Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/PbW71RIBvB328VTIPh1scqZr_24.roa
File:                     PbW71RIBvB328VTIPh1scqZr_24.roa (raw, json)
Hash identifier:          ZhoUQFHnvxU9klhLxoI/zN467hf68pEuS9x78HwJXRs=
Subject key identifier:   3D:B5:BB:D5:12:01:BC:1D:F6:F1:54:C8:3E:1D:6C:72:A6:6B:FF:6E
Certificate issuer:       /CN=bb830630f23b070a2b7bdf529f73948c97eacd40
Certificate serial:       0196207A5D0562CB4E2DED82026DD0232B06
Authority key identifier: BB:83:06:30:F2:3B:07:0A:2B:7B:DF:52:9F:73:94:8C:97:EA:CD:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/PbW71RIBvB328VTIPh1scqZr_24.roa
Signing time:             Thu 10 Apr 2025 16:13:32 +0000
ROA not before:           Thu 10 Apr 2025 16:13:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33993
IP address blocks:        45.67.230.0/24 maxlen: 24
                          94.131.113.0/24 maxlen: 24
                          94.131.121.0/24 maxlen: 24
                          103.113.68.0/24 maxlen: 24
                          185.234.59.0/24 maxlen: 24
                          185.235.242.0/24 maxlen: 24
                          185.250.149.0/24 maxlen: 24
                          2a09:7c47::/32 maxlen: 32
                          2a14:3880::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:20:7a:5d:05:62:cb:4e:2d:ed:82:02:6d:d0:23:2b:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb830630f23b070a2b7bdf529f73948c97eacd40
        Validity
            Not Before: Apr 10 16:13:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3db5bbd51201bc1df6f154c83e1d6c72a66bff6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:30:a5:d1:f3:d9:ac:17:14:6c:9d:90:ad:ba:
                    51:de:3d:9a:81:a4:3d:e3:6a:97:48:ad:c9:ba:74:
                    62:18:98:b6:b0:c8:ea:b0:4f:ef:30:6a:f7:dc:84:
                    30:1e:f7:f0:1c:98:c0:a0:b7:e4:c7:91:3b:96:3d:
                    d7:ce:9b:b4:f4:bf:00:d0:d7:7e:a2:5f:ea:79:23:
                    cf:62:86:ae:a9:0d:d1:a2:b6:b1:19:91:e8:52:4a:
                    58:1d:fd:6b:3c:04:d6:49:2c:8e:db:02:c4:75:53:
                    4b:5e:ca:75:82:30:80:1e:6c:17:81:82:d5:ca:db:
                    7d:82:a5:f8:56:17:bc:2a:03:aa:ee:33:a6:ae:bb:
                    2f:54:4a:45:89:12:ac:8f:37:a6:91:09:5e:63:66:
                    72:a5:c0:f3:fc:32:50:d0:91:2c:a1:92:b2:5e:f2:
                    98:59:d4:5b:76:eb:da:be:60:be:af:6c:5c:2a:e9:
                    f4:ec:b0:ce:15:fd:d7:df:ec:7b:6f:d8:95:7b:fc:
                    75:38:d5:fe:82:52:3d:be:e3:20:43:54:b8:0a:d7:
                    a4:61:97:f2:e1:62:21:2f:21:87:90:64:ec:ed:b3:
                    ac:52:12:79:1e:c1:19:0b:73:6e:7c:90:27:76:6b:
                    42:4b:55:e0:34:07:db:ac:08:ce:1b:8f:25:73:43:
                    fc:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:B5:BB:D5:12:01:BC:1D:F6:F1:54:C8:3E:1D:6C:72:A6:6B:FF:6E
            X509v3 Authority Key Identifier:
                keyid:BB:83:06:30:F2:3B:07:0A:2B:7B:DF:52:9F:73:94:8C:97:EA:CD:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/PbW71RIBvB328VTIPh1scqZr_24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/u4MGMPI7Bwore99Sn3OUjJfqzUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.230.0/24
                  94.131.113.0/24
                  94.131.121.0/24
                  103.113.68.0/24
                  185.234.59.0/24
                  185.235.242.0/24
                  185.250.149.0/24
                IPv6:
                  2a09:7c47::/32
                  2a14:3880::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:a0:4d:1e:f5:72:d5:fc:f4:9e:1f:05:19:48:8d:a1:66:cf:
         a8:f6:e8:03:b1:9f:ba:d4:22:42:4c:75:b5:d5:d1:3f:00:43:
         ce:ee:1b:d7:78:32:1f:e4:79:6c:f6:a1:8e:9d:ec:f1:59:95:
         68:8e:5e:88:da:69:b9:c8:ed:e4:46:a3:25:1d:f5:49:a4:92:
         78:f5:5a:fe:de:72:d9:20:b3:ba:d6:70:8e:dc:47:7f:a9:99:
         e7:7d:dd:20:84:fe:f9:df:8c:4c:4b:1a:a0:82:5a:4a:b0:f9:
         a2:c0:ae:2b:59:bc:50:93:e6:9a:c4:9e:9c:31:bf:95:53:88:
         ef:a7:87:ef:ae:62:89:cd:f6:82:eb:38:fb:2f:d4:5d:d7:95:
         5f:c4:aa:8f:c9:a1:a4:a1:2c:a1:9b:07:e1:62:25:d8:c3:36:
         17:2d:b1:0b:31:b8:95:75:ee:10:13:b5:a2:79:a7:82:3d:df:
         80:d7:d4:1f:af:eb:72:a1:e9:a3:30:9a:45:06:21:82:9d:48:
         31:24:9b:05:de:b8:87:52:3c:c5:ca:e9:47:5f:81:b5:05:9c:
         55:0e:18:dd:89:0e:3a:f1:ea:96:44:cd:1a:33:6e:d1:ae:ba:
         ed:a4:16:94:db:90:72:d6:91:5f:21:8e:31:ba:1c:70:75:a7:
         41:22:af:ed
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZYgel0FYstOLe2CAm3QIysGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiODMwNjMwZjIzYjA3MGEyYjdiZGY1MjlmNzM5NDhjOTdl
YWNkNDAwHhcNMjUwNDEwMTYxMzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGI1YmJkNTEyMDFiYzFkZjZmMTU0YzgzZTFkNmM3MmE2NmJmZjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTCl0fPZrBcUbJ2QrbpR3j2agaQ9
42qXSK3JunRiGJi2sMjqsE/vMGr33IQwHvfwHJjAoLfkx5E7lj3Xzpu09L8A0Nd+
ol/qeSPPYoauqQ3RoraxGZHoUkpYHf1rPATWSSyO2wLEdVNLXsp1gjCAHmwXgYLV
ytt9gqX4Vhe8KgOq7jOmrrsvVEpFiRKsjzemkQleY2ZypcDz/DJQ0JEsoZKyXvKY
WdRbduvavmC+r2xcKun07LDOFf3X3+x7b9iVe/x1ONX+glI9vuMgQ1S4CtekYZfy
4WIhLyGHkGTs7bOsUhJ5HsEZC3NufJAndmtCS1XgNAfbrAjOG48lc0P8JwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFD21u9USAbwd9vFUyD4dbHKma/9uMB8GA1UdIwQY
MBaAFLuDBjDyOwcKK3vfUp9zlIyX6s1AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTRNR01QSTdCd29yZTk5U24zT1VqSmZxelVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9mNzZlMjAtNTg1OS00MTVkLTg2YjMt
MTE5ZWZjYmIyMDIzLzEvUGJXNzFSSUJ2QjMyOFZUSVBoMXNjcVpyXzI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9mNzZlMjAtNTg1OS00MTVkLTg2YjMtMTE5ZWZjYmIyMDIz
LzEvdTRNR01QSTdCd29yZTk5U24zT1VqSmZxelVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQALUPmAwQA
XoNxAwQAXoN5AwQAZ3FEAwQAueo7AwQAuevyAwQAufqVMBQEAgACMA4DBQAqCXxH
AwUAKhQ4gDANBgkqhkiG9w0BAQsFAAOCAQEAhKBNHvVy1fz0nh8FGUiNoWbPqPbo
A7GfutQiQkx1tdXRPwBDzu4b13gyH+R5bPahjp3s8VmVaI5eiNppucjt5EajJR31
SaSSePVa/t5y2SCzutZwjtxHf6mZ533dIIT++d+MTEsaoIJaSrD5osCuK1m8UJPm
msSenDG/lVOI76eH765iic32gus4+y/UXdeVX8Sqj8mhpKEsoZsH4WIl2MM2Fy2x
CzG4lXXuEBO1onmngj3fgNfUH6/rcqHpozCaRQYhgp1IMSSbBd64h1I8xcrpR1+B
tQWcVQ4Y3YkOOvHqlkTNGjNu0a667aQWlNuQctaRXyGOMboccHWnQSKv7Q==
-----END CERTIFICATE-----