Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/526ecd-d54c-4686-afc4-617c79105cb2/1/k454o_0toIxBEMoUton6LsF8G_A.roa
File:                     k454o_0toIxBEMoUton6LsF8G_A.roa (raw, json)
Hash identifier:          e3HGvF/3k7nrGMQEtM7QSKvAcLz6yayUOa1u8zXlBic=
Subject key identifier:   93:8E:78:A3:FD:2D:A0:8C:41:10:CA:14:B6:89:FA:2E:C1:7C:1B:F0
Certificate issuer:       /CN=5f864c6019052d30ef3da57646b860fae4a3c76d
Certificate serial:       018DCFD9686BADA898335E19B11E979CA1D5
Authority key identifier: 5F:86:4C:60:19:05:2D:30:EF:3D:A5:76:46:B8:60:FA:E4:A3:C7:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X4ZMYBkFLTDvPaV2Rrhg-uSjx20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/526ecd-d54c-4686-afc4-617c79105cb2/1/k454o_0toIxBEMoUton6LsF8G_A.roa
Signing time:             Thu 22 Feb 2024 08:05:48 +0000
ROA not before:           Thu 22 Feb 2024 08:05:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200780
IP address blocks:        77.236.98.0/23 maxlen: 23
                          88.218.32.0/23 maxlen: 23
                          89.40.220.0/23 maxlen: 23
                          91.234.104.0/22 maxlen: 22
                          95.178.108.0/22 maxlen: 22
                          185.121.164.0/22 maxlen: 22
                          194.106.208.0/23 maxlen: 23
                          195.35.96.0/24 maxlen: 24
                          195.133.148.0/22 maxlen: 22
                          2a10:780::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cf:d9:68:6b:ad:a8:98:33:5e:19:b1:1e:97:9c:a1:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f864c6019052d30ef3da57646b860fae4a3c76d
        Validity
            Not Before: Feb 22 08:05:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=938e78a3fd2da08c4110ca14b689fa2ec17c1bf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:36:32:7d:1a:bb:c7:eb:d6:8e:fe:6b:03:57:
                    df:38:ae:f1:87:23:db:1b:b2:af:32:5c:4c:b1:16:
                    00:36:f9:e0:59:9f:06:58:8c:45:73:4f:c7:70:1f:
                    c7:72:65:b7:ae:a1:4d:b6:ea:1c:88:82:71:34:00:
                    dc:8a:95:06:39:e9:03:5c:63:59:fa:ab:00:2b:aa:
                    45:67:5a:e7:2d:a5:0f:70:aa:a9:e6:08:cc:8d:4b:
                    77:1f:94:d1:37:15:44:0c:00:ea:08:dc:d8:d7:ac:
                    46:0e:57:4a:ad:06:20:80:2e:1a:8f:6c:f1:5d:91:
                    27:f6:4a:7f:9d:94:ae:1b:d2:38:67:51:8d:26:4e:
                    4d:ce:41:c1:6b:b1:a5:d2:f9:43:36:b8:30:b6:47:
                    2e:57:0a:7f:75:ae:3d:9a:82:7f:27:b1:0c:c8:23:
                    b2:cd:64:ff:68:95:7e:6a:98:a3:41:98:b1:63:d0:
                    11:2d:72:56:96:af:7c:91:7a:45:45:0e:66:34:f6:
                    44:f7:82:19:c4:65:28:81:b1:e5:54:8b:59:df:c0:
                    ee:c2:c5:63:2a:3e:98:46:a8:54:32:6c:d9:fd:86:
                    40:2a:4a:35:f1:de:9b:6b:a6:e2:37:a5:bd:8a:e2:
                    83:fc:b1:1b:53:bf:ab:5d:66:65:e4:8f:0b:da:86:
                    22:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:8E:78:A3:FD:2D:A0:8C:41:10:CA:14:B6:89:FA:2E:C1:7C:1B:F0
            X509v3 Authority Key Identifier:
                keyid:5F:86:4C:60:19:05:2D:30:EF:3D:A5:76:46:B8:60:FA:E4:A3:C7:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X4ZMYBkFLTDvPaV2Rrhg-uSjx20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/526ecd-d54c-4686-afc4-617c79105cb2/1/k454o_0toIxBEMoUton6LsF8G_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/526ecd-d54c-4686-afc4-617c79105cb2/1/X4ZMYBkFLTDvPaV2Rrhg-uSjx20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.236.98.0/23
                  88.218.32.0/23
                  89.40.220.0/23
                  91.234.104.0/22
                  95.178.108.0/22
                  185.121.164.0/22
                  194.106.208.0/23
                  195.35.96.0/24
                  195.133.148.0/22
                IPv6:
                  2a10:780::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:2e:b8:06:f7:14:c7:ac:3f:ea:a7:64:79:50:b7:9a:12:19:
         b1:8b:55:4c:5c:df:44:0c:c0:74:ff:47:e4:0e:9c:eb:1c:18:
         fb:2e:57:e7:11:9b:31:23:89:b3:b7:42:02:33:35:b5:51:89:
         d3:4a:33:c6:bc:e2:08:7f:34:db:d7:4f:cc:49:5e:d3:04:1f:
         f6:fe:e5:47:3e:00:ad:a0:69:4b:cf:6d:2a:3d:90:9f:1f:b3:
         7f:d6:9a:f2:18:63:a8:85:82:0d:f0:54:93:49:53:03:e8:28:
         f3:0d:d4:5d:d0:a8:f7:bb:94:fe:e7:91:2e:6e:26:3e:8d:c2:
         76:13:45:45:7a:8e:09:21:91:e7:c0:7b:86:2d:e3:2e:4e:6a:
         64:2e:37:0a:68:ee:0b:b2:32:c7:6d:63:87:1a:96:d6:7e:1b:
         e1:f6:d7:ba:fd:28:42:f9:8d:07:9c:e5:a0:9b:08:05:fe:81:
         3c:ec:8a:ff:ca:00:9a:ed:d6:f3:80:12:ba:f1:90:0d:8e:cc:
         d9:10:b3:06:cf:74:4f:c3:aa:c6:53:de:8e:c9:f4:2e:8a:a9:
         41:1c:a8:9d:52:fb:ba:57:f5:58:4a:44:8b:4e:a9:c6:46:b2:
         82:23:2e:cf:95:42:a6:3d:cc:ed:35:c8:f1:80:4e:6b:6f:32:
         7a:d6:3f:5f
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAY3P2WhrraiYM14ZsR6XnKHVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmODY0YzYwMTkwNTJkMzBlZjNkYTU3NjQ2Yjg2MGZhZTRh
M2M3NmQwHhcNMjQwMjIyMDgwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzhlNzhhM2ZkMmRhMDhjNDExMGNhMTRiNjg5ZmEyZWMxN2MxYmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTYyfRq7x+vWjv5rA1ffOK7xhyPb
G7KvMlxMsRYANvngWZ8GWIxFc0/HcB/HcmW3rqFNtuociIJxNADcipUGOekDXGNZ
+qsAK6pFZ1rnLaUPcKqp5gjMjUt3H5TRNxVEDADqCNzY16xGDldKrQYggC4aj2zx
XZEn9kp/nZSuG9I4Z1GNJk5NzkHBa7Gl0vlDNrgwtkcuVwp/da49moJ/J7EMyCOy
zWT/aJV+apijQZixY9ARLXJWlq98kXpFRQ5mNPZE94IZxGUogbHlVItZ38DuwsVj
Kj6YRqhUMmzZ/YZAKko18d6ba6biN6W9iuKD/LEbU7+rXWZl5I8L2oYiFwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFJOOeKP9LaCMQRDKFLaJ+i7BfBvwMB8GA1UdIwQY
MBaAFF+GTGAZBS0w7z2ldka4YPrko8dtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDRaTVlCa0ZMVER2UGFWMlJyaGctdVNqeDIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi81MjZlY2QtZDU0Yy00Njg2LWFmYzQt
NjE3Yzc5MTA1Y2IyLzEvazQ1NG9fMHRvSXhCRU1vVXRvbjZMc0Y4R19BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi81MjZlY2QtZDU0Yy00Njg2LWFmYzQtNjE3Yzc5MTA1Y2Iy
LzEvWDRaTVlCa0ZMVER2UGFWMlJyaGctdVNqeDIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQBTexiAwQB
WNogAwQBWSjcAwQCW+poAwQCX7JsAwQCuXmkAwQBwmrQAwQAwyNgAwQCw4WUMA0E
AgACMAcDBQAqEAeAMA0GCSqGSIb3DQEBCwUAA4IBAQBdLrgG9xTHrD/qp2R5ULea
Ehmxi1VMXN9EDMB0/0fkDpzrHBj7LlfnEZsxI4mzt0ICMzW1UYnTSjPGvOIIfzTb
10/MSV7TBB/2/uVHPgCtoGlLz20qPZCfH7N/1pryGGOohYIN8FSTSVMD6CjzDdRd
0Kj3u5T+55EubiY+jcJ2E0VFeo4JIZHnwHuGLeMuTmpkLjcKaO4LsjLHbWOHGpbW
fhvh9te6/ShC+Y0HnOWgmwgF/oE87Ir/ygCa7dbzgBK68ZANjszZELMGz3RPw6rG
U96OyfQuiqlBHKidUvu6V/VYSkSLTqnGRrKCIy7PlUKmPcztNcjxgE5rbzJ61j9f
-----END CERTIFICATE-----