Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/K00tT5cZnNVXDF_Or6n_nc_0xRo.roa
File:                     K00tT5cZnNVXDF_Or6n_nc_0xRo.roa (raw, json)
Hash identifier:          s/PaO+NasRBZLSycpt6mJjPENaMQFjfT/5hMIEO7t08=
Subject key identifier:   2B:4D:2D:4F:97:19:9C:D5:57:0C:5F:CE:AF:A9:FF:9D:CF:F4:C5:1A
Certificate issuer:       /CN=0195727f07b758f9868476c13cf977654bf380ee
Certificate serial:       019423D6B16C9A8781E7250138C4835BD822
Authority key identifier: 01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/K00tT5cZnNVXDF_Or6n_nc_0xRo.roa
Signing time:             Wed 01 Jan 2025 21:47:40 +0000
ROA not before:           Wed 01 Jan 2025 21:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44267
IP address blocks:        46.254.246.0/23 maxlen: 23
                          77.243.112.0/24 maxlen: 24
                          77.243.113.0/24 maxlen: 24
                          77.243.114.0/24 maxlen: 24
                          77.243.115.0/24 maxlen: 24
                          77.243.116.0/24 maxlen: 24
                          77.243.117.0/24 maxlen: 24
                          77.243.118.0/24 maxlen: 24
                          77.243.119.0/24 maxlen: 24
                          185.14.68.0/24 maxlen: 24
                          185.14.69.0/24 maxlen: 24
                          185.14.70.0/24 maxlen: 24
                          2a02:f560::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:b1:6c:9a:87:81:e7:25:01:38:c4:83:5b:d8:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0195727f07b758f9868476c13cf977654bf380ee
        Validity
            Not Before: Jan  1 21:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b4d2d4f97199cd5570c5fceafa9ff9dcff4c51a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:90:88:e1:3e:ec:54:a2:4b:aa:9c:17:8f:4c:
                    4b:7c:d9:0a:ff:dc:43:eb:e4:ff:75:33:3e:55:6a:
                    33:9a:0c:ab:a5:82:69:db:c6:1a:39:19:af:a3:cf:
                    12:7d:6d:f3:31:1c:a9:2c:06:e7:69:ff:cf:89:4b:
                    95:17:50:59:c4:23:14:9d:62:32:ce:d2:65:0b:a7:
                    fc:74:c4:38:64:a6:e8:69:74:e4:10:56:7a:84:df:
                    c6:1c:23:bb:10:18:26:f4:10:a9:4b:66:95:a6:e6:
                    c4:32:ce:a7:09:43:32:04:95:d7:69:3a:6d:28:41:
                    6c:44:d8:09:f9:9c:61:95:45:20:45:cc:95:86:35:
                    60:92:fc:03:36:6d:5c:8c:4a:02:53:58:91:ac:f9:
                    e8:a5:25:07:96:f5:fb:87:41:8b:ee:8b:3e:7b:5b:
                    d1:33:f3:d2:13:07:e8:b8:44:15:a5:32:b9:fa:89:
                    ac:93:b0:ad:99:29:5c:3f:4a:c0:88:99:af:8d:05:
                    8f:1f:c7:32:17:0f:2e:3b:6b:b1:b9:05:38:be:35:
                    0f:42:da:8d:6e:88:b9:d5:d2:08:74:75:55:62:b2:
                    97:9c:8b:f3:c5:e8:e9:b8:d3:cb:7e:a3:4e:4d:fe:
                    ac:c4:f1:45:6b:bf:a5:d5:23:a6:84:9b:5b:c5:a6:
                    7e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:4D:2D:4F:97:19:9C:D5:57:0C:5F:CE:AF:A9:FF:9D:CF:F4:C5:1A
            X509v3 Authority Key Identifier:
                keyid:01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/K00tT5cZnNVXDF_Or6n_nc_0xRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.246.0/23
                  77.243.112.0/21
                  185.14.68.0-185.14.70.255
                IPv6:
                  2a02:f560::/40

    Signature Algorithm: sha256WithRSAEncryption
         a7:af:36:b1:9b:58:8e:3d:0d:8d:ea:46:ad:7a:e8:92:6f:eb:
         a7:31:7c:cc:4c:e5:48:6d:bd:2b:ba:a4:f6:97:15:6b:8b:ce:
         fa:74:ff:a4:4f:13:1b:38:2f:85:fd:3f:5e:08:29:58:3b:57:
         8d:7d:08:e6:67:e6:36:a1:49:5d:2c:db:20:be:50:c2:e4:f7:
         96:1e:b4:4c:78:f2:74:21:7c:61:54:46:04:9e:ad:d8:9c:fd:
         f9:cf:6c:1c:ee:05:49:09:f7:23:3e:41:dc:b4:f7:9b:85:4e:
         8e:6e:b4:0d:b1:7e:b2:52:c4:06:d7:d9:4a:d3:53:27:fd:9f:
         8b:79:9c:a1:e7:1e:b5:93:ef:d5:e4:00:2f:88:55:bf:e5:5d:
         4a:f0:f6:99:c5:7e:91:a9:01:5b:26:9d:aa:43:a6:c1:67:f7:
         86:69:3c:3f:c0:fe:a9:a7:81:a6:d6:be:a2:2d:10:d8:e8:10:
         5e:a6:a4:71:7c:81:39:35:a9:c7:e2:61:e5:7f:92:b7:5a:04:
         45:8d:47:c7:55:89:50:ed:f3:6f:a5:d0:3d:0f:43:04:45:24:
         52:d2:ff:24:e0:15:68:91:9b:03:63:33:26:f6:c2:26:d1:4a:
         6e:7b:5e:f8:01:5f:c4:55:74:62:81:e9:61:6c:21:28:94:7f:
         ee:1e:6e:77
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZQj1rFsmoeB5yUBOMSDW9giMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOTU3MjdmMDdiNzU4Zjk4Njg0NzZjMTNjZjk3NzY1NGJm
MzgwZWUwHhcNMjUwMTAxMjE0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjRkMmQ0Zjk3MTk5Y2Q1NTcwYzVmY2VhZmE5ZmY5ZGNmZjRjNTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZCI4T7sVKJLqpwXj0xLfNkK/9xD
6+T/dTM+VWozmgyrpYJp28YaORmvo88SfW3zMRypLAbnaf/PiUuVF1BZxCMUnWIy
ztJlC6f8dMQ4ZKboaXTkEFZ6hN/GHCO7EBgm9BCpS2aVpubEMs6nCUMyBJXXaTpt
KEFsRNgJ+ZxhlUUgRcyVhjVgkvwDNm1cjEoCU1iRrPnopSUHlvX7h0GL7os+e1vR
M/PSEwfouEQVpTK5+omsk7CtmSlcP0rAiJmvjQWPH8cyFw8uO2uxuQU4vjUPQtqN
boi51dIIdHVVYrKXnIvzxejpuNPLfqNOTf6sxPFFa7+l1SOmhJtbxaZ+SQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFCtNLU+XGZzVVwxfzq+p/53P9MUaMB8GA1UdIwQY
MBaAFAGVcn8Ht1j5hoR2wTz5d2VL84DuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAt
NjQ4MzhkZjM5NzdhLzEvSzAwdFQ1Y1puTlZYREZfT3I2bl9uY18weFJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAtNjQ4MzhkZjM5Nzdh
LzEvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAgBAIAATAaAwQBLv72AwQD
TfNwMAwDBAK5DkQDBAC5DkYwDgQCAAIwCAMGACoC9WAAMA0GCSqGSIb3DQEBCwUA
A4IBAQCnrzaxm1iOPQ2N6kateuiSb+unMXzMTOVIbb0ruqT2lxVri876dP+kTxMb
OC+F/T9eCClYO1eNfQjmZ+Y2oUldLNsgvlDC5PeWHrRMePJ0IXxhVEYEnq3YnP35
z2wc7gVJCfcjPkHctPebhU6ObrQNsX6yUsQG19lK01Mn/Z+LeZyh5x61k+/V5AAv
iFW/5V1K8PaZxX6RqQFbJp2qQ6bBZ/eGaTw/wP6pp4Gm1r6iLRDY6BBepqRxfIE5
NanH4mHlf5K3WgRFjUfHVYlQ7fNvpdA9D0MERSRS0v8k4BVokZsDYzMm9sIm0Upu
e174AV/EVXRigelhbCEolH/uHm53
-----END CERTIFICATE-----