Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3b9a48-8b63-4d3b-a3a9-67a540e297f0/1/FzwFRP4-A3VF1cOjtYqnBZUlK8Y.roa
File:                     FzwFRP4-A3VF1cOjtYqnBZUlK8Y.roa (raw, json)
Hash identifier:          arVJNSKTx0owboHk87Pz6q3TsmBB0DVqu8a1mnGjuAI=
Subject key identifier:   17:3C:05:44:FE:3E:03:75:45:D5:C3:A3:B5:8A:A7:05:95:25:2B:C6
Certificate issuer:       /CN=dc05970e650c2aaf1ab6a3a33a83732466a1512e
Certificate serial:       0194228D6DFB8BA7B73703CBC4EC0FB5B078
Authority key identifier: DC:05:97:0E:65:0C:2A:AF:1A:B6:A3:A3:3A:83:73:24:66:A1:51:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3AWXDmUMKq8atqOjOoNzJGahUS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3b9a48-8b63-4d3b-a3a9-67a540e297f0/1/FzwFRP4-A3VF1cOjtYqnBZUlK8Y.roa
Signing time:             Wed 01 Jan 2025 15:48:01 +0000
ROA not before:           Wed 01 Jan 2025 15:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31317
IP address blocks:        31.220.112.0/21 maxlen: 32
                          37.251.224.0/21 maxlen: 32
                          37.251.232.0/21 maxlen: 32
                          45.119.124.0/22 maxlen: 32
                          185.95.112.0/22 maxlen: 32
                          185.114.140.0/22 maxlen: 32
                          185.156.28.0/22 maxlen: 32
                          185.178.56.0/22 maxlen: 32
                          195.192.192.0/21 maxlen: 32
                          195.192.200.0/21 maxlen: 32
                          2a05:fb80::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:6d:fb:8b:a7:b7:37:03:cb:c4:ec:0f:b5:b0:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc05970e650c2aaf1ab6a3a33a83732466a1512e
        Validity
            Not Before: Jan  1 15:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=173c0544fe3e037545d5c3a3b58aa70595252bc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:4b:17:f4:c5:6d:15:55:38:22:51:9f:95:c3:
                    cf:82:d8:18:cc:0a:d8:18:67:89:48:dc:6f:87:88:
                    81:68:2c:1a:31:81:ab:34:3c:57:be:2b:41:96:91:
                    da:33:fd:e0:86:97:d2:f4:d6:0c:b6:80:e0:fd:2b:
                    b9:46:fe:15:86:05:f6:93:04:2c:bc:05:27:1e:d6:
                    7d:f5:8d:7a:5c:1f:ae:5c:37:ac:22:df:76:a6:cb:
                    c6:95:fe:af:9d:2a:29:20:e6:00:2d:65:b0:69:58:
                    5f:96:f9:e2:4a:78:cc:2c:4f:d9:1b:59:e2:3a:e6:
                    de:99:c2:2b:55:64:c5:88:d8:54:fa:1c:26:89:fc:
                    d6:a7:0c:db:57:9a:4e:f1:8c:4c:ac:82:1d:22:43:
                    22:d1:95:7a:54:1f:71:13:18:b3:2a:de:7f:f7:d0:
                    8b:13:04:92:38:07:94:a6:85:1f:96:05:74:68:ea:
                    1b:6b:2e:81:e3:b3:ca:0b:75:74:4a:5a:96:a5:63:
                    f9:54:c3:c0:2c:ea:cb:17:39:db:83:02:a4:58:30:
                    72:38:47:e6:6a:94:70:cb:0b:b3:1b:43:82:34:fa:
                    e8:28:62:ac:a3:4a:b9:fa:a7:3e:d7:b4:8e:f7:da:
                    78:68:03:2e:7f:b7:51:b3:c6:d4:35:05:69:21:8d:
                    40:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:3C:05:44:FE:3E:03:75:45:D5:C3:A3:B5:8A:A7:05:95:25:2B:C6
            X509v3 Authority Key Identifier:
                keyid:DC:05:97:0E:65:0C:2A:AF:1A:B6:A3:A3:3A:83:73:24:66:A1:51:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3AWXDmUMKq8atqOjOoNzJGahUS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3b9a48-8b63-4d3b-a3a9-67a540e297f0/1/FzwFRP4-A3VF1cOjtYqnBZUlK8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3b9a48-8b63-4d3b-a3a9-67a540e297f0/1/3AWXDmUMKq8atqOjOoNzJGahUS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.112.0/21
                  37.251.224.0/20
                  45.119.124.0/22
                  185.95.112.0/22
                  185.114.140.0/22
                  185.156.28.0/22
                  185.178.56.0/22
                  195.192.192.0/20
                IPv6:
                  2a05:fb80::/29

    Signature Algorithm: sha256WithRSAEncryption
         aa:85:6a:aa:8f:b4:c4:54:ba:9b:81:7d:d5:e3:3c:06:2e:e7:
         ea:8f:54:af:4c:54:9d:a8:24:10:1e:ae:7b:66:74:89:0d:2d:
         84:be:d6:3b:bf:42:c8:b4:ca:cc:2c:f4:4b:3a:41:9b:8d:cc:
         97:52:15:4d:bd:72:ea:78:ea:21:5f:46:ce:5c:07:8b:92:bd:
         b2:63:ad:27:68:da:2c:41:f6:48:22:53:3e:8d:d9:a3:81:0f:
         de:01:c8:7e:31:e4:cd:0d:eb:da:c7:25:dd:6d:53:d3:14:3a:
         fe:da:ad:77:e7:20:4f:b1:83:ed:e1:c2:29:5f:5c:e4:e9:62:
         35:fd:c0:19:59:9e:56:d2:19:bc:ff:5e:e6:b8:7d:f3:ce:77:
         f9:c9:bf:91:c5:bd:10:9c:f2:52:27:2f:8b:08:21:30:06:66:
         53:d8:9b:3b:85:7a:aa:e7:6b:c9:3e:ce:ff:85:a4:2c:2e:5a:
         19:ca:58:1d:8c:b2:50:44:41:94:d5:8b:b6:15:c3:5f:c4:4f:
         8b:94:4d:c6:06:9e:33:30:51:8a:4e:fd:5d:46:99:48:08:a2:
         91:5e:8b:5d:11:50:6d:09:3b:b3:2b:71:95:2f:1c:96:5f:f3:
         06:de:ff:63:75:bf:95:a3:df:3e:49:33:92:37:35:ea:23:64:
         64:b8:e2:02
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZQijW37i6e3NwPLxOwPtbB4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMDU5NzBlNjUwYzJhYWYxYWI2YTNhMzNhODM3MzI0NjZh
MTUxMmUwHhcNMjUwMTAxMTU0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzNjMDU0NGZlM2UwMzc1NDVkNWMzYTNiNThhYTcwNTk1MjUyYmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUsX9MVtFVU4IlGflcPPgtgYzArY
GGeJSNxvh4iBaCwaMYGrNDxXvitBlpHaM/3ghpfS9NYMtoDg/Su5Rv4VhgX2kwQs
vAUnHtZ99Y16XB+uXDesIt92psvGlf6vnSopIOYALWWwaVhflvniSnjMLE/ZG1ni
OubemcIrVWTFiNhU+hwmifzWpwzbV5pO8YxMrIIdIkMi0ZV6VB9xExizKt5/99CL
EwSSOAeUpoUflgV0aOobay6B47PKC3V0SlqWpWP5VMPALOrLFznbgwKkWDByOEfm
apRwywuzG0OCNProKGKso0q5+qc+17SO99p4aAMuf7dRs8bUNQVpIY1A/wIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFBc8BUT+PgN1RdXDo7WKpwWVJSvGMB8GA1UdIwQY
MBaAFNwFlw5lDCqvGrajozqDcyRmoVEuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0FXWERtVU1LcThhdHFPak9vTnpKR2FoVVM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zYjlhNDgtOGI2My00ZDNiLWEzYTkt
NjdhNTQwZTI5N2YwLzEvRnp3RlJQNC1BM1ZGMWNPanRZcW5CWlVsSzhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zYjlhNDgtOGI2My00ZDNiLWEzYTktNjdhNTQwZTI5N2Yw
LzEvM0FXWERtVU1LcThhdHFPak9vTnpKR2FoVVM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDH9xwAwQE
JfvgAwQCLXd8AwQCuV9wAwQCuXKMAwQCuZwcAwQCubI4AwQEw8DAMA0EAgACMAcD
BQMqBfuAMA0GCSqGSIb3DQEBCwUAA4IBAQCqhWqqj7TEVLqbgX3V4zwGLufqj1Sv
TFSdqCQQHq57ZnSJDS2EvtY7v0LItMrMLPRLOkGbjcyXUhVNvXLqeOohX0bOXAeL
kr2yY60naNosQfZIIlM+jdmjgQ/eAch+MeTNDevaxyXdbVPTFDr+2q135yBPsYPt
4cIpX1zk6WI1/cAZWZ5W0hm8/17muH3zznf5yb+Rxb0QnPJSJy+LCCEwBmZT2Js7
hXqq52vJPs7/haQsLloZylgdjLJQREGU1Yu2FcNfxE+LlE3GBp4zMFGKTv1dRplI
CKKRXotdEVBtCTuzK3GVLxyWX/MG3v9jdb+Vo98+STOSNzXqI2RkuOIC
-----END CERTIFICATE-----