Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/f8xBUwiIZuwlbLideHYCraA5b80.roa
File:                     f8xBUwiIZuwlbLideHYCraA5b80.roa (raw, json)
Hash identifier:          80zoqn9Od9Yp6Ppqm8QLXbeCtAS1Mylgf7fSAtsOaVc=
Subject key identifier:   7F:CC:41:53:08:88:66:EC:25:6C:B8:9D:78:76:02:AD:A0:39:6F:CD
Certificate issuer:       /CN=ae7a9b1745a5a70c3bf7bcc2c2ee166460aff7a8
Certificate serial:       01942748628B22E7A6DF7BE0B9A08163CE33
Authority key identifier: AE:7A:9B:17:45:A5:A7:0C:3B:F7:BC:C2:C2:EE:16:64:60:AF:F7:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/f8xBUwiIZuwlbLideHYCraA5b80.roa
Signing time:             Thu 02 Jan 2025 13:50:42 +0000
ROA not before:           Thu 02 Jan 2025 13:50:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34700
IP address blocks:        5.255.160.0/20 maxlen: 20
                          31.202.0.0/16 maxlen: 20
                          46.160.64.0/18 maxlen: 21
                          79.171.120.0/21 maxlen: 21
                          82.117.247.0/24 maxlen: 24
                          82.117.248.0/22 maxlen: 23
                          85.90.222.0/24 maxlen: 24
                          178.165.0.0/17 maxlen: 20
                          185.147.96.0/22 maxlen: 22
                          2a00:1210::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:62:8b:22:e7:a6:df:7b:e0:b9:a0:81:63:ce:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae7a9b1745a5a70c3bf7bcc2c2ee166460aff7a8
        Validity
            Not Before: Jan  2 13:50:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7fcc4153088866ec256cb89d787602ada0396fcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:0d:06:85:8c:4a:ed:b0:0b:44:df:a8:f0:5c:
                    3c:5f:9c:d3:28:0b:8f:03:10:c2:61:bd:3c:03:60:
                    44:f3:6f:4b:9a:8a:b5:d6:05:d9:3e:eb:fc:91:12:
                    88:58:60:88:59:ac:29:ce:de:60:87:94:ac:ad:3a:
                    ef:c7:68:73:3f:fc:16:be:cd:28:67:8f:85:5b:67:
                    30:c2:73:2d:a8:48:5f:2d:5f:a6:a4:7f:94:2e:27:
                    45:ea:0a:9e:84:40:86:2c:12:bb:59:01:02:12:25:
                    b1:24:e4:c0:fc:bf:49:43:6c:2d:2f:88:b3:ca:77:
                    22:91:4d:db:8f:a8:e1:f6:07:1e:b2:4b:6a:d8:27:
                    8e:9c:d4:51:98:49:b0:59:43:74:d4:33:63:b2:a5:
                    99:a1:35:6d:33:b6:95:fa:d3:07:f3:e8:aa:8f:ef:
                    bb:3f:9c:93:6a:e3:a3:2e:3c:72:bc:63:42:d1:a7:
                    20:c8:ea:14:68:52:f3:fb:a6:eb:bc:fd:fe:ac:3c:
                    8d:2b:0c:bf:22:cd:7a:6d:61:f7:f9:24:f1:7f:9f:
                    34:c4:29:e5:5e:f2:00:87:d6:18:ba:ee:e8:7c:a8:
                    29:66:9f:70:21:dd:7e:cc:84:42:30:b2:82:a2:2a:
                    39:a7:f9:66:cb:92:ba:4a:1f:ba:f1:60:e3:c7:92:
                    89:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:CC:41:53:08:88:66:EC:25:6C:B8:9D:78:76:02:AD:A0:39:6F:CD
            X509v3 Authority Key Identifier:
                keyid:AE:7A:9B:17:45:A5:A7:0C:3B:F7:BC:C2:C2:EE:16:64:60:AF:F7:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/f8xBUwiIZuwlbLideHYCraA5b80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/rnqbF0Wlpww797zCwu4WZGCv96g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.255.160.0/20
                  31.202.0.0/16
                  46.160.64.0/18
                  79.171.120.0/21
                  82.117.247.0-82.117.251.255
                  85.90.222.0/24
                  178.165.0.0/17
                  185.147.96.0/22
                IPv6:
                  2a00:1210::/32

    Signature Algorithm: sha256WithRSAEncryption
         d8:f1:0b:dc:e2:9d:f0:80:e6:a6:9b:02:5d:e9:25:9b:0f:f1:
         7e:fe:53:8f:e8:db:45:0b:75:fc:e9:81:d7:cf:dc:a1:db:ee:
         81:86:fd:3a:05:ee:b6:40:4c:8c:a4:c8:7f:63:5b:ff:b9:4b:
         10:01:a3:92:61:76:fa:db:35:a7:3f:d1:ca:e9:72:33:de:fb:
         85:dd:77:15:2b:d1:4d:89:24:4a:5d:c6:fa:4a:87:cc:ed:b9:
         af:d8:6e:cc:1c:b0:26:c5:1a:af:a3:d5:58:42:79:0a:ad:25:
         13:64:6f:1b:50:31:fa:21:76:93:e3:16:65:83:04:a5:c7:fb:
         4e:26:7c:8f:c0:6a:5e:be:33:7e:eb:0b:db:34:a5:52:9b:f4:
         19:51:53:03:79:e6:cc:57:0d:02:78:e6:0c:2a:ca:e7:52:00:
         4a:bf:a5:b0:9c:22:9f:4d:dd:d2:94:ae:45:6b:41:2e:96:b8:
         44:ab:f1:e8:64:8c:99:7c:1b:2b:ff:6d:05:bf:fc:15:36:e6:
         c3:a0:d6:d3:64:4e:db:23:06:b6:e8:0a:36:ce:3b:ce:41:6b:
         d2:ae:81:fe:40:1f:ae:e6:60:54:49:d9:54:ab:9d:7c:61:8c:
         27:7d:c1:cf:c0:f7:0a:44:1f:b1:3d:2c:6f:52:f1:f9:1f:c8:
         50:25:ee:a0
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZQnSGKLIuem33vguaCBY84zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlN2E5YjE3NDVhNWE3MGMzYmY3YmNjMmMyZWUxNjY0NjBh
ZmY3YTgwHhcNMjUwMTAyMTM1MDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmNjNDE1MzA4ODg2NmVjMjU2Y2I4OWQ3ODc2MDJhZGEwMzk2ZmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzg0GhYxK7bALRN+o8Fw8X5zTKAuP
AxDCYb08A2BE829Lmoq11gXZPuv8kRKIWGCIWawpzt5gh5SsrTrvx2hzP/wWvs0o
Z4+FW2cwwnMtqEhfLV+mpH+ULidF6gqehECGLBK7WQECEiWxJOTA/L9JQ2wtL4iz
yncikU3bj6jh9gcesktq2CeOnNRRmEmwWUN01DNjsqWZoTVtM7aV+tMH8+iqj++7
P5yTauOjLjxyvGNC0acgyOoUaFLz+6brvP3+rDyNKwy/Is16bWH3+STxf580xCnl
XvIAh9YYuu7ofKgpZp9wId1+zIRCMLKCoio5p/lmy5K6Sh+68WDjx5KJkQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFH/MQVMIiGbsJWy4nXh2Aq2gOW/NMB8GA1UdIwQY
MBaAFK56mxdFpacMO/e8wsLuFmRgr/eoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm5xYkYwV2xwd3c3OTd6Q3d1NFdaR0N2OTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy82ZTkwOWQtZDMyNS00OGExLTk0NDMt
Y2M5YTc1OGM5OTE2LzEvZjh4QlV3aUladXdsYkxpZGVIWUNyYUE1YjgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy82ZTkwOWQtZDMyNS00OGExLTk0NDMtY2M5YTc1OGM5OTE2
LzEvcm5xYkYwV2xwd3c3OTd6Q3d1NFdaR0N2OTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA9BAIAATA3AwQEBf+gAwMA
H8oDBAYuoEADBANPq3gwDAMEAFJ19wMEAlJ1+AMEAFVa3gMEB7KlAAMEArmTYDAN
BAIAAjAHAwUAKgASEDANBgkqhkiG9w0BAQsFAAOCAQEA2PEL3OKd8IDmppsCXekl
mw/xfv5Tj+jbRQt1/OmB18/codvugYb9OgXutkBMjKTIf2Nb/7lLEAGjkmF2+ts1
pz/RyulyM977hd13FSvRTYkkSl3G+kqHzO25r9huzBywJsUar6PVWEJ5Cq0lE2Rv
G1Ax+iF2k+MWZYMEpcf7TiZ8j8BqXr4zfusL2zSlUpv0GVFTA3nmzFcNAnjmDCrK
51IASr+lsJwin03d0pSuRWtBLpa4RKvx6GSMmXwbK/9tBb/8FTbmw6DW02RO2yMG
tugKNs47zkFr0q6B/kAfruZgVEnZVKudfGGMJ33Bz8D3CkQfsT0sb1Lx+R/IUCXu
oA==
-----END CERTIFICATE-----