Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/EMgBncHkO7C3BGyliRgotbs7GkI.roa
File:                     EMgBncHkO7C3BGyliRgotbs7GkI.roa (raw, json)
Hash identifier:          0DaODdR5nbn+SN8Img71J6XlHLwG9ZDsGJZ5LKWSGYo=
Subject key identifier:   10:C8:01:9D:C1:E4:3B:B0:B7:04:6C:A5:89:18:28:B5:BB:3B:1A:42
Certificate issuer:       /CN=c089423af1be03027196d1f81df22992978cda6e
Certificate serial:       01847F9864064C5010834742D8CD5B48F39C
Authority key identifier: C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/EMgBncHkO7C3BGyliRgotbs7GkI.roa
Signing time:             Wed 16 Nov 2022 08:40:04 +0000
ROA not before:           Wed 16 Nov 2022 08:40:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     55933
IP address blocks:        85.8.180.0/23 maxlen: 24
                          185.242.232.0/22 maxlen: 24
                          185.242.232.0/23 maxlen: 23
                          185.242.234.0/23 maxlen: 23
                          185.245.40.0/22 maxlen: 24
                          185.239.84.0/23 maxlen: 23
                          185.239.84.0/22 maxlen: 24
                          185.239.86.0/23 maxlen: 23
                          109.206.244.0/22 maxlen: 24
                          91.132.48.0/22 maxlen: 24
                          93.177.76.0/22 maxlen: 24
                          185.243.240.0/22 maxlen: 24
                          84.252.102.0/23 maxlen: 24
                          2a0c:f480::/29 maxlen: 29
                          2a0d:2480::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:7f:98:64:06:4c:50:10:83:47:42:d8:cd:5b:48:f3:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c089423af1be03027196d1f81df22992978cda6e
        Validity
            Not Before: Nov 16 08:40:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=10c8019dc1e43bb0b7046ca5891828b5bb3b1a42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:76:a9:a2:f1:4d:7b:19:64:96:1d:a1:ff:49:
                    5e:fe:26:98:a0:f3:1b:a0:77:38:5d:41:82:d6:89:
                    89:18:34:89:e3:9d:84:51:12:22:bc:10:d7:a9:03:
                    9e:44:5b:e1:5e:b6:c5:0a:83:63:b4:bf:e2:67:28:
                    83:9b:72:8a:fe:be:2b:cd:22:b6:ae:fd:ec:2b:1d:
                    2f:e2:23:12:a8:5b:58:fa:15:65:73:fc:9e:8f:55:
                    6c:fb:ec:3d:c5:7a:a4:07:ea:aa:40:8e:43:ff:01:
                    23:38:a7:79:ca:c9:8a:e9:fe:ae:9c:7c:1c:97:4b:
                    39:7f:fa:66:d8:e8:c8:4d:17:d1:3a:da:8f:98:2f:
                    81:5c:0c:e0:25:50:8e:79:9f:45:15:8d:4e:26:84:
                    3b:d6:b4:c6:8c:ce:0e:ba:a0:59:85:70:1f:e6:af:
                    fb:ff:b1:69:08:73:33:43:2a:bf:92:10:37:68:c4:
                    73:1c:aa:6f:c3:16:c2:48:21:23:f8:35:78:6a:6d:
                    5e:3f:f6:26:73:2d:17:1d:25:8c:11:e1:3f:8f:80:
                    7a:09:5c:10:69:55:a9:29:ec:b5:f4:5c:99:c9:10:
                    e6:d6:65:9b:da:ed:7d:30:a1:a1:0a:4d:1f:17:ca:
                    87:82:3a:06:3e:a5:78:0a:2f:5c:89:13:e3:6d:b9:
                    82:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:C8:01:9D:C1:E4:3B:B0:B7:04:6C:A5:89:18:28:B5:BB:3B:1A:42
            X509v3 Authority Key Identifier:
                keyid:C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/EMgBncHkO7C3BGyliRgotbs7GkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.102.0/23
                  85.8.180.0/23
                  91.132.48.0/22
                  93.177.76.0/22
                  109.206.244.0/22
                  185.239.84.0/22
                  185.242.232.0/22
                  185.243.240.0/22
                  185.245.40.0/22
                IPv6:
                  2a0c:f480::/29
                  2a0d:2480::/29

    Signature Algorithm: sha256WithRSAEncryption
         a1:5a:d5:de:c7:a0:b5:53:71:60:ed:c1:c1:d5:97:46:a0:3b:
         d0:b8:dd:2f:0b:bb:00:07:25:31:f3:19:b7:2c:b1:26:47:32:
         b0:32:a3:ae:25:a6:1c:43:ca:c0:9c:7c:c9:d3:c2:9f:52:04:
         6c:f0:f0:84:c7:07:ca:28:62:33:d9:eb:46:15:fd:4d:aa:21:
         02:cc:ff:f1:81:ad:bf:28:94:93:9a:60:66:09:79:85:75:d8:
         2f:dd:2a:27:6d:f3:a7:53:a9:40:4a:e8:95:8c:ec:34:a9:c8:
         6d:df:fe:5c:d8:b2:3a:a0:05:4a:b3:4c:ac:ee:62:a9:cf:ec:
         f9:b0:6d:16:6e:d4:42:b2:84:d4:7d:d5:ce:ca:5e:ad:1f:15:
         ba:93:44:60:e4:48:bb:3d:c4:22:5d:55:fc:c7:03:27:c7:91:
         7e:bb:2e:0c:62:29:2c:ed:c9:2c:bc:c7:ed:74:90:0e:b2:fa:
         cb:be:b9:8c:c4:df:64:2d:20:4f:55:5f:cc:bc:1e:23:d7:93:
         a8:5a:44:63:a4:f1:27:70:7c:b2:40:ed:68:95:6c:94:f3:53:
         37:7d:9e:ac:98:63:e3:a5:b7:8c:36:29:df:93:79:3c:90:c5:
         a4:a5:6c:b2:e5:07:a0:a8:ae:dc:dd:ad:25:5d:b6:c3:e9:17:
         83:ba:fa:35
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYR/mGQGTFAQg0dC2M1bSPOcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwODk0MjNhZjFiZTAzMDI3MTk2ZDFmODFkZjIyOTkyOTc4
Y2RhNmUwHhcNMjIxMTE2MDg0MDA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGM4MDE5ZGMxZTQzYmIwYjcwNDZjYTU4OTE4MjhiNWJiM2IxYTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4XapovFNexlklh2h/0le/iaYoPMb
oHc4XUGC1omJGDSJ452EURIivBDXqQOeRFvhXrbFCoNjtL/iZyiDm3KK/r4rzSK2
rv3sKx0v4iMSqFtY+hVlc/yej1Vs++w9xXqkB+qqQI5D/wEjOKd5ysmK6f6unHwc
l0s5f/pm2OjITRfROtqPmC+BXAzgJVCOeZ9FFY1OJoQ71rTGjM4OuqBZhXAf5q/7
/7FpCHMzQyq/khA3aMRzHKpvwxbCSCEj+DV4am1eP/Ymcy0XHSWMEeE/j4B6CVwQ
aVWpKey19FyZyRDm1mWb2u19MKGhCk0fF8qHgjoGPqV4Ci9ciRPjbbmCVwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFBDIAZ3B5DuwtwRspYkYKLW7OxpCMB8GA1UdIwQY
MBaAFMCJQjrxvgMCcZbR+B3yKZKXjNpuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgt
NjUzMzJiNDdmNWViLzEvRU1nQm5jSGtPN0MzQkd5bGlSZ290YnM3R2tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgtNjUzMzJiNDdmNWVi
LzEvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQBVPxmAwQB
VQi0AwQCW4QwAwQCXbFMAwQCbc70AwQCue9UAwQCufLoAwQCufPwAwQCufUoMBQE
AgACMA4DBQMqDPSAAwUDKg0kgDANBgkqhkiG9w0BAQsFAAOCAQEAoVrV3segtVNx
YO3BwdWXRqA70LjdLwu7AAclMfMZtyyxJkcysDKjriWmHEPKwJx8ydPCn1IEbPDw
hMcHyihiM9nrRhX9TaohAsz/8YGtvyiUk5pgZgl5hXXYL90qJ23zp1OpQErolYzs
NKnIbd/+XNiyOqAFSrNMrO5iqc/s+bBtFm7UQrKE1H3VzsperR8VupNEYORIuz3E
Il1V/McDJ8eRfrsuDGIpLO3JLLzH7XSQDrL6y765jMTfZC0gT1VfzLweI9eTqFpE
Y6TxJ3B8skDtaJVslPNTN32erJhj46W3jDYp35N5PJDFpKVssuUHoKiu3N2tJV22
w+kXg7r6NQ==
-----END CERTIFICATE-----