Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/dj0kqDn3b-LsFKqa78rsokfzLFk.roa
File:                     dj0kqDn3b-LsFKqa78rsokfzLFk.roa (raw, json)
Hash identifier:          SJq7Rp9EyEzexQOfZDBQYeJmiE7pT1m4/wANm3NfmOY=
Subject key identifier:   76:3D:24:A8:39:F7:6F:E2:EC:14:AA:9A:EF:CA:EC:A2:47:F3:2C:59
Certificate issuer:       /CN=8452b03e1b01709638940d9592983cde77ecab77
Certificate serial:       01924BD95AED1A79F0B5909D43C502ADE26C
Authority key identifier: 84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/dj0kqDn3b-LsFKqa78rsokfzLFk.roa
Signing time:             Wed 02 Oct 2024 06:09:48 +0000
ROA not before:           Wed 02 Oct 2024 06:09:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35297
IP address blocks:        5.53.112.0/21 maxlen: 21
                          62.68.74.0/24 maxlen: 24
                          77.75.144.0/21 maxlen: 21
                          91.204.212.0/22 maxlen: 24
                          178.251.104.0/21 maxlen: 21
                          178.251.110.0/24 maxlen: 24
                          185.249.160.0/22 maxlen: 22
                          193.238.32.0/22 maxlen: 22
                          193.239.72.0/22 maxlen: 22
                          2a02:2000::/29 maxlen: 48
                          2a02:2000::/32 maxlen: 48
                          2a02:2000:4::/48 maxlen: 48
                          2a02:2000:face::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:4b:d9:5a:ed:1a:79:f0:b5:90:9d:43:c5:02:ad:e2:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8452b03e1b01709638940d9592983cde77ecab77
        Validity
            Not Before: Oct  2 06:09:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=763d24a839f76fe2ec14aa9aefcaeca247f32c59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:10:3b:f3:a6:4e:86:30:69:82:4d:59:20:2c:
                    9c:30:93:dc:31:15:c9:74:85:c9:5e:6a:92:2e:22:
                    ea:5b:9f:37:ef:8f:9c:80:9c:05:60:da:0d:b1:14:
                    6e:ab:a6:13:2c:18:8c:3d:5e:84:4d:40:f2:71:87:
                    14:33:56:d3:1a:b6:7c:61:aa:ee:e3:52:c8:72:b9:
                    ec:9e:62:25:a0:0e:04:54:ce:8c:7a:a0:26:c2:e5:
                    4d:03:01:9e:ee:b4:f1:27:53:8d:d6:bb:00:68:ea:
                    a6:a3:19:c6:ce:f0:b2:28:71:9b:85:03:29:ff:79:
                    b9:fb:d0:92:fa:ec:3b:35:70:92:bc:df:15:96:33:
                    44:c3:cf:dd:51:37:70:c3:b1:43:3a:39:10:e1:58:
                    4c:47:f7:06:c2:fc:5c:29:10:27:63:0b:9b:51:31:
                    a2:4a:ac:44:df:1f:c3:53:9c:3d:2d:63:6b:e1:dc:
                    d2:5b:d1:fd:ff:f0:6a:7d:ab:66:54:00:1d:72:c8:
                    4b:0a:b8:e7:82:44:eb:5f:35:93:f7:5c:f5:4e:6f:
                    6e:6c:12:37:35:fb:4f:af:29:dc:f2:fb:0b:c0:d2:
                    11:21:db:33:1c:75:a1:ce:06:4e:52:49:9a:9a:ca:
                    0d:14:0a:23:19:8b:55:e5:88:7b:87:24:5d:01:66:
                    77:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:3D:24:A8:39:F7:6F:E2:EC:14:AA:9A:EF:CA:EC:A2:47:F3:2C:59
            X509v3 Authority Key Identifier:
                keyid:84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/dj0kqDn3b-LsFKqa78rsokfzLFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.53.112.0/21
                  62.68.74.0/24
                  77.75.144.0/21
                  91.204.212.0/22
                  178.251.104.0/21
                  185.249.160.0/22
                  193.238.32.0/22
                  193.239.72.0/22
                IPv6:
                  2a02:2000::/29

    Signature Algorithm: sha256WithRSAEncryption
         8b:b2:ea:4d:4c:74:c5:c3:f9:c6:43:bf:60:c1:12:28:bc:60:
         2b:00:b1:9b:c6:54:54:6b:50:72:1a:1c:de:ed:9c:0d:9c:7b:
         52:03:2b:4d:59:76:79:cd:10:ce:e2:31:88:cf:05:6b:b3:18:
         4d:ec:79:ab:f7:25:f1:9f:58:f4:66:74:63:0c:63:e3:fc:ea:
         8a:51:42:c3:5c:a1:59:91:fc:02:ca:16:2d:58:28:b2:48:64:
         8e:d1:05:62:3c:4d:78:1e:67:78:b1:79:23:2d:85:70:da:b3:
         e5:30:f1:0d:46:a6:7a:48:47:e8:e6:ce:5d:a9:0d:7a:8b:35:
         63:8a:53:bd:c5:85:d5:a5:7b:d7:0d:d6:c7:6e:63:3e:e4:dd:
         eb:f0:5e:e8:5f:41:43:8f:56:4c:bc:82:a1:87:79:25:8f:70:
         cc:22:84:b4:5a:1e:b9:1f:a4:2f:05:b3:9e:75:0f:fc:d3:26:
         09:34:e8:b7:ee:7f:26:ac:92:40:e1:d3:d6:c2:aa:1c:28:64:
         1e:cd:62:96:1e:6d:44:76:4e:74:95:be:e6:b8:bf:a9:d8:8f:
         2b:ef:c5:61:89:d6:f2:d4:7d:4a:39:cb:33:5c:92:5b:07:aa:
         f0:e6:3c:ea:07:77:5b:a3:42:df:7f:d3:8b:29:58:94:57:b8:
         8f:eb:8a:10
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZJL2VrtGnnwtZCdQ8UCreJsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NTJiMDNlMWIwMTcwOTYzODk0MGQ5NTkyOTgzY2RlNzdl
Y2FiNzcwHhcNMjQxMDAyMDYwOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjNkMjRhODM5Zjc2ZmUyZWMxNGFhOWFlZmNhZWNhMjQ3ZjMyYzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRA786ZOhjBpgk1ZICycMJPcMRXJ
dIXJXmqSLiLqW58374+cgJwFYNoNsRRuq6YTLBiMPV6ETUDycYcUM1bTGrZ8Yaru
41LIcrnsnmIloA4EVM6MeqAmwuVNAwGe7rTxJ1ON1rsAaOqmoxnGzvCyKHGbhQMp
/3m5+9CS+uw7NXCSvN8VljNEw8/dUTdww7FDOjkQ4VhMR/cGwvxcKRAnYwubUTGi
SqxE3x/DU5w9LWNr4dzSW9H9//BqfatmVAAdcshLCrjngkTrXzWT91z1Tm9ubBI3
NftPrync8vsLwNIRIdszHHWhzgZOUkmamsoNFAojGYtV5Yh7hyRdAWZ3qwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFHY9JKg592/i7BSqmu/K7KJH8yxZMB8GA1UdIwQY
MBaAFIRSsD4bAXCWOJQNlZKYPN537Kt3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQt
MjAwZmMyNzRjYjAxLzEvZGowa3FEbjNiLUxzRktxYTc4cnNva2Z6TEZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQtMjAwZmMyNzRjYjAx
LzEvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDBTVwAwQA
PkRKAwQDTUuQAwQCW8zUAwQDsvtoAwQCufmgAwQCwe4gAwQCwe9IMA0EAgACMAcD
BQMqAiAAMA0GCSqGSIb3DQEBCwUAA4IBAQCLsupNTHTFw/nGQ79gwRIovGArALGb
xlRUa1ByGhze7ZwNnHtSAytNWXZ5zRDO4jGIzwVrsxhN7Hmr9yXxn1j0ZnRjDGPj
/OqKUULDXKFZkfwCyhYtWCiySGSO0QViPE14Hmd4sXkjLYVw2rPlMPENRqZ6SEfo
5s5dqQ16izVjilO9xYXVpXvXDdbHbmM+5N3r8F7oX0FDj1ZMvIKhh3klj3DMIoS0
Wh65H6QvBbOedQ/80yYJNOi37n8mrJJA4dPWwqocKGQezWKWHm1Edk50lb7muL+p
2I8r78Vhidby1H1KOcszXJJbB6rw5jzqB3dbo0Lff9OLKViUV7iP64oQ
-----END CERTIFICATE-----