Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/d09fb0-9aa5-4b5a-8a4f-a237444af829/1/noBL3J3r3tsM2aoB7sMnaFXK45A.roa
File:                     noBL3J3r3tsM2aoB7sMnaFXK45A.roa (raw, json)
Hash identifier:          1slbvNJzht+Braw0JbEJxueE4i9IP1ZbfhD3OHI5Tsw=
Subject key identifier:   9E:80:4B:DC:9D:EB:DE:DB:0C:D9:AA:01:EE:C3:27:68:55:CA:E3:90
Certificate issuer:       /CN=063badc7853b05100a6b224ddcefc18e2e7d3dd5
Certificate serial:       019425209039CE58CD0E72781F70FFF46E9D
Authority key identifier: 06:3B:AD:C7:85:3B:05:10:0A:6B:22:4D:DC:EF:C1:8E:2E:7D:3D:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bjutx4U7BRAKayJN3O_Bji59PdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/d09fb0-9aa5-4b5a-8a4f-a237444af829/1/noBL3J3r3tsM2aoB7sMnaFXK45A.roa
Signing time:             Thu 02 Jan 2025 03:47:58 +0000
ROA not before:           Thu 02 Jan 2025 03:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8387
IP address blocks:        46.17.224.0/21 maxlen: 24
                          92.61.208.0/20 maxlen: 24
                          185.49.176.0/22 maxlen: 24
                          193.162.45.0/24 maxlen: 24
                          212.31.64.0/19 maxlen: 24
                          212.166.96.0/19 maxlen: 24
                          212.166.108.0/24 maxlen: 24
                          212.166.122.0/23 maxlen: 23
                          2001:9d0::/32 maxlen: 48
                          2a10:f8c0::/29 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:20:90:39:ce:58:cd:0e:72:78:1f:70:ff:f4:6e:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=063badc7853b05100a6b224ddcefc18e2e7d3dd5
        Validity
            Not Before: Jan  2 03:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e804bdc9debdedb0cd9aa01eec3276855cae390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:c1:c5:e3:1b:c5:26:37:d9:86:fb:f7:e8:6a:
                    31:03:6d:05:bb:4d:9d:0d:11:51:c0:0d:2c:a1:66:
                    ce:cf:3b:b1:f6:23:a4:3e:16:60:f2:4e:d1:b6:d3:
                    66:af:c1:e2:70:b6:86:20:92:08:82:ef:de:33:23:
                    3c:ac:75:f4:52:72:9e:81:c5:0b:b0:4e:75:52:c0:
                    46:a6:20:8e:af:fc:e8:4f:82:ad:69:7c:9e:c5:09:
                    91:1d:79:63:a8:78:65:1b:c5:db:d6:75:a5:35:95:
                    7a:60:15:5f:c5:04:29:f1:ed:fa:a5:18:7d:b2:e3:
                    07:64:47:f4:4b:27:93:f1:d1:02:b9:dd:30:49:77:
                    35:08:60:9d:5a:24:2c:18:7d:8e:33:81:56:d4:ff:
                    c1:1b:2a:7d:be:20:b9:1a:03:2c:e2:6b:a3:a9:d2:
                    33:aa:4f:c3:29:a6:da:2d:d2:13:12:ab:0d:62:c7:
                    b7:d2:a7:7f:ce:7b:f3:69:64:a7:ac:97:cc:6f:29:
                    bb:69:e7:71:c3:a9:e3:6e:b1:fc:f9:7c:8c:03:ae:
                    70:ff:98:2b:0b:48:95:f0:19:f0:07:cf:50:b9:07:
                    fc:f7:1a:6e:29:a9:94:c0:21:7c:34:80:40:38:52:
                    6d:08:e1:8d:a0:79:e6:8f:da:20:fd:2b:12:5e:7d:
                    8f:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:80:4B:DC:9D:EB:DE:DB:0C:D9:AA:01:EE:C3:27:68:55:CA:E3:90
            X509v3 Authority Key Identifier:
                keyid:06:3B:AD:C7:85:3B:05:10:0A:6B:22:4D:DC:EF:C1:8E:2E:7D:3D:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bjutx4U7BRAKayJN3O_Bji59PdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d09fb0-9aa5-4b5a-8a4f-a237444af829/1/noBL3J3r3tsM2aoB7sMnaFXK45A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d09fb0-9aa5-4b5a-8a4f-a237444af829/1/Bjutx4U7BRAKayJN3O_Bji59PdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.17.224.0/21
                  92.61.208.0/20
                  185.49.176.0/22
                  193.162.45.0/24
                  212.31.64.0/19
                  212.166.96.0/19
                IPv6:
                  2001:9d0::/32
                  2a10:f8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4c:89:ac:93:aa:90:85:ac:6e:fa:08:25:74:35:1a:3e:1f:d5:
         c7:ac:41:3e:13:b6:43:b7:da:33:8b:83:28:3d:8c:59:f7:1b:
         0b:26:0f:59:80:6e:5c:8b:92:7a:f8:2f:6d:de:c2:4f:8a:64:
         b6:ce:e7:91:39:86:25:de:86:6d:6d:42:ca:12:6d:62:eb:44:
         f0:c3:e3:17:40:c7:31:1c:ee:b5:86:b1:e2:4a:fb:4c:f6:27:
         cc:ad:02:81:f4:80:e2:5d:da:c9:66:74:c7:b4:cd:89:dc:77:
         95:5a:be:d9:1c:1e:f2:cb:59:a6:36:78:7d:a7:64:90:92:ba:
         bc:02:24:97:cb:75:a3:ea:f7:39:80:29:0f:a5:00:34:f6:e7:
         e9:50:72:a1:67:08:32:dd:0d:f0:62:b2:e9:b9:cb:31:c3:06:
         02:cb:86:59:e9:81:17:d4:0b:59:c1:9e:f1:d9:dd:55:89:d6:
         4f:a3:14:70:aa:33:9e:15:8f:cb:67:7c:35:3a:0e:cc:bb:1b:
         28:cf:9e:15:2d:68:22:07:be:14:d2:88:dd:92:98:ee:db:6c:
         31:8b:31:7d:4b:18:ed:97:d6:33:93:71:b1:75:cd:a3:83:a1:
         0b:c9:86:31:c2:ca:52:a4:d8:1c:61:bb:7b:f7:75:66:cc:c1:
         4f:96:12:02
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZQlIJA5zljNDnJ4H3D/9G6dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2M2JhZGM3ODUzYjA1MTAwYTZiMjI0ZGRjZWZjMThlMmU3
ZDNkZDUwHhcNMjUwMTAyMDM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTgwNGJkYzlkZWJkZWRiMGNkOWFhMDFlZWMzMjc2ODU1Y2FlMzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA28HF4xvFJjfZhvv36GoxA20Fu02d
DRFRwA0soWbOzzux9iOkPhZg8k7RttNmr8HicLaGIJIIgu/eMyM8rHX0UnKegcUL
sE51UsBGpiCOr/zoT4KtaXyexQmRHXljqHhlG8Xb1nWlNZV6YBVfxQQp8e36pRh9
suMHZEf0SyeT8dECud0wSXc1CGCdWiQsGH2OM4FW1P/BGyp9viC5GgMs4mujqdIz
qk/DKabaLdITEqsNYse30qd/znvzaWSnrJfMbym7aedxw6njbrH8+XyMA65w/5gr
C0iV8BnwB89QuQf89xpuKamUwCF8NIBAOFJtCOGNoHnmj9og/SsSXn2P9wIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFJ6AS9yd697bDNmqAe7DJ2hVyuOQMB8GA1UdIwQY
MBaAFAY7rceFOwUQCmsiTdzvwY4ufT3VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmp1dHg0VTdCUkFLYXlKTjNPX0JqaTU5UGRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9kMDlmYjAtOWFhNS00YjVhLThhNGYt
YTIzNzQ0NGFmODI5LzEvbm9CTDNKM3IzdHNNMmFvQjdzTW5hRlhLNDVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9kMDlmYjAtOWFhNS00YjVhLThhNGYtYTIzNzQ0NGFmODI5
LzEvQmp1dHg0VTdCUkFLYXlKTjNPX0JqaTU5UGRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQDLhHgAwQE
XD3QAwQCuTGwAwQAwaItAwQF1B9AAwQF1KZgMBQEAgACMA4DBQAgAQnQAwUDKhD4
wDANBgkqhkiG9w0BAQsFAAOCAQEATImsk6qQhaxu+ggldDUaPh/Vx6xBPhO2Q7fa
M4uDKD2MWfcbCyYPWYBuXIuSevgvbd7CT4pkts7nkTmGJd6GbW1CyhJtYutE8MPj
F0DHMRzutYax4kr7TPYnzK0CgfSA4l3ayWZ0x7TNidx3lVq+2Rwe8stZpjZ4fadk
kJK6vAIkl8t1o+r3OYApD6UANPbn6VByoWcIMt0N8GKy6bnLMcMGAsuGWemBF9QL
WcGe8dndVYnWT6MUcKoznhWPy2d8NToOzLsbKM+eFS1oIge+FNKI3ZKY7ttsMYsx
fUsY7ZfWM5NxsXXNo4OhC8mGMcLKUqTYHGG7e/d1ZszBT5YSAg==
-----END CERTIFICATE-----