Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/f4c47b-9dee-4e71-a6da-80a91af42a65/1/goX035Hv0elR2rCiATveFLxA4oU.roa
File:                     goX035Hv0elR2rCiATveFLxA4oU.roa (raw, json)
Hash identifier:          HjIa5HxfoLHz1fNA8faR+9nXcT/qazkCcjt+nSvQMlE=
Subject key identifier:   82:85:F4:DF:91:EF:D1:E9:51:DA:B0:A2:01:3B:DE:14:BC:40:E2:85
Certificate issuer:       /CN=79a1d0ea730fcfcb2149995c78289bf2d6d186fc
Certificate serial:       019427B5D9AC8C31FED2F5192F006FEA1918
Authority key identifier: 79:A1:D0:EA:73:0F:CF:CB:21:49:99:5C:78:28:9B:F2:D6:D1:86:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eaHQ6nMPz8shSZlceCib8tbRhvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/f4c47b-9dee-4e71-a6da-80a91af42a65/1/goX035Hv0elR2rCiATveFLxA4oU.roa
Signing time:             Thu 02 Jan 2025 15:50:16 +0000
ROA not before:           Thu 02 Jan 2025 15:50:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59668
IP address blocks:        31.40.24.0/22 maxlen: 22
                          45.91.220.0/22 maxlen: 22
                          82.215.96.0/20 maxlen: 20
                          91.212.124.0/24 maxlen: 24
                          93.157.58.0/24 maxlen: 24
                          118.88.16.0/21 maxlen: 21
                          119.12.104.0/21 maxlen: 21
                          178.218.200.0/21 maxlen: 21
                          202.79.184.0/21 maxlen: 21
                          2a0e:17c0::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:d9:ac:8c:31:fe:d2:f5:19:2f:00:6f:ea:19:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a1d0ea730fcfcb2149995c78289bf2d6d186fc
        Validity
            Not Before: Jan  2 15:50:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8285f4df91efd1e951dab0a2013bde14bc40e285
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1a:15:94:be:2a:2d:9b:ab:6f:4d:1d:5d:e3:
                    21:ad:75:06:32:81:5f:73:ee:c9:68:92:0f:54:5e:
                    f4:2c:a1:a3:95:cd:92:23:b1:e4:4e:3b:43:b8:c6:
                    3e:53:7a:04:69:da:4c:bb:6c:4f:00:87:79:0a:19:
                    15:7a:50:4f:97:8b:85:e3:84:e2:d9:df:6c:3a:cd:
                    a2:1c:b1:8b:cc:3e:9e:0d:30:77:8e:96:c6:4b:43:
                    5b:48:21:46:9c:a2:ca:9e:9d:d0:f5:09:d2:e2:40:
                    e0:bd:fb:33:2c:3f:aa:04:69:56:03:91:d1:1e:10:
                    9f:a5:81:54:84:fc:93:51:80:de:49:b0:4a:14:ee:
                    36:dc:bd:b0:ac:5b:89:6b:6d:76:6c:12:a6:89:95:
                    bd:58:77:a9:53:a1:39:07:3e:52:46:5f:c8:55:1d:
                    15:16:93:61:04:eb:84:a3:52:e0:0a:87:d2:8d:d3:
                    8e:5f:4f:a8:cb:5d:65:2b:bb:48:67:7e:ce:b7:90:
                    81:bc:3e:54:b9:19:06:16:99:92:87:6c:26:70:81:
                    75:76:23:84:07:7d:2d:32:94:54:96:ab:27:16:0a:
                    91:72:7a:c8:39:1e:ae:68:1d:58:ab:e0:f4:66:68:
                    32:6e:c5:7e:31:a3:55:bf:90:16:9d:1a:4c:22:e9:
                    a5:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:85:F4:DF:91:EF:D1:E9:51:DA:B0:A2:01:3B:DE:14:BC:40:E2:85
            X509v3 Authority Key Identifier:
                keyid:79:A1:D0:EA:73:0F:CF:CB:21:49:99:5C:78:28:9B:F2:D6:D1:86:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eaHQ6nMPz8shSZlceCib8tbRhvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/f4c47b-9dee-4e71-a6da-80a91af42a65/1/goX035Hv0elR2rCiATveFLxA4oU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/f4c47b-9dee-4e71-a6da-80a91af42a65/1/eaHQ6nMPz8shSZlceCib8tbRhvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.24.0/22
                  45.91.220.0/22
                  82.215.96.0/20
                  91.212.124.0/24
                  93.157.58.0/24
                  118.88.16.0/21
                  119.12.104.0/21
                  178.218.200.0/21
                  202.79.184.0/21
                IPv6:
                  2a0e:17c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7a:46:be:96:8b:2f:88:b3:bd:53:4f:ea:9d:d9:6a:02:f4:ca:
         b6:a2:fd:bf:7b:27:80:e8:c1:ce:cc:57:f3:a9:2e:59:16:6b:
         9e:e3:76:4f:e0:41:78:2c:95:e8:8e:21:c3:4a:ad:ff:60:89:
         7c:63:3e:0c:36:e6:7d:b7:ec:01:56:df:6a:d8:0a:91:9d:89:
         67:ca:10:e7:c1:b2:46:13:69:52:88:ae:74:fa:a9:11:f0:6d:
         a3:40:32:5f:41:79:0e:6e:90:c1:32:60:d5:43:91:ca:88:54:
         9a:67:d9:4f:fc:57:dd:e9:d3:15:19:5d:19:ec:d4:06:d5:ec:
         14:a9:1b:fe:c6:c6:63:4a:ea:96:00:64:f8:d8:ff:98:61:33:
         21:ca:25:f5:c0:78:9c:96:0e:77:f3:dc:53:1c:25:8e:7c:02:
         9b:63:a0:19:41:37:a1:d9:8f:1f:8b:db:56:c8:b8:ad:a8:99:
         d6:43:6b:c8:7d:40:f7:b6:fb:71:4a:41:90:8f:86:1f:67:82:
         93:8d:db:e9:12:e1:6d:50:22:86:ef:1d:ac:18:6b:66:5e:c4:
         83:70:ef:a2:d1:33:4a:19:0c:eb:a3:70:c7:44:8a:62:3a:de:
         dd:e4:f6:cc:1e:ec:91:8a:a7:2c:ea:9b:23:72:ce:87:38:d7:
         40:b7:9c:99
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZQntdmsjDH+0vUZLwBv6hkYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTFkMGVhNzMwZmNmY2IyMTQ5OTk1Yzc4Mjg5YmYyZDZk
MTg2ZmMwHhcNMjUwMTAyMTU1MDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mjg1ZjRkZjkxZWZkMWU5NTFkYWIwYTIwMTNiZGUxNGJjNDBlMjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRoVlL4qLZurb00dXeMhrXUGMoFf
c+7JaJIPVF70LKGjlc2SI7HkTjtDuMY+U3oEadpMu2xPAId5ChkVelBPl4uF44Ti
2d9sOs2iHLGLzD6eDTB3jpbGS0NbSCFGnKLKnp3Q9QnS4kDgvfszLD+qBGlWA5HR
HhCfpYFUhPyTUYDeSbBKFO423L2wrFuJa212bBKmiZW9WHepU6E5Bz5SRl/IVR0V
FpNhBOuEo1LgCofSjdOOX0+oy11lK7tIZ37Ot5CBvD5UuRkGFpmSh2wmcIF1diOE
B30tMpRUlqsnFgqRcnrIOR6uaB1Yq+D0ZmgybsV+MaNVv5AWnRpMIuml9QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFIKF9N+R79HpUdqwogE73hS8QOKFMB8GA1UdIwQY
MBaAFHmh0OpzD8/LIUmZXHgom/LW0Yb8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFIUTZuTVB6OHNoU1psY2VDaWI4dGJSaHZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9mNGM0N2ItOWRlZS00ZTcxLWE2ZGEt
ODBhOTFhZjQyYTY1LzEvZ29YMDM1SHYwZWxSMnJDaUFUdmVGTHhBNG9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9mNGM0N2ItOWRlZS00ZTcxLWE2ZGEtODBhOTFhZjQyYTY1
LzEvZWFIUTZuTVB6OHNoU1psY2VDaWI4dGJSaHZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQCHygYAwQC
LVvcAwQEUtdgAwQAW9R8AwQAXZ06AwQDdlgQAwQDdwxoAwQDstrIAwQDyk+4MA0E
AgACMAcDBQMqDhfAMA0GCSqGSIb3DQEBCwUAA4IBAQB6Rr6Wiy+Is71TT+qd2WoC
9Mq2ov2/eyeA6MHOzFfzqS5ZFmue43ZP4EF4LJXojiHDSq3/YIl8Yz4MNuZ9t+wB
Vt9q2AqRnYlnyhDnwbJGE2lSiK50+qkR8G2jQDJfQXkObpDBMmDVQ5HKiFSaZ9lP
/Ffd6dMVGV0Z7NQG1ewUqRv+xsZjSuqWAGT42P+YYTMhyiX1wHiclg5389xTHCWO
fAKbY6AZQTeh2Y8fi9tWyLitqJnWQ2vIfUD3tvtxSkGQj4YfZ4KTjdvpEuFtUCKG
7x2sGGtmXsSDcO+i0TNKGQzro3DHRIpiOt7d5PbMHuyRiqcs6psjcs6HONdAt5yZ
-----END CERTIFICATE-----