Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e85180-1910-4c42-a1f5-73202f0e1d03/1/UPhAaB84R0Xe1XTexqfwP-ciVHM.roa
File:                     UPhAaB84R0Xe1XTexqfwP-ciVHM.roa (raw, json)
Hash identifier:          p28psRkGWXa6krQq8ETJGtszXl3PhjiqO+T48rxu9sI=
Subject key identifier:   50:F8:40:68:1F:38:47:45:DE:D5:74:DE:C6:A7:F0:3F:E7:22:54:73
Certificate issuer:       /CN=d62329d8d7e541953e120fd05f66cc6ebab0684d
Certificate serial:       019420D5C6FEB05F8A70AA0402D47E2F3CC1
Authority key identifier: D6:23:29:D8:D7:E5:41:95:3E:12:0F:D0:5F:66:CC:6E:BA:B0:68:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1iMp2NflQZU-Eg_QX2bMbrqwaE0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e85180-1910-4c42-a1f5-73202f0e1d03/1/UPhAaB84R0Xe1XTexqfwP-ciVHM.roa
Signing time:             Wed 01 Jan 2025 07:47:48 +0000
ROA not before:           Wed 01 Jan 2025 07:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25151
IP address blocks:        37.46.136.0/21 maxlen: 24
                          81.24.0.0/22 maxlen: 24
                          81.24.4.0/22 maxlen: 24
                          81.24.6.0/23 maxlen: 24
                          81.24.8.0/22 maxlen: 24
                          81.24.10.0/23 maxlen: 24
                          85.158.200.0/21 maxlen: 24
                          93.94.224.0/21 maxlen: 24
                          109.235.72.0/21 maxlen: 24
                          185.54.112.0/22 maxlen: 24
                          185.78.196.0/22 maxlen: 24
                          2a01:518::/32 maxlen: 48
                          2a05:6cc0::/29 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:c6:fe:b0:5f:8a:70:aa:04:02:d4:7e:2f:3c:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d62329d8d7e541953e120fd05f66cc6ebab0684d
        Validity
            Not Before: Jan  1 07:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50f840681f384745ded574dec6a7f03fe7225473
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c9:b7:ec:6e:5a:2f:57:52:e6:1e:bb:de:ac:
                    a7:fc:10:31:bf:01:cc:f4:e4:69:50:12:c5:ac:bb:
                    1d:0f:e7:d2:02:b8:9c:05:aa:39:64:00:c0:53:ac:
                    bd:3f:19:7d:e9:b7:f5:d7:32:96:f1:76:08:d8:95:
                    57:c1:6c:b7:ee:b8:04:44:66:f5:bb:87:73:a9:fc:
                    44:47:c4:fe:82:42:c2:fe:1b:96:91:58:ab:8c:23:
                    86:cf:c7:c2:0d:09:02:77:9e:e9:f3:dd:50:b4:80:
                    aa:5b:cb:36:4c:96:41:a0:d1:31:90:93:01:8b:ce:
                    0d:16:5f:38:f3:d9:a5:11:8a:4b:ef:45:70:fd:a5:
                    ca:fd:e3:2b:a9:a1:99:ad:36:af:3f:e0:79:27:c6:
                    95:b3:c4:5d:c6:10:81:73:20:42:68:af:c0:8d:24:
                    74:e7:b9:b4:0e:28:e0:08:ed:6a:1c:10:89:87:7f:
                    6e:7c:9c:ac:d6:b8:16:11:17:7c:72:43:c2:fb:3c:
                    25:2c:dc:4b:5f:6f:6b:79:97:92:2d:ce:ba:0a:95:
                    7d:96:60:78:58:d7:55:69:da:38:29:10:62:c0:64:
                    c7:9b:85:1d:d5:59:51:01:08:25:69:01:51:23:95:
                    55:79:22:d3:8c:f3:e7:4f:79:8f:be:4f:e5:b0:8e:
                    f7:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:F8:40:68:1F:38:47:45:DE:D5:74:DE:C6:A7:F0:3F:E7:22:54:73
            X509v3 Authority Key Identifier:
                keyid:D6:23:29:D8:D7:E5:41:95:3E:12:0F:D0:5F:66:CC:6E:BA:B0:68:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1iMp2NflQZU-Eg_QX2bMbrqwaE0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e85180-1910-4c42-a1f5-73202f0e1d03/1/UPhAaB84R0Xe1XTexqfwP-ciVHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e85180-1910-4c42-a1f5-73202f0e1d03/1/1iMp2NflQZU-Eg_QX2bMbrqwaE0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.136.0/21
                  81.24.0.0-81.24.11.255
                  85.158.200.0/21
                  93.94.224.0/21
                  109.235.72.0/21
                  185.54.112.0/22
                  185.78.196.0/22
                IPv6:
                  2a01:518::/32
                  2a05:6cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1c:47:dd:5c:f0:3e:5e:dd:02:a9:44:a0:41:d9:bd:cb:28:df:
         2b:47:5b:94:f4:b9:56:e7:21:74:ce:eb:29:c6:f8:8d:73:91:
         44:fd:07:ef:26:67:a3:4c:0f:97:af:96:3c:2f:45:bd:18:ec:
         5a:30:e1:f7:7a:44:8c:0b:b1:a9:90:90:a7:8d:09:c9:c1:d9:
         2d:1c:00:8c:9a:55:60:b5:7e:5c:db:5d:ff:2f:f3:ad:49:c8:
         1b:a9:cf:99:8d:bd:fd:d0:39:ec:75:d1:49:e0:49:f4:91:3e:
         20:b4:68:7a:ae:d2:ac:59:ee:85:65:09:2c:74:02:b9:9b:05:
         dd:82:72:87:cf:0f:dd:83:46:eb:f0:7d:50:0a:72:f7:fd:66:
         41:07:82:d9:ae:c4:25:52:2f:6a:81:b8:f1:2c:d0:b5:d3:9c:
         a4:2c:db:9a:27:b6:40:cb:e8:db:cc:ba:b4:a6:7b:d2:2c:fe:
         23:4f:dc:1a:8f:c3:6d:51:17:fb:2a:81:63:7b:04:c1:7f:b9:
         75:fa:f4:e5:9f:c9:1c:7d:9b:bd:34:71:39:b3:de:b8:5e:f7:
         12:f7:45:c3:e0:05:41:4d:b2:b9:0c:ac:50:be:f4:74:76:63:
         31:94:c3:6e:1d:0d:86:fb:b7:10:d0:80:90:b2:90:1b:e6:7e:
         6e:34:a3:d3
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZQg1cb+sF+KcKoEAtR+LzzBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MjMyOWQ4ZDdlNTQxOTUzZTEyMGZkMDVmNjZjYzZlYmFi
MDY4NGQwHhcNMjUwMTAxMDc0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGY4NDA2ODFmMzg0NzQ1ZGVkNTc0ZGVjNmE3ZjAzZmU3MjI1NDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8m37G5aL1dS5h673qyn/BAxvwHM
9ORpUBLFrLsdD+fSAricBao5ZADAU6y9Pxl96bf11zKW8XYI2JVXwWy37rgERGb1
u4dzqfxER8T+gkLC/huWkVirjCOGz8fCDQkCd57p891QtICqW8s2TJZBoNExkJMB
i84NFl8489mlEYpL70Vw/aXK/eMrqaGZrTavP+B5J8aVs8RdxhCBcyBCaK/AjSR0
57m0DijgCO1qHBCJh39ufJys1rgWERd8ckPC+zwlLNxLX29reZeSLc66CpV9lmB4
WNdVado4KRBiwGTHm4Ud1VlRAQglaQFRI5VVeSLTjPPnT3mPvk/lsI735QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFD4QGgfOEdF3tV03san8D/nIlRzMB8GA1UdIwQY
MBaAFNYjKdjX5UGVPhIP0F9mzG66sGhNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWlNcDJOZmxRWlUtRWdfUVgyYk1icnF3YUUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lODUxODAtMTkxMC00YzQyLWExZjUt
NzMyMDJmMGUxZDAzLzEvVVBoQWFCODRSMFhlMVhUZXhxZndQLWNpVkhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lODUxODAtMTkxMC00YzQyLWExZjUtNzMyMDJmMGUxZDAz
LzEvMWlNcDJOZmxRWlUtRWdfUVgyYk1icnF3YUUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA3BAIAATAxAwQDJS6IMAsD
AwNRGAMEAlEYCAMEA1WeyAMEA11e4AMEA23rSAMEArk2cAMEArlOxDAUBAIAAjAO
AwUAKgEFGAMFAyoFbMAwDQYJKoZIhvcNAQELBQADggEBABxH3VzwPl7dAqlEoEHZ
vcso3ytHW5T0uVbnIXTO6ynG+I1zkUT9B+8mZ6NMD5evljwvRb0Y7Fow4fd6RIwL
samQkKeNCcnB2S0cAIyaVWC1flzbXf8v861JyBupz5mNvf3QOex10UngSfSRPiC0
aHqu0qxZ7oVlCSx0ArmbBd2CcofPD92DRuvwfVAKcvf9ZkEHgtmuxCVSL2qBuPEs
0LXTnKQs25ontkDL6NvMurSme9Is/iNP3BqPw21RF/sqgWN7BMF/uXX69OWfyRx9
m700cTmz3rhe9xL3RcPgBUFNsrkMrFC+9HR2YzGUw24dDYb7txDQgJCykBvmfm40
o9M=
-----END CERTIFICATE-----