Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/0ee921-a721-4f09-80f2-7113fc1b865b/1/KJVMlwlZfz7VZwkvkh44aMGp-IY.roa
File:                     KJVMlwlZfz7VZwkvkh44aMGp-IY.roa (raw, json)
Hash identifier:          I47J1ee7Cpaw/SWVilMo+yk4gdHGbvEV1T0pIX5jkx0=
Subject key identifier:   28:95:4C:97:09:59:7F:3E:D5:67:09:2F:92:1E:38:68:C1:A9:F8:86
Certificate issuer:       /CN=bc8a3bc47d13c83f7d1cf72a137e0066f83d0608
Certificate serial:       0193D3D52A22A783B753BE9824008DC0557C
Authority key identifier: BC:8A:3B:C4:7D:13:C8:3F:7D:1C:F7:2A:13:7E:00:66:F8:3D:06:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vIo7xH0TyD99HPcqE34AZvg9Bgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/0ee921-a721-4f09-80f2-7113fc1b865b/1/KJVMlwlZfz7VZwkvkh44aMGp-IY.roa
Signing time:             Tue 17 Dec 2024 08:56:22 +0000
ROA not before:           Tue 17 Dec 2024 08:56:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28716
IP address blocks:        212.104.0.0/24 maxlen: 24
                          212.104.2.0/23 maxlen: 24
                          212.104.4.0/22 maxlen: 24
                          212.104.8.0/23 maxlen: 24
                          212.104.11.0/24 maxlen: 24
                          212.104.12.0/23 maxlen: 24
                          212.104.16.0/20 maxlen: 24
                          212.104.32.0/21 maxlen: 24
                          212.104.40.0/23 maxlen: 24
                          212.104.44.0/22 maxlen: 24
                          212.104.48.0/21 maxlen: 24
                          212.104.56.0/21 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:d3:d5:2a:22:a7:83:b7:53:be:98:24:00:8d:c0:55:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc8a3bc47d13c83f7d1cf72a137e0066f83d0608
        Validity
            Not Before: Dec 17 08:56:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28954c9709597f3ed567092f921e3868c1a9f886
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:65:5e:4f:e0:4c:fc:6c:b9:8b:4e:fa:c7:a2:
                    b5:bf:1b:a8:e3:10:d6:e3:08:5b:27:ed:e1:9e:ba:
                    ef:0b:f2:eb:da:b8:de:03:ec:58:64:0c:16:f8:f4:
                    52:67:64:30:ae:6b:f2:b0:e6:4f:07:ec:d3:89:68:
                    0f:fc:08:6d:28:47:b4:70:bf:b8:a7:b6:31:8e:b2:
                    cc:ed:e6:a1:af:86:bd:f5:3a:aa:e0:c8:d7:fe:e4:
                    5f:3b:44:33:75:0b:49:d5:13:36:ad:b1:0b:68:b8:
                    3e:a5:0e:e2:b0:11:28:4f:22:1c:ec:52:85:d2:f3:
                    9a:57:02:6a:1f:7a:e6:2a:dc:49:66:e5:51:ac:1f:
                    0d:19:0f:fe:f3:5b:3b:ba:ac:03:fb:dd:36:1b:d6:
                    8e:ac:d6:87:73:62:9a:07:52:a4:09:bf:1f:d3:ce:
                    64:fd:f9:9d:02:57:fd:b0:a7:55:1b:d6:9d:fa:71:
                    34:ee:3c:6c:33:96:28:37:78:d3:bc:e2:64:2f:7c:
                    4d:b4:70:5e:00:82:c7:30:6a:04:fb:eb:55:4a:6e:
                    18:a6:7a:58:b0:78:f3:7c:39:63:f5:27:88:55:70:
                    d3:6e:0b:64:5a:c6:e2:9b:02:b0:5a:44:d1:c9:76:
                    91:85:f9:40:1f:3f:1c:97:a6:02:66:0e:2d:9b:00:
                    4c:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:95:4C:97:09:59:7F:3E:D5:67:09:2F:92:1E:38:68:C1:A9:F8:86
            X509v3 Authority Key Identifier:
                keyid:BC:8A:3B:C4:7D:13:C8:3F:7D:1C:F7:2A:13:7E:00:66:F8:3D:06:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vIo7xH0TyD99HPcqE34AZvg9Bgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/0ee921-a721-4f09-80f2-7113fc1b865b/1/KJVMlwlZfz7VZwkvkh44aMGp-IY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/0ee921-a721-4f09-80f2-7113fc1b865b/1/vIo7xH0TyD99HPcqE34AZvg9Bgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.104.0.0/24
                  212.104.2.0-212.104.9.255
                  212.104.11.0-212.104.13.255
                  212.104.16.0-212.104.41.255
                  212.104.44.0-212.104.63.255

    Signature Algorithm: sha256WithRSAEncryption
         9e:a3:bd:ff:17:b5:47:96:af:f2:21:38:e9:bc:0c:b7:09:fb:
         61:44:50:e9:d9:68:fa:14:27:20:f3:8c:ec:a0:69:48:e6:fb:
         b8:bf:23:5f:e5:07:d2:04:31:b8:17:b9:c1:f9:00:80:b8:29:
         89:39:e4:16:c8:e2:6f:f4:23:06:11:63:15:2d:07:af:b5:a5:
         25:ca:e3:22:ba:02:5b:62:ba:3b:17:cf:40:22:6e:4d:60:18:
         0e:f6:c9:33:71:d8:b4:c9:4b:d2:2d:ae:0c:8f:d1:ea:93:35:
         85:6e:bd:8a:42:67:33:83:9b:8e:f7:4f:99:57:0f:b4:bb:13:
         5b:cb:1f:c0:38:7f:2c:e5:8a:45:85:35:03:cb:ae:19:c3:15:
         e2:c0:3f:c7:29:f8:4a:ef:3b:4a:5c:32:0a:95:50:23:b0:41:
         e3:85:df:97:15:0b:d9:33:b2:da:bc:f6:a0:66:88:ca:6c:b1:
         83:9a:05:f7:bb:11:45:8f:27:b5:da:c5:55:3f:b2:1d:d3:cb:
         8c:34:fd:5e:96:80:fa:05:1f:0b:cb:a3:95:c4:c4:99:74:36:
         40:56:50:47:9e:57:fd:4f:07:79:f1:b4:28:6d:62:34:00:7f:
         0e:4c:01:08:51:d9:1d:f0:1e:3b:29:3b:05:1e:e6:f0:2c:f2:
         63:86:c3:1b
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZPT1Soip4O3U76YJACNwFV8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjOGEzYmM0N2QxM2M4M2Y3ZDFjZjcyYTEzN2UwMDY2Zjgz
ZDA2MDgwHhcNMjQxMjE3MDg1NjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODk1NGM5NzA5NTk3ZjNlZDU2NzA5MmY5MjFlMzg2OGMxYTlmODg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmVeT+BM/Gy5i076x6K1vxuo4xDW
4whbJ+3hnrrvC/Lr2rjeA+xYZAwW+PRSZ2QwrmvysOZPB+zTiWgP/AhtKEe0cL+4
p7YxjrLM7eahr4a99Tqq4MjX/uRfO0QzdQtJ1RM2rbELaLg+pQ7isBEoTyIc7FKF
0vOaVwJqH3rmKtxJZuVRrB8NGQ/+81s7uqwD+902G9aOrNaHc2KaB1KkCb8f085k
/fmdAlf9sKdVG9ad+nE07jxsM5YoN3jTvOJkL3xNtHBeAILHMGoE++tVSm4YpnpY
sHjzfDlj9SeIVXDTbgtkWsbimwKwWkTRyXaRhflAHz8cl6YCZg4tmwBMcQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFCiVTJcJWX8+1WcJL5IeOGjBqfiGMB8GA1UdIwQY
MBaAFLyKO8R9E8g/fRz3KhN+AGb4PQYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdklvN3hIMFR5RDk5SFBjcUUzNEFadmc5QmdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy8wZWU5MjEtYTcyMS00ZjA5LTgwZjIt
NzExM2ZjMWI4NjViLzEvS0pWTWx3bFpmejdWWndrdmtoNDRhTUdwLUlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy8wZWU5MjEtYTcyMS00ZjA5LTgwZjItNzExM2ZjMWI4NjVi
LzEvdklvN3hIMFR5RDk5SFBjcUUzNEFadmc5QmdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQA1GgAMAwD
BAHUaAIDBAHUaAgwDAMEANRoCwMEAdRoDDAMAwQE1GgQAwQB1GgoMAwDBALUaCwD
BAbUaAAwDQYJKoZIhvcNAQELBQADggEBAJ6jvf8XtUeWr/IhOOm8DLcJ+2FEUOnZ
aPoUJyDzjOygaUjm+7i/I1/lB9IEMbgXucH5AIC4KYk55BbI4m/0IwYRYxUtB6+1
pSXK4yK6AltiujsXz0Aibk1gGA72yTNx2LTJS9ItrgyP0eqTNYVuvYpCZzODm473
T5lXD7S7E1vLH8A4fyzlikWFNQPLrhnDFeLAP8cp+ErvO0pcMgqVUCOwQeOF35cV
C9kzstq89qBmiMpssYOaBfe7EUWPJ7XaxVU/sh3Ty4w0/V6WgPoFHwvLo5XExJl0
NkBWUEeeV/1PB3nxtChtYjQAfw5MAQhR2R3wHjspOwUe5vAs8mOGwxs=
-----END CERTIFICATE-----