Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/lZ-PManHWX28pjywYbje4ori7jI.roa
File:                     lZ-PManHWX28pjywYbje4ori7jI.roa (raw, json)
Hash identifier:          SfcFj89ByloFL47KW5IvsQC0isS28zSnOk3nWGZdNBg=
Subject key identifier:   95:9F:8F:31:A9:C7:59:7D:BC:A6:3C:B0:61:B8:DE:E2:8A:E2:EE:32
Certificate issuer:       /CN=390b67368c91b85e84888c5ed2e824d1390810bb
Certificate serial:       0185A1F2D601A4E1AECDF59897C3C11E50CB
Authority key identifier: 39:0B:67:36:8C:91:B8:5E:84:88:8C:5E:D2:E8:24:D1:39:08:10:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OQtnNoyRuF6EiIxe0ugk0TkIELs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/lZ-PManHWX28pjywYbje4ori7jI.roa
Signing time:             Wed 11 Jan 2023 17:48:44 +0000
ROA not before:           Wed 11 Jan 2023 17:48:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        85.237.192.0/21 maxlen: 24
                          193.109.192.0/21 maxlen: 24
                          85.237.198.0/24 maxlen: 24
                          85.237.205.0/24 maxlen: 24
                          85.237.203.0/24 maxlen: 24
                          85.158.57.0/24 maxlen: 24
                          85.237.208.0/20 maxlen: 24
                          185.93.32.0/24 maxlen: 24
                          185.93.34.0/23 maxlen: 24
                          194.169.217.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:a1:f2:d6:01:a4:e1:ae:cd:f5:98:97:c3:c1:1e:50:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=390b67368c91b85e84888c5ed2e824d1390810bb
        Validity
            Not Before: Jan 11 17:48:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=959f8f31a9c7597dbca63cb061b8dee28ae2ee32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:7b:74:77:91:81:cd:89:f1:9f:56:4c:32:4b:
                    36:13:60:d8:ea:48:5e:22:1f:14:2f:a1:25:52:dd:
                    8a:b7:c1:d9:9c:03:9a:0b:57:63:2d:02:ac:a3:f0:
                    eb:4c:be:41:6f:ec:60:55:b8:8a:fa:17:8d:6e:ae:
                    9c:d7:b7:8b:8d:d9:fe:f8:f3:12:cb:d0:67:1c:58:
                    b2:1e:31:06:6f:55:35:6f:64:57:2f:8e:d5:8b:30:
                    e3:92:2a:0a:12:82:f0:2a:8f:cc:e3:be:16:bb:cf:
                    14:a9:1b:fb:86:f0:10:88:fd:64:c1:53:bf:b4:6b:
                    76:54:7e:2b:b0:d6:e9:3d:bf:40:cc:95:84:c9:59:
                    71:36:44:c7:f9:48:1e:c4:64:71:8f:7e:16:9b:21:
                    53:a8:98:22:db:35:6a:47:aa:c7:fa:ed:b2:61:9b:
                    e3:cf:8d:bf:4e:12:35:4d:6c:72:7a:ad:c3:6e:65:
                    d2:28:ca:b9:24:0f:14:f6:3c:3f:72:69:37:0f:a1:
                    51:13:59:41:63:c5:ef:3f:92:be:93:ef:bf:78:a0:
                    12:92:6e:35:db:23:14:83:9c:3a:d3:ad:80:34:4c:
                    68:fc:78:24:ca:66:11:40:9e:2e:31:63:56:d1:81:
                    1c:41:ad:27:37:c5:5f:e7:61:fc:42:9e:50:09:d4:
                    65:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:9F:8F:31:A9:C7:59:7D:BC:A6:3C:B0:61:B8:DE:E2:8A:E2:EE:32
            X509v3 Authority Key Identifier:
                keyid:39:0B:67:36:8C:91:B8:5E:84:88:8C:5E:D2:E8:24:D1:39:08:10:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQtnNoyRuF6EiIxe0ugk0TkIELs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/lZ-PManHWX28pjywYbje4ori7jI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/OQtnNoyRuF6EiIxe0ugk0TkIELs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.57.0/24
                  85.237.192.0/21
                  85.237.203.0/24
                  85.237.205.0/24
                  85.237.208.0/20
                  185.93.32.0/24
                  185.93.34.0/23
                  193.109.192.0/21
                  194.169.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:39:38:92:4b:f8:81:0e:e8:a5:69:af:ff:1b:87:42:03:bf:
         ef:bd:50:d7:f5:32:e4:2b:cd:ae:de:68:57:bf:1c:8b:2b:93:
         c0:b4:55:e7:f3:7d:5d:a8:95:7c:fd:54:25:31:32:69:b2:25:
         1b:d2:59:e6:19:73:2a:33:6f:47:d6:e4:82:fe:e5:19:52:25:
         bc:72:39:25:66:cc:b3:18:21:d7:de:83:af:97:da:93:58:52:
         81:4a:b3:55:83:60:23:64:7b:77:a3:08:c0:53:f1:d4:d3:06:
         35:01:2e:c4:ee:07:89:b5:d2:df:d5:43:fe:63:c3:35:c3:38:
         d6:a7:f1:02:cd:54:25:46:f1:af:9c:0b:a2:7e:01:ae:74:c3:
         d0:9c:25:1c:6c:09:64:54:2f:df:f1:40:7b:08:3e:ca:86:50:
         29:f9:a0:d9:e3:0e:92:a1:f3:9b:e1:a9:dc:83:73:46:e0:42:
         ac:ad:96:83:87:00:da:7a:12:ff:30:0b:23:0f:d0:e5:8c:e9:
         e3:ee:42:5b:cd:4c:2a:d6:1c:f4:e5:ac:a0:72:75:d1:a7:f3:
         2e:86:4a:08:aa:06:cd:d4:7c:c6:e4:72:a1:b7:06:5d:c7:64:
         d8:9e:c5:52:22:2b:e9:f9:6b:7e:d0:2b:93:db:6a:72:eb:39:
         f3:a9:bb:45
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYWh8tYBpOGuzfWYl8PBHlDLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MGI2NzM2OGM5MWI4NWU4NDg4OGM1ZWQyZTgyNGQxMzkw
ODEwYmIwHhcNMjMwMTExMTc0ODQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTlmOGYzMWE5Yzc1OTdkYmNhNjNjYjA2MWI4ZGVlMjhhZTJlZTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnt0d5GBzYnxn1ZMMks2E2DY6khe
Ih8UL6ElUt2Kt8HZnAOaC1djLQKso/DrTL5Bb+xgVbiK+heNbq6c17eLjdn++PMS
y9BnHFiyHjEGb1U1b2RXL47VizDjkioKEoLwKo/M474Wu88UqRv7hvAQiP1kwVO/
tGt2VH4rsNbpPb9AzJWEyVlxNkTH+UgexGRxj34WmyFTqJgi2zVqR6rH+u2yYZvj
z42/ThI1TWxyeq3DbmXSKMq5JA8U9jw/cmk3D6FRE1lBY8XvP5K+k++/eKASkm41
2yMUg5w6062ANExo/HgkymYRQJ4uMWNW0YEcQa0nN8Vf52H8Qp5QCdRlkQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFJWfjzGpx1l9vKY8sGG43uKK4u4yMB8GA1UdIwQY
MBaAFDkLZzaMkbhehIiMXtLoJNE5CBC7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1F0bk5veVJ1RjZFaUl4ZTB1Z2swVGtJRUxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8xNmNjZTQtZTk4MS00YmU1LWI5ZjYt
NWM5ZDYyNjI5Yzg2LzEvbFotUE1hbkhXWDI4cGp5d1liamU0b3JpN2pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8xNmNjZTQtZTk4MS00YmU1LWI5ZjYtNWM5ZDYyNjI5Yzg2
LzEvT1F0bk5veVJ1RjZFaUl4ZTB1Z2swVGtJRUxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAVZ45AwQD
Ve3AAwQAVe3LAwQAVe3NAwQEVe3QAwQAuV0gAwQBuV0iAwQDwW3AAwQAwqnZMA0G
CSqGSIb3DQEBCwUAA4IBAQCoOTiSS/iBDuilaa//G4dCA7/vvVDX9TLkK82u3mhX
vxyLK5PAtFXn831dqJV8/VQlMTJpsiUb0lnmGXMqM29H1uSC/uUZUiW8cjklZsyz
GCHX3oOvl9qTWFKBSrNVg2AjZHt3owjAU/HU0wY1AS7E7geJtdLf1UP+Y8M1wzjW
p/ECzVQlRvGvnAuifgGudMPQnCUcbAlkVC/f8UB7CD7KhlAp+aDZ4w6SofOb4anc
g3NG4EKsrZaDhwDaehL/MAsjD9DljOnj7kJbzUwq1hz05aygcnXRp/MuhkoIqgbN
1HzG5HKhtwZdx2TYnsVSIivp+Wt+0CuT22py6znzqbtF
-----END CERTIFICATE-----