Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/YV0GPS07qlVX2B_HMoA6osy8dsQ.roa
File:                     YV0GPS07qlVX2B_HMoA6osy8dsQ.roa (raw, json)
Hash identifier:          sKkDQtk4CaauQqJ83JgDjgvSkaZ1PC8qTqu+pHe3S/4=
Subject key identifier:   61:5D:06:3D:2D:3B:AA:55:57:D8:1F:C7:32:80:3A:A2:CC:BC:76:C4
Certificate issuer:       /CN=390b67368c91b85e84888c5ed2e824d1390810bb
Certificate serial:       01849F2F6EF551B3D3D647E843ED49381417
Authority key identifier: 39:0B:67:36:8C:91:B8:5E:84:88:8C:5E:D2:E8:24:D1:39:08:10:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OQtnNoyRuF6EiIxe0ugk0TkIELs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/YV0GPS07qlVX2B_HMoA6osy8dsQ.roa
Signing time:             Tue 22 Nov 2022 11:53:16 +0000
ROA not before:           Tue 22 Nov 2022 11:53:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        85.237.192.0/21 maxlen: 24
                          193.109.192.0/21 maxlen: 24
                          85.237.206.0/23 maxlen: 24
                          85.237.205.0/24 maxlen: 24
                          85.237.203.0/24 maxlen: 24
                          85.237.200.0/23 maxlen: 24
                          85.237.208.0/20 maxlen: 24
                          85.237.216.0/24 maxlen: 24
                          185.89.76.0/22 maxlen: 24
                          85.158.56.0/21 maxlen: 24
                          185.93.32.0/24 maxlen: 24
                          185.93.34.0/23 maxlen: 24
                          194.169.217.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:9f:2f:6e:f5:51:b3:d3:d6:47:e8:43:ed:49:38:14:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=390b67368c91b85e84888c5ed2e824d1390810bb
        Validity
            Not Before: Nov 22 11:53:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=615d063d2d3baa5557d81fc732803aa2ccbc76c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ea:a1:49:64:d8:95:cb:24:5e:07:f5:ea:3b:
                    c2:3f:18:cc:58:ba:39:b4:a0:0c:38:50:14:9c:17:
                    4e:6d:62:de:00:d6:28:1a:31:3e:ae:2a:30:a2:77:
                    1a:d8:d9:ca:62:e9:a1:13:34:1d:33:c8:b3:88:73:
                    cf:ce:b3:d3:c0:45:31:49:05:ac:41:3d:7c:02:80:
                    12:4a:87:13:3d:ce:ea:7b:53:c1:54:6a:76:00:38:
                    1a:0a:67:fb:d2:cd:6b:94:39:9f:d8:ee:9f:68:3b:
                    d5:b8:66:2b:62:a6:88:91:d3:2f:93:9c:61:d3:2f:
                    f6:3a:d0:37:77:9e:f6:ca:60:04:71:65:06:db:71:
                    24:8c:44:ce:eb:47:1c:6c:09:aa:c8:e0:6d:e5:5c:
                    3c:68:54:da:8c:8f:09:ad:e4:05:dc:f5:d9:4c:29:
                    51:a6:fb:ac:52:95:32:0d:5e:0c:84:75:fc:26:a0:
                    bd:23:e6:01:3d:9c:8e:0b:c1:7c:a8:52:ec:9d:2a:
                    98:28:20:32:01:11:53:94:4d:2d:96:ce:9c:85:57:
                    a0:77:31:ef:34:71:63:83:74:99:d2:e2:a5:99:a2:
                    9c:8b:17:61:72:ef:2c:37:6f:35:44:b8:f7:e2:9c:
                    fa:56:f0:a3:80:9d:8f:e3:27:98:11:e6:4b:70:f7:
                    d3:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:5D:06:3D:2D:3B:AA:55:57:D8:1F:C7:32:80:3A:A2:CC:BC:76:C4
            X509v3 Authority Key Identifier:
                keyid:39:0B:67:36:8C:91:B8:5E:84:88:8C:5E:D2:E8:24:D1:39:08:10:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQtnNoyRuF6EiIxe0ugk0TkIELs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/YV0GPS07qlVX2B_HMoA6osy8dsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/OQtnNoyRuF6EiIxe0ugk0TkIELs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.56.0/21
                  85.237.192.0-85.237.201.255
                  85.237.203.0/24
                  85.237.205.0-85.237.223.255
                  185.89.76.0/22
                  185.93.32.0/24
                  185.93.34.0/23
                  193.109.192.0/21
                  194.169.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:f4:fa:6f:56:58:58:85:cf:66:70:9c:67:59:7b:e7:5a:66:
         3d:ba:69:20:7b:53:c1:36:c3:4a:2a:04:2e:a3:d4:48:dd:77:
         fb:f8:c8:11:79:ab:4f:58:9c:df:84:66:26:da:23:8e:17:77:
         99:11:aa:45:b2:97:90:72:e9:53:6c:8d:7e:3c:f4:b5:89:2d:
         9b:05:c5:0f:62:c1:88:f3:28:a7:b7:2b:dc:11:af:e5:d4:7e:
         67:3d:6b:59:7e:93:2a:3f:46:87:b0:35:ac:de:18:83:45:42:
         f4:4a:d4:34:db:d2:6c:5e:45:66:b4:ba:62:d8:53:ec:fb:d3:
         e6:ad:9a:cc:0b:1e:0d:ea:a2:a6:0f:88:1e:b9:76:64:9d:f3:
         60:78:ed:a9:5c:2d:d5:8f:2e:c3:c3:3f:58:ce:b2:dd:5a:41:
         66:96:2d:2c:0a:f3:fa:cc:5e:80:c3:15:f9:ce:e5:55:a1:b1:
         b3:06:d7:4b:af:e2:7d:79:b0:40:1c:bc:cf:1b:7c:84:f8:be:
         ad:43:c6:5b:5d:3a:be:63:29:ec:8c:dc:ec:d3:f5:b4:2c:e6:
         fe:af:67:75:14:7c:fd:12:f5:92:1b:e6:5e:b1:64:dc:54:d2:
         d7:52:da:18:cb:ec:53:4a:c9:5c:ca:16:b3:03:30:d1:8a:33:
         e8:aa:7e:22
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYSfL271UbPT1kfoQ+1JOBQXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MGI2NzM2OGM5MWI4NWU4NDg4OGM1ZWQyZTgyNGQxMzkw
ODEwYmIwHhcNMjIxMTIyMTE1MzE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTVkMDYzZDJkM2JhYTU1NTdkODFmYzczMjgwM2FhMmNjYmM3NmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouqhSWTYlcskXgf16jvCPxjMWLo5
tKAMOFAUnBdObWLeANYoGjE+riowonca2NnKYumhEzQdM8iziHPPzrPTwEUxSQWs
QT18AoASSocTPc7qe1PBVGp2ADgaCmf70s1rlDmf2O6faDvVuGYrYqaIkdMvk5xh
0y/2OtA3d572ymAEcWUG23EkjETO60ccbAmqyOBt5Vw8aFTajI8JreQF3PXZTClR
pvusUpUyDV4MhHX8JqC9I+YBPZyOC8F8qFLsnSqYKCAyARFTlE0tls6chVegdzHv
NHFjg3SZ0uKlmaKcixdhcu8sN281RLj34pz6VvCjgJ2P4yeYEeZLcPfTfQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFGFdBj0tO6pVV9gfxzKAOqLMvHbEMB8GA1UdIwQY
MBaAFDkLZzaMkbhehIiMXtLoJNE5CBC7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1F0bk5veVJ1RjZFaUl4ZTB1Z2swVGtJRUxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8xNmNjZTQtZTk4MS00YmU1LWI5ZjYt
NWM5ZDYyNjI5Yzg2LzEvWVYwR1BTMDdxbFZYMkJfSE1vQTZvc3k4ZHNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8xNmNjZTQtZTk4MS00YmU1LWI5ZjYtNWM5ZDYyNjI5Yzg2
LzEvT1F0bk5veVJ1RjZFaUl4ZTB1Z2swVGtJRUxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQDVZ44MAwD
BAZV7cADBAFV7cgDBABV7cswDAMEAFXtzQMEBVXtwAMEArlZTAMEALldIAMEAbld
IgMEA8FtwAMEAMKp2TANBgkqhkiG9w0BAQsFAAOCAQEAAPT6b1ZYWIXPZnCcZ1l7
51pmPbppIHtTwTbDSioELqPUSN13+/jIEXmrT1ic34RmJtojjhd3mRGqRbKXkHLp
U2yNfjz0tYktmwXFD2LBiPMop7cr3BGv5dR+Zz1rWX6TKj9Gh7A1rN4Yg0VC9ErU
NNvSbF5FZrS6YthT7PvT5q2azAseDeqipg+IHrl2ZJ3zYHjtqVwt1Y8uw8M/WM6y
3VpBZpYtLArz+sxegMMV+c7lVaGxswbXS6/ifXmwQBy8zxt8hPi+rUPGW106vmMp
7Izc7NP1tCzm/q9ndRR8/RL1khvmXrFk3FTS11LaGMvsU0rJXMoWswMw0Yoz6Kp+
Ig==
-----END CERTIFICATE-----