Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/50abef-374c-4ea6-b7d4-ce500827ff7f/1/R1q5L0zSprSAMUcFtGlF7mc7J1s.roa
File:                     R1q5L0zSprSAMUcFtGlF7mc7J1s.roa (raw, json)
Hash identifier:          UB22RcCCLLp3yH1mo89+o+fdr51fmFuQRSq5JlKphYY=
Subject key identifier:   47:5A:B9:2F:4C:D2:A6:B4:80:31:47:05:B4:69:45:EE:67:3B:27:5B
Certificate issuer:       /CN=c7e9c7aa534b1300bf724fff0f0c1b0519d505bb
Certificate serial:       0196200D699D333841F7C2287674842B1856
Authority key identifier: C7:E9:C7:AA:53:4B:13:00:BF:72:4F:FF:0F:0C:1B:05:19:D5:05:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x-nHqlNLEwC_ck__DwwbBRnVBbs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/50abef-374c-4ea6-b7d4-ce500827ff7f/1/R1q5L0zSprSAMUcFtGlF7mc7J1s.roa
Signing time:             Thu 10 Apr 2025 14:14:32 +0000
ROA not before:           Thu 10 Apr 2025 14:14:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32338
IP address blocks:        45.84.28.0/23 maxlen: 23
                          45.84.30.0/24 maxlen: 24
                          45.84.31.0/24 maxlen: 24
                          185.73.220.0/22 maxlen: 24
                          185.149.132.0/23 maxlen: 23
                          185.149.134.0/23 maxlen: 24
                          185.149.134.0/24 maxlen: 24
                          185.213.88.0/22 maxlen: 24
                          2a05:44c0::/29 maxlen: 32
                          2a07:68c0::/29 maxlen: 48
                          2a0b:85c0::/29 maxlen: 32
                          2a0e:9480::/29 maxlen: 36

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:20:0d:69:9d:33:38:41:f7:c2:28:76:74:84:2b:18:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7e9c7aa534b1300bf724fff0f0c1b0519d505bb
        Validity
            Not Before: Apr 10 14:14:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=475ab92f4cd2a6b480314705b46945ee673b275b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:fd:4d:6b:95:30:18:9f:65:9a:b0:55:3f:d7:
                    38:08:4c:36:fa:15:63:47:87:f4:8a:47:69:a7:cf:
                    a0:e6:dc:85:29:d5:5e:50:ac:62:01:d2:c9:e4:19:
                    6e:ed:2f:10:b0:df:47:1a:cd:9e:7e:e1:2c:63:f4:
                    f5:7e:42:34:f7:d9:be:93:08:f2:a9:5a:a7:a4:fb:
                    5b:42:0a:d1:45:2f:dd:85:0a:6e:f5:e7:29:6a:34:
                    54:cc:62:ed:db:6f:d3:a3:92:74:e6:dc:13:00:95:
                    42:37:66:c8:d6:fa:b6:6f:53:a4:f1:b4:02:ac:27:
                    12:6d:4e:f8:16:e3:87:f6:f1:51:5e:c0:51:e4:f6:
                    b4:96:55:05:21:e6:3a:ab:61:71:c1:41:5f:9d:8d:
                    eb:a8:cc:bc:6a:88:48:ae:4a:84:a0:d5:9e:ab:a3:
                    01:83:25:de:d6:b5:54:de:e9:af:0f:a3:6a:da:2f:
                    84:2b:74:88:1d:b6:fc:58:40:de:50:96:54:78:c6:
                    b4:15:1f:2e:58:01:2b:0c:0b:9d:53:12:c4:5c:18:
                    07:d0:74:48:0e:54:52:2b:cf:cf:c3:41:90:a0:b2:
                    bc:49:2d:aa:db:51:0d:36:a1:1d:b5:05:41:08:d0:
                    4d:aa:a7:52:56:2b:3b:3c:2a:0c:bf:8c:54:47:c7:
                    d0:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:5A:B9:2F:4C:D2:A6:B4:80:31:47:05:B4:69:45:EE:67:3B:27:5B
            X509v3 Authority Key Identifier:
                keyid:C7:E9:C7:AA:53:4B:13:00:BF:72:4F:FF:0F:0C:1B:05:19:D5:05:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x-nHqlNLEwC_ck__DwwbBRnVBbs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/50abef-374c-4ea6-b7d4-ce500827ff7f/1/R1q5L0zSprSAMUcFtGlF7mc7J1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/50abef-374c-4ea6-b7d4-ce500827ff7f/1/x-nHqlNLEwC_ck__DwwbBRnVBbs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.28.0/22
                  185.73.220.0/22
                  185.149.132.0/22
                  185.213.88.0/22
                IPv6:
                  2a05:44c0::/29
                  2a07:68c0::/29
                  2a0b:85c0::/29
                  2a0e:9480::/29

    Signature Algorithm: sha256WithRSAEncryption
         8d:60:b8:6d:51:a0:02:82:69:69:c7:00:ed:bf:90:40:81:be:
         e1:f4:c6:9b:a5:db:9b:75:f5:74:6d:ce:2e:fc:df:b7:14:0b:
         14:02:95:32:ea:7c:e1:fb:54:3a:5e:c6:22:3c:71:16:e1:b0:
         15:f7:f7:c6:4b:e1:f7:c0:f1:81:45:15:89:e7:bf:3d:49:83:
         d7:17:ee:09:73:51:e6:8e:f4:bf:2f:20:bd:59:7a:df:34:ea:
         df:ee:f4:ca:92:71:e4:6b:41:84:c4:ef:fc:10:3e:40:45:56:
         09:10:57:ce:4c:e7:90:a6:ba:f8:ff:8d:ea:35:ec:c9:88:29:
         71:cd:aa:db:e7:90:b2:f1:a4:95:94:e4:d0:94:94:ec:d1:20:
         49:1f:aa:af:f7:44:4e:73:6f:e0:51:8b:99:bd:7f:41:f6:9d:
         14:30:ea:90:f8:fb:d4:0f:a8:51:a8:a5:db:2e:2c:b4:77:75:
         7c:53:f3:7a:4f:3e:a5:51:a5:9c:1d:1c:c3:86:dc:8d:97:cd:
         63:63:08:81:17:ec:f5:ee:81:3b:77:f7:22:2e:79:fe:28:a1:
         01:78:8c:c7:00:ca:6b:90:e5:e8:be:da:90:05:14:b4:1f:1d:
         ef:b3:f3:10:26:ff:48:bf:de:66:02:fd:db:0b:c2:4f:b6:77:
         84:09:bf:68
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZYgDWmdMzhB98IodnSEKxhWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZTljN2FhNTM0YjEzMDBiZjcyNGZmZjBmMGMxYjA1MTlk
NTA1YmIwHhcNMjUwNDEwMTQxNDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzVhYjkyZjRjZDJhNmI0ODAzMTQ3MDViNDY5NDVlZTY3M2IyNzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsP1Na5UwGJ9lmrBVP9c4CEw2+hVj
R4f0ikdpp8+g5tyFKdVeUKxiAdLJ5Blu7S8QsN9HGs2efuEsY/T1fkI099m+kwjy
qVqnpPtbQgrRRS/dhQpu9ecpajRUzGLt22/To5J05twTAJVCN2bI1vq2b1Ok8bQC
rCcSbU74FuOH9vFRXsBR5Pa0llUFIeY6q2FxwUFfnY3rqMy8aohIrkqEoNWeq6MB
gyXe1rVU3umvD6Nq2i+EK3SIHbb8WEDeUJZUeMa0FR8uWAErDAudUxLEXBgH0HRI
DlRSK8/Pw0GQoLK8SS2q21ENNqEdtQVBCNBNqqdSVis7PCoMv4xUR8fQewIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFEdauS9M0qa0gDFHBbRpRe5nOydbMB8GA1UdIwQY
MBaAFMfpx6pTSxMAv3JP/w8MGwUZ1QW7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveC1uSHFsTkxFd0NfY2tfX0R3d2JCUm5WQmJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC81MGFiZWYtMzc0Yy00ZWE2LWI3ZDQt
Y2U1MDA4MjdmZjdmLzEvUjFxNUwwelNwclNBTVVjRnRHbEY3bWM3SjFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC81MGFiZWYtMzc0Yy00ZWE2LWI3ZDQtY2U1MDA4MjdmZjdm
LzEveC1uSHFsTkxFd0NfY2tfX0R3d2JCUm5WQmJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAeBAIAATAYAwQCLVQcAwQC
uUncAwQCuZWEAwQCudVYMCIEAgACMBwDBQMqBUTAAwUDKgdowAMFAyoLhcADBQMq
DpSAMA0GCSqGSIb3DQEBCwUAA4IBAQCNYLhtUaACgmlpxwDtv5BAgb7h9Mabpdub
dfV0bc4u/N+3FAsUApUy6nzh+1Q6XsYiPHEW4bAV9/fGS+H3wPGBRRWJ5789SYPX
F+4Jc1HmjvS/LyC9WXrfNOrf7vTKknHka0GExO/8ED5ARVYJEFfOTOeQprr4/43q
NezJiClxzarb55Cy8aSVlOTQlJTs0SBJH6qv90ROc2/gUYuZvX9B9p0UMOqQ+PvU
D6hRqKXbLiy0d3V8U/N6Tz6lUaWcHRzDhtyNl81jYwiBF+z17oE7d/ciLnn+KKEB
eIzHAMprkOXovtqQBRS0Hx3vs/MQJv9Iv95mAv3bC8JPtneECb9o
-----END CERTIFICATE-----