Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/HgoqSoZDlRDbsZiVVRIBvgRGmV8.roa
File:                     HgoqSoZDlRDbsZiVVRIBvgRGmV8.roa (raw, json)
Hash identifier:          dsLjXwt4wsNocunC6MTbZMceX8U2e7/9GOPs+K7TaaM=
Subject key identifier:   1E:0A:2A:4A:86:43:95:10:DB:B1:98:95:55:12:01:BE:04:46:99:5F
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01962684317D9F448F3142A77111CFEBFB09
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/HgoqSoZDlRDbsZiVVRIBvgRGmV8.roa
Signing time:             Fri 11 Apr 2025 20:21:59 +0000
ROA not before:           Fri 11 Apr 2025 20:21:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        2a06:a600::/29 maxlen: 29
                          2a06:b5c0::/29 maxlen: 29
                          2a06:bf40::/29 maxlen: 29
                          2a0e:1a84::/32 maxlen: 32
                          2a0e:f600:5f::/48 maxlen: 48
                          2a0f:1e84:20::/48 maxlen: 48
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a10:67c2:1::/48 maxlen: 48
                          2a13:2b40::/29 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:26:84:31:7d:9f:44:8f:31:42:a7:71:11:cf:eb:fb:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 11 20:21:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e0a2a4a86439510dbb19895551201be0446995f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:ba:5c:57:80:46:db:77:c0:97:18:3a:b3:bc:
                    1b:c3:76:ab:da:d3:49:3a:c7:50:23:8b:a8:33:cd:
                    a5:3b:71:49:48:e7:0c:ee:68:4f:b3:60:5f:2f:77:
                    21:09:d8:72:b9:85:b7:5a:7c:6d:e3:d9:fd:45:b8:
                    ff:d9:c7:5e:64:62:4a:71:e1:2c:f6:f4:f3:ee:fa:
                    d6:31:c3:7c:46:9d:fa:79:93:b9:47:86:e0:27:57:
                    68:07:03:ea:c3:ae:c4:41:9a:57:ae:4c:b6:81:b0:
                    c6:d5:87:c8:ff:eb:e8:15:2f:82:79:0e:d6:d7:55:
                    12:51:7f:f6:cc:c2:24:7c:5f:8d:b6:fb:d9:bd:b7:
                    ae:66:87:73:05:15:07:42:a7:e5:22:a3:03:22:ee:
                    b2:72:3d:6a:e1:d7:31:19:d3:db:fc:c2:83:a6:10:
                    13:e0:69:90:98:4e:42:bf:1c:4e:72:05:9d:b0:6d:
                    3a:41:f0:76:04:d0:b1:d4:77:f7:45:45:bc:51:6b:
                    36:28:87:42:2b:1b:2c:cf:f9:3d:e4:e1:6e:bd:49:
                    d6:00:ad:ed:2e:ae:46:d2:61:ae:9f:09:14:86:8d:
                    0c:07:6e:3f:2e:38:1a:74:bf:e4:79:ef:8a:27:bd:
                    86:e4:f8:df:f3:01:7c:f7:a3:63:25:db:79:1a:ca:
                    5e:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:0A:2A:4A:86:43:95:10:DB:B1:98:95:55:12:01:BE:04:46:99:5F
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/HgoqSoZDlRDbsZiVVRIBvgRGmV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a600::/29
                  2a06:b5c0::/29
                  2a06:bf40::/29
                  2a0e:1a84::/32
                  2a0e:f600:5f::/48
                  2a0f:1e84:20::/48
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a10:67c2:1::/48
                  2a13:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         18:50:9c:ec:0d:b6:01:3e:33:bd:4b:4c:56:06:a4:48:4d:81:
         72:c4:4e:21:ec:22:21:54:82:f7:01:e7:6b:41:03:2e:c5:fd:
         3b:01:b4:58:36:d1:8d:46:a0:ba:1e:36:6e:4d:20:88:73:f7:
         71:55:ba:b6:9b:a2:36:ec:b4:00:9e:4f:d4:9b:c4:4c:8a:2b:
         43:90:8a:78:3c:d1:e3:59:5e:1a:ae:f3:49:df:77:93:d3:72:
         f4:ba:59:66:50:93:95:f2:01:ae:77:64:fb:e5:71:7b:21:c5:
         c3:54:4e:b1:25:d3:a1:be:60:bc:8c:03:2c:d2:bb:a9:10:fd:
         81:cb:1e:93:3e:04:92:fc:fd:10:a0:5e:8f:24:00:86:b4:06:
         18:9e:5c:08:a2:34:23:db:a2:9f:0d:00:e6:54:85:14:06:b3:
         a1:d9:14:c4:76:1e:6f:04:c8:82:b9:23:d1:cd:4e:a9:a3:1b:
         b7:ce:e7:6d:da:de:94:83:a2:f5:1c:94:e3:e6:4f:3c:2e:99:
         ef:9c:7d:6b:1f:5c:f9:d7:4f:dc:59:eb:0a:bf:8e:e0:6a:a9:
         17:0e:80:8c:66:a6:d3:f5:6f:32:01:91:2e:45:77:00:22:07:
         11:16:35:59:0a:62:75:b9:b4:a1:dd:12:2e:9c:19:33:78:82:
         3f:1c:b6:0f
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAZYmhDF9n0SPMUKncRHP6/sJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNDExMjAyMTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTBhMmE0YTg2NDM5NTEwZGJiMTk4OTU1NTEyMDFiZTA0NDY5OTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4LpcV4BG23fAlxg6s7wbw3ar2tNJ
OsdQI4uoM82lO3FJSOcM7mhPs2BfL3chCdhyuYW3Wnxt49n9Rbj/2cdeZGJKceEs
9vTz7vrWMcN8Rp36eZO5R4bgJ1doBwPqw67EQZpXrky2gbDG1YfI/+voFS+CeQ7W
11USUX/2zMIkfF+NtvvZvbeuZodzBRUHQqflIqMDIu6ycj1q4dcxGdPb/MKDphAT
4GmQmE5CvxxOcgWdsG06QfB2BNCx1Hf3RUW8UWs2KIdCKxssz/k95OFuvUnWAK3t
Lq5G0mGunwkUho0MB24/LjgadL/kee+KJ72G5Pjf8wF896NjJdt5GspeEQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFB4KKkqGQ5UQ27GYlVUSAb4ERplfMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvSGdvcVNvWkRsUkRic1ppVlZSSUJ2Z1JHbVY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAAjBQAwUDKgamAAMF
AyoGtcADBQMqBr9AAwUAKg4ahAMHACoO9gAAXwMHACoPHoQAIAMHACoPfQAAAQMH
ACoPvAChxAMHACoQZ8IAAQMFAyoTK0AwDQYJKoZIhvcNAQELBQADggEBABhQnOwN
tgE+M71LTFYGpEhNgXLETiHsIiFUgvcB52tBAy7F/TsBtFg20Y1GoLoeNm5NIIhz
93FVurabojbstACeT9SbxEyKK0OQing80eNZXhqu80nfd5PTcvS6WWZQk5XyAa53
ZPvlcXshxcNUTrEl06G+YLyMAyzSu6kQ/YHLHpM+BJL8/RCgXo8kAIa0BhieXAii
NCPbop8NAOZUhRQGs6HZFMR2Hm8EyIK5I9HNTqmjG7fO523a3pSDovUclOPmTzwu
me+cfWsfXPnXT9xZ6wq/juBqqRcOgIxmptP1bzIBkS5FdwAiBxEWNVkKYnW5tKHd
Ei6cGTN4gj8ctg8=
-----END CERTIFICATE-----