Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/980e66-3631-4fde-8e2d-c849bc0f359b/1/KcTfn1qvBhmmJsuUtMh1ou_FHrM.roa
File:                     KcTfn1qvBhmmJsuUtMh1ou_FHrM.roa (raw, json)
Hash identifier:          37sPTv26Ir/VMkRC+RTM/2Qg6KChJCuXkD3x24Ajwik=
Subject key identifier:   29:C4:DF:9F:5A:AF:06:19:A6:26:CB:94:B4:C8:75:A2:EF:C5:1E:B3
Certificate issuer:       /CN=75f1a763745c25dad28f4a8116688e82ce12028b
Certificate serial:       0193DF3700272899D228534E17890702369C
Authority key identifier: 75:F1:A7:63:74:5C:25:DA:D2:8F:4A:81:16:68:8E:82:CE:12:02:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dfGnY3RcJdrSj0qBFmiOgs4SAos.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/980e66-3631-4fde-8e2d-c849bc0f359b/1/KcTfn1qvBhmmJsuUtMh1ou_FHrM.roa
Signing time:             Thu 19 Dec 2024 13:59:03 +0000
ROA not before:           Thu 19 Dec 2024 13:59:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49468
IP address blocks:        45.8.45.0/24 maxlen: 24
                          45.8.46.0/24 maxlen: 24
                          45.8.47.0/24 maxlen: 24
                          86.104.220.0/24 maxlen: 24
                          89.33.247.0/24 maxlen: 24
                          91.213.11.0/24 maxlen: 24
                          91.213.188.0/24 maxlen: 24
                          128.0.44.0/24 maxlen: 24
                          188.211.238.0/24 maxlen: 24
                          194.242.46.0/24 maxlen: 24
                          194.246.38.0/24 maxlen: 24
                          194.246.84.0/24 maxlen: 24
                          194.246.100.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:df:37:00:27:28:99:d2:28:53:4e:17:89:07:02:36:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75f1a763745c25dad28f4a8116688e82ce12028b
        Validity
            Not Before: Dec 19 13:59:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29c4df9f5aaf0619a626cb94b4c875a2efc51eb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:92:0b:c5:e3:61:28:50:07:fb:1b:35:7a:ae:
                    3c:b3:8d:66:62:ee:d7:7f:65:a4:58:78:3b:23:77:
                    fd:6a:05:2e:40:aa:93:d2:80:3f:cc:5b:ff:92:61:
                    b6:81:83:c5:26:a8:54:f4:72:aa:52:c1:31:39:06:
                    a3:00:08:ee:5c:7e:7b:36:63:2e:79:9a:06:fe:98:
                    97:4d:0d:60:da:7d:18:4b:49:dd:a7:0d:5d:0a:fa:
                    a2:70:33:b4:b3:2c:53:a7:47:c9:14:ed:fd:f5:58:
                    32:9d:ca:12:19:55:71:a5:4a:65:16:96:2a:86:f6:
                    13:ca:6c:b3:a0:84:ae:a7:8c:56:7f:eb:95:be:cc:
                    ac:44:82:30:58:73:82:e5:4d:8a:67:25:25:50:fb:
                    bf:96:7d:bd:eb:ac:26:69:00:20:02:06:f3:95:98:
                    e8:d3:c5:39:b0:fd:fc:61:ce:dd:19:bd:13:5c:59:
                    ac:2c:08:7d:b9:e8:db:b7:ca:6d:eb:85:8a:92:eb:
                    c9:49:73:54:2e:f9:a2:c5:7e:09:e0:dd:94:90:6b:
                    fa:c7:1f:fe:43:23:38:f1:8b:31:0b:24:d9:11:ea:
                    c0:69:35:be:02:f1:4b:4e:26:1b:6e:7c:a4:92:cb:
                    23:60:df:cc:fe:b1:6c:85:67:ff:7e:f7:f0:bd:36:
                    37:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:C4:DF:9F:5A:AF:06:19:A6:26:CB:94:B4:C8:75:A2:EF:C5:1E:B3
            X509v3 Authority Key Identifier:
                keyid:75:F1:A7:63:74:5C:25:DA:D2:8F:4A:81:16:68:8E:82:CE:12:02:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dfGnY3RcJdrSj0qBFmiOgs4SAos.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/980e66-3631-4fde-8e2d-c849bc0f359b/1/KcTfn1qvBhmmJsuUtMh1ou_FHrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/980e66-3631-4fde-8e2d-c849bc0f359b/1/dfGnY3RcJdrSj0qBFmiOgs4SAos.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.45.0-45.8.47.255
                  86.104.220.0/24
                  89.33.247.0/24
                  91.213.11.0/24
                  91.213.188.0/24
                  128.0.44.0/24
                  188.211.238.0/24
                  194.242.46.0/24
                  194.246.38.0/24
                  194.246.84.0/24
                  194.246.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:95:44:a9:70:96:38:81:ef:7d:00:e0:bc:08:0f:e6:bd:1c:
         25:47:b7:13:05:69:81:67:90:22:f8:21:6c:c7:f9:62:21:81:
         c5:16:45:6e:26:b1:01:67:51:8c:d1:62:c8:38:58:3b:38:f0:
         c4:7b:dc:26:19:fb:04:96:a2:b1:df:41:31:0c:08:15:05:d5:
         95:27:f6:0f:c0:90:e0:bd:58:c3:c9:c0:c6:f0:b0:34:55:1a:
         d6:31:1c:fa:3a:ee:11:f2:e5:88:ba:5b:98:20:4d:fd:c0:4c:
         ed:3a:93:fa:3e:fc:6a:79:ba:d1:d0:94:a2:fa:99:5a:8f:7a:
         f0:12:79:d9:38:02:79:f5:89:0e:49:14:29:6a:1c:22:c1:46:
         a8:b4:cc:06:a8:70:81:ab:f4:17:13:08:ee:d9:f7:35:0e:f9:
         26:76:60:2e:cf:e1:88:92:6e:e1:5f:c6:61:cc:27:80:23:ef:
         b6:22:83:29:1d:1a:17:eb:46:4e:13:c6:4c:0e:29:2a:e6:1a:
         0e:24:fd:c3:43:c9:87:a1:d7:0f:c9:af:88:98:9f:31:88:0a:
         cd:53:33:67:97:42:df:0c:a2:d9:0b:9f:d4:d8:a3:b9:af:4e:
         24:a4:52:4c:af:74:8f:a1:82:55:fa:5c:94:e7:41:46:8a:9b:
         d7:e0:95:f5
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZPfNwAnKJnSKFNOF4kHAjacMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZjFhNzYzNzQ1YzI1ZGFkMjhmNGE4MTE2Njg4ZTgyY2Ux
MjAyOGIwHhcNMjQxMjE5MTM1OTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWM0ZGY5ZjVhYWYwNjE5YTYyNmNiOTRiNGM4NzVhMmVmYzUxZWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJILxeNhKFAH+xs1eq48s41mYu7X
f2WkWHg7I3f9agUuQKqT0oA/zFv/kmG2gYPFJqhU9HKqUsExOQajAAjuXH57NmMu
eZoG/piXTQ1g2n0YS0ndpw1dCvqicDO0syxTp0fJFO399VgyncoSGVVxpUplFpYq
hvYTymyzoISup4xWf+uVvsysRIIwWHOC5U2KZyUlUPu/ln2966wmaQAgAgbzlZjo
08U5sP38Yc7dGb0TXFmsLAh9uejbt8pt64WKkuvJSXNULvmixX4J4N2UkGv6xx/+
QyM48YsxCyTZEerAaTW+AvFLTiYbbnykkssjYN/M/rFshWf/fvfwvTY3QQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFCnE359arwYZpibLlLTIdaLvxR6zMB8GA1UdIwQY
MBaAFHXxp2N0XCXa0o9KgRZojoLOEgKLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGZHblkzUmNKZHJTajBxQkZtaU9nczRTQW9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi85ODBlNjYtMzYzMS00ZmRlLThlMmQt
Yzg0OWJjMGYzNTliLzEvS2NUZm4xcXZCaG1tSnN1VXRNaDFvdV9GSHJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi85ODBlNjYtMzYzMS00ZmRlLThlMmQtYzg0OWJjMGYzNTli
LzEvZGZHblkzUmNKZHJTajBxQkZtaU9nczRTQW9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKMAwDBAAtCC0D
BAQtCCADBABWaNwDBABZIfcDBABb1QsDBABb1bwDBACAACwDBAC80+4DBADC8i4D
BADC9iYDBADC9lQDBADC9mQwDQYJKoZIhvcNAQELBQADggEBAISVRKlwljiB730A
4LwID+a9HCVHtxMFaYFnkCL4IWzH+WIhgcUWRW4msQFnUYzRYsg4WDs48MR73CYZ
+wSWorHfQTEMCBUF1ZUn9g/AkOC9WMPJwMbwsDRVGtYxHPo67hHy5Yi6W5ggTf3A
TO06k/o+/Gp5utHQlKL6mVqPevASedk4Ann1iQ5JFClqHCLBRqi0zAaocIGr9BcT
CO7Z9zUO+SZ2YC7P4YiSbuFfxmHMJ4Aj77YigykdGhfrRk4TxkwOKSrmGg4k/cND
yYeh1w/Jr4iYnzGICs1TM2eXQt8MotkLn9TYo7mvTiSkUkyvdI+hglX6XJTnQUaK
m9fglfU=
-----END CERTIFICATE-----