Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/eOgvquigvzDPj-8dhQt95xkui_E.roa
File:                     eOgvquigvzDPj-8dhQt95xkui_E.roa (raw, json)
Hash identifier:          zEpy4lJB9tJ5de8zvRSwkcXfAVk3pin2iihLqa8DHd8=
Subject key identifier:   78:E8:2F:AA:E8:A0:BF:30:CF:8F:EF:1D:85:0B:7D:E7:19:2E:8B:F1
Certificate issuer:       /CN=206f1c32bc0a9006081d552fede67d6842921ec3
Certificate serial:       019493416F0B3029121CF1302C470F7049AF
Authority key identifier: 20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/eOgvquigvzDPj-8dhQt95xkui_E.roa
Signing time:             Thu 23 Jan 2025 13:02:06 +0000
ROA not before:           Thu 23 Jan 2025 13:02:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215066
IP address blocks:        31.222.220.0/24 maxlen: 24
                          31.222.221.0/24 maxlen: 24
                          31.222.222.0/24 maxlen: 24
                          31.222.223.0/24 maxlen: 24
                          188.64.36.0/22 maxlen: 24
                          194.164.226.0/24 maxlen: 24
                          194.164.227.0/24 maxlen: 24
                          194.164.228.0/24 maxlen: 24
                          194.164.229.0/24 maxlen: 24
                          195.22.134.0/24 maxlen: 24
                          195.22.135.0/24 maxlen: 24
                          195.144.8.0/24 maxlen: 24
                          2a07:244::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:93:41:6f:0b:30:29:12:1c:f1:30:2c:47:0f:70:49:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=206f1c32bc0a9006081d552fede67d6842921ec3
        Validity
            Not Before: Jan 23 13:02:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78e82faae8a0bf30cf8fef1d850b7de7192e8bf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ac:2c:c5:8d:1b:53:da:21:bc:8b:31:5e:36:
                    1e:b0:d3:58:ec:b7:8d:95:df:01:b3:cc:ed:a6:04:
                    4a:5b:23:29:88:67:e5:d6:ec:2d:05:7e:ca:49:c3:
                    1c:bb:2f:c6:bd:55:95:48:de:e1:ce:7f:b1:d4:bc:
                    46:9c:fb:f3:30:95:c4:93:5d:45:c8:aa:bb:e6:2c:
                    2c:43:15:ee:39:5b:d3:88:50:9f:f4:25:8e:2c:de:
                    43:94:55:f1:61:cc:77:66:29:e7:7f:a4:49:75:73:
                    c9:11:33:23:2c:b3:e9:0c:c8:22:83:ea:1a:b7:c9:
                    19:cd:1e:83:57:84:cf:9f:88:ff:92:96:9e:2c:8c:
                    8f:ca:a3:ee:fb:5b:9c:8d:60:b2:92:85:d5:d6:78:
                    33:04:b0:40:04:19:fc:14:49:5b:20:c5:ed:e4:de:
                    e5:dd:a4:8f:4e:2b:e8:ba:11:d5:ec:83:99:dd:36:
                    73:6a:fa:01:47:07:0a:e1:d4:84:02:69:18:b5:b3:
                    a5:cd:ad:b3:62:63:9b:0d:c7:ba:b5:49:cf:d1:ee:
                    11:3c:31:92:c6:d1:e6:a8:e1:b2:59:09:db:b5:db:
                    85:36:36:c7:22:2f:8e:f4:aa:9b:c0:ea:47:76:bc:
                    db:9e:10:e9:46:19:17:4b:bb:eb:a8:85:cb:eb:27:
                    fe:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:E8:2F:AA:E8:A0:BF:30:CF:8F:EF:1D:85:0B:7D:E7:19:2E:8B:F1
            X509v3 Authority Key Identifier:
                keyid:20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/eOgvquigvzDPj-8dhQt95xkui_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.222.220.0/22
                  188.64.36.0/22
                  194.164.226.0-194.164.229.255
                  195.22.134.0/23
                  195.144.8.0/24
                IPv6:
                  2a07:244::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:ff:a3:c5:ed:fd:69:a3:87:45:5e:4f:e8:9f:e9:71:18:d7:
         67:14:9b:84:e8:7e:44:93:88:23:cb:89:03:c5:73:2b:c1:ff:
         dc:e9:f2:a9:50:97:52:ba:2b:34:74:39:29:8f:1b:4b:d6:bc:
         33:c2:c4:82:a7:d1:b0:7b:2d:8f:a0:77:b6:3a:8d:1e:6e:64:
         a8:9e:9f:51:4e:00:30:32:6c:13:9b:ce:76:3f:de:6f:44:89:
         c0:0c:a9:71:03:05:c5:5e:8a:a3:84:59:e9:e7:f8:f1:b0:97:
         de:59:bc:1d:3c:20:ab:11:0e:a6:b3:2c:e4:0e:3e:de:da:50:
         50:fe:80:de:37:e2:39:dc:be:d9:67:78:fc:37:d4:35:3a:25:
         b8:35:33:03:0c:dc:de:36:43:96:6d:5e:20:4a:6a:96:3d:81:
         e2:d4:3b:f6:fc:73:51:9c:fb:87:dc:c6:fa:84:1f:5d:61:d4:
         24:81:fb:ba:80:45:00:5c:47:62:d8:5e:f0:38:b2:d5:51:44:
         a9:8d:50:71:ce:2a:27:d6:fa:8b:92:e5:21:59:25:55:db:e8:
         62:e2:a7:68:79:3e:08:0a:d8:a8:22:10:ea:44:b1:d4:ad:b3:
         cb:9d:da:a8:49:67:5d:79:56:a5:d7:ab:e5:68:82:25:c4:71:
         24:94:99:da
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAZSTQW8LMCkSHPEwLEcPcEmvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNmYxYzMyYmMwYTkwMDYwODFkNTUyZmVkZTY3ZDY4NDI5
MjFlYzMwHhcNMjUwMTIzMTMwMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGU4MmZhYWU4YTBiZjMwY2Y4ZmVmMWQ4NTBiN2RlNzE5MmU4YmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6wsxY0bU9ohvIsxXjYesNNY7LeN
ld8Bs8ztpgRKWyMpiGfl1uwtBX7KScMcuy/GvVWVSN7hzn+x1LxGnPvzMJXEk11F
yKq75iwsQxXuOVvTiFCf9CWOLN5DlFXxYcx3Zinnf6RJdXPJETMjLLPpDMgig+oa
t8kZzR6DV4TPn4j/kpaeLIyPyqPu+1ucjWCykoXV1ngzBLBABBn8FElbIMXt5N7l
3aSPTivouhHV7IOZ3TZzavoBRwcK4dSEAmkYtbOlza2zYmObDce6tUnP0e4RPDGS
xtHmqOGyWQnbtduFNjbHIi+O9KqbwOpHdrzbnhDpRhkXS7vrqIXL6yf+UwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFHjoL6rooL8wz4/vHYULfecZLovxMB8GA1UdIwQY
MBaAFCBvHDK8CpAGCB1VL+3mfWhCkh7DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzIt
YmJhODYwYjI2YzAyLzEvZU9ndnF1aWd2ekRQai04ZGhRdDk1eGt1aV9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzItYmJhODYwYjI2YzAy
LzEvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAsBAIAATAmAwQCH97cAwQC
vEAkMAwDBAHCpOIDBAHCpOQDBAHDFoYDBADDkAgwDQQCAAIwBwMFACoHAkQwDQYJ
KoZIhvcNAQELBQADggEBAGX/o8Xt/Wmjh0VeT+if6XEY12cUm4TofkSTiCPLiQPF
cyvB/9zp8qlQl1K6KzR0OSmPG0vWvDPCxIKn0bB7LY+gd7Y6jR5uZKien1FOADAy
bBObznY/3m9EicAMqXEDBcVeiqOEWenn+PGwl95ZvB08IKsRDqazLOQOPt7aUFD+
gN434jncvtlnePw31DU6Jbg1MwMM3N42Q5ZtXiBKapY9geLUO/b8c1Gc+4fcxvqE
H11h1CSB+7qARQBcR2LYXvA4stVRRKmNUHHOKifW+ouS5SFZJVXb6GLip2h5PggK
2KgiEOpEsdSts8ud2qhJZ115VqXXq+VogiXEcSSUmdo=
-----END CERTIFICATE-----