Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/ef61d6-05d1-4fb2-a6ea-425232fd5643/1/Iw1HUFjdqlqgQd2-wjc1TnlYWR0.roa
File:                     Iw1HUFjdqlqgQd2-wjc1TnlYWR0.roa (raw, json)
Hash identifier:          amaQWBiqcjXshYuTasR//EPrtZSFjIHqhIWs280SsE4=
Subject key identifier:   23:0D:47:50:58:DD:AA:5A:A0:41:DD:BE:C2:37:35:4E:79:58:59:1D
Certificate issuer:       /CN=cb0ca348ac891c336d8c7945a5bd5b3325eb5f0b
Certificate serial:       018FEDF1E3CB65E1F333E1AB7F62DBAD15CC
Authority key identifier: CB:0C:A3:48:AC:89:1C:33:6D:8C:79:45:A5:BD:5B:33:25:EB:5F:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ywyjSKyJHDNtjHlFpb1bMyXrXws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/ef61d6-05d1-4fb2-a6ea-425232fd5643/1/Iw1HUFjdqlqgQd2-wjc1TnlYWR0.roa
Signing time:             Thu 06 Jun 2024 14:26:43 +0000
ROA not before:           Thu 06 Jun 2024 14:26:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43646
IP address blocks:        91.197.164.0/22 maxlen: 22
                          94.247.232.0/21 maxlen: 21
                          95.81.128.0/18 maxlen: 18
                          185.215.136.0/22 maxlen: 22
                          185.241.96.0/22 maxlen: 22
                          213.205.96.0/19 maxlen: 19
                          217.71.208.0/21 maxlen: 21
                          2a00:1080::/32 maxlen: 32
                          2a02:3e8::/32 maxlen: 32
                          2a02:e10::/32 maxlen: 32
                          2a0c:a080::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ed:f1:e3:cb:65:e1:f3:33:e1:ab:7f:62:db:ad:15:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb0ca348ac891c336d8c7945a5bd5b3325eb5f0b
        Validity
            Not Before: Jun  6 14:26:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=230d475058ddaa5aa041ddbec237354e7958591d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:d6:c5:a9:28:03:61:2d:68:59:60:49:18:87:
                    44:b2:fe:23:38:96:f9:51:f1:a2:ae:fb:02:85:d7:
                    99:2f:dd:f5:54:91:45:60:ec:47:3f:b2:80:3a:dd:
                    da:1c:29:e1:e8:9b:52:16:68:f2:93:47:ed:d7:9a:
                    89:b4:01:6a:5c:d4:a5:95:71:b4:4f:1a:24:9f:8c:
                    bc:25:ea:da:53:ee:60:c9:a7:9d:c7:22:bf:99:bc:
                    b5:5f:bc:bd:14:4e:b4:10:98:84:39:62:9b:05:81:
                    66:45:90:c3:dd:a6:a1:58:6d:84:1f:60:f2:15:82:
                    87:cf:a8:89:f2:77:aa:77:72:7f:87:c7:3c:46:66:
                    36:04:bb:04:df:69:58:a6:23:ce:be:30:f7:1c:32:
                    a4:73:5a:b6:a0:76:00:f1:ab:58:61:c2:f1:bd:ad:
                    2e:62:39:03:62:9f:e3:7f:65:ef:56:41:25:dd:ad:
                    68:8b:2a:05:43:ae:ff:25:08:2f:6e:f0:9e:07:8b:
                    1b:a4:37:ff:80:44:12:77:7b:35:2f:2d:8b:8e:31:
                    56:c5:09:89:95:05:50:e6:a2:72:b5:7c:e9:dd:16:
                    06:cc:2c:a3:b5:8b:39:b3:33:df:cd:79:a2:6e:a1:
                    06:f9:87:3c:c1:10:eb:09:1e:03:05:68:0a:01:a2:
                    c3:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:0D:47:50:58:DD:AA:5A:A0:41:DD:BE:C2:37:35:4E:79:58:59:1D
            X509v3 Authority Key Identifier:
                keyid:CB:0C:A3:48:AC:89:1C:33:6D:8C:79:45:A5:BD:5B:33:25:EB:5F:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ywyjSKyJHDNtjHlFpb1bMyXrXws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/ef61d6-05d1-4fb2-a6ea-425232fd5643/1/Iw1HUFjdqlqgQd2-wjc1TnlYWR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/ef61d6-05d1-4fb2-a6ea-425232fd5643/1/ywyjSKyJHDNtjHlFpb1bMyXrXws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.164.0/22
                  94.247.232.0/21
                  95.81.128.0/18
                  185.215.136.0/22
                  185.241.96.0/22
                  213.205.96.0/19
                  217.71.208.0/21
                IPv6:
                  2a00:1080::/32
                  2a02:3e8::/32
                  2a02:e10::/32
                  2a0c:a080::/29

    Signature Algorithm: sha256WithRSAEncryption
         ae:80:53:fe:7b:76:44:28:ea:8c:f6:ed:9a:f3:c7:05:b2:bf:
         a6:30:0b:38:02:cf:1d:07:e1:a8:ed:03:e6:3d:23:4c:53:45:
         b2:78:5d:ac:69:37:c0:8c:2d:cf:25:ea:6c:17:f1:38:4e:41:
         2b:5a:fa:ad:f2:77:1e:c0:9b:d7:18:f3:d6:60:5b:6e:79:50:
         55:5a:59:9b:48:9d:84:26:95:fc:32:3d:fb:ec:4b:c8:65:94:
         cd:32:d7:a9:9b:9a:0e:64:d4:f7:3f:28:21:c7:92:44:96:ec:
         7e:bf:03:a7:d0:44:b1:86:cf:af:81:c0:33:5a:1e:65:04:2e:
         4b:02:7b:9c:4e:96:a3:9b:15:5c:aa:89:e7:c2:eb:85:7a:2b:
         3d:b4:44:c5:21:a2:41:fa:bf:16:4d:cd:58:9c:0a:26:70:4b:
         28:bf:52:f3:d6:f3:ee:2f:32:2f:68:cf:d8:2c:f0:08:38:a7:
         21:07:44:da:9a:49:b7:88:f9:38:de:e4:b7:0d:77:05:c8:41:
         22:fd:8f:e4:51:0d:34:98:b0:f6:43:be:69:53:cc:60:dd:74:
         47:12:2e:06:2d:48:2d:5b:70:20:a3:33:bb:d5:5f:9a:b7:bc:
         67:03:dd:73:a4:9a:4a:7a:ac:d6:fb:e6:40:89:d9:c3:ab:15:
         0e:be:1a:7c
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAY/t8ePLZeHzM+Grf2LbrRXMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMGNhMzQ4YWM4OTFjMzM2ZDhjNzk0NWE1YmQ1YjMzMjVl
YjVmMGIwHhcNMjQwNjA2MTQyNjQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzBkNDc1MDU4ZGRhYTVhYTA0MWRkYmVjMjM3MzU0ZTc5NTg1OTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7dbFqSgDYS1oWWBJGIdEsv4jOJb5
UfGirvsChdeZL931VJFFYOxHP7KAOt3aHCnh6JtSFmjyk0ft15qJtAFqXNSllXG0
Txokn4y8JeraU+5gyaedxyK/mby1X7y9FE60EJiEOWKbBYFmRZDD3aahWG2EH2Dy
FYKHz6iJ8neqd3J/h8c8RmY2BLsE32lYpiPOvjD3HDKkc1q2oHYA8atYYcLxva0u
YjkDYp/jf2XvVkEl3a1oiyoFQ67/JQgvbvCeB4sbpDf/gEQSd3s1Ly2LjjFWxQmJ
lQVQ5qJytXzp3RYGzCyjtYs5szPfzXmibqEG+Yc8wRDrCR4DBWgKAaLDmwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFCMNR1BY3apaoEHdvsI3NU55WFkdMB8GA1UdIwQY
MBaAFMsMo0isiRwzbYx5RaW9WzMl618LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXd5alNLeUpIRE50akhsRnBiMWJNeVhyWHdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9lZjYxZDYtMDVkMS00ZmIyLWE2ZWEt
NDI1MjMyZmQ1NjQzLzEvSXcxSFVGamRxbHFnUWQyLXdqYzFUbmxZV1IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9lZjYxZDYtMDVkMS00ZmIyLWE2ZWEtNDI1MjMyZmQ1NjQz
LzEveXd5alNLeUpIRE50akhsRnBiMWJNeVhyWHdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjAwBAIAATAqAwQCW8WkAwQD
XvfoAwQGX1GAAwQCudeIAwQCufFgAwQF1c1gAwQD2UfQMCIEAgACMBwDBQAqABCA
AwUAKgID6AMFACoCDhADBQMqDKCAMA0GCSqGSIb3DQEBCwUAA4IBAQCugFP+e3ZE
KOqM9u2a88cFsr+mMAs4As8dB+Go7QPmPSNMU0WyeF2saTfAjC3PJepsF/E4TkEr
Wvqt8ncewJvXGPPWYFtueVBVWlmbSJ2EJpX8Mj377EvIZZTNMtepm5oOZNT3Pygh
x5JElux+vwOn0ESxhs+vgcAzWh5lBC5LAnucTpajmxVcqonnwuuFeis9tETFIaJB
+r8WTc1YnAomcEsov1Lz1vPuLzIvaM/YLPAIOKchB0Tamkm3iPk43uS3DXcFyEEi
/Y/kUQ00mLD2Q75pU8xg3XRHEi4GLUgtW3AgozO71V+at7xnA91zpJpKeqzW++ZA
idnDqxUOvhp8
-----END CERTIFICATE-----