Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/9d8f21-b27f-435d-a7b5-784624a7b47e/1/t3t-pfr4z9GKajIg-Z7_EPV6sNk.roa
File:                     t3t-pfr4z9GKajIg-Z7_EPV6sNk.roa (raw, json)
Hash identifier:          uoY/pW5jXoKIZBICE3itvMsyp7LXbbd5XR575s2v/qM=
Subject key identifier:   B7:7B:7E:A5:FA:F8:CF:D1:8A:6A:32:20:F9:9E:FF:10:F5:7A:B0:D9
Certificate issuer:       /CN=896d5866c35093352e7b9e0762c591e08e50f967
Certificate serial:       019423D6C86283E3CF84DF30397D32614160
Authority key identifier: 89:6D:58:66:C3:50:93:35:2E:7B:9E:07:62:C5:91:E0:8E:50:F9:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iW1YZsNQkzUue54HYsWR4I5Q-Wc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/9d8f21-b27f-435d-a7b5-784624a7b47e/1/t3t-pfr4z9GKajIg-Z7_EPV6sNk.roa
Signing time:             Wed 01 Jan 2025 21:47:45 +0000
ROA not before:           Wed 01 Jan 2025 21:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60092
IP address blocks:        91.195.24.0/23 maxlen: 23
                          91.195.24.0/24 maxlen: 24
                          91.195.25.0/24 maxlen: 24
                          193.151.20.0/22 maxlen: 22
                          193.151.20.0/24 maxlen: 24
                          193.151.21.0/24 maxlen: 24
                          193.151.22.0/24 maxlen: 24
                          193.151.23.0/24 maxlen: 24
                          2001:67c:2c88::/47 maxlen: 47
                          2001:67c:2c88::/48 maxlen: 48
                          2001:67c:2c89::/48 maxlen: 48
                          2001:67c:2c90::/46 maxlen: 46
                          2001:67c:2c90::/48 maxlen: 48
                          2001:67c:2c91::/48 maxlen: 48
                          2001:67c:2c92::/48 maxlen: 48
                          2001:67c:2c93::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:c8:62:83:e3:cf:84:df:30:39:7d:32:61:41:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=896d5866c35093352e7b9e0762c591e08e50f967
        Validity
            Not Before: Jan  1 21:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b77b7ea5faf8cfd18a6a3220f99eff10f57ab0d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:bf:b7:8e:9f:91:44:c8:e6:86:49:32:08:38:
                    51:f8:71:45:0a:a5:5b:c1:d4:62:24:a4:95:f2:44:
                    81:f1:47:cf:e1:0b:7c:01:e3:e7:c3:72:85:a3:48:
                    de:7a:85:e6:ca:fe:fe:99:ac:5f:3c:18:d1:f8:38:
                    cb:ee:8f:49:22:10:8b:4d:2d:fd:b2:4d:7a:48:78:
                    07:f3:69:f2:53:cc:c5:14:91:b7:79:8c:db:db:5a:
                    40:28:f1:45:2a:a6:49:0c:f0:fd:a9:6e:f1:1b:6a:
                    cf:4d:6d:b7:a6:09:e1:a8:ec:a5:d3:20:47:8c:5d:
                    07:62:47:5c:4e:be:c0:9e:e2:ce:6b:c9:fd:72:93:
                    e2:a5:4c:05:e1:cd:74:4e:39:f8:53:88:8f:1e:88:
                    d4:ab:c6:29:42:4e:6c:b2:e0:42:97:71:ba:5d:c0:
                    db:54:36:c2:90:b0:e8:8c:37:a1:ec:0b:09:c0:0b:
                    fd:be:02:cb:fc:92:d4:70:4b:5b:93:aa:27:a2:40:
                    ca:76:3c:42:43:cd:1c:82:e7:9a:3d:dc:e1:46:ec:
                    77:f6:76:44:56:49:6d:24:bb:9d:d5:32:d6:bf:f4:
                    40:53:f2:02:d8:ba:82:04:17:a9:91:4a:44:dd:ed:
                    60:c5:3c:8b:ca:ca:ef:73:0a:3e:73:17:22:82:c8:
                    99:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:7B:7E:A5:FA:F8:CF:D1:8A:6A:32:20:F9:9E:FF:10:F5:7A:B0:D9
            X509v3 Authority Key Identifier:
                keyid:89:6D:58:66:C3:50:93:35:2E:7B:9E:07:62:C5:91:E0:8E:50:F9:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iW1YZsNQkzUue54HYsWR4I5Q-Wc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/9d8f21-b27f-435d-a7b5-784624a7b47e/1/t3t-pfr4z9GKajIg-Z7_EPV6sNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/9d8f21-b27f-435d-a7b5-784624a7b47e/1/iW1YZsNQkzUue54HYsWR4I5Q-Wc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.24.0/23
                  193.151.20.0/22
                IPv6:
                  2001:67c:2c88::/47
                  2001:67c:2c90::/46

    Signature Algorithm: sha256WithRSAEncryption
         38:b0:b0:2a:0e:22:65:9c:83:87:84:56:64:12:1d:a7:d0:87:
         b3:d2:df:5b:6d:3e:df:55:a4:89:7b:f2:1f:93:9a:d4:bf:d8:
         ba:fa:2a:27:e9:63:aa:54:e8:08:2b:e6:3c:10:f4:e5:0e:b4:
         a5:76:62:d5:40:27:92:df:f1:15:11:f8:47:92:c1:6f:de:c0:
         01:c9:01:77:dd:f9:b4:c6:29:10:db:f3:5c:66:c1:07:e9:a5:
         6c:6b:1d:2d:44:9e:4a:4f:ab:18:2a:d5:95:60:79:0b:d9:07:
         b8:7a:c9:ff:6b:a8:3a:d9:39:39:ed:a9:3a:b7:3d:a9:85:8b:
         0d:1b:c3:af:e6:53:78:a4:d4:4b:eb:42:c4:4e:0b:d8:6d:5c:
         6c:7e:70:1c:8b:91:80:8a:fc:25:f2:2e:7a:12:a1:b7:78:b6:
         e8:3b:f3:68:1f:58:17:2c:12:25:1e:ba:f4:75:4c:7b:37:fa:
         11:f6:7d:21:bb:4e:49:27:12:42:d1:28:35:ba:ee:32:28:36:
         a4:78:e3:a7:6d:19:92:94:7f:48:38:a3:6b:1e:4b:b0:7d:0d:
         c7:7a:82:8b:c9:05:b1:76:a5:18:88:bd:44:94:4d:17:a1:08:
         e8:d7:59:83:5f:78:02:0c:29:17:e5:15:29:e2:ba:2d:63:17:
         6a:39:1a:1c
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZQj1shig+PPhN8wOX0yYUFgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmQ1ODY2YzM1MDkzMzUyZTdiOWUwNzYyYzU5MWUwOGU1
MGY5NjcwHhcNMjUwMTAxMjE0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzdiN2VhNWZhZjhjZmQxOGE2YTMyMjBmOTllZmYxMGY1N2FiMGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyb+3jp+RRMjmhkkyCDhR+HFFCqVb
wdRiJKSV8kSB8UfP4Qt8AePnw3KFo0jeeoXmyv7+maxfPBjR+DjL7o9JIhCLTS39
sk16SHgH82nyU8zFFJG3eYzb21pAKPFFKqZJDPD9qW7xG2rPTW23pgnhqOyl0yBH
jF0HYkdcTr7AnuLOa8n9cpPipUwF4c10Tjn4U4iPHojUq8YpQk5ssuBCl3G6XcDb
VDbCkLDojDeh7AsJwAv9vgLL/JLUcEtbk6onokDKdjxCQ80cgueaPdzhRux39nZE
VkltJLud1TLWv/RAU/IC2LqCBBepkUpE3e1gxTyLysrvcwo+cxcigsiZfQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFLd7fqX6+M/RimoyIPme/xD1erDZMB8GA1UdIwQY
MBaAFIltWGbDUJM1LnueB2LFkeCOUPlnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVcxWVpzTlFrelV1ZTU0SFlzV1I0STVRLVdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi85ZDhmMjEtYjI3Zi00MzVkLWE3YjUt
Nzg0NjI0YTdiNDdlLzEvdDN0LXBmcjR6OUdLYWpJZy1aN19FUFY2c05rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi85ZDhmMjEtYjI3Zi00MzVkLWE3YjUtNzg0NjI0YTdiNDdl
LzEvaVcxWVpzTlFrelV1ZTU0SFlzV1I0STVRLVdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjASBAIAATAMAwQBW8MYAwQC
wZcUMBgEAgACMBIDBwEgAQZ8LIgDBwIgAQZ8LJAwDQYJKoZIhvcNAQELBQADggEB
ADiwsCoOImWcg4eEVmQSHafQh7PS31ttPt9VpIl78h+TmtS/2Lr6KifpY6pU6Agr
5jwQ9OUOtKV2YtVAJ5Lf8RUR+EeSwW/ewAHJAXfd+bTGKRDb81xmwQfppWxrHS1E
nkpPqxgq1ZVgeQvZB7h6yf9rqDrZOTntqTq3PamFiw0bw6/mU3ik1EvrQsROC9ht
XGx+cByLkYCK/CXyLnoSobd4tug782gfWBcsEiUeuvR1THs3+hH2fSG7TkknEkLR
KDW67jIoNqR446dtGZKUf0g4o2seS7B9Dcd6govJBbF2pRiIvUSUTRehCOjXWYNf
eAIMKRflFSniui1jF2o5Ghw=
-----END CERTIFICATE-----