Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/G4DVO7kgJkSebG9ewGPs33uMnf8.roa
File:                     G4DVO7kgJkSebG9ewGPs33uMnf8.roa (raw, json)
Hash identifier:          b494MjIvWxCtof4HA+RqOptW/Z4Rswb4e/egtbpMGoE=
Subject key identifier:   1B:80:D5:3B:B9:20:26:44:9E:6C:6F:5E:C0:63:EC:DF:7B:8C:9D:FF
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       019362873C096C8305CCA14CD35FB5621282
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/G4DVO7kgJkSebG9ewGPs33uMnf8.roa
Signing time:             Mon 25 Nov 2024 08:54:10 +0000
ROA not before:           Mon 25 Nov 2024 08:54:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42362
IP address blocks:        78.111.240.0/23 maxlen: 23
                          83.239.192.0/21 maxlen: 21
                          83.239.208.0/20 maxlen: 20
                          85.172.128.0/19 maxlen: 19
                          85.172.192.0/21 maxlen: 21
                          85.172.200.0/22 maxlen: 22
                          85.172.208.0/20 maxlen: 20
                          85.172.224.0/20 maxlen: 20
                          85.172.240.0/20 maxlen: 20
                          85.173.32.0/19 maxlen: 19
                          85.173.224.0/19 maxlen: 19

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:62:87:3c:09:6c:83:05:cc:a1:4c:d3:5f:b5:62:12:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Nov 25 08:54:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b80d53bb92026449e6c6f5ec063ecdf7b8c9dff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9b:92:91:14:6e:c0:cb:fd:bf:81:8a:c5:a4:
                    6e:94:de:19:3e:65:c7:8c:b1:07:09:05:4b:2c:1e:
                    64:f6:47:db:1e:15:ce:f2:92:13:07:32:12:bd:06:
                    32:f7:ad:f6:28:a9:66:99:e8:05:97:b3:3f:fd:ad:
                    1a:e1:e4:52:7f:2b:57:59:66:52:6b:f8:84:c2:bb:
                    4b:e1:5f:1a:3f:7b:21:5e:86:14:51:b4:be:2f:08:
                    01:a2:ff:cc:8b:a7:4d:de:87:0c:90:0c:53:ad:62:
                    0c:9f:5b:cd:c5:4a:93:86:1a:f8:ce:f4:f2:60:be:
                    fe:25:d9:4e:9e:5e:4a:cb:c6:d5:11:18:67:fb:a6:
                    72:19:28:a7:22:27:ef:ae:74:c2:e9:93:43:28:4c:
                    15:ed:36:76:ee:bd:6a:33:45:78:62:da:5e:c4:b7:
                    1c:06:2b:ed:a1:d4:0d:57:9e:0c:0b:dd:95:0d:86:
                    e8:5c:55:f1:15:74:c9:17:6b:92:f9:ea:e3:74:17:
                    59:57:99:c1:81:fe:08:c8:38:9a:9f:b6:ca:d0:4f:
                    22:b7:86:88:46:82:4f:35:97:aa:7b:1d:ca:d9:07:
                    a3:8c:c7:c0:f4:d8:cf:9a:64:b8:9a:c6:23:17:08:
                    8f:bc:39:9b:07:98:10:e5:dd:cc:d0:fe:c4:af:b4:
                    2d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:80:D5:3B:B9:20:26:44:9E:6C:6F:5E:C0:63:EC:DF:7B:8C:9D:FF
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/G4DVO7kgJkSebG9ewGPs33uMnf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.111.240.0/23
                  83.239.192.0/21
                  83.239.208.0/20
                  85.172.128.0/19
                  85.172.192.0-85.172.203.255
                  85.172.208.0-85.172.255.255
                  85.173.32.0/19
                  85.173.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         91:c8:22:cf:a4:1a:cf:8c:83:80:c3:ff:69:ee:5a:a0:6f:a0:
         61:b4:28:15:1f:7e:11:cc:6a:59:5c:4d:b5:b0:4e:83:61:b5:
         f9:03:ce:8a:9e:ad:55:41:04:2d:18:53:ad:d8:94:2a:66:94:
         94:9b:c3:5d:15:0f:ef:80:bc:34:d5:d9:fb:c7:3e:ec:64:0b:
         26:76:c2:c3:87:59:c0:32:b3:9d:ca:17:68:d2:97:b2:75:bd:
         d6:05:72:89:7e:e2:3c:ba:47:05:63:da:83:e3:a2:b6:3d:0b:
         43:9b:88:2b:35:ef:a6:83:48:28:01:ec:12:f7:61:45:40:f6:
         a9:60:f1:c0:43:95:8f:d1:37:18:6e:cc:c8:f8:e1:b1:13:ae:
         94:ec:42:f2:ab:1b:e4:8c:96:c9:77:fa:11:47:9c:a0:22:11:
         6e:98:1e:5d:52:ec:c1:19:91:16:02:7f:ca:d7:59:d8:f4:c8:
         1c:43:f1:c1:f4:43:58:f8:5f:df:58:37:35:c5:06:b7:d6:a5:
         86:f4:21:6e:88:4f:52:74:fa:06:18:3d:a9:17:5f:e4:a4:5c:
         b9:32:a8:5d:2a:75:9e:3d:b4:5b:2c:39:e4:0e:f6:77:03:61:
         28:d7:af:43:08:fc:e6:c1:39:00:71:be:77:2e:78:d3:85:e2:
         ae:c4:d4:27
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZNihzwJbIMFzKFM01+1YhKCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQxMTI1MDg1NDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjgwZDUzYmI5MjAyNjQ0OWU2YzZmNWVjMDYzZWNkZjdiOGM5ZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZuSkRRuwMv9v4GKxaRulN4ZPmXH
jLEHCQVLLB5k9kfbHhXO8pITBzISvQYy9632KKlmmegFl7M//a0a4eRSfytXWWZS
a/iEwrtL4V8aP3shXoYUUbS+LwgBov/Mi6dN3ocMkAxTrWIMn1vNxUqThhr4zvTy
YL7+JdlOnl5Ky8bVERhn+6ZyGSinIifvrnTC6ZNDKEwV7TZ27r1qM0V4YtpexLcc
BivtodQNV54MC92VDYboXFXxFXTJF2uS+erjdBdZV5nBgf4IyDian7bK0E8it4aI
RoJPNZeqex3K2QejjMfA9NjPmmS4msYjFwiPvDmbB5gQ5d3M0P7Er7QtlwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFBuA1Tu5ICZEnmxvXsBj7N97jJ3/MB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvRzREVk83a2dKa1NlYkc5ZXdHUHMzM3VNbmY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAATA/AwQBTm/wAwQD
U+/AAwQEU+/QAwQFVayAMAwDBAZVrMADBAJVrMgwCwMEBFWs0AMDAFWsAwQFVa0g
AwQFVa3gMA0GCSqGSIb3DQEBCwUAA4IBAQCRyCLPpBrPjIOAw/9p7lqgb6BhtCgV
H34RzGpZXE21sE6DYbX5A86Knq1VQQQtGFOt2JQqZpSUm8NdFQ/vgLw01dn7xz7s
ZAsmdsLDh1nAMrOdyhdo0peydb3WBXKJfuI8ukcFY9qD46K2PQtDm4grNe+mg0go
AewS92FFQPapYPHAQ5WP0TcYbszI+OGxE66U7ELyqxvkjJbJd/oRR5ygIhFumB5d
UuzBGZEWAn/K11nY9MgcQ/HB9ENY+F/fWDc1xQa31qWG9CFuiE9SdPoGGD2pF1/k
pFy5MqhdKnWePbRbLDnkDvZ3A2Eo169DCPzmwTkAcb53LnjTheKuxNQn
-----END CERTIFICATE-----