Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/772cbc-7e69-4c91-86a3-3661b1ebbcfb/1/0Nf_rzlffoz7wwVi3Pb2g0HuGls.roa
File:                     0Nf_rzlffoz7wwVi3Pb2g0HuGls.roa (raw, json)
Hash identifier:          0LfgA8H9e4em0FQLoBAMDdwCTf6yeabJ5FzgfDm6WQc=
Subject key identifier:   D0:D7:FF:AF:39:5F:7E:8C:FB:C3:05:62:DC:F6:F6:83:41:EE:1A:5B
Certificate issuer:       /CN=c276a8ba874c3fbddad344d03258b3e2c04d7bcb
Certificate serial:       019421438C61ADCF5C984986BB3F661B13AF
Authority key identifier: C2:76:A8:BA:87:4C:3F:BD:DA:D3:44:D0:32:58:B3:E2:C0:4D:7B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wnaouodMP73a00TQMliz4sBNe8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/772cbc-7e69-4c91-86a3-3661b1ebbcfb/1/0Nf_rzlffoz7wwVi3Pb2g0HuGls.roa
Signing time:             Wed 01 Jan 2025 09:47:42 +0000
ROA not before:           Wed 01 Jan 2025 09:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200799
IP address blocks:        130.193.1.0/24 maxlen: 24
                          185.95.36.0/22 maxlen: 22
                          185.95.36.0/24 maxlen: 24
                          185.95.37.0/24 maxlen: 24
                          185.95.38.0/24 maxlen: 24
                          185.95.39.0/24 maxlen: 24
                          185.188.24.0/22 maxlen: 22
                          185.188.24.0/24 maxlen: 24
                          185.188.25.0/24 maxlen: 24
                          185.188.26.0/24 maxlen: 24
                          185.188.27.0/24 maxlen: 24
                          212.237.252.0/24 maxlen: 24
                          217.61.254.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:8c:61:ad:cf:5c:98:49:86:bb:3f:66:1b:13:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c276a8ba874c3fbddad344d03258b3e2c04d7bcb
        Validity
            Not Before: Jan  1 09:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0d7ffaf395f7e8cfbc30562dcf6f68341ee1a5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:91:68:bc:a0:9d:19:39:f9:af:3b:dc:16:0f:
                    de:68:2f:96:2f:1d:d2:c3:12:59:31:f9:3f:20:4d:
                    12:7c:9c:4d:d4:c4:c7:22:3c:56:2a:0f:af:64:f6:
                    d8:ff:2b:16:bc:90:06:09:44:39:a6:79:2d:b1:bc:
                    c1:87:82:1d:31:e0:79:4c:60:be:fa:33:43:6d:64:
                    36:55:61:00:de:78:c4:5c:2a:68:b5:fe:53:87:24:
                    26:b2:e2:86:7f:4a:ad:a2:73:6c:e6:c0:d7:bb:ea:
                    44:ae:53:15:de:bd:7b:47:b4:26:40:5f:a8:42:2b:
                    a3:c8:79:03:20:48:15:7c:97:bb:82:d6:11:87:7f:
                    03:54:fb:96:49:64:49:a8:7e:55:29:8a:9b:9d:89:
                    37:29:ea:89:71:4d:97:6d:18:93:00:c7:c8:dd:f5:
                    50:1d:c4:5e:e9:99:18:ab:41:11:08:05:27:cb:b3:
                    12:4c:91:69:c7:91:01:89:cd:cc:b1:a6:f0:f0:a4:
                    bf:ec:b8:48:47:36:37:59:54:4d:53:97:4c:50:dc:
                    56:89:04:93:56:18:9e:8d:4b:0b:d7:36:55:0c:d5:
                    69:d1:60:bb:0f:d0:7e:aa:f1:9e:86:f1:60:08:fb:
                    94:6f:e4:ec:33:b4:bd:21:21:9e:c8:01:78:4e:57:
                    f4:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:D7:FF:AF:39:5F:7E:8C:FB:C3:05:62:DC:F6:F6:83:41:EE:1A:5B
            X509v3 Authority Key Identifier:
                keyid:C2:76:A8:BA:87:4C:3F:BD:DA:D3:44:D0:32:58:B3:E2:C0:4D:7B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wnaouodMP73a00TQMliz4sBNe8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/772cbc-7e69-4c91-86a3-3661b1ebbcfb/1/0Nf_rzlffoz7wwVi3Pb2g0HuGls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/772cbc-7e69-4c91-86a3-3661b1ebbcfb/1/wnaouodMP73a00TQMliz4sBNe8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.193.1.0/24
                  185.95.36.0/22
                  185.188.24.0/22
                  212.237.252.0/24
                  217.61.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:9f:3b:24:10:65:3c:0d:7a:f6:5b:05:5d:d5:0a:b2:f7:a8:
         b6:10:45:20:3e:e6:9e:01:ac:f3:f0:21:f0:8e:bf:82:be:95:
         62:d4:5c:a1:75:68:6d:2f:8f:da:74:27:a2:bb:80:db:1e:a6:
         e6:5d:70:fa:a9:94:54:00:20:16:3e:01:c6:97:67:17:1b:fc:
         c2:98:28:75:cb:e3:9d:bd:c0:e1:42:4c:83:6c:50:e3:ac:ce:
         50:db:9c:d7:33:d4:fc:a8:11:33:05:0b:61:27:51:31:ac:af:
         75:01:78:1b:b9:8e:75:05:ce:36:95:f0:52:9b:86:51:ad:3e:
         b0:14:8a:f4:1b:ee:cb:bd:67:c3:bc:07:d7:ba:d0:9b:37:c5:
         26:73:e1:23:65:d6:19:01:82:e5:7d:0e:10:21:e4:08:bc:3c:
         6e:12:ef:e0:df:16:6c:de:6a:e3:1a:19:27:19:ae:6f:e6:8a:
         ba:62:32:20:e9:74:02:57:6c:52:2c:a3:34:5b:2d:28:49:59:
         06:84:8b:73:6e:9b:c8:f0:32:0e:68:b8:eb:7e:06:39:0d:4c:
         23:7a:0c:71:b1:22:5e:7f:98:c2:e8:9a:95:8d:9d:2c:db:68:
         8f:ae:c4:83:ed:b8:26:db:e3:ef:9b:35:77:90:71:37:fb:95:
         8d:82:a5:b0
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQhQ4xhrc9cmEmGuz9mGxOvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzZhOGJhODc0YzNmYmRkYWQzNDRkMDMyNThiM2UyYzA0
ZDdiY2IwHhcNMjUwMTAxMDk0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGQ3ZmZhZjM5NWY3ZThjZmJjMzA1NjJkY2Y2ZjY4MzQxZWUxYTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJFovKCdGTn5rzvcFg/eaC+WLx3S
wxJZMfk/IE0SfJxN1MTHIjxWKg+vZPbY/ysWvJAGCUQ5pnktsbzBh4IdMeB5TGC+
+jNDbWQ2VWEA3njEXCpotf5ThyQmsuKGf0qtonNs5sDXu+pErlMV3r17R7QmQF+o
QiujyHkDIEgVfJe7gtYRh38DVPuWSWRJqH5VKYqbnYk3KeqJcU2XbRiTAMfI3fVQ
HcRe6ZkYq0ERCAUny7MSTJFpx5EBic3Msabw8KS/7LhIRzY3WVRNU5dMUNxWiQST
VhiejUsL1zZVDNVp0WC7D9B+qvGehvFgCPuUb+TsM7S9ISGeyAF4Tlf0bwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNDX/685X36M+8MFYtz29oNB7hpbMB8GA1UdIwQY
MBaAFMJ2qLqHTD+92tNE0DJYs+LATXvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25hb3VvZE1QNzNhMDBUUU1saXo0c0JOZThzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS83NzJjYmMtN2U2OS00YzkxLTg2YTMt
MzY2MWIxZWJiY2ZiLzEvME5mX3J6bGZmb3o3d3dWaTNQYjJnMEh1R2xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS83NzJjYmMtN2U2OS00YzkxLTg2YTMtMzY2MWIxZWJiY2Zi
LzEvd25hb3VvZE1QNzNhMDBUUU1saXo0c0JOZThzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAgsEBAwQC
uV8kAwQCubwYAwQA1O38AwQA2T3+MA0GCSqGSIb3DQEBCwUAA4IBAQCqnzskEGU8
DXr2WwVd1Qqy96i2EEUgPuaeAazz8CHwjr+CvpVi1FyhdWhtL4/adCeiu4DbHqbm
XXD6qZRUACAWPgHGl2cXG/zCmCh1y+OdvcDhQkyDbFDjrM5Q25zXM9T8qBEzBQth
J1ExrK91AXgbuY51Bc42lfBSm4ZRrT6wFIr0G+7LvWfDvAfXutCbN8Umc+EjZdYZ
AYLlfQ4QIeQIvDxuEu/g3xZs3mrjGhknGa5v5oq6YjIg6XQCV2xSLKM0Wy0oSVkG
hItzbpvI8DIOaLjrfgY5DUwjegxxsSJef5jC6JqVjZ0s22iPrsSD7bgm2+PvmzV3
kHE3+5WNgqWw
-----END CERTIFICATE-----