Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/650c97-4eb6-4c91-b5a3-dc1db67db3cb/1/g9lQSPb8dmpdbKLqGBFuPdvTgEE.roa
File:                     g9lQSPb8dmpdbKLqGBFuPdvTgEE.roa (raw, json)
Hash identifier:          x/G0NQa0CDdmSHzLvXB4C3EWMaM6BgsLVqkoNjoJevw=
Subject key identifier:   83:D9:50:48:F6:FC:76:6A:5D:6C:A2:EA:18:11:6E:3D:DB:D3:80:41
Certificate issuer:       /CN=f19cf09771b8f184caa1a00421b9294491e97e6b
Certificate serial:       0194228DF588B0606EF5A1359614DA8E6AC6
Authority key identifier: F1:9C:F0:97:71:B8:F1:84:CA:A1:A0:04:21:B9:29:44:91:E9:7E:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8Zzwl3G48YTKoaAEIbkpRJHpfms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/650c97-4eb6-4c91-b5a3-dc1db67db3cb/1/g9lQSPb8dmpdbKLqGBFuPdvTgEE.roa
Signing time:             Wed 01 Jan 2025 15:48:36 +0000
ROA not before:           Wed 01 Jan 2025 15:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51695
IP address blocks:        217.78.97.0/24 maxlen: 24
                          217.78.98.0/24 maxlen: 24
                          217.78.99.0/24 maxlen: 24
                          217.78.100.0/24 maxlen: 24
                          217.78.101.0/24 maxlen: 24
                          217.78.102.0/24 maxlen: 24
                          217.78.103.0/24 maxlen: 24
                          217.78.104.0/24 maxlen: 24
                          217.78.105.0/24 maxlen: 24
                          217.78.106.0/24 maxlen: 24
                          217.78.107.0/24 maxlen: 24
                          217.78.108.0/24 maxlen: 24
                          217.78.109.0/24 maxlen: 24
                          217.78.110.0/24 maxlen: 24
                          217.78.111.0/24 maxlen: 24
                          2a02:6700::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:f5:88:b0:60:6e:f5:a1:35:96:14:da:8e:6a:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f19cf09771b8f184caa1a00421b9294491e97e6b
        Validity
            Not Before: Jan  1 15:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83d95048f6fc766a5d6ca2ea18116e3ddbd38041
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a2:bd:76:ed:42:6f:63:08:64:34:d6:40:89:
                    f4:70:e1:3a:23:6c:47:89:fe:00:92:2e:47:d2:b7:
                    d6:00:24:15:0f:d9:b3:65:c6:8c:80:8d:db:dc:76:
                    cf:f8:c9:7d:fa:1f:15:26:c3:77:04:4b:29:2f:c8:
                    5a:ee:94:e1:c5:ea:16:2e:0f:08:a5:ff:b3:22:c7:
                    b0:67:1f:e0:29:cf:7e:ff:93:c3:4f:5a:d3:5a:35:
                    0c:cc:16:bc:24:03:13:51:fa:38:e3:ba:e3:22:89:
                    a1:95:d0:ed:19:30:dd:84:ba:23:d7:3b:37:26:8d:
                    d0:55:d7:fd:1c:48:2c:76:d7:d5:6f:2f:23:41:51:
                    01:86:c8:2c:a0:eb:d5:5d:2e:84:77:53:37:01:fe:
                    85:c3:c5:0d:cf:99:24:82:04:8d:fe:2c:66:92:76:
                    e7:b6:79:f2:11:cb:ed:e0:29:f0:9e:fc:70:19:00:
                    9f:4d:5c:d0:03:f5:44:34:bf:bd:6d:1d:54:e0:68:
                    22:eb:5d:15:5b:f8:52:9e:0e:a0:54:40:55:ed:2b:
                    03:1b:f3:c3:54:d5:0d:00:dc:24:30:65:32:c3:30:
                    98:81:d7:99:fc:6f:19:17:f7:c1:29:f1:4c:19:59:
                    48:1b:ca:12:d7:bf:36:67:1f:70:49:79:9c:35:7f:
                    4f:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:D9:50:48:F6:FC:76:6A:5D:6C:A2:EA:18:11:6E:3D:DB:D3:80:41
            X509v3 Authority Key Identifier:
                keyid:F1:9C:F0:97:71:B8:F1:84:CA:A1:A0:04:21:B9:29:44:91:E9:7E:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Zzwl3G48YTKoaAEIbkpRJHpfms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/650c97-4eb6-4c91-b5a3-dc1db67db3cb/1/g9lQSPb8dmpdbKLqGBFuPdvTgEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/650c97-4eb6-4c91-b5a3-dc1db67db3cb/1/8Zzwl3G48YTKoaAEIbkpRJHpfms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.78.97.0-217.78.111.255
                IPv6:
                  2a02:6700::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:c9:b7:cb:05:45:b2:84:4c:66:b2:d4:58:e8:c4:b2:2b:26:
         2b:7c:67:7b:58:2d:ad:e4:6d:7b:e0:1a:e5:95:70:01:68:8f:
         02:8c:d7:fe:a5:b2:b3:29:70:47:eb:8f:6e:34:75:49:a4:7f:
         86:13:98:0f:9e:ed:30:15:cd:eb:f9:84:da:a9:92:74:17:dd:
         3e:cf:93:ff:df:66:ac:11:40:aa:60:28:e1:1d:41:b0:87:10:
         f2:c9:fb:a1:79:a5:79:7e:5d:5b:c5:ea:64:6a:db:a7:32:f2:
         90:9c:df:b4:a8:a8:86:49:8f:c1:74:32:5a:99:2c:50:64:7f:
         c0:f6:5d:f1:3a:8c:7a:99:5e:ec:5e:71:73:7a:d7:e5:6d:27:
         7c:32:8f:07:f6:e7:04:38:ab:bb:91:b8:31:17:76:44:2f:8f:
         7a:3d:1f:f5:c0:8a:3a:90:b1:a4:d8:e2:0c:3c:dd:df:8a:be:
         93:4b:91:f5:03:d9:c1:3d:f5:8e:1b:ed:8c:0c:c3:6f:25:d6:
         4c:e1:c9:58:c8:84:2c:79:5c:f5:e2:67:e6:ff:26:1a:2b:07:
         d5:9e:e0:f6:fa:e2:d1:03:2d:ec:29:54:63:07:3b:74:f0:55:
         0d:4a:55:6c:ca:87:0e:b4:ec:b0:34:5a:ce:bd:80:ef:0c:ed:
         8e:6d:9c:91
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQijfWIsGBu9aE1lhTajmrGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxOWNmMDk3NzFiOGYxODRjYWExYTAwNDIxYjkyOTQ0OTFl
OTdlNmIwHhcNMjUwMTAxMTU0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2Q5NTA0OGY2ZmM3NjZhNWQ2Y2EyZWExODExNmUzZGRiZDM4MDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaK9du1Cb2MIZDTWQIn0cOE6I2xH
if4Aki5H0rfWACQVD9mzZcaMgI3b3HbP+Ml9+h8VJsN3BEspL8ha7pThxeoWLg8I
pf+zIsewZx/gKc9+/5PDT1rTWjUMzBa8JAMTUfo447rjIomhldDtGTDdhLoj1zs3
Jo3QVdf9HEgsdtfVby8jQVEBhsgsoOvVXS6Ed1M3Af6Fw8UNz5kkggSN/ixmknbn
tnnyEcvt4CnwnvxwGQCfTVzQA/VENL+9bR1U4Ggi610VW/hSng6gVEBV7SsDG/PD
VNUNANwkMGUywzCYgdeZ/G8ZF/fBKfFMGVlIG8oS1782Zx9wSXmcNX9PBwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFIPZUEj2/HZqXWyi6hgRbj3b04BBMB8GA1UdIwQY
MBaAFPGc8JdxuPGEyqGgBCG5KUSR6X5rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFp6d2wzRzQ4WVRLb2FBRUlia3BSSkhwZm1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82NTBjOTctNGViNi00YzkxLWI1YTMt
ZGMxZGI2N2RiM2NiLzEvZzlsUVNQYjhkbXBkYktMcUdCRnVQZHZUZ0VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82NTBjOTctNGViNi00YzkxLWI1YTMtZGMxZGI2N2RiM2Ni
LzEvOFp6d2wzRzQ4WVRLb2FBRUlia3BSSkhwZm1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBADZTmED
BATZTmAwDQQCAAIwBwMFACoCZwAwDQYJKoZIhvcNAQELBQADggEBAB/Jt8sFRbKE
TGay1FjoxLIrJit8Z3tYLa3kbXvgGuWVcAFojwKM1/6lsrMpcEfrj240dUmkf4YT
mA+e7TAVzev5hNqpknQX3T7Pk//fZqwRQKpgKOEdQbCHEPLJ+6F5pXl+XVvF6mRq
26cy8pCc37SoqIZJj8F0MlqZLFBkf8D2XfE6jHqZXuxecXN61+VtJ3wyjwf25wQ4
q7uRuDEXdkQvj3o9H/XAijqQsaTY4gw83d+KvpNLkfUD2cE99Y4b7YwMw28l1kzh
yVjIhCx5XPXiZ+b/JhorB9We4Pb64tEDLewpVGMHO3TwVQ1KVWzKhw607LA0Ws69
gO8M7Y5tnJE=
-----END CERTIFICATE-----