Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/d1e68a-1c87-483d-a89d-56dbff14ee05/1/VMGZvIIUss5Ve2mGDXunD7HdEJs.roa
File:                     VMGZvIIUss5Ve2mGDXunD7HdEJs.roa (raw, json)
Hash identifier:          bbDq804eTxYilw+nJ5y9e4tqkryqldjqvyQs2qpxXbA=
Subject key identifier:   54:C1:99:BC:82:14:B2:CE:55:7B:69:86:0D:7B:A7:0F:B1:DD:10:9B
Certificate issuer:       /CN=fd53c3aff31e27d2a1bc4d9b3ee75bb8a9b57838
Certificate serial:       019420D65A677116AEC7D56FC00B5CCAEEB6
Authority key identifier: FD:53:C3:AF:F3:1E:27:D2:A1:BC:4D:9B:3E:E7:5B:B8:A9:B5:78:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_VPDr_MeJ9KhvE2bPudbuKm1eDg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/d1e68a-1c87-483d-a89d-56dbff14ee05/1/VMGZvIIUss5Ve2mGDXunD7HdEJs.roa
Signing time:             Wed 01 Jan 2025 07:48:26 +0000
ROA not before:           Wed 01 Jan 2025 07:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196810
IP address blocks:        89.207.232.0/21 maxlen: 25
                          178.23.168.0/21 maxlen: 25
                          185.15.200.0/22 maxlen: 22
                          185.170.16.0/22 maxlen: 22
                          185.213.204.0/22 maxlen: 22
                          185.224.40.0/22 maxlen: 22
                          194.104.2.0/23 maxlen: 23
                          194.104.86.0/23 maxlen: 23
                          2a02:ab40::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:5a:67:71:16:ae:c7:d5:6f:c0:0b:5c:ca:ee:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd53c3aff31e27d2a1bc4d9b3ee75bb8a9b57838
        Validity
            Not Before: Jan  1 07:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54c199bc8214b2ce557b69860d7ba70fb1dd109b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:45:17:fe:fc:bf:af:e7:ca:15:50:15:bd:74:
                    ca:75:6d:37:75:64:b2:4e:3e:25:22:ad:1d:67:7e:
                    25:05:34:be:07:b9:3c:f2:a0:39:d2:a4:28:eb:02:
                    fd:44:ea:ce:46:7a:16:10:14:0b:36:30:91:45:ca:
                    91:f8:e3:31:d5:2f:75:e0:18:04:1a:9e:aa:04:0c:
                    db:2a:05:e2:40:d1:fc:5e:a6:3f:fa:b3:f6:e5:cd:
                    e1:a8:be:ed:53:ee:22:6e:73:b9:b4:af:fc:28:58:
                    f1:8b:24:6c:bc:c9:95:57:b2:28:43:a6:de:d5:56:
                    e0:86:07:f6:4e:7e:f9:a3:ef:90:36:59:17:8d:e5:
                    0d:e0:2f:c0:d6:58:6b:fa:31:36:e9:e7:a7:b1:b4:
                    7a:31:ee:dd:b4:8a:81:db:a3:41:89:ae:90:bf:6a:
                    be:48:0c:aa:90:fc:43:89:66:32:8a:dc:b4:8c:77:
                    ba:d7:9b:13:8e:cf:09:a2:90:e3:b2:48:cc:51:d8:
                    b8:24:80:5d:aa:e5:b6:1c:5c:7f:09:c8:1e:f9:95:
                    f1:d4:70:d2:41:b0:bb:42:b2:ea:4d:d8:06:d9:f4:
                    10:04:25:84:5f:b4:c4:bd:5d:20:99:eb:34:c9:eb:
                    c9:ff:97:de:d3:aa:d4:60:1e:55:56:14:48:51:6d:
                    91:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:C1:99:BC:82:14:B2:CE:55:7B:69:86:0D:7B:A7:0F:B1:DD:10:9B
            X509v3 Authority Key Identifier:
                keyid:FD:53:C3:AF:F3:1E:27:D2:A1:BC:4D:9B:3E:E7:5B:B8:A9:B5:78:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_VPDr_MeJ9KhvE2bPudbuKm1eDg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/d1e68a-1c87-483d-a89d-56dbff14ee05/1/VMGZvIIUss5Ve2mGDXunD7HdEJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/d1e68a-1c87-483d-a89d-56dbff14ee05/1/_VPDr_MeJ9KhvE2bPudbuKm1eDg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.207.232.0/21
                  178.23.168.0/21
                  185.15.200.0/22
                  185.170.16.0/22
                  185.213.204.0/22
                  185.224.40.0/22
                  194.104.2.0/23
                  194.104.86.0/23
                IPv6:
                  2a02:ab40::/29

    Signature Algorithm: sha256WithRSAEncryption
         30:bc:57:00:00:b7:0c:6c:10:ab:3f:e1:ba:c1:5d:78:77:6f:
         26:27:44:fa:11:81:eb:36:54:73:87:42:51:5e:48:3d:c4:87:
         b7:00:93:08:2c:ff:4b:c2:93:6b:b5:4a:11:7e:4f:59:0e:b8:
         e2:ca:0e:1c:9e:e2:5b:db:8e:18:41:a2:9a:d4:b4:72:51:0e:
         c5:4f:ff:2b:34:2c:7d:b7:ce:91:4e:60:32:83:7f:5d:12:30:
         29:b2:f8:79:6d:20:58:7a:ff:b6:e0:15:63:1e:ee:e8:0c:1c:
         52:09:61:76:63:1d:e0:29:6b:9b:07:97:fa:c0:68:f4:41:34:
         94:3c:94:66:cf:27:7b:12:e6:b8:11:23:e8:b2:fd:a5:bb:ce:
         39:b2:56:db:d2:65:94:e8:14:b3:de:20:9d:b8:62:e4:4f:5b:
         3d:cc:2a:64:d2:c8:27:0d:98:6a:53:d7:da:ed:16:05:79:be:
         83:68:6f:bc:10:9c:63:d5:4f:0b:85:9d:5a:e3:6d:0f:10:c7:
         5e:f0:37:e7:cb:0e:da:81:41:92:ff:c5:fb:b4:6d:bd:0a:35:
         cb:c7:2b:87:99:f1:2c:a5:ed:f8:5d:52:fd:31:cb:94:aa:cb:
         ba:04:26:1c:1c:1f:d3:0d:75:fe:75:45:99:70:ba:7d:6f:b8:
         6f:77:c6:8f
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZQg1lpncRaux9VvwAtcyu62MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkNTNjM2FmZjMxZTI3ZDJhMWJjNGQ5YjNlZTc1YmI4YTli
NTc4MzgwHhcNMjUwMTAxMDc0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGMxOTliYzgyMTRiMmNlNTU3YjY5ODYwZDdiYTcwZmIxZGQxMDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUUX/vy/r+fKFVAVvXTKdW03dWSy
Tj4lIq0dZ34lBTS+B7k88qA50qQo6wL9ROrORnoWEBQLNjCRRcqR+OMx1S914BgE
Gp6qBAzbKgXiQNH8XqY/+rP25c3hqL7tU+4ibnO5tK/8KFjxiyRsvMmVV7IoQ6be
1Vbghgf2Tn75o++QNlkXjeUN4C/A1lhr+jE26eensbR6Me7dtIqB26NBia6Qv2q+
SAyqkPxDiWYyity0jHe615sTjs8JopDjskjMUdi4JIBdquW2HFx/Ccge+ZXx1HDS
QbC7QrLqTdgG2fQQBCWEX7TEvV0gmes0yevJ/5fe06rUYB5VVhRIUW2RhwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFFTBmbyCFLLOVXtphg17pw+x3RCbMB8GA1UdIwQY
MBaAFP1Tw6/zHifSobxNmz7nW7iptXg4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1ZQRHJfTWVKOUtodkUyYlB1ZGJ1S20xZURnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9kMWU2OGEtMWM4Ny00ODNkLWE4OWQt
NTZkYmZmMTRlZTA1LzEvVk1HWnZJSVVzczVWZTJtR0RYdW5EN0hkRUpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9kMWU2OGEtMWM4Ny00ODNkLWE4OWQtNTZkYmZmMTRlZTA1
LzEvX1ZQRHJfTWVKOUtodkUyYlB1ZGJ1S20xZURnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDWc/oAwQD
sheoAwQCuQ/IAwQCuaoQAwQCudXMAwQCueAoAwQBwmgCAwQBwmhWMA0EAgACMAcD
BQMqAqtAMA0GCSqGSIb3DQEBCwUAA4IBAQAwvFcAALcMbBCrP+G6wV14d28mJ0T6
EYHrNlRzh0JRXkg9xIe3AJMILP9LwpNrtUoRfk9ZDrjiyg4cnuJb244YQaKa1LRy
UQ7FT/8rNCx9t86RTmAyg39dEjApsvh5bSBYev+24BVjHu7oDBxSCWF2Yx3gKWub
B5f6wGj0QTSUPJRmzyd7Eua4ESPosv2lu845slbb0mWU6BSz3iCduGLkT1s9zCpk
0sgnDZhqU9fa7RYFeb6DaG+8EJxj1U8LhZ1a420PEMde8Dfnyw7agUGS/8X7tG29
CjXLxyuHmfEspe34XVL9McuUqsu6BCYcHB/TDXX+dUWZcLp9b7hvd8aP
-----END CERTIFICATE-----