Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/d216ed-9a76-4a93-b6a9-468f498faf1c/1/X8ZFuM8cVmkTslM54G-NHaJfImQ.roa
File:                     X8ZFuM8cVmkTslM54G-NHaJfImQ.roa (raw, json)
Hash identifier:          HXWB+offeGx+RYH+8cAxZvvU8F4PwjDTMuG2VKd+Z6A=
Subject key identifier:   5F:C6:45:B8:CF:1C:56:69:13:B2:53:39:E0:6F:8D:1D:A2:5F:22:64
Certificate issuer:       /CN=22c5feb2d25fac4dd8baa4f71d8dc2268186a039
Certificate serial:       0195C746A207A24D9936B7C505887099BC3B
Authority key identifier: 22:C5:FE:B2:D2:5F:AC:4D:D8:BA:A4:F7:1D:8D:C2:26:81:86:A0:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsX-stJfrE3YuqT3HY3CJoGGoDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/d216ed-9a76-4a93-b6a9-468f498faf1c/1/X8ZFuM8cVmkTslM54G-NHaJfImQ.roa
Signing time:             Mon 24 Mar 2025 08:30:49 +0000
ROA not before:           Mon 24 Mar 2025 08:30:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48399
IP address blocks:        45.15.254.0/24 maxlen: 24
                          45.93.13.0/24 maxlen: 24
                          85.193.70.0/23 maxlen: 23
                          91.188.246.0/23 maxlen: 23
                          178.170.223.0/24 maxlen: 24
                          185.190.116.0/23 maxlen: 23
                          185.190.118.0/23 maxlen: 23
                          192.70.196.0/23 maxlen: 23
                          192.70.198.0/23 maxlen: 23
                          2a07:ecc0::/30 maxlen: 30
                          2a07:ecc4::/30 maxlen: 30

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c7:46:a2:07:a2:4d:99:36:b7:c5:05:88:70:99:bc:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c5feb2d25fac4dd8baa4f71d8dc2268186a039
        Validity
            Not Before: Mar 24 08:30:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fc645b8cf1c566913b25339e06f8d1da25f2264
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d0:3a:cd:a5:ac:a3:d1:c7:0e:d8:90:01:55:
                    69:ba:cb:95:ca:bd:7c:70:dd:67:b3:e4:09:76:d5:
                    43:0d:98:55:eb:92:e8:86:8e:99:28:73:44:38:26:
                    e4:c7:e0:62:4b:6c:1b:81:e9:4e:cc:56:0c:f3:47:
                    64:73:5c:6d:f7:17:aa:ee:43:f2:64:0a:5e:60:92:
                    37:80:b3:b2:15:ed:a2:f8:62:33:83:0d:bd:c6:25:
                    58:08:14:26:31:78:46:1c:e8:c3:1b:d0:7e:f2:b9:
                    b0:a1:c4:41:47:6b:b9:d3:71:74:13:5e:9e:95:5f:
                    4a:96:df:c5:67:e5:c6:74:d8:0c:fd:37:a7:84:53:
                    56:b4:12:0c:e5:29:ad:8e:0f:56:31:40:80:d5:2f:
                    41:c9:e5:38:ed:d6:d1:fb:82:d6:6b:fd:5b:e4:b0:
                    53:16:6a:b7:1f:bb:bf:f8:bc:2f:dd:a9:2d:87:42:
                    98:5c:42:50:49:9d:2f:74:06:9b:cf:21:4e:ab:20:
                    58:d3:06:e1:25:86:4e:50:ff:41:2c:30:f4:79:55:
                    dc:e0:88:7c:8c:27:40:4a:93:51:e2:e7:3d:d2:fa:
                    6e:46:59:cb:ad:ba:e9:6f:52:bd:21:18:7d:0b:c4:
                    2e:c4:75:64:4e:aa:6d:23:40:79:50:ba:8b:73:6c:
                    40:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:C6:45:B8:CF:1C:56:69:13:B2:53:39:E0:6F:8D:1D:A2:5F:22:64
            X509v3 Authority Key Identifier:
                keyid:22:C5:FE:B2:D2:5F:AC:4D:D8:BA:A4:F7:1D:8D:C2:26:81:86:A0:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsX-stJfrE3YuqT3HY3CJoGGoDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/d216ed-9a76-4a93-b6a9-468f498faf1c/1/X8ZFuM8cVmkTslM54G-NHaJfImQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/d216ed-9a76-4a93-b6a9-468f498faf1c/1/IsX-stJfrE3YuqT3HY3CJoGGoDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.254.0/24
                  45.93.13.0/24
                  85.193.70.0/23
                  91.188.246.0/23
                  178.170.223.0/24
                  185.190.116.0/22
                  192.70.196.0/22
                IPv6:
                  2a07:ecc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:2c:8b:f8:79:3f:e0:e4:7f:df:22:8c:1a:f2:f9:fe:08:47:
         75:6b:d9:da:4c:3c:1f:0d:91:40:9f:4d:76:bc:3c:25:df:8b:
         e4:b2:15:4d:5f:40:6c:11:59:cb:11:f7:c5:25:02:b1:cf:6e:
         69:b6:a3:ed:6a:6f:82:f1:1f:d0:3f:d4:25:d2:95:15:50:21:
         c8:21:aa:06:e9:d9:2e:2b:ec:14:99:89:b3:35:e9:55:7b:e9:
         dc:48:62:33:68:a3:6d:d9:1c:22:20:6c:6a:0b:26:67:22:d9:
         ff:52:b0:5a:1e:6d:62:9c:70:da:06:b9:ad:20:03:5d:e3:19:
         03:d5:75:e3:d5:3e:2d:2d:42:dc:6c:0c:e8:b3:e8:eb:24:78:
         c9:b4:70:6d:4a:58:c3:62:2a:1b:13:d9:26:bc:43:ea:a5:25:
         71:cd:61:3b:57:7d:5d:b2:75:a2:d2:1d:dd:4b:aa:79:ff:89:
         5d:17:5e:18:5a:49:16:87:9f:5a:e9:67:4b:38:b0:41:dd:5a:
         d2:e9:a1:72:39:24:2e:b7:e6:e4:30:3e:99:03:ae:4f:08:80:
         0d:63:48:e1:fd:e7:f7:0f:21:a4:4c:83:84:df:94:6f:45:bf:
         00:e4:82:04:78:09:88:6e:f9:c5:9a:ab:28:c3:d6:36:d5:9b:
         4b:ba:8d:e8
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZXHRqIHok2ZNrfFBYhwmbw7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzVmZWIyZDI1ZmFjNGRkOGJhYTRmNzFkOGRjMjI2ODE4
NmEwMzkwHhcNMjUwMzI0MDgzMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmM2NDViOGNmMWM1NjY5MTNiMjUzMzllMDZmOGQxZGEyNWYyMjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNA6zaWso9HHDtiQAVVpusuVyr18
cN1ns+QJdtVDDZhV65Loho6ZKHNEOCbkx+BiS2wbgelOzFYM80dkc1xt9xeq7kPy
ZApeYJI3gLOyFe2i+GIzgw29xiVYCBQmMXhGHOjDG9B+8rmwocRBR2u503F0E16e
lV9Klt/FZ+XGdNgM/TenhFNWtBIM5Smtjg9WMUCA1S9ByeU47dbR+4LWa/1b5LBT
Fmq3H7u/+Lwv3akth0KYXEJQSZ0vdAabzyFOqyBY0wbhJYZOUP9BLDD0eVXc4Ih8
jCdASpNR4uc90vpuRlnLrbrpb1K9IRh9C8QuxHVkTqptI0B5ULqLc2xAtwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFF/GRbjPHFZpE7JTOeBvjR2iXyJkMB8GA1UdIwQY
MBaAFCLF/rLSX6xN2Lqk9x2NwiaBhqA5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNYLXN0SmZyRTNZdXFUM0hZM0NKb0dHb0RrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9kMjE2ZWQtOWE3Ni00YTkzLWI2YTkt
NDY4ZjQ5OGZhZjFjLzEvWDhaRnVNOGNWbWtUc2xNNTRHLU5IYUpmSW1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9kMjE2ZWQtOWE3Ni00YTkzLWI2YTktNDY4ZjQ5OGZhZjFj
LzEvSXNYLXN0SmZyRTNZdXFUM0hZM0NKb0dHb0RrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQALQ/+AwQA
LV0NAwQBVcFGAwQBW7z2AwQAsqrfAwQCub50AwQCwEbEMA0EAgACMAcDBQMqB+zA
MA0GCSqGSIb3DQEBCwUAA4IBAQB8LIv4eT/g5H/fIowa8vn+CEd1a9naTDwfDZFA
n012vDwl34vkshVNX0BsEVnLEffFJQKxz25ptqPtam+C8R/QP9Ql0pUVUCHIIaoG
6dkuK+wUmYmzNelVe+ncSGIzaKNt2RwiIGxqCyZnItn/UrBaHm1inHDaBrmtIANd
4xkD1XXj1T4tLULcbAzos+jrJHjJtHBtSljDYiobE9kmvEPqpSVxzWE7V31dsnWi
0h3dS6p5/4ldF14YWkkWh59a6WdLOLBB3VrS6aFyOSQut+bkMD6ZA65PCIANY0jh
/ef3DyGkTIOE35RvRb8A5IIEeAmIbvnFmqsow9Y21ZtLuo3o
-----END CERTIFICATE-----