Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/zHD1UIuWQeduzn45VRXboBoA5NM.roa
File:                     zHD1UIuWQeduzn45VRXboBoA5NM.roa (raw, json)
Hash identifier:          ToC2fZb+9n4mNoZ0Xp4h8y1142lDAhVM0QODtU55JXQ=
Subject key identifier:   CC:70:F5:50:8B:96:41:E7:6E:CE:7E:39:55:15:DB:A0:1A:00:E4:D3
Certificate issuer:       /CN=80bd00829536d47745f47da9d1a8a72f6dd462d4
Certificate serial:       0194228D934E8672BA8080F1D6A395FEF43F
Authority key identifier: 80:BD:00:82:95:36:D4:77:45:F4:7D:A9:D1:A8:A7:2F:6D:D4:62:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gL0AgpU21HdF9H2p0ainL23UYtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/zHD1UIuWQeduzn45VRXboBoA5NM.roa
Signing time:             Wed 01 Jan 2025 15:48:11 +0000
ROA not before:           Wed 01 Jan 2025 15:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62179
IP address blocks:        88.135.16.0/24 maxlen: 24
                          88.135.17.0/24 maxlen: 24
                          88.135.18.0/24 maxlen: 24
                          88.135.19.0/24 maxlen: 24
                          88.135.20.0/24 maxlen: 24
                          88.135.21.0/24 maxlen: 24
                          88.135.22.0/24 maxlen: 24
                          88.135.23.0/24 maxlen: 24
                          88.135.24.0/24 maxlen: 24
                          88.135.25.0/24 maxlen: 24
                          88.135.26.0/24 maxlen: 24
                          88.135.27.0/24 maxlen: 24
                          88.135.28.0/24 maxlen: 24
                          88.135.29.0/24 maxlen: 24
                          88.135.30.0/24 maxlen: 24
                          88.135.31.0/24 maxlen: 24
                          185.110.135.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:93:4e:86:72:ba:80:80:f1:d6:a3:95:fe:f4:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80bd00829536d47745f47da9d1a8a72f6dd462d4
        Validity
            Not Before: Jan  1 15:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc70f5508b9641e76ece7e395515dba01a00e4d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ec:6c:d1:bc:a6:1c:ca:7d:86:29:31:fd:1e:
                    78:83:5f:05:06:20:ff:ad:82:d3:9a:b3:f5:f8:6e:
                    8b:0d:51:6c:27:4e:3d:99:f0:08:e6:ed:b0:bf:30:
                    63:dd:30:c1:d7:82:37:e1:1a:ea:7b:6a:8d:21:7a:
                    5a:20:57:16:9d:b1:cc:e2:5c:43:f6:a9:2b:b7:9d:
                    27:c2:83:70:86:6e:c4:a4:69:59:1d:69:2b:27:67:
                    dc:0a:14:b1:c4:40:4e:85:0d:ad:9b:1a:a6:1a:5d:
                    ef:96:af:08:76:08:f4:7b:c0:38:e9:4d:94:fd:31:
                    9c:7c:24:62:45:6d:85:68:35:28:2e:32:72:5e:70:
                    be:31:08:6e:da:d9:6c:fa:7d:91:d2:76:4a:2e:03:
                    68:1a:e0:5d:81:3f:3e:38:61:f3:bb:a9:38:8a:09:
                    b6:43:f0:5c:ea:52:a9:5d:bd:9f:23:6e:f9:98:3d:
                    ea:51:89:d3:9f:ff:4f:fa:03:a5:39:59:f2:4a:d2:
                    0b:2a:23:61:9c:4b:3d:86:82:73:0c:41:e8:23:a0:
                    fe:d1:a3:4b:f9:90:3e:e3:79:13:4a:52:df:9e:fa:
                    22:6f:47:b9:45:f6:4f:94:e5:72:8b:9c:f3:83:f1:
                    86:e5:d5:d7:23:ac:8b:52:1d:f5:96:eb:34:dd:a7:
                    97:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:70:F5:50:8B:96:41:E7:6E:CE:7E:39:55:15:DB:A0:1A:00:E4:D3
            X509v3 Authority Key Identifier:
                keyid:80:BD:00:82:95:36:D4:77:45:F4:7D:A9:D1:A8:A7:2F:6D:D4:62:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gL0AgpU21HdF9H2p0ainL23UYtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/zHD1UIuWQeduzn45VRXboBoA5NM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/gL0AgpU21HdF9H2p0ainL23UYtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.16.0/20
                  185.110.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:e9:6d:e5:0e:5d:0c:f6:09:35:b1:d6:a0:ee:44:06:ba:82:
         19:b6:72:ff:ea:a7:93:a1:7e:0f:e0:57:b4:7a:b7:23:c2:94:
         87:2c:98:9f:42:5a:55:be:e8:52:48:7c:e0:38:2e:8b:c9:2f:
         c2:b4:a6:2c:e1:a0:23:3c:fa:3d:76:58:16:00:76:f1:fa:b9:
         73:f8:fb:76:d5:0d:5d:98:04:1f:d7:51:76:5a:f5:df:af:d9:
         08:0d:33:74:69:ba:23:1c:7e:1a:be:3c:1b:a8:05:62:33:8d:
         80:50:c3:24:7a:de:c0:fa:a6:3b:c5:6b:dd:24:27:67:a4:97:
         3b:78:c7:40:c7:24:2b:d9:76:4a:44:a5:d8:19:01:aa:70:d3:
         cc:44:22:64:94:56:27:b0:20:07:2b:f9:d2:f6:16:18:04:54:
         7c:a5:01:57:a1:05:67:65:2a:35:8d:e7:2e:ed:b4:8c:44:d2:
         77:8f:32:63:ed:a3:dc:05:8a:5f:6f:81:c2:53:3b:2c:41:36:
         16:f8:9a:ac:bd:af:a4:8f:e3:ea:56:1c:35:85:1e:d5:55:09:
         9d:53:46:13:a6:29:c6:f7:1c:c8:15:65:3d:da:e0:24:d2:72:
         fd:83:c0:df:eb:e3:1f:f3:61:f4:8c:c6:51:6d:5f:5d:99:53:
         ad:87:11:46
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijZNOhnK6gIDx1qOV/vQ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYmQwMDgyOTUzNmQ0Nzc0NWY0N2RhOWQxYThhNzJmNmRk
NDYyZDQwHhcNMjUwMTAxMTU0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzcwZjU1MDhiOTY0MWU3NmVjZTdlMzk1NTE1ZGJhMDFhMDBlNGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1exs0bymHMp9hikx/R54g18FBiD/
rYLTmrP1+G6LDVFsJ049mfAI5u2wvzBj3TDB14I34Rrqe2qNIXpaIFcWnbHM4lxD
9qkrt50nwoNwhm7EpGlZHWkrJ2fcChSxxEBOhQ2tmxqmGl3vlq8Idgj0e8A46U2U
/TGcfCRiRW2FaDUoLjJyXnC+MQhu2tls+n2R0nZKLgNoGuBdgT8+OGHzu6k4igm2
Q/Bc6lKpXb2fI275mD3qUYnTn/9P+gOlOVnyStILKiNhnEs9hoJzDEHoI6D+0aNL
+ZA+43kTSlLfnvoib0e5RfZPlOVyi5zzg/GG5dXXI6yLUh31lus03aeXfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMxw9VCLlkHnbs5+OVUV26AaAOTTMB8GA1UdIwQY
MBaAFIC9AIKVNtR3RfR9qdGopy9t1GLUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0wwQWdwVTIxSGRGOUgycDBhaW5MMjNVWXRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi82NGUxOWYtZmU1NC00MmNkLTg5MjMt
MDliOTkyMGZlMDBmLzEvekhEMVVJdVdRZWR1em40NVZSWGJvQm9BNU5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi82NGUxOWYtZmU1NC00MmNkLTg5MjMtMDliOTkyMGZlMDBm
LzEvZ0wwQWdwVTIxSGRGOUgycDBhaW5MMjNVWXRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEWIcQAwQA
uW6HMA0GCSqGSIb3DQEBCwUAA4IBAQC36W3lDl0M9gk1sdag7kQGuoIZtnL/6qeT
oX4P4Fe0ercjwpSHLJifQlpVvuhSSHzgOC6LyS/CtKYs4aAjPPo9dlgWAHbx+rlz
+Pt21Q1dmAQf11F2WvXfr9kIDTN0abojHH4avjwbqAViM42AUMMket7A+qY7xWvd
JCdnpJc7eMdAxyQr2XZKRKXYGQGqcNPMRCJklFYnsCAHK/nS9hYYBFR8pQFXoQVn
ZSo1jecu7bSMRNJ3jzJj7aPcBYpfb4HCUzssQTYW+Jqsva+kj+PqVhw1hR7VVQmd
U0YTpinG9xzIFWU92uAk0nL9g8Df6+Mf82H0jMZRbV9dmVOthxFG
-----END CERTIFICATE-----