Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/d81745-658d-4a74-92f7-5d3a421a0f10/1/xJZ2Genlg6FZ5BYdZvsnK__KGuk.roa
File:                     xJZ2Genlg6FZ5BYdZvsnK__KGuk.roa (raw, json)
Hash identifier:          vX+ymzFaWBe0MgYWBkL1Ckb8oOlGEmiJb877SUGvYCI=
Subject key identifier:   C4:96:76:19:E9:E5:83:A1:59:E4:16:1D:66:FB:27:2B:FF:CA:1A:E9
Certificate issuer:       /CN=5f08dc10218ac6db79430ae7c44515590417d605
Certificate serial:       0194C6A048807CFBA9CEDBDCBCAAB0CE49CD
Authority key identifier: 5F:08:DC:10:21:8A:C6:DB:79:43:0A:E7:C4:45:15:59:04:17:D6:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XwjcECGKxtt5QwrnxEUVWQQX1gU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/d81745-658d-4a74-92f7-5d3a421a0f10/1/xJZ2Genlg6FZ5BYdZvsnK__KGuk.roa
Signing time:             Sun 02 Feb 2025 12:26:20 +0000
ROA not before:           Sun 02 Feb 2025 12:26:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42337
IP address blocks:        176.101.32.0/20 maxlen: 20
                          176.101.32.0/24 maxlen: 24
                          176.101.33.0/24 maxlen: 24
                          176.101.34.0/24 maxlen: 24
                          176.101.35.0/24 maxlen: 24
                          176.101.36.0/24 maxlen: 24
                          176.101.37.0/24 maxlen: 24
                          176.101.38.0/24 maxlen: 24
                          176.101.39.0/24 maxlen: 24
                          176.101.40.0/24 maxlen: 24
                          176.101.41.0/24 maxlen: 24
                          176.101.42.0/24 maxlen: 24
                          176.101.43.0/24 maxlen: 24
                          176.101.44.0/24 maxlen: 24
                          176.101.45.0/24 maxlen: 24
                          176.101.46.0/24 maxlen: 24
                          176.101.47.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:c6:a0:48:80:7c:fb:a9:ce:db:dc:bc:aa:b0:ce:49:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f08dc10218ac6db79430ae7c44515590417d605
        Validity
            Not Before: Feb  2 12:26:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4967619e9e583a159e4161d66fb272bffca1ae9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:51:c4:8c:72:af:1b:bb:91:44:82:96:12:0e:
                    91:d2:e4:11:7e:75:e3:72:04:58:47:3d:25:a9:10:
                    f7:46:46:4f:10:5a:70:27:9c:87:13:14:2d:e6:b0:
                    cd:42:ab:95:41:5f:ff:ac:52:04:82:74:91:a1:f0:
                    33:81:29:d1:81:95:e3:36:4d:c5:d8:fe:47:04:95:
                    37:93:d2:e4:58:0b:2f:14:e8:b9:e1:02:9c:ed:80:
                    bd:62:79:fc:a6:2a:f7:d8:e6:92:c9:df:8d:26:55:
                    21:be:11:ba:89:fb:f1:f1:8f:76:6f:fa:ac:e8:63:
                    e8:00:da:dd:12:6f:29:f3:fd:10:11:de:44:53:00:
                    d7:dd:86:2e:eb:db:1b:ce:3c:d9:f6:76:3c:10:70:
                    e2:5a:20:39:42:c1:83:4f:dc:63:61:2a:08:78:40:
                    80:f5:3f:6e:24:f1:e9:9f:f7:b3:98:76:3f:14:5b:
                    f9:28:19:a8:d7:22:42:11:f2:50:93:c4:e1:bb:2d:
                    10:eb:3c:fe:fe:5f:23:77:6e:2e:4c:1c:13:1f:84:
                    6c:3e:3d:43:53:0e:4a:74:fa:d8:4a:4d:a0:41:95:
                    c8:5f:f0:e9:1e:67:15:cd:21:71:57:de:3c:b3:53:
                    fe:7e:65:af:c4:e9:c4:92:d1:bc:70:5c:e0:61:39:
                    7f:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:96:76:19:E9:E5:83:A1:59:E4:16:1D:66:FB:27:2B:FF:CA:1A:E9
            X509v3 Authority Key Identifier:
                keyid:5F:08:DC:10:21:8A:C6:DB:79:43:0A:E7:C4:45:15:59:04:17:D6:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XwjcECGKxtt5QwrnxEUVWQQX1gU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/d81745-658d-4a74-92f7-5d3a421a0f10/1/xJZ2Genlg6FZ5BYdZvsnK__KGuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/d81745-658d-4a74-92f7-5d3a421a0f10/1/XwjcECGKxtt5QwrnxEUVWQQX1gU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.101.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         50:53:52:06:0e:ba:ff:a2:01:ee:d9:11:ed:93:63:ec:55:b2:
         52:f6:5c:dc:2e:da:1b:ce:6a:82:47:3a:91:a1:64:b6:c4:9e:
         87:24:1f:3a:9f:66:ec:ff:d0:c0:4a:7f:e2:a7:29:54:d2:83:
         45:08:5d:6d:13:23:7d:c8:50:b5:44:71:a5:1f:e2:20:1c:d0:
         c1:0d:dd:48:70:0e:8f:8d:0d:0a:20:dd:99:07:a4:0a:77:e5:
         65:3d:c7:e8:bc:0b:1b:ab:d2:fa:a1:9b:88:fe:5e:7c:28:14:
         75:ce:1f:63:04:9c:83:ac:ce:39:fe:f7:9b:75:49:6f:48:01:
         29:85:2c:55:3d:84:53:53:d5:b0:21:0b:05:6b:2c:db:c2:06:
         3a:19:70:7b:af:cb:6d:53:0f:fd:c8:8c:be:3d:81:96:93:35:
         fc:0f:89:b2:43:03:c6:c7:34:1c:f1:8c:66:0c:5a:0a:9c:1d:
         3d:1a:c8:06:30:65:ec:ce:96:20:c7:b3:2c:0d:04:51:ed:ba:
         70:8a:65:e3:fb:78:c1:33:ee:35:09:52:f3:2e:97:e1:86:12:
         95:4b:53:10:ee:18:ba:41:15:99:5d:5c:2d:fb:42:f4:31:ac:
         a8:75:ad:2d:a5:5a:f1:fd:77:6a:e1:06:12:58:8c:c1:50:06:
         8e:01:ca:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTGoEiAfPupztvcvKqwzknNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMDhkYzEwMjE4YWM2ZGI3OTQzMGFlN2M0NDUxNTU5MDQx
N2Q2MDUwHhcNMjUwMjAyMTIyNjIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDk2NzYxOWU5ZTU4M2ExNTllNDE2MWQ2NmZiMjcyYmZmY2ExYWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFHEjHKvG7uRRIKWEg6R0uQRfnXj
cgRYRz0lqRD3RkZPEFpwJ5yHExQt5rDNQquVQV//rFIEgnSRofAzgSnRgZXjNk3F
2P5HBJU3k9LkWAsvFOi54QKc7YC9Ynn8pir32OaSyd+NJlUhvhG6ifvx8Y92b/qs
6GPoANrdEm8p8/0QEd5EUwDX3YYu69sbzjzZ9nY8EHDiWiA5QsGDT9xjYSoIeECA
9T9uJPHpn/ezmHY/FFv5KBmo1yJCEfJQk8Thuy0Q6zz+/l8jd24uTBwTH4RsPj1D
Uw5KdPrYSk2gQZXIX/DpHmcVzSFxV948s1P+fmWvxOnEktG8cFzgYTl/3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSWdhnp5YOhWeQWHWb7Jyv/yhrpMB8GA1UdIwQY
MBaAFF8I3BAhisbbeUMK58RFFVkEF9YFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHdqY0VDR0t4dHQ1UXdybnhFVVZXUVFYMWdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9kODE3NDUtNjU4ZC00YTc0LTkyZjct
NWQzYTQyMWEwZjEwLzEveEpaMkdlbmxnNkZaNUJZZFp2c25LX19LR3VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9kODE3NDUtNjU4ZC00YTc0LTkyZjctNWQzYTQyMWEwZjEw
LzEvWHdqY0VDR0t4dHQ1UXdybnhFVVZXUVFYMWdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEsGUgMA0G
CSqGSIb3DQEBCwUAA4IBAQBQU1IGDrr/ogHu2RHtk2PsVbJS9lzcLtobzmqCRzqR
oWS2xJ6HJB86n2bs/9DASn/ipylU0oNFCF1tEyN9yFC1RHGlH+IgHNDBDd1IcA6P
jQ0KIN2ZB6QKd+VlPcfovAsbq9L6oZuI/l58KBR1zh9jBJyDrM45/vebdUlvSAEp
hSxVPYRTU9WwIQsFayzbwgY6GXB7r8ttUw/9yIy+PYGWkzX8D4myQwPGxzQc8Yxm
DFoKnB09GsgGMGXszpYgx7MsDQRR7bpwimXj+3jBM+41CVLzLpfhhhKVS1MQ7hi6
QRWZXVwt+0L0Mayoda0tpVrx/Xdq4QYSWIzBUAaOAcpf
-----END CERTIFICATE-----