Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/HiZc67HVTwn8Z06NfpqjcKessm0.roa
File:                     HiZc67HVTwn8Z06NfpqjcKessm0.roa (raw, json)
Hash identifier:          lqdU13XMgrPX/Le9yOse8Cr2DHCVtWn9Fg9xc6NSbN0=
Subject key identifier:   1E:26:5C:EB:B1:D5:4F:09:FC:67:4E:8D:7E:9A:A3:70:A7:AC:B2:6D
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0194266C76C9D1C655D957E65EEAB676C4A3
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/HiZc67HVTwn8Z06NfpqjcKessm0.roa
Signing time:             Thu 02 Jan 2025 09:50:30 +0000
ROA not before:           Thu 02 Jan 2025 09:50:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42362
IP address blocks:        78.111.240.0/23 maxlen: 23
                          83.239.192.0/21 maxlen: 21
                          83.239.208.0/20 maxlen: 20
                          85.172.128.0/19 maxlen: 19
                          85.172.192.0/21 maxlen: 21
                          85.172.200.0/22 maxlen: 22
                          85.172.208.0/20 maxlen: 20
                          85.172.224.0/20 maxlen: 20
                          85.172.240.0/20 maxlen: 20
                          85.173.32.0/19 maxlen: 19
                          85.173.224.0/19 maxlen: 19

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:76:c9:d1:c6:55:d9:57:e6:5e:ea:b6:76:c4:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 09:50:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e265cebb1d54f09fc674e8d7e9aa370a7acb26d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:03:b1:8e:d2:d9:c4:4e:55:54:43:0e:fe:47:
                    81:f5:bd:70:31:a8:2d:37:cd:91:01:e3:b0:86:a0:
                    d3:37:2a:d6:21:31:b8:e0:13:16:e6:e4:7d:d7:28:
                    d7:aa:39:fe:50:e2:f3:c2:54:4e:d9:5b:df:84:55:
                    4a:1c:78:ac:78:2d:94:1b:97:c2:66:82:57:d4:48:
                    95:eb:62:97:4a:4b:50:b5:1b:b5:7c:a2:fe:ce:3b:
                    d4:f8:1f:fd:f8:3b:da:56:ab:10:ab:64:44:2f:8d:
                    6f:fe:f6:d9:19:06:fa:5f:1c:67:43:00:ff:64:79:
                    65:a9:9b:6e:41:26:98:b4:93:0e:01:81:91:07:ad:
                    40:62:3b:92:15:d4:7b:b2:84:8c:f5:65:e4:b2:72:
                    5b:40:03:27:14:35:90:fd:af:66:af:dc:8a:19:37:
                    74:e7:69:ff:0b:4b:c9:a7:d7:60:70:fa:b6:ca:6f:
                    6c:0c:17:ab:5a:05:86:cc:c3:64:8f:04:d7:04:53:
                    7c:64:9b:8d:18:41:8b:29:c2:67:dd:99:e9:3d:5d:
                    0b:bb:29:78:1f:f0:3e:ce:42:d9:3e:60:35:d1:7c:
                    90:da:05:28:54:a0:08:86:21:2b:08:4c:c0:47:14:
                    2a:84:92:d9:37:40:9a:e4:40:b1:6a:17:de:77:f0:
                    1b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:26:5C:EB:B1:D5:4F:09:FC:67:4E:8D:7E:9A:A3:70:A7:AC:B2:6D
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/HiZc67HVTwn8Z06NfpqjcKessm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.111.240.0/23
                  83.239.192.0/21
                  83.239.208.0/20
                  85.172.128.0/19
                  85.172.192.0-85.172.203.255
                  85.172.208.0-85.172.255.255
                  85.173.32.0/19
                  85.173.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         91:dc:fa:35:7a:ea:91:d2:1b:03:6a:ea:ae:8b:1f:2d:ee:6b:
         11:78:03:fd:f9:66:c8:83:06:e8:3d:7c:d8:13:cc:38:f5:95:
         3f:1b:d3:98:27:00:e0:bd:47:42:b1:dd:3e:22:38:0c:42:9b:
         3c:88:46:4b:a6:b7:2f:13:ab:a9:0c:66:38:b8:ca:f4:a2:e5:
         17:5e:af:d2:62:65:b1:d7:34:aa:d7:37:75:92:6c:35:13:3f:
         f5:7f:f8:c8:f9:54:b0:95:f1:dc:8f:cf:79:04:47:75:89:ea:
         b6:f8:51:b7:b8:23:b9:b7:4b:ea:09:f6:51:f7:0d:c4:00:07:
         66:8d:f2:f7:60:6d:54:fb:0e:0d:d1:70:2d:fe:05:27:6b:88:
         d7:52:d6:73:e6:8e:67:93:bf:12:27:68:34:15:a3:fd:0c:5d:
         ba:14:65:da:1f:85:8f:b1:0c:67:06:cf:c2:f4:c3:a4:a2:0d:
         4c:51:9a:42:09:15:6a:fc:5d:00:8a:6e:80:a3:42:f5:81:76:
         9e:23:11:37:ec:f9:ba:93:d9:36:01:15:d8:aa:6e:f4:01:31:
         70:cc:71:37:2a:9d:40:5d:b0:92:67:6a:3f:38:9c:33:65:1a:
         ee:ce:3d:9a:39:33:43:ac:f7:91:06:bd:fd:f8:31:42:2d:c9:
         fb:c0:8e:c6
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZQmbHbJ0cZV2VfmXuq2dsSjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTI2NWNlYmIxZDU0ZjA5ZmM2NzRlOGQ3ZTlhYTM3MGE3YWNiMjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQOxjtLZxE5VVEMO/keB9b1wMagt
N82RAeOwhqDTNyrWITG44BMW5uR91yjXqjn+UOLzwlRO2VvfhFVKHHiseC2UG5fC
ZoJX1EiV62KXSktQtRu1fKL+zjvU+B/9+DvaVqsQq2REL41v/vbZGQb6XxxnQwD/
ZHllqZtuQSaYtJMOAYGRB61AYjuSFdR7soSM9WXksnJbQAMnFDWQ/a9mr9yKGTd0
52n/C0vJp9dgcPq2ym9sDBerWgWGzMNkjwTXBFN8ZJuNGEGLKcJn3ZnpPV0Luyl4
H/A+zkLZPmA10XyQ2gUoVKAIhiErCEzARxQqhJLZN0Ca5ECxahfed/AbjQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFB4mXOux1U8J/GdOjX6ao3CnrLJtMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvSGlaYzY3SFZUd244WjA2TmZwcWpjS2Vzc20wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAATA/AwQBTm/wAwQD
U+/AAwQEU+/QAwQFVayAMAwDBAZVrMADBAJVrMgwCwMEBFWs0AMDAFWsAwQFVa0g
AwQFVa3gMA0GCSqGSIb3DQEBCwUAA4IBAQCR3Po1euqR0hsDauquix8t7msReAP9
+WbIgwboPXzYE8w49ZU/G9OYJwDgvUdCsd0+IjgMQps8iEZLprcvE6upDGY4uMr0
ouUXXq/SYmWx1zSq1zd1kmw1Ez/1f/jI+VSwlfHcj895BEd1ieq2+FG3uCO5t0vq
CfZR9w3EAAdmjfL3YG1U+w4N0XAt/gUna4jXUtZz5o5nk78SJ2g0FaP9DF26FGXa
H4WPsQxnBs/C9MOkog1MUZpCCRVq/F0Aim6Ao0L1gXaeIxE37Pm6k9k2ARXYqm70
ATFwzHE3Kp1AXbCSZ2o/OJwzZRruzj2aOTNDrPeRBr39+DFCLcn7wI7G
-----END CERTIFICATE-----