Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Gz5wvjw-TQ6mrL0QuAlHRw0418E.roa
File:                     Gz5wvjw-TQ6mrL0QuAlHRw0418E.roa (raw, json)
Hash identifier:          LlHmKxPkarfk53U3aJdvLHPkaOuA1M4lXr/RNnXT5bo=
Subject key identifier:   1B:3E:70:BE:3C:3E:4D:0E:A6:AC:BD:10:B8:09:47:47:0D:38:D7:C1
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01942826A8C9F638E7E80AF656046205E377
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Gz5wvjw-TQ6mrL0QuAlHRw0418E.roa
Signing time:             Thu 02 Jan 2025 17:53:29 +0000
ROA not before:           Thu 02 Jan 2025 17:53:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        84.32.6.0/24 maxlen: 24
                          84.32.52.0/22 maxlen: 24
                          88.216.20.0/24 maxlen: 24
                          88.216.21.0/24 maxlen: 24
                          88.216.98.0/24 maxlen: 24
                          88.216.103.0/24 maxlen: 24
                          88.216.129.0/24 maxlen: 24
                          88.216.185.0/24 maxlen: 24
                          88.216.212.0/24 maxlen: 24
                          88.216.213.0/24 maxlen: 24
                          88.216.252.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:a8:c9:f6:38:e7:e8:0a:f6:56:04:62:05:e3:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 17:53:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b3e70be3c3e4d0ea6acbd10b80947470d38d7c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:38:20:4c:6a:7a:ae:41:db:53:38:eb:74:8d:
                    5c:b0:e4:e2:eb:31:ae:3a:38:db:33:a2:f1:3b:62:
                    94:2f:f4:00:b9:26:f7:dc:1f:52:14:79:b7:a0:33:
                    41:7a:b4:74:95:d4:4f:43:a5:80:4c:fb:7e:66:50:
                    d8:86:29:17:62:01:e9:0d:fb:0e:e9:e3:9d:9e:35:
                    35:57:43:a9:2f:39:7b:85:a9:7c:9f:4d:93:1d:5d:
                    f4:fc:a9:b3:0e:33:1b:ec:f1:8c:24:8f:02:70:c6:
                    4d:1b:7e:fe:ba:72:a9:41:a1:02:e0:ad:0d:3a:f1:
                    bd:d1:a3:bd:df:49:55:c6:fa:92:6d:e2:4d:b3:3d:
                    1d:13:10:ea:79:18:e1:c0:a9:eb:a1:e7:8f:2e:d4:
                    29:ff:bc:5d:bc:69:90:99:c7:5c:c9:b8:0a:a2:5b:
                    0b:07:89:74:bf:b2:a7:3d:f9:58:b4:99:36:98:4d:
                    c8:bc:e5:26:89:f7:67:33:a6:7b:22:89:aa:9a:89:
                    b7:3a:9b:fc:3e:2f:df:84:ab:70:43:cd:2c:7b:89:
                    7f:33:5c:eb:c1:0c:9b:91:17:51:3f:af:c5:27:0b:
                    96:56:fc:2e:1a:6c:0a:6c:1b:f8:36:05:e0:58:9a:
                    c2:dd:12:96:fa:f1:75:23:ea:8d:2a:a2:b3:e6:21:
                    97:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:3E:70:BE:3C:3E:4D:0E:A6:AC:BD:10:B8:09:47:47:0D:38:D7:C1
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Gz5wvjw-TQ6mrL0QuAlHRw0418E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.6.0/24
                  84.32.52.0/22
                  88.216.20.0/23
                  88.216.98.0/24
                  88.216.103.0/24
                  88.216.129.0/24
                  88.216.185.0/24
                  88.216.212.0/23
                  88.216.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:c6:48:d8:23:94:2d:41:29:03:77:af:28:fe:45:9e:e4:b0:
         cd:3a:07:61:f0:bd:9a:0c:ed:21:28:d7:c4:29:79:1b:f4:61:
         ab:e8:34:74:56:82:75:f2:dd:61:77:01:2f:16:33:fc:39:1b:
         5a:b3:86:cd:cd:e5:c0:17:ea:2c:62:cc:43:08:32:54:b4:a3:
         ef:a9:0c:75:98:ec:e2:90:77:83:27:d3:fb:c5:da:0f:2b:d8:
         19:fe:31:7e:50:a8:f8:25:2b:92:07:7f:85:c5:d0:ac:a3:2c:
         06:a2:b4:d6:e2:3f:54:4a:60:fd:08:a3:5d:be:27:4c:af:46:
         82:f6:f0:55:dd:a1:11:3d:8f:71:53:e0:1e:ee:88:fe:e7:d7:
         90:c6:aa:43:95:32:23:cb:d1:92:ea:66:e8:2d:70:7b:38:d7:
         02:57:b7:c8:9f:ff:f1:50:d2:01:63:b3:62:06:09:db:d2:92:
         fd:54:63:61:21:0c:75:fc:62:ae:5b:42:4a:37:33:60:ea:95:
         ee:18:9e:08:d7:7f:d3:8d:5f:63:db:77:08:81:07:28:ef:97:
         f5:57:8c:85:c1:10:3a:40:88:cc:6e:c8:88:a6:8c:81:09:c2:
         f2:22:7f:e1:80:dd:f8:da:e4:fa:18:03:11:c2:ca:c0:eb:7e:
         ca:fb:b1:f2
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZQoJqjJ9jjn6Ar2VgRiBeN3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwMTAyMTc1MzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjNlNzBiZTNjM2U0ZDBlYTZhY2JkMTBiODA5NDc0NzBkMzhkN2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4DggTGp6rkHbUzjrdI1csOTi6zGu
OjjbM6LxO2KUL/QAuSb33B9SFHm3oDNBerR0ldRPQ6WATPt+ZlDYhikXYgHpDfsO
6eOdnjU1V0OpLzl7hal8n02THV30/KmzDjMb7PGMJI8CcMZNG37+unKpQaEC4K0N
OvG90aO930lVxvqSbeJNsz0dExDqeRjhwKnroeePLtQp/7xdvGmQmcdcybgKolsL
B4l0v7KnPflYtJk2mE3IvOUmifdnM6Z7Iomqmom3Opv8Pi/fhKtwQ80se4l/M1zr
wQybkRdRP6/FJwuWVvwuGmwKbBv4NgXgWJrC3RKW+vF1I+qNKqKz5iGXswIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFBs+cL48Pk0Opqy9ELgJR0cNONfBMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvR3o1d3Zqdy1UUTZtckwwUXVBbEhSdzA0MThFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAVCAGAwQC
VCA0AwQBWNgUAwQAWNhiAwQAWNhnAwQAWNiBAwQAWNi5AwQBWNjUAwQCWNj8MA0G
CSqGSIb3DQEBCwUAA4IBAQBPxkjYI5QtQSkDd68o/kWe5LDNOgdh8L2aDO0hKNfE
KXkb9GGr6DR0VoJ18t1hdwEvFjP8ORtas4bNzeXAF+osYsxDCDJUtKPvqQx1mOzi
kHeDJ9P7xdoPK9gZ/jF+UKj4JSuSB3+FxdCsoywGorTW4j9USmD9CKNdvidMr0aC
9vBV3aERPY9xU+Ae7oj+59eQxqpDlTIjy9GS6mboLXB7ONcCV7fIn//xUNIBY7Ni
Bgnb0pL9VGNhIQx1/GKuW0JKNzNg6pXuGJ4I13/TjV9j23cIgQco75f1V4yFwRA6
QIjMbsiIpoyBCcLyIn/hgN342uT6GAMRwsrA637K+7Hy
-----END CERTIFICATE-----