Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/OQkTtFG_3OxCtnjxQDsGh3dZX-w.roa
File:                     OQkTtFG_3OxCtnjxQDsGh3dZX-w.roa (raw, json)
Hash identifier:          Of/8U3hhAVyPqkzRy6ujayBd4foAFuNQvU8XU14emUI=
Subject key identifier:   39:09:13:B4:51:BF:DC:EC:42:B6:78:F1:40:3B:06:87:77:59:5F:EC
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0194266C578278DD1CDB13F03B05562B2F65
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/OQkTtFG_3OxCtnjxQDsGh3dZX-w.roa
Signing time:             Thu 02 Jan 2025 09:50:21 +0000
ROA not before:           Thu 02 Jan 2025 09:50:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12332
IP address blocks:        5.143.112.0/20 maxlen: 20
                          77.34.0.0/15 maxlen: 24
                          81.2.0.0/18 maxlen: 19
                          81.2.0.0/19 maxlen: 24
                          82.162.0.0/16 maxlen: 18
                          86.102.0.0/16 maxlen: 18
                          212.91.192.0/19 maxlen: 24
                          212.107.192.0/19 maxlen: 24
                          212.107.192.0/20 maxlen: 24
                          212.107.208.0/20 maxlen: 24
                          212.122.0.0/19 maxlen: 24
                          212.122.0.0/20 maxlen: 24
                          212.122.16.0/20 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:57:82:78:dd:1c:db:13:f0:3b:05:56:2b:2f:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 09:50:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=390913b451bfdcec42b678f1403b068777595fec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:0b:e9:8e:79:29:26:c7:50:0b:cd:49:0f:09:
                    da:51:53:b6:1c:12:3c:2e:f8:d6:a8:29:5e:6c:c8:
                    cc:08:5c:45:4d:a5:76:e1:f4:7a:50:f0:2c:ce:a2:
                    e1:f5:c5:05:ab:d7:22:e1:da:ac:d4:df:ea:7b:6b:
                    81:7e:19:c0:b3:7b:ce:c9:9d:ce:a3:00:1f:47:b9:
                    9c:2d:7e:36:05:3c:bc:64:7f:03:98:94:d3:63:fc:
                    1d:48:6f:eb:d1:5a:3a:a5:b3:a6:46:fa:e1:fb:62:
                    ab:e5:d7:29:ee:c6:0a:b9:01:62:2a:cc:4e:88:ae:
                    43:27:db:9c:04:45:70:ce:14:c8:11:5c:55:ae:70:
                    dd:08:43:eb:2a:a6:97:f6:88:54:e0:1c:30:49:ca:
                    5a:38:c8:4e:c7:bf:00:82:ff:1d:c2:ca:93:b8:ac:
                    2d:2f:78:dd:09:a0:b3:76:99:11:58:5d:3d:66:62:
                    ab:db:2d:8f:2a:4b:cb:fc:b7:ff:0d:01:de:2a:b0:
                    96:80:99:60:21:3a:1e:e6:f5:97:e9:79:10:58:93:
                    a1:ec:85:0b:d3:32:47:c0:32:51:61:16:7c:d0:c1:
                    32:a4:11:10:5a:6b:38:ce:8c:65:1e:a4:7d:68:e1:
                    8e:0f:aa:57:42:b7:eb:38:45:5d:f5:de:39:2b:b3:
                    8a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:09:13:B4:51:BF:DC:EC:42:B6:78:F1:40:3B:06:87:77:59:5F:EC
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/OQkTtFG_3OxCtnjxQDsGh3dZX-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.143.112.0/20
                  77.34.0.0/15
                  81.2.0.0/18
                  82.162.0.0/16
                  86.102.0.0/16
                  212.91.192.0/19
                  212.107.192.0/19
                  212.122.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         14:86:49:36:46:fa:45:a8:10:c8:84:e6:ae:e7:b8:38:69:96:
         b3:53:ec:c0:dd:a3:0d:5e:ae:04:8d:9e:e0:43:1a:fc:5b:53:
         de:c4:ca:a4:af:96:3f:86:0d:69:ff:9f:ec:a7:94:6e:97:c2:
         d2:c4:b4:63:d8:69:6e:6a:c6:67:2c:a6:e8:2b:41:3a:63:3b:
         a4:7a:aa:0a:56:82:be:3d:2e:46:c5:fc:d4:de:73:88:15:0e:
         18:f8:58:17:a5:de:99:ac:d8:ce:bf:4c:33:e1:36:5f:b1:bc:
         8b:17:29:11:60:fa:7c:c0:85:78:a0:1b:21:0a:35:82:24:a2:
         60:1c:74:95:3d:64:f3:14:40:4a:1e:87:8c:a0:1a:c6:7c:12:
         d3:cb:6f:de:bf:6f:8a:a8:c2:bf:75:5a:0d:28:1f:3f:9c:8c:
         6f:41:02:65:fe:4a:cb:20:42:2d:69:e1:1b:89:67:64:df:aa:
         a7:bf:14:2d:d4:0e:0d:55:20:3d:04:33:90:f6:42:b2:8e:a0:
         37:d8:58:11:52:a8:b6:89:8b:04:b0:cd:0f:60:71:30:84:08:
         de:88:3b:dd:36:05:30:50:51:4d:6c:e7:6e:8a:9b:5f:01:0b:
         01:01:b1:e1:ee:71:4f:48:d8:d5:36:8b:44:d0:77:84:db:26:
         69:47:34:b0
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQmbFeCeN0c2xPwOwVWKy9lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTA5MTNiNDUxYmZkY2VjNDJiNjc4ZjE0MDNiMDY4Nzc3NTk1ZmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwvpjnkpJsdQC81JDwnaUVO2HBI8
LvjWqClebMjMCFxFTaV24fR6UPAszqLh9cUFq9ci4dqs1N/qe2uBfhnAs3vOyZ3O
owAfR7mcLX42BTy8ZH8DmJTTY/wdSG/r0Vo6pbOmRvrh+2Kr5dcp7sYKuQFiKsxO
iK5DJ9ucBEVwzhTIEVxVrnDdCEPrKqaX9ohU4BwwScpaOMhOx78Agv8dwsqTuKwt
L3jdCaCzdpkRWF09ZmKr2y2PKkvL/Lf/DQHeKrCWgJlgIToe5vWX6XkQWJOh7IUL
0zJHwDJRYRZ80MEypBEQWms4zoxlHqR9aOGOD6pXQrfrOEVd9d45K7OKWwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFDkJE7RRv9zsQrZ48UA7Bod3WV/sMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvT1FrVHRGR18zT3hDdG5qeFFEc0doM2RaWC13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAzBAIAATAtAwQEBY9wAwMB
TSIDBAZRAgADAwBSogMDAFZmAwQF1FvAAwQF1GvAAwQF1HoAMA0GCSqGSIb3DQEB
CwUAA4IBAQAUhkk2RvpFqBDIhOau57g4aZazU+zA3aMNXq4EjZ7gQxr8W1PexMqk
r5Y/hg1p/5/sp5Rul8LSxLRj2GluasZnLKboK0E6YzukeqoKVoK+PS5GxfzU3nOI
FQ4Y+FgXpd6ZrNjOv0wz4TZfsbyLFykRYPp8wIV4oBshCjWCJKJgHHSVPWTzFEBK
HoeMoBrGfBLTy2/ev2+KqMK/dVoNKB8/nIxvQQJl/krLIEItaeEbiWdk36qnvxQt
1A4NVSA9BDOQ9kKyjqA32FgRUqi2iYsEsM0PYHEwhAjeiDvdNgUwUFFNbOduiptf
AQsBAbHh7nFPSNjVNotE0HeE2yZpRzSw
-----END CERTIFICATE-----