Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/50abef-374c-4ea6-b7d4-ce500827ff7f/1/649lyIDC2UwkmHul2wRd4b1rCNs.roa
File:                     649lyIDC2UwkmHul2wRd4b1rCNs.roa (raw, json)
Hash identifier:          p4ozwtIxeW7bNZvhNBKCuX30f4bEfNwl4a1UC3r5A8E=
Subject key identifier:   EB:8F:65:C8:80:C2:D9:4C:24:98:7B:A5:DB:04:5D:E1:BD:6B:08:DB
Certificate issuer:       /CN=c7e9c7aa534b1300bf724fff0f0c1b0519d505bb
Certificate serial:       0194228D6EDEB80E72078C794174B7ECDAC2
Authority key identifier: C7:E9:C7:AA:53:4B:13:00:BF:72:4F:FF:0F:0C:1B:05:19:D5:05:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x-nHqlNLEwC_ck__DwwbBRnVBbs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/50abef-374c-4ea6-b7d4-ce500827ff7f/1/649lyIDC2UwkmHul2wRd4b1rCNs.roa
Signing time:             Wed 01 Jan 2025 15:48:01 +0000
ROA not before:           Wed 01 Jan 2025 15:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32338
IP address blocks:        45.84.28.0/23 maxlen: 23
                          45.84.30.0/24 maxlen: 24
                          45.84.31.0/24 maxlen: 24
                          185.73.220.0/22 maxlen: 24
                          185.149.132.0/23 maxlen: 23
                          185.149.134.0/23 maxlen: 23
                          185.213.88.0/22 maxlen: 24
                          2a05:44c0::/29 maxlen: 32
                          2a07:68c0::/29 maxlen: 48
                          2a0b:85c0::/29 maxlen: 32
                          2a0e:9480::/29 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:6e:de:b8:0e:72:07:8c:79:41:74:b7:ec:da:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7e9c7aa534b1300bf724fff0f0c1b0519d505bb
        Validity
            Not Before: Jan  1 15:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb8f65c880c2d94c24987ba5db045de1bd6b08db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6d:e6:1f:e4:06:4e:64:4d:cb:b3:01:02:5f:
                    db:ca:89:d9:23:c1:65:28:35:99:6e:9d:e5:55:96:
                    42:51:c1:80:b9:a1:3c:73:bf:bd:3f:d5:46:18:10:
                    83:36:aa:81:36:01:51:df:30:c1:b8:02:2a:fe:42:
                    c6:fe:d2:4c:86:cc:cf:2e:1b:e4:52:43:b4:f4:3f:
                    c2:a5:3f:98:c0:ed:55:36:1b:90:3c:9c:12:ae:04:
                    7c:9e:9e:bc:c4:54:5a:4a:58:ba:b5:2d:05:67:ca:
                    06:5f:61:34:42:6d:49:59:d1:9a:98:51:f5:9e:8c:
                    4d:3b:d2:9a:c8:7d:f1:b4:80:38:93:32:73:20:5e:
                    1e:1a:b8:34:da:8c:b1:6e:c5:81:b1:a6:c0:3f:bc:
                    7e:4d:38:1f:e2:3e:de:8f:79:94:d2:c2:f1:c8:d6:
                    2c:59:20:f6:56:a1:82:56:98:86:8a:a7:91:57:fe:
                    ef:29:67:53:67:e3:f3:18:2e:46:07:9d:3e:89:51:
                    50:66:44:5a:35:30:2a:45:20:70:a6:ec:6d:1f:fb:
                    a2:12:56:3c:c6:ab:9f:aa:78:41:7d:bc:58:22:3a:
                    1a:84:1d:d5:61:d3:cd:21:cc:c1:a8:80:43:9a:ab:
                    78:37:35:4c:34:55:be:bb:75:39:2f:9b:95:09:6c:
                    9b:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:8F:65:C8:80:C2:D9:4C:24:98:7B:A5:DB:04:5D:E1:BD:6B:08:DB
            X509v3 Authority Key Identifier:
                keyid:C7:E9:C7:AA:53:4B:13:00:BF:72:4F:FF:0F:0C:1B:05:19:D5:05:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x-nHqlNLEwC_ck__DwwbBRnVBbs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/50abef-374c-4ea6-b7d4-ce500827ff7f/1/649lyIDC2UwkmHul2wRd4b1rCNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/50abef-374c-4ea6-b7d4-ce500827ff7f/1/x-nHqlNLEwC_ck__DwwbBRnVBbs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.28.0/22
                  185.73.220.0/22
                  185.149.132.0/22
                  185.213.88.0/22
                IPv6:
                  2a05:44c0::/29
                  2a07:68c0::/29
                  2a0b:85c0::/29
                  2a0e:9480::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:a1:11:90:f3:1a:14:05:ad:c7:d9:7d:2f:6c:5e:bb:82:70:
         14:0b:bb:0a:0a:e0:da:0e:9c:fd:36:62:33:f8:0e:de:44:f9:
         8f:43:b4:7b:3d:e1:ed:bf:b5:53:5a:df:d7:b3:c2:11:f2:1f:
         d2:81:7b:0f:70:1f:f1:c1:f5:37:d4:3f:65:c1:96:28:26:a2:
         6d:91:38:8d:67:ec:50:a5:df:79:f4:47:32:eb:02:85:a7:f1:
         c5:e0:63:0a:85:2c:1d:14:19:69:be:8f:7c:5d:49:51:30:16:
         a6:d4:cf:3d:d8:fe:05:12:5d:37:33:4c:8b:9d:17:45:8e:e5:
         92:96:7a:ec:38:0e:1b:75:1b:9a:dd:48:50:9f:a2:33:05:3d:
         5f:e7:ec:9d:90:61:86:87:c2:b8:26:b4:bb:2f:c2:bd:3d:3a:
         64:14:09:b6:ad:6b:02:47:30:51:d9:4a:25:3a:7a:55:e6:0b:
         ed:cb:55:ac:89:c4:eb:34:62:f5:76:c5:09:2b:56:fa:2f:07:
         dd:6c:2a:18:3c:5a:d4:a8:e9:bf:59:36:71:fb:fe:6e:f3:2b:
         8a:29:9d:27:8c:16:ec:3d:76:f9:86:f9:60:b6:4d:e3:96:79:
         b5:6d:20:ac:44:b9:77:cc:d1:37:01:1a:2c:0b:17:5c:ba:89:
         6d:93:33:67
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZQijW7euA5yB4x5QXS37NrCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZTljN2FhNTM0YjEzMDBiZjcyNGZmZjBmMGMxYjA1MTlk
NTA1YmIwHhcNMjUwMTAxMTU0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjhmNjVjODgwYzJkOTRjMjQ5ODdiYTVkYjA0NWRlMWJkNmIwOGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyW3mH+QGTmRNy7MBAl/byonZI8Fl
KDWZbp3lVZZCUcGAuaE8c7+9P9VGGBCDNqqBNgFR3zDBuAIq/kLG/tJMhszPLhvk
UkO09D/CpT+YwO1VNhuQPJwSrgR8np68xFRaSli6tS0FZ8oGX2E0Qm1JWdGamFH1
noxNO9KayH3xtIA4kzJzIF4eGrg02oyxbsWBsabAP7x+TTgf4j7ej3mU0sLxyNYs
WSD2VqGCVpiGiqeRV/7vKWdTZ+PzGC5GB50+iVFQZkRaNTAqRSBwpuxtH/uiElY8
xqufqnhBfbxYIjoahB3VYdPNIczBqIBDmqt4NzVMNFW+u3U5L5uVCWybjwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFOuPZciAwtlMJJh7pdsEXeG9awjbMB8GA1UdIwQY
MBaAFMfpx6pTSxMAv3JP/w8MGwUZ1QW7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveC1uSHFsTkxFd0NfY2tfX0R3d2JCUm5WQmJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC81MGFiZWYtMzc0Yy00ZWE2LWI3ZDQt
Y2U1MDA4MjdmZjdmLzEvNjQ5bHlJREMyVXdrbUh1bDJ3UmQ0YjFyQ05zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC81MGFiZWYtMzc0Yy00ZWE2LWI3ZDQtY2U1MDA4MjdmZjdm
LzEveC1uSHFsTkxFd0NfY2tfX0R3d2JCUm5WQmJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAeBAIAATAYAwQCLVQcAwQC
uUncAwQCuZWEAwQCudVYMCIEAgACMBwDBQMqBUTAAwUDKgdowAMFAyoLhcADBQMq
DpSAMA0GCSqGSIb3DQEBCwUAA4IBAQASoRGQ8xoUBa3H2X0vbF67gnAUC7sKCuDa
Dpz9NmIz+A7eRPmPQ7R7PeHtv7VTWt/Xs8IR8h/SgXsPcB/xwfU31D9lwZYoJqJt
kTiNZ+xQpd959Ecy6wKFp/HF4GMKhSwdFBlpvo98XUlRMBam1M892P4FEl03M0yL
nRdFjuWSlnrsOA4bdRua3UhQn6IzBT1f5+ydkGGGh8K4JrS7L8K9PTpkFAm2rWsC
RzBR2UolOnpV5gvty1WsicTrNGL1dsUJK1b6LwfdbCoYPFrUqOm/WTZx+/5u8yuK
KZ0njBbsPXb5hvlgtk3jlnm1bSCsRLl3zNE3ARosCxdcuoltkzNn
-----END CERTIFICATE-----