Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/4nepQ7lUgSyYC6DeWAhUkKqo0Gk.roa
File:                     4nepQ7lUgSyYC6DeWAhUkKqo0Gk.roa (raw, json)
Hash identifier:          2TUStoVY1XdtP587WO0l3S9//seQPQtrzOWcmGMJLVo=
Subject key identifier:   E2:77:A9:43:B9:54:81:2C:98:0B:A0:DE:58:08:54:90:AA:A8:D0:69
Certificate issuer:       /CN=cb20606de730456edd7335cc882cbdf4396f3460
Certificate serial:       019425FD69881114A14FD44AC9AD7E16892A
Authority key identifier: CB:20:60:6D:E7:30:45:6E:DD:73:35:CC:88:2C:BD:F4:39:6F:34:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/4nepQ7lUgSyYC6DeWAhUkKqo0Gk.roa
Signing time:             Thu 02 Jan 2025 07:49:12 +0000
ROA not before:           Thu 02 Jan 2025 07:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44914
IP address blocks:        78.28.0.0/19 maxlen: 19
                          78.28.32.0/19 maxlen: 19
                          78.28.32.0/21 maxlen: 21
                          78.28.40.0/21 maxlen: 21
                          78.28.48.0/24 maxlen: 24
                          78.28.56.0/23 maxlen: 23
                          78.28.58.0/23 maxlen: 23
                          78.28.60.0/22 maxlen: 22
                          78.28.62.0/23 maxlen: 23
                          188.125.128.0/20 maxlen: 20
                          188.125.144.0/22 maxlen: 22
                          188.125.148.0/22 maxlen: 22
                          188.125.152.0/22 maxlen: 22
                          188.125.157.0/24 maxlen: 24
                          2a02:e88:8000::/48 maxlen: 48
                          2a02:e88:8100::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:69:88:11:14:a1:4f:d4:4a:c9:ad:7e:16:89:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb20606de730456edd7335cc882cbdf4396f3460
        Validity
            Not Before: Jan  2 07:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e277a943b954812c980ba0de58085490aaa8d069
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:9f:a9:aa:56:f4:f6:05:19:96:ba:cc:9b:21:
                    11:d8:c3:ae:fd:d0:68:79:4b:be:6a:c0:cf:33:15:
                    a8:46:95:23:f3:04:1d:14:5c:83:f9:61:84:6b:46:
                    67:d3:43:7b:82:05:89:cb:95:24:49:bd:d1:c3:9f:
                    5e:99:5e:38:77:70:cc:c1:f6:6d:fc:41:eb:59:41:
                    86:4b:87:d0:69:9a:61:a0:eb:7a:70:71:79:d0:a2:
                    9c:7e:85:94:ad:ac:19:93:cb:af:76:bb:0e:ab:0a:
                    8e:c8:8e:57:ac:1c:87:dd:f4:59:8c:38:99:3b:3f:
                    a9:59:ff:81:79:37:8f:3e:36:b4:d4:27:52:6a:e7:
                    00:e1:1d:d6:ba:4b:6c:b5:fb:70:83:bd:82:68:d7:
                    b4:9b:23:13:37:35:b6:24:13:1c:f8:94:6b:51:b6:
                    54:79:43:3d:8d:0c:d1:70:ed:4f:c1:61:89:75:47:
                    bd:5f:56:1a:16:25:5f:1e:6d:49:cf:c8:f6:af:62:
                    d0:82:f7:1b:2d:bd:48:64:ef:c0:a5:3e:6c:a4:02:
                    97:6e:6b:7f:45:0e:a3:e7:fb:92:08:2a:7f:92:d7:
                    38:51:f0:10:8d:e8:01:64:3c:5b:8e:fb:95:9d:3f:
                    df:8b:88:20:3c:d1:36:48:f5:46:2f:30:f1:89:29:
                    5f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:77:A9:43:B9:54:81:2C:98:0B:A0:DE:58:08:54:90:AA:A8:D0:69
            X509v3 Authority Key Identifier:
                keyid:CB:20:60:6D:E7:30:45:6E:DD:73:35:CC:88:2C:BD:F4:39:6F:34:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/4nepQ7lUgSyYC6DeWAhUkKqo0Gk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/yyBgbecwRW7dczXMiCy99DlvNGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.28.0.0/18
                  188.125.128.0-188.125.155.255
                  188.125.157.0/24
                IPv6:
                  2a02:e88:8000::/48
                  2a02:e88:8100::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:6f:5b:67:5f:46:f1:ef:05:1f:99:54:e6:c6:8e:b7:7f:12:
         71:59:0e:e8:17:9e:7c:fa:51:4e:a9:64:11:9e:c5:78:f2:e7:
         10:b2:2d:d7:9a:69:65:1a:57:e3:c5:2f:90:c2:1c:a1:1d:54:
         90:77:5c:bd:cb:5a:13:cc:32:f1:b1:6a:82:db:22:e8:21:d1:
         62:6d:a9:24:af:de:58:1b:97:e1:86:52:aa:61:50:d6:87:35:
         6a:ae:f2:e4:4c:97:42:f6:43:f4:d6:ba:06:5a:98:bd:13:c2:
         bc:82:d3:83:9f:1f:ba:41:88:23:c1:1d:c3:a3:d0:c5:e9:b0:
         15:48:74:a7:4e:45:e6:1f:d9:24:3a:23:e5:ca:b3:45:d2:2c:
         d7:db:d8:57:18:49:08:03:70:d6:45:ca:e4:5d:82:ef:3c:60:
         c3:60:b5:95:9c:fe:9e:9b:b4:ba:74:f3:19:06:fa:a9:85:19:
         4c:c4:d6:61:3f:72:04:7b:a6:ca:22:35:a3:05:09:3d:94:a2:
         57:98:f3:4b:d5:4a:51:83:c7:94:90:fb:f6:32:a3:70:b0:0b:
         cc:03:c1:cd:77:89:68:0a:3d:49:b3:d1:51:32:73:38:f7:6c:
         64:8b:0f:8f:36:91:2b:d5:65:0d:3d:d4:0b:a4:91:20:d4:69:
         46:01:f5:df
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZQl/WmIERShT9RKya1+FokqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMjA2MDZkZTczMDQ1NmVkZDczMzVjYzg4MmNiZGY0Mzk2
ZjM0NjAwHhcNMjUwMTAyMDc0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjc3YTk0M2I5NTQ4MTJjOTgwYmEwZGU1ODA4NTQ5MGFhYThkMDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtp+pqlb09gUZlrrMmyER2MOu/dBo
eUu+asDPMxWoRpUj8wQdFFyD+WGEa0Zn00N7ggWJy5UkSb3Rw59emV44d3DMwfZt
/EHrWUGGS4fQaZphoOt6cHF50KKcfoWUrawZk8uvdrsOqwqOyI5XrByH3fRZjDiZ
Oz+pWf+BeTePPja01CdSaucA4R3Wuktstftwg72CaNe0myMTNzW2JBMc+JRrUbZU
eUM9jQzRcO1PwWGJdUe9X1YaFiVfHm1Jz8j2r2LQgvcbLb1IZO/ApT5spAKXbmt/
RQ6j5/uSCCp/ktc4UfAQjegBZDxbjvuVnT/fi4ggPNE2SPVGLzDxiSlfjQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFOJ3qUO5VIEsmAug3lgIVJCqqNBpMB8GA1UdIwQY
MBaAFMsgYG3nMEVu3XM1zIgsvfQ5bzRgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXlCZ2JlY3dSVzdkY3pYTWlDeTk5RGx2TkdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iZjdhMjgtYmYxZS00ODM1LWJlZWQt
YjNkODZhYTQzYmM1LzEvNG5lcFE3bFVnU3lZQzZEZVdBaFVrS3FvMEdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iZjdhMjgtYmYxZS00ODM1LWJlZWQtYjNkODZhYTQzYmM1
LzEveXlCZ2JlY3dSVzdkY3pYTWlDeTk5RGx2TkdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAgBAIAATAaAwQGThwAMAwD
BAe8fYADBAK8fZgDBAC8fZ0wGAQCAAIwEgMHACoCDoiAAAMHACoCDoiBADANBgkq
hkiG9w0BAQsFAAOCAQEAOW9bZ19G8e8FH5lU5saOt38ScVkO6BeefPpRTqlkEZ7F
ePLnELIt15ppZRpX48UvkMIcoR1UkHdcvctaE8wy8bFqgtsi6CHRYm2pJK/eWBuX
4YZSqmFQ1oc1aq7y5EyXQvZD9Na6BlqYvRPCvILTg58fukGII8Edw6PQxemwFUh0
p05F5h/ZJDoj5cqzRdIs19vYVxhJCANw1kXK5F2C7zxgw2C1lZz+npu0unTzGQb6
qYUZTMTWYT9yBHumyiI1owUJPZSiV5jzS9VKUYPHlJD79jKjcLALzAPBzXeJaAo9
SbPRUTJzOPdsZIsPjzaRK9VlDT3UC6SRINRpRgH13w==
-----END CERTIFICATE-----