRhOGY4MDNiYTMy
ZGZhODQwHhcNMjUwMTAxMDE0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2ZjZjk2YTk4ZGFlNWMyODk2MjA1YzlhOTc5ZGY0MmI2MWM1ODM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApX6V3/PbkhB/1jIZk/tkVTmpHb3t
jyNdp6KPoUgzf08+UFH16Nod34hswQMSwhI3j8VauK3r3m6h9FVMWR/YLzuZQ6rk
vuTG+mRw9H/ZeK9EHXJd+2keo5TqSh9Z+DyVrFP7nWQX+oWpiKckPryqo7bEpXv+
EI2GsKUzNq/C5aMIUhsi1K95yZcjfWVrz8KzD81U7NSrftLGsSc1UF65a2XVYBHG
zIp/G9wXdGloH77g+fXWxmeL65YYa5EtJ8AKZ362LRmJXwTFNVoh8EUje9h8xvxW
j3cfYTCiZdv9V+Y4WDb4f6NWSDDkUW3px6rlR6fIg+7JxQPENBHs8rSQAwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNz8+WqY2uXCiWIFyal530K2HFg3MB8GA1UdIwQY
MBaAFMh8eLWwam+QLFEPm0qPgDujLfqEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUh4NHRiQnFiNUFzVVEtYlNvLUFPNk10LW9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9lMjI5ODAtZDVlNS00MWU4LWEwNmEt
NzQ2OWVmMjAzZjgyLzEvM1B6NWFwamE1Y0tKWWdYSnFYbmZRclljV0RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9lMjI5ODAtZDVlNS00MWU4LWEwNmEtNzQ2OWVmMjAzZjgy
LzEveUh4NHRiQnFiNUFzVVEtYlNvLUFPNk10LW9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLVP4AwQC
uYhgMA0EAgACMAcDBQMqBvsAMA0GCSqGSIb3DQEBCwUAA4IBAQAz56U/gwIJjS+W
Obd3AJ4TqaVEdnPKIy4dqHBq/cyH2FWN0HJpi4ob1sxNuVEsLrhrTmOuBzXARc48
BLrNe0ylQo5jI+jBQfCi0ExJWZ1iSpo6rkPYAfArdNcZasr0gla1DexoLb62D4Hs
D6Qge0tsr6HOg0EnRTnBxMK1X04lv81tTFRrEqYzkSa7Zt7/GziwkzaZSp7EnPiK
GCgEqzTMaT+eqWkgK+QUapPW81TwRRcPH5b2FS/ZMZ5Y34sAj7IWtHcU44mglrAZ
kjGm8MmOIK1Q/J0OrBAB/PFcjRtf2lcs4v9HFPIK6d0jqRglnGxkSvoqUSCAT5U1
S5mCQPlk
-----END CERTIFICATE-----