Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/c7a68f-7bf8-4f80-a9a2-815d2c026646/1/jA79aGVqPI-PvZSOlUeJ0j64c1Q.roa
File:                     jA79aGVqPI-PvZSOlUeJ0j64c1Q.roa (raw, json)
Hash identifier:          cpbrUzoeXFWleCog+F05RG8Xxbfmz0h5Ia9JXBRNANY=
Subject key identifier:   8C:0E:FD:68:65:6A:3C:8F:8F:BD:94:8E:95:47:89:D2:3E:B8:73:54
Certificate issuer:       /CN=01335442514d5249b5143cfdf821216bb5c52940
Certificate serial:       0194236A40CF80C11D69A695323EF6EF082D
Authority key identifier: 01:33:54:42:51:4D:52:49:B5:14:3C:FD:F8:21:21:6B:B5:C5:29:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ATNUQlFNUkm1FDz9-CEha7XFKUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/c7a68f-7bf8-4f80-a9a2-815d2c026646/1/jA79aGVqPI-PvZSOlUeJ0j64c1Q.roa
Signing time:             Wed 01 Jan 2025 19:49:13 +0000
ROA not before:           Wed 01 Jan 2025 19:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39134
IP address blocks:        88.212.192.0/20 maxlen: 24
                          88.212.192.0/24 maxlen: 24
                          88.212.196.0/24 maxlen: 24
                          88.212.204.0/24 maxlen: 24
                          88.212.208.0/22 maxlen: 24
                          88.212.220.0/22 maxlen: 24
                          88.212.224.0/22 maxlen: 24
                          88.212.228.0/22 maxlen: 24
                          88.212.229.0/24 maxlen: 24
                          88.212.230.0/23 maxlen: 23
                          185.206.100.0/22 maxlen: 24
                          185.206.100.0/24 maxlen: 24
                          2a02:2100::/32 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:40:cf:80:c1:1d:69:a6:95:32:3e:f6:ef:08:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01335442514d5249b5143cfdf821216bb5c52940
        Validity
            Not Before: Jan  1 19:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c0efd68656a3c8f8fbd948e954789d23eb87354
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:62:cf:bc:d6:8f:ff:78:e8:91:36:80:74:8a:
                    f9:a4:a4:f4:a9:44:4e:5e:d8:7c:ac:83:ff:e5:3a:
                    6a:9b:2c:ff:6c:b5:83:d0:b2:99:ae:5b:bf:91:75:
                    84:85:92:82:0f:af:7d:11:d1:c9:5d:bd:80:53:9c:
                    a1:08:4e:8a:97:4a:64:3b:af:a3:1e:aa:68:04:50:
                    13:46:17:93:de:3d:a4:0a:8c:f9:87:89:10:a7:af:
                    f2:ab:7c:7a:46:4c:52:38:18:97:ba:23:83:e7:36:
                    1f:e0:0e:ab:24:a0:57:e0:b5:dc:c4:03:8a:0a:59:
                    e7:65:43:7c:5c:23:3f:2e:aa:08:83:a2:82:92:f5:
                    ca:d6:44:68:1b:9b:18:77:f5:c5:d8:b5:dc:e9:2e:
                    0c:87:a8:c7:ad:92:47:c0:f6:40:ea:2e:67:89:01:
                    0d:b3:f2:f1:8b:36:50:01:87:20:12:d3:2c:1c:4a:
                    74:d2:bd:45:18:47:4f:33:b5:f5:16:58:14:39:5f:
                    d2:f2:8d:22:dc:1d:f5:7c:60:c3:89:84:53:63:ce:
                    eb:a9:b0:0e:84:f9:ac:bb:7a:65:5b:5b:a1:22:52:
                    48:e9:23:0e:d2:3f:e2:a0:6b:5e:d4:83:08:0f:d5:
                    2a:fb:14:23:93:44:b5:22:76:cc:a9:ea:df:84:02:
                    8c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:0E:FD:68:65:6A:3C:8F:8F:BD:94:8E:95:47:89:D2:3E:B8:73:54
            X509v3 Authority Key Identifier:
                keyid:01:33:54:42:51:4D:52:49:B5:14:3C:FD:F8:21:21:6B:B5:C5:29:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ATNUQlFNUkm1FDz9-CEha7XFKUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/c7a68f-7bf8-4f80-a9a2-815d2c026646/1/jA79aGVqPI-PvZSOlUeJ0j64c1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/c7a68f-7bf8-4f80-a9a2-815d2c026646/1/ATNUQlFNUkm1FDz9-CEha7XFKUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.212.192.0-88.212.211.255
                  88.212.220.0-88.212.231.255
                  185.206.100.0/22
                IPv6:
                  2a02:2100::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:f5:3a:2f:04:12:5e:6f:74:7a:11:66:1f:23:92:8a:3b:1c:
         4d:f8:b8:a4:3e:61:b1:a9:68:b6:05:ab:15:a1:47:1d:12:ed:
         c5:2c:5f:e5:d9:69:47:e9:ef:5b:d6:ec:0f:89:66:8f:69:e1:
         96:48:a3:32:8a:2a:65:11:59:90:58:8d:e2:c4:34:01:16:82:
         d1:81:3e:df:f6:51:6c:d7:d0:18:40:93:03:6c:b1:85:4b:ac:
         a4:f5:4f:c1:8f:cc:c6:96:cb:cb:9e:1d:c1:3f:8d:c3:db:ab:
         8b:c7:25:f5:41:0a:38:94:ad:3d:84:4a:4d:69:f6:7d:da:af:
         85:b5:be:5f:cd:36:3b:02:79:58:97:a9:2b:97:8a:20:78:f0:
         a9:9d:00:34:79:ad:0b:55:79:b9:b8:48:0d:f7:72:3a:10:36:
         54:3d:59:50:a2:eb:28:c3:6a:6c:91:10:47:17:8b:0c:ca:65:
         70:6c:cd:0b:a6:7c:6f:a8:83:9f:d8:4c:2a:02:5b:d0:47:2a:
         8e:89:86:d1:a4:14:cd:74:fc:a7:71:db:33:bf:97:af:76:c1:
         45:83:28:79:ef:6b:6a:3b:9d:8c:ab:29:f5:f5:49:4c:18:dc:
         55:c4:f1:ed:ec:ad:af:70:3f:33:1c:c2:04:98:6a:bb:d2:cc:
         2b:e4:a2:18
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZQjakDPgMEdaaaVMj727wgtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxMzM1NDQyNTE0ZDUyNDliNTE0M2NmZGY4MjEyMTZiYjVj
NTI5NDAwHhcNMjUwMTAxMTk0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzBlZmQ2ODY1NmEzYzhmOGZiZDk0OGU5NTQ3ODlkMjNlYjg3MzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2LPvNaP/3jokTaAdIr5pKT0qURO
Xth8rIP/5Tpqmyz/bLWD0LKZrlu/kXWEhZKCD699EdHJXb2AU5yhCE6Kl0pkO6+j
HqpoBFATRheT3j2kCoz5h4kQp6/yq3x6RkxSOBiXuiOD5zYf4A6rJKBX4LXcxAOK
ClnnZUN8XCM/LqoIg6KCkvXK1kRoG5sYd/XF2LXc6S4Mh6jHrZJHwPZA6i5niQEN
s/LxizZQAYcgEtMsHEp00r1FGEdPM7X1FlgUOV/S8o0i3B31fGDDiYRTY87rqbAO
hPmsu3plW1uhIlJI6SMO0j/ioGte1IMID9Uq+xQjk0S1InbMqerfhAKMqQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFIwO/WhlajyPj72UjpVHidI+uHNUMB8GA1UdIwQY
MBaAFAEzVEJRTVJJtRQ8/fghIWu1xSlAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVROVVFsRk5Va20xRkR6OS1DRWhhN1hGS1VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9jN2E2OGYtN2JmOC00ZjgwLWE5YTIt
ODE1ZDJjMDI2NjQ2LzEvakE3OWFHVnFQSS1QdlpTT2xVZUowajY0YzFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9jN2E2OGYtN2JmOC00ZjgwLWE5YTItODE1ZDJjMDI2NjQ2
LzEvQVROVVFsRk5Va20xRkR6OS1DRWhhN1hGS1VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAoBAIAATAiMAwDBAZY1MAD
BAJY1NAwDAMEAljU3AMEA1jU4AMEArnOZDANBAIAAjAHAwUAKgIhADANBgkqhkiG
9w0BAQsFAAOCAQEAU/U6LwQSXm90ehFmHyOSijscTfi4pD5hsalotgWrFaFHHRLt
xSxf5dlpR+nvW9bsD4lmj2nhlkijMooqZRFZkFiN4sQ0ARaC0YE+3/ZRbNfQGECT
A2yxhUuspPVPwY/MxpbLy54dwT+Nw9uri8cl9UEKOJStPYRKTWn2fdqvhbW+X802
OwJ5WJepK5eKIHjwqZ0ANHmtC1V5ubhIDfdyOhA2VD1ZUKLrKMNqbJEQRxeLDMpl
cGzNC6Z8b6iDn9hMKgJb0EcqjomG0aQUzXT8p3HbM7+Xr3bBRYMoee9rajudjKsp
9fVJTBjcVcTx7eytr3A/MxzCBJhqu9LMK+SiGA==
-----END CERTIFICATE-----