Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/e4d20f-6dc8-497d-a8d6-9dddd6802088/1/lCtCcNNufTLwFJhkrWabEjjBy0k.roa
File:                     lCtCcNNufTLwFJhkrWabEjjBy0k.roa (raw, json)
Hash identifier:          mf7pg/6iwjdXTSMTSKNkIUvc6nvXHprTVxoK02WKi+Y=
Subject key identifier:   94:2B:42:70:D3:6E:7D:32:F0:14:98:64:AD:66:9B:12:38:C1:CB:49
Certificate issuer:       /CN=b63a3094439cac0f555701286cd54373bce6cb50
Certificate serial:       01961A70F33A3CAF427B36142AD77C93C9FD
Authority key identifier: B6:3A:30:94:43:9C:AC:0F:55:57:01:28:6C:D5:43:73:BC:E6:CB:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tjowlEOcrA9VVwEobNVDc7zmy1A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/e4d20f-6dc8-497d-a8d6-9dddd6802088/1/lCtCcNNufTLwFJhkrWabEjjBy0k.roa
Signing time:             Wed 09 Apr 2025 12:05:32 +0000
ROA not before:           Wed 09 Apr 2025 12:05:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211995
IP address blocks:        91.191.194.0/24 maxlen: 24
                          91.191.195.0/24 maxlen: 24
                          91.191.196.0/24 maxlen: 24
                          91.191.197.0/24 maxlen: 24
                          91.191.198.0/24 maxlen: 24
                          91.191.199.0/24 maxlen: 24
                          91.191.200.0/24 maxlen: 24
                          91.191.201.0/24 maxlen: 24
                          91.191.202.0/24 maxlen: 24
                          91.191.203.0/24 maxlen: 24
                          91.191.204.0/24 maxlen: 24
                          91.191.205.0/24 maxlen: 24
                          130.0.11.0/24 maxlen: 24
                          130.0.12.0/24 maxlen: 24
                          130.0.13.0/24 maxlen: 24
                          130.0.14.0/24 maxlen: 24
                          130.0.15.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1a:70:f3:3a:3c:af:42:7b:36:14:2a:d7:7c:93:c9:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b63a3094439cac0f555701286cd54373bce6cb50
        Validity
            Not Before: Apr  9 12:05:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=942b4270d36e7d32f0149864ad669b1238c1cb49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:cb:02:13:92:02:93:fc:e7:e7:13:0b:13:65:
                    5a:ea:83:36:3d:09:6e:eb:bc:30:a7:92:9f:5b:44:
                    fb:00:62:df:92:8d:3e:f7:ea:ee:49:99:ec:d7:c3:
                    67:6c:31:5b:eb:d3:0d:7b:67:9b:64:bc:c7:73:96:
                    9a:48:5e:59:43:a6:fe:29:af:fa:99:71:3f:65:2f:
                    76:a4:f8:15:2a:a6:84:2e:2d:0b:a8:f7:0a:70:74:
                    3c:a3:59:31:eb:3f:05:cb:55:16:80:16:51:30:11:
                    13:62:df:90:82:d9:9e:fe:79:91:c4:be:49:e2:28:
                    46:dc:4f:c2:dd:f9:98:55:00:90:4f:26:9b:0c:bb:
                    1a:e1:c5:3e:d8:7b:30:25:2c:08:11:82:de:7f:96:
                    f0:f8:a5:c0:ba:59:26:df:63:37:8a:16:84:2f:83:
                    7d:9b:fa:ab:17:84:51:04:ed:d5:3b:30:61:e2:04:
                    61:62:4c:94:cd:51:3e:63:ed:76:04:a9:8c:fa:04:
                    96:df:c3:04:38:4b:dc:9d:39:63:0a:a7:0f:bf:8c:
                    94:f3:cc:1d:72:cd:ae:45:34:47:63:a1:28:60:6b:
                    5d:22:a2:ff:45:a8:e4:0d:75:b4:3f:44:1a:4f:a8:
                    cb:12:88:8d:17:6f:9e:ae:c9:11:28:4f:d9:de:9a:
                    37:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:2B:42:70:D3:6E:7D:32:F0:14:98:64:AD:66:9B:12:38:C1:CB:49
            X509v3 Authority Key Identifier:
                keyid:B6:3A:30:94:43:9C:AC:0F:55:57:01:28:6C:D5:43:73:BC:E6:CB:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tjowlEOcrA9VVwEobNVDc7zmy1A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/e4d20f-6dc8-497d-a8d6-9dddd6802088/1/lCtCcNNufTLwFJhkrWabEjjBy0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/e4d20f-6dc8-497d-a8d6-9dddd6802088/1/tjowlEOcrA9VVwEobNVDc7zmy1A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.191.194.0-91.191.205.255
                  130.0.11.0-130.0.15.255

    Signature Algorithm: sha256WithRSAEncryption
         4c:f1:b7:77:b7:91:37:f4:09:e7:a7:4a:a4:ee:42:0b:34:e1:
         10:94:06:38:88:b5:ae:11:14:49:41:65:80:b7:2e:00:c0:0c:
         18:5e:14:5e:06:e3:9d:b7:c9:47:27:12:99:fd:11:38:56:6c:
         bc:7e:a2:00:3f:a0:4e:6a:a8:6b:9f:8c:66:db:5b:5c:e2:30:
         4e:ca:0e:94:c8:cc:2b:ad:2f:0f:db:51:c0:2b:12:00:cd:23:
         b2:8f:5b:6f:4c:dd:1c:f4:36:89:63:ae:19:29:3c:92:fa:f1:
         91:8e:ba:73:03:a9:ed:02:05:a6:c1:ff:e7:0f:6b:67:34:64:
         4a:26:84:45:0e:d9:99:17:be:ea:46:58:27:0f:b3:b1:c8:2b:
         2e:3d:13:fd:2e:8f:1e:8e:00:c9:d6:63:1a:1e:bb:5c:d0:c1:
         43:ab:eb:f1:fc:83:ce:7c:0a:59:95:4b:74:25:c9:46:5f:f6:
         1c:20:ac:11:03:bf:e0:aa:34:f3:08:37:2a:96:c1:85:0e:26:
         7d:ac:d2:36:29:b4:44:92:b2:1f:8d:22:84:47:7b:00:c1:ca:
         4e:7e:13:5e:9c:89:f1:49:a2:b4:fe:6c:a2:5e:74:76:f9:f4:
         cb:a6:cf:13:0e:92:2e:0a:91:d6:a2:f0:00:7e:ec:c1:05:0a:
         eb:02:23:09
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZYacPM6PK9CezYUKtd8k8n9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2M2EzMDk0NDM5Y2FjMGY1NTU3MDEyODZjZDU0MzczYmNl
NmNiNTAwHhcNMjUwNDA5MTIwNTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDJiNDI3MGQzNmU3ZDMyZjAxNDk4NjRhZDY2OWIxMjM4YzFjYjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMsCE5ICk/zn5xMLE2Va6oM2PQlu
67wwp5KfW0T7AGLfko0+9+ruSZns18NnbDFb69MNe2ebZLzHc5aaSF5ZQ6b+Ka/6
mXE/ZS92pPgVKqaELi0LqPcKcHQ8o1kx6z8Fy1UWgBZRMBETYt+Qgtme/nmRxL5J
4ihG3E/C3fmYVQCQTyabDLsa4cU+2HswJSwIEYLef5bw+KXAulkm32M3ihaEL4N9
m/qrF4RRBO3VOzBh4gRhYkyUzVE+Y+12BKmM+gSW38MEOEvcnTljCqcPv4yU88wd
cs2uRTRHY6EoYGtdIqL/RajkDXW0P0QaT6jLEoiNF2+erskRKE/Z3po3eQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFJQrQnDTbn0y8BSYZK1mmxI4wctJMB8GA1UdIwQY
MBaAFLY6MJRDnKwPVVcBKGzVQ3O85stQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGpvd2xFT2NyQTlWVndFb2JOVkRjN3pteTFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9lNGQyMGYtNmRjOC00OTdkLWE4ZDYt
OWRkZGQ2ODAyMDg4LzEvbEN0Q2NOTnVmVEx3Rkpoa3JXYWJFampCeTBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9lNGQyMGYtNmRjOC00OTdkLWE4ZDYtOWRkZGQ2ODAyMDg4
LzEvdGpvd2xFT2NyQTlWVndFb2JOVkRjN3pteTFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBAFbv8ID
BAFbv8wwDAMEAIIACwMEBIIAADANBgkqhkiG9w0BAQsFAAOCAQEATPG3d7eRN/QJ
56dKpO5CCzThEJQGOIi1rhEUSUFlgLcuAMAMGF4UXgbjnbfJRycSmf0ROFZsvH6i
AD+gTmqoa5+MZttbXOIwTsoOlMjMK60vD9tRwCsSAM0jso9bb0zdHPQ2iWOuGSk8
kvrxkY66cwOp7QIFpsH/5w9rZzRkSiaERQ7ZmRe+6kZYJw+zscgrLj0T/S6PHo4A
ydZjGh67XNDBQ6vr8fyDznwKWZVLdCXJRl/2HCCsEQO/4Ko08wg3KpbBhQ4mfazS
Nim0RJKyH40ihEd7AMHKTn4TXpyJ8UmitP5sol50dvn0y6bPEw6SLgqR1qLwAH7s
wQUK6wIjCQ==
-----END CERTIFICATE-----