Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/95e949-bf34-4122-8fa8-a1ae5892d421/1/KhxHEzHaThoochQrhW_7S5zJowc.roa
File:                     KhxHEzHaThoochQrhW_7S5zJowc.roa (raw, json)
Hash identifier:          Fy356FrwVsBLkaM4zzsVZu/fh7Tv4g4qFoPpDFpXUoc=
Subject key identifier:   2A:1C:47:13:31:DA:4E:1A:28:72:14:2B:85:6F:FB:4B:9C:C9:A3:07
Certificate issuer:       /CN=937f12abaf613973feb3073d8ce637f1b00cbfa9
Certificate serial:       018DC7A389601C31D285768AB211F3539469
Authority key identifier: 93:7F:12:AB:AF:61:39:73:FE:B3:07:3D:8C:E6:37:F1:B0:0C:BF:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k38Sq69hOXP-swc9jOY38bAMv6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/95e949-bf34-4122-8fa8-a1ae5892d421/1/KhxHEzHaThoochQrhW_7S5zJowc.roa
Signing time:             Tue 20 Feb 2024 17:49:59 +0000
ROA not before:           Tue 20 Feb 2024 17:49:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        79.140.136.0/24 maxlen: 24
                          79.140.139.0/24 maxlen: 24
                          82.195.139.0/24 maxlen: 24
                          82.195.141.0/24 maxlen: 24
                          84.51.229.0/24 maxlen: 24
                          212.78.237.0/24 maxlen: 24
                          212.78.239.0/24 maxlen: 24
                          212.78.241.0/24 maxlen: 24
                          212.84.40.0/24 maxlen: 24
                          212.84.43.0/24 maxlen: 24
                          212.84.44.0/24 maxlen: 24
                          212.84.45.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c7:a3:89:60:1c:31:d2:85:76:8a:b2:11:f3:53:94:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=937f12abaf613973feb3073d8ce637f1b00cbfa9
        Validity
            Not Before: Feb 20 17:49:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a1c471331da4e1a2872142b856ffb4b9cc9a307
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:55:66:18:40:5e:7d:e5:c6:76:1a:7c:00:52:
                    06:4a:2e:db:15:d0:23:9e:31:34:a1:67:5e:52:51:
                    06:a5:1f:25:d0:bf:0a:a3:64:1b:60:0d:a6:9f:fa:
                    27:18:63:b6:ae:7a:96:97:3c:74:50:77:4a:0a:e8:
                    d3:75:e1:7e:a8:fb:e8:58:62:9a:45:31:ff:bd:04:
                    16:09:84:7f:cf:4c:2e:33:c4:d2:fc:59:42:90:e4:
                    0c:e2:34:34:4d:86:6a:99:27:24:9a:cb:4b:26:29:
                    59:ab:59:a4:76:9f:b4:45:2c:de:d6:ae:fe:15:04:
                    0a:12:af:81:09:ef:7a:df:7f:13:a9:4a:77:08:37:
                    e4:0f:7c:d9:6e:52:cd:b1:72:4f:7d:41:d1:5a:d5:
                    04:cb:a3:d8:95:48:ca:cb:a4:3a:55:d9:b1:70:e8:
                    39:6d:fc:cd:49:77:3a:91:75:c8:db:8a:16:61:91:
                    61:27:f4:e0:6f:0c:73:ec:cc:a4:c1:11:91:09:2a:
                    d7:40:df:fa:7b:4e:95:79:41:c5:8a:4b:26:3b:fe:
                    d8:87:c9:bd:b6:2d:c5:bb:9b:75:dc:85:47:c3:a3:
                    64:5a:69:d0:da:51:53:25:49:ce:ca:bd:10:34:8c:
                    6e:f8:e2:90:85:fc:d1:3a:60:6a:c1:c1:6f:41:a8:
                    f6:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:1C:47:13:31:DA:4E:1A:28:72:14:2B:85:6F:FB:4B:9C:C9:A3:07
            X509v3 Authority Key Identifier:
                keyid:93:7F:12:AB:AF:61:39:73:FE:B3:07:3D:8C:E6:37:F1:B0:0C:BF:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k38Sq69hOXP-swc9jOY38bAMv6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/95e949-bf34-4122-8fa8-a1ae5892d421/1/KhxHEzHaThoochQrhW_7S5zJowc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/95e949-bf34-4122-8fa8-a1ae5892d421/1/k38Sq69hOXP-swc9jOY38bAMv6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.140.136.0/24
                  79.140.139.0/24
                  82.195.139.0/24
                  82.195.141.0/24
                  84.51.229.0/24
                  212.78.237.0/24
                  212.78.239.0/24
                  212.78.241.0/24
                  212.84.40.0/24
                  212.84.43.0-212.84.45.255

    Signature Algorithm: sha256WithRSAEncryption
         66:36:06:6e:fb:34:9c:d8:40:1e:eb:d3:c8:e1:be:07:ab:06:
         06:74:a6:dd:8c:0a:ef:03:af:b7:5e:bd:7e:e3:26:ba:80:f4:
         cb:2c:af:8a:22:59:52:32:4a:c2:31:a2:5c:d8:22:9b:be:dd:
         3b:be:a3:ec:62:11:0b:55:76:66:18:fb:18:bb:70:1b:ab:36:
         6d:7e:0c:9b:58:e1:8f:47:5f:da:0e:25:0e:0d:16:09:ef:55:
         b4:ce:be:da:4e:2a:99:ff:fb:04:39:42:55:4e:08:c7:9c:1f:
         b9:4e:db:70:3a:91:6d:eb:cd:48:ff:7e:f7:df:3d:cc:a2:89:
         23:0d:42:9e:be:b0:ad:ca:84:96:87:1e:44:0a:27:35:e8:e7:
         72:4c:05:43:60:9d:07:62:85:b3:4e:40:79:6c:8c:ed:27:65:
         be:5a:8f:6a:e7:aa:b7:a4:c7:6f:e8:aa:e0:81:e6:58:20:a3:
         3c:b7:c9:8b:d0:48:7f:90:2a:7b:70:1f:17:fd:a2:62:07:51:
         94:c7:2d:d4:d9:96:fd:ac:4f:6c:1e:e5:5d:0d:a7:87:88:95:
         6b:ae:e3:06:7e:fd:89:b9:37:d5:ee:6d:77:44:46:f1:ab:00:
         a9:6d:c8:53:d9:6d:62:39:96:89:49:ea:ed:72:f1:1a:dd:0c:
         d9:95:a4:55
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY3Ho4lgHDHShXaKshHzU5RpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzN2YxMmFiYWY2MTM5NzNmZWIzMDczZDhjZTYzN2YxYjAw
Y2JmYTkwHhcNMjQwMjIwMTc0OTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTFjNDcxMzMxZGE0ZTFhMjg3MjE0MmI4NTZmZmI0YjljYzlhMzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1VmGEBefeXGdhp8AFIGSi7bFdAj
njE0oWdeUlEGpR8l0L8Ko2QbYA2mn/onGGO2rnqWlzx0UHdKCujTdeF+qPvoWGKa
RTH/vQQWCYR/z0wuM8TS/FlCkOQM4jQ0TYZqmSckmstLJilZq1mkdp+0RSze1q7+
FQQKEq+BCe96338TqUp3CDfkD3zZblLNsXJPfUHRWtUEy6PYlUjKy6Q6VdmxcOg5
bfzNSXc6kXXI24oWYZFhJ/Tgbwxz7MykwRGRCSrXQN/6e06VeUHFiksmO/7Yh8m9
ti3Fu5t13IVHw6NkWmnQ2lFTJUnOyr0QNIxu+OKQhfzROmBqwcFvQaj2mwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFCocRxMx2k4aKHIUK4Vv+0ucyaMHMB8GA1UdIwQY
MBaAFJN/EquvYTlz/rMHPYzmN/GwDL+pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazM4U3E2OWhPWFAtc3djOWpPWTM4YkFNdjZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC85NWU5NDktYmYzNC00MTIyLThmYTgt
YTFhZTU4OTJkNDIxLzEvS2h4SEV6SGFUaG9vY2hRcmhXXzdTNXpKb3djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC85NWU5NDktYmYzNC00MTIyLThmYTgtYTFhZTU4OTJkNDIx
LzEvazM4U3E2OWhPWFAtc3djOWpPWTM4YkFNdjZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAT4yIAwQA
T4yLAwQAUsOLAwQAUsONAwQAVDPlAwQA1E7tAwQA1E7vAwQA1E7xAwQA1FQoMAwD
BADUVCsDBAHUVCwwDQYJKoZIhvcNAQELBQADggEBAGY2Bm77NJzYQB7r08jhvger
BgZ0pt2MCu8Dr7devX7jJrqA9Mssr4oiWVIySsIxolzYIpu+3Tu+o+xiEQtVdmYY
+xi7cBurNm1+DJtY4Y9HX9oOJQ4NFgnvVbTOvtpOKpn/+wQ5QlVOCMecH7lO23A6
kW3rzUj/fvffPcyiiSMNQp6+sK3KhJaHHkQKJzXo53JMBUNgnQdihbNOQHlsjO0n
Zb5aj2rnqrekx2/oquCB5lggozy3yYvQSH+QKntwHxf9omIHUZTHLdTZlv2sT2we
5V0Np4eIlWuu4wZ+/Ym5N9XubXdERvGrAKltyFPZbWI5lolJ6u1y8RrdDNmVpFU=
-----END CERTIFICATE-----