Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/c1b5ec-52ff-4ecb-b3fd-da95808ba2c1/1/clyhMt5nQntvl-Ze3Rt9YMtzLac.roa
File:                     clyhMt5nQntvl-Ze3Rt9YMtzLac.roa (raw, json)
Hash identifier:          kfiVw7U4Hr5RIO3AxqWgLKoiWDr93cuGtZTr7R10bDc=
Subject key identifier:   72:5C:A1:32:DE:67:42:7B:6F:97:E6:5E:DD:1B:7D:60:CB:73:2D:A7
Certificate issuer:       /CN=86e99134171b5863f62f22b7d7abf740349528ec
Certificate serial:       0194228DFC1D691E56085038083C4B0BA135
Authority key identifier: 86:E9:91:34:17:1B:58:63:F6:2F:22:B7:D7:AB:F7:40:34:95:28:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/humRNBcbWGP2LyK316v3QDSVKOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/c1b5ec-52ff-4ecb-b3fd-da95808ba2c1/1/clyhMt5nQntvl-Ze3Rt9YMtzLac.roa
Signing time:             Wed 01 Jan 2025 15:48:38 +0000
ROA not before:           Wed 01 Jan 2025 15:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60439
IP address blocks:        45.151.80.0/24 maxlen: 24
                          45.151.81.0/24 maxlen: 24
                          45.151.82.0/24 maxlen: 24
                          45.151.83.0/24 maxlen: 24
                          85.208.196.0/24 maxlen: 24
                          85.208.197.0/24 maxlen: 24
                          85.208.198.0/24 maxlen: 24
                          85.208.199.0/24 maxlen: 24
                          139.28.16.0/22 maxlen: 24
                          193.160.22.0/24 maxlen: 24
                          193.160.23.0/24 maxlen: 24
                          193.160.30.0/24 maxlen: 24
                          193.160.31.0/24 maxlen: 24
                          2a13:8240::/40 maxlen: 48
                          2a13:8240:100::/40 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:fc:1d:69:1e:56:08:50:38:08:3c:4b:0b:a1:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86e99134171b5863f62f22b7d7abf740349528ec
        Validity
            Not Before: Jan  1 15:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=725ca132de67427b6f97e65edd1b7d60cb732da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d6:74:96:c2:d5:b2:a5:a9:1c:a6:24:60:cc:
                    55:dd:79:49:3b:74:bf:a5:a0:46:08:33:ef:96:22:
                    b0:8b:10:44:df:18:fe:f5:2d:bd:f6:92:7e:f4:b9:
                    73:12:f7:14:46:15:a5:22:27:62:f6:0a:01:22:15:
                    a6:d8:61:07:da:c0:ee:9d:a7:84:2c:b6:b2:ae:fe:
                    cb:7c:69:0e:1e:cb:21:6f:21:78:e2:83:b9:09:82:
                    6d:14:8c:fa:1f:b8:ba:f9:b8:74:5e:06:da:33:80:
                    c5:7f:03:7c:3c:8d:46:83:a1:f5:6e:f6:67:8b:6e:
                    b2:5d:c5:42:05:8f:8f:62:1a:36:5b:c3:5e:96:da:
                    47:5e:47:56:3e:d3:36:cb:29:46:a8:2b:1c:a0:a9:
                    d8:0e:ed:c8:16:e9:10:3e:6c:81:f2:83:21:d9:62:
                    b9:e1:91:cb:d2:4c:ef:8a:a4:64:43:68:f4:6c:ef:
                    f0:96:20:94:b0:a5:00:08:27:52:a0:97:84:9c:79:
                    2b:37:4f:55:34:c9:cb:27:34:41:d3:6c:36:5e:35:
                    71:53:bb:69:52:ba:b8:94:5d:7d:f8:e6:72:e1:28:
                    d2:1c:8a:8b:21:ca:d2:8d:70:f8:ad:4c:6e:c0:46:
                    bb:e8:6f:33:39:09:33:5a:17:7a:f5:5d:da:a4:d5:
                    24:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:5C:A1:32:DE:67:42:7B:6F:97:E6:5E:DD:1B:7D:60:CB:73:2D:A7
            X509v3 Authority Key Identifier:
                keyid:86:E9:91:34:17:1B:58:63:F6:2F:22:B7:D7:AB:F7:40:34:95:28:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/humRNBcbWGP2LyK316v3QDSVKOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c1b5ec-52ff-4ecb-b3fd-da95808ba2c1/1/clyhMt5nQntvl-Ze3Rt9YMtzLac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c1b5ec-52ff-4ecb-b3fd-da95808ba2c1/1/humRNBcbWGP2LyK316v3QDSVKOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.80.0/22
                  85.208.196.0/22
                  139.28.16.0/22
                  193.160.22.0/23
                  193.160.30.0/23
                IPv6:
                  2a13:8240::/39

    Signature Algorithm: sha256WithRSAEncryption
         96:4e:61:24:be:4d:cf:9a:74:48:65:5c:6a:ad:18:b4:f5:b4:
         83:36:88:60:51:98:dd:8e:a6:ef:d3:c4:42:a7:39:b1:54:2d:
         1a:c4:24:19:38:d1:75:5f:ad:85:be:ea:d6:fe:ee:5b:85:69:
         71:79:fa:9e:e6:0c:a0:d8:ac:28:fe:45:3d:46:14:74:0b:94:
         58:e5:6f:9a:35:7d:96:e3:ed:75:6b:62:50:06:60:e1:e9:7c:
         94:25:84:6f:d1:b0:4f:94:dd:74:66:95:d4:6c:dd:30:c1:86:
         65:41:df:73:5d:aa:24:a0:56:ce:99:5b:58:e7:db:6f:3b:d1:
         b8:ec:a2:25:a5:18:33:c9:20:7d:49:78:30:56:14:76:3f:7d:
         0c:ac:e6:4a:48:a6:90:39:57:41:0f:f1:77:20:c4:57:aa:f6:
         95:6b:9b:e9:14:9a:a9:be:4b:38:7f:e5:03:05:a6:1d:e6:ec:
         3a:3b:6f:3e:07:a4:69:4b:6c:96:34:e8:68:44:fe:ab:f8:51:
         23:d6:50:79:25:10:a8:5e:c0:59:5b:66:7a:a4:ed:cb:64:bc:
         23:71:4d:44:a3:c4:8a:85:97:30:5a:7e:73:fd:c3:b9:2d:7a:
         3b:ed:9f:5a:55:42:ff:26:6c:ac:02:66:7a:e2:5e:3e:c9:27:
         ff:86:32:2e
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZQijfwdaR5WCFA4CDxLC6E1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZTk5MTM0MTcxYjU4NjNmNjJmMjJiN2Q3YWJmNzQwMzQ5
NTI4ZWMwHhcNMjUwMTAxMTU0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjVjYTEzMmRlNjc0MjdiNmY5N2U2NWVkZDFiN2Q2MGNiNzMyZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNZ0lsLVsqWpHKYkYMxV3XlJO3S/
paBGCDPvliKwixBE3xj+9S299pJ+9LlzEvcURhWlIidi9goBIhWm2GEH2sDunaeE
LLayrv7LfGkOHsshbyF44oO5CYJtFIz6H7i6+bh0XgbaM4DFfwN8PI1Gg6H1bvZn
i26yXcVCBY+PYho2W8NeltpHXkdWPtM2yylGqCscoKnYDu3IFukQPmyB8oMh2WK5
4ZHL0kzviqRkQ2j0bO/wliCUsKUACCdSoJeEnHkrN09VNMnLJzRB02w2XjVxU7tp
Urq4lF19+OZy4SjSHIqLIcrSjXD4rUxuwEa76G8zOQkzWhd69V3apNUkmQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFHJcoTLeZ0J7b5fmXt0bfWDLcy2nMB8GA1UdIwQY
MBaAFIbpkTQXG1hj9i8it9er90A0lSjsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHVtUk5CY2JXR1AyTHlLMzE2djNRRFNWS093LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jMWI1ZWMtNTJmZi00ZWNiLWIzZmQt
ZGE5NTgwOGJhMmMxLzEvY2x5aE10NW5RbnR2bC1aZTNSdDlZTXR6TGFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jMWI1ZWMtNTJmZi00ZWNiLWIzZmQtZGE5NTgwOGJhMmMx
LzEvaHVtUk5CY2JXR1AyTHlLMzE2djNRRFNWS093LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAkBAIAATAeAwQCLZdQAwQC
VdDEAwQCixwQAwQBwaAWAwQBwaAeMA4EAgACMAgDBgEqE4JAADANBgkqhkiG9w0B
AQsFAAOCAQEAlk5hJL5Nz5p0SGVcaq0YtPW0gzaIYFGY3Y6m79PEQqc5sVQtGsQk
GTjRdV+thb7q1v7uW4VpcXn6nuYMoNisKP5FPUYUdAuUWOVvmjV9luPtdWtiUAZg
4el8lCWEb9GwT5TddGaV1GzdMMGGZUHfc12qJKBWzplbWOfbbzvRuOyiJaUYM8kg
fUl4MFYUdj99DKzmSkimkDlXQQ/xdyDEV6r2lWub6RSaqb5LOH/lAwWmHebsOjtv
PgekaUtsljToaET+q/hRI9ZQeSUQqF7AWVtmeqTty2S8I3FNRKPEioWXMFp+c/3D
uS16O+2fWlVC/yZsrAJmeuJePskn/4YyLg==
-----END CERTIFICATE-----