Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/LjR5OFt4TjPIDg2i-TRkRxfOZlo.roa
File:                     LjR5OFt4TjPIDg2i-TRkRxfOZlo.roa (raw, json)
Hash identifier:          wwNm+d/QUQL+YDgZ2eXN9/+vSjyx2Fnpvmzr6DB99pM=
Subject key identifier:   2E:34:79:38:5B:78:4E:33:C8:0E:0D:A2:F9:34:64:47:17:CE:66:5A
Certificate issuer:       /CN=c089423af1be03027196d1f81df22992978cda6e
Certificate serial:       0186B65F8C02D53029441C7BCB370B51776F
Authority key identifier: C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/LjR5OFt4TjPIDg2i-TRkRxfOZlo.roa
Signing time:             Mon 06 Mar 2023 10:02:40 +0000
ROA not before:           Mon 06 Mar 2023 10:02:40 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     55933
IP address blocks:        185.242.232.0/22 maxlen: 24
                          185.242.232.0/23 maxlen: 23
                          185.242.234.0/23 maxlen: 23
                          185.245.40.0/22 maxlen: 24
                          185.239.84.0/23 maxlen: 23
                          185.239.84.0/22 maxlen: 24
                          185.239.86.0/23 maxlen: 23
                          109.206.244.0/22 maxlen: 24
                          93.177.76.0/22 maxlen: 24
                          185.243.240.0/22 maxlen: 24
                          84.252.102.0/23 maxlen: 24
                          2a0c:f480::/29 maxlen: 29
                          2a0d:2480::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b6:5f:8c:02:d5:30:29:44:1c:7b:cb:37:0b:51:77:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c089423af1be03027196d1f81df22992978cda6e
        Validity
            Not Before: Mar  6 10:02:40 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2e3479385b784e33c80e0da2f934644717ce665a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:8b:a9:69:82:c7:67:01:f4:81:88:44:64:a6:
                    a4:44:06:a6:f9:a8:eb:2b:8d:07:a6:f2:8d:09:a1:
                    e4:57:7d:a8:67:d2:a8:77:eb:d3:9f:4b:7b:4a:b0:
                    d9:ef:22:cc:f5:b0:8f:a5:7a:1e:6d:ae:c9:49:e8:
                    c5:85:c4:02:d4:64:80:d2:43:4a:d1:ff:84:5b:0a:
                    b6:58:00:fa:c3:a8:82:65:db:cb:df:2c:91:91:bc:
                    8c:45:dc:93:00:88:30:90:77:0f:08:33:fb:53:47:
                    5d:1d:04:7e:5b:28:70:45:da:c4:bb:ea:8b:eb:ed:
                    2d:60:bf:56:a0:0f:3f:43:c4:28:34:82:0c:60:2d:
                    eb:3d:06:27:2f:d2:c5:66:9e:ac:aa:7d:f1:67:fc:
                    29:a0:8e:ff:5c:57:10:b9:97:24:ba:31:a5:11:41:
                    41:13:6a:d3:e7:87:d4:cc:8e:6d:41:94:74:86:ef:
                    d2:69:f6:d1:7e:4a:25:a4:71:bf:6c:59:bf:64:e0:
                    f1:96:89:eb:f9:aa:ff:c0:d3:8b:4d:a8:ca:9a:d5:
                    3f:d4:e9:07:7c:dd:ff:e6:a4:21:d5:e6:40:8f:91:
                    ca:c7:f3:54:1d:40:36:eb:b1:3a:55:2f:af:19:c1:
                    44:3e:e0:6e:71:68:6f:bb:c2:17:fa:58:8f:b5:f4:
                    f2:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:34:79:38:5B:78:4E:33:C8:0E:0D:A2:F9:34:64:47:17:CE:66:5A
            X509v3 Authority Key Identifier:
                keyid:C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/LjR5OFt4TjPIDg2i-TRkRxfOZlo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.102.0/23
                  93.177.76.0/22
                  109.206.244.0/22
                  185.239.84.0/22
                  185.242.232.0/22
                  185.243.240.0/22
                  185.245.40.0/22
                IPv6:
                  2a0c:f480::/29
                  2a0d:2480::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:c2:ac:ce:fe:5f:ff:fa:d6:9b:88:97:96:65:81:44:9b:73:
         fa:28:33:75:5e:b1:bc:1c:ed:83:0f:f4:a0:1c:97:17:63:38:
         66:3e:19:21:5b:88:24:43:23:38:d8:43:4d:68:f5:88:aa:e9:
         b1:64:72:a5:44:89:8d:31:95:b0:a0:26:1a:ed:7e:42:b3:09:
         a1:08:b4:52:d9:0f:63:58:21:5a:b1:10:0d:a7:5e:5e:d9:00:
         62:2a:6b:3a:72:13:60:30:8f:10:02:3f:9d:c5:8b:95:8a:4d:
         2e:71:81:5f:f2:ae:8c:26:56:52:3e:e2:95:51:8d:21:cc:35:
         0f:c7:bc:65:51:5f:70:5c:08:8e:62:c8:b6:f1:87:93:62:57:
         47:10:ef:5b:84:3b:c7:41:c2:8b:50:05:5d:73:99:9e:b7:02:
         ed:59:be:17:03:3d:55:1f:fe:00:a8:64:e4:9e:53:bb:77:ba:
         0e:e7:f4:fa:61:c7:66:5b:00:06:a9:07:29:49:3a:ff:3b:63:
         ea:cb:15:1f:60:a6:70:75:77:b8:a9:8b:bd:3a:cf:00:09:82:
         de:bc:75:52:e4:65:9b:63:73:a0:42:5a:90:c6:56:4a:3d:4f:
         78:74:30:21:8d:45:9f:c0:c2:17:c9:2d:e8:d3:4e:9b:f5:c2:
         cb:41:af:c6
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYa2X4wC1TApRBx7yzcLUXdvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwODk0MjNhZjFiZTAzMDI3MTk2ZDFmODFkZjIyOTkyOTc4
Y2RhNmUwHhcNMjMwMzA2MTAwMjQwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTM0NzkzODViNzg0ZTMzYzgwZTBkYTJmOTM0NjQ0NzE3Y2U2NjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIupaYLHZwH0gYhEZKakRAam+ajr
K40HpvKNCaHkV32oZ9Kod+vTn0t7SrDZ7yLM9bCPpXoeba7JSejFhcQC1GSA0kNK
0f+EWwq2WAD6w6iCZdvL3yyRkbyMRdyTAIgwkHcPCDP7U0ddHQR+WyhwRdrEu+qL
6+0tYL9WoA8/Q8QoNIIMYC3rPQYnL9LFZp6sqn3xZ/wpoI7/XFcQuZckujGlEUFB
E2rT54fUzI5tQZR0hu/SafbRfkolpHG/bFm/ZODxlonr+ar/wNOLTajKmtU/1OkH
fN3/5qQh1eZAj5HKx/NUHUA267E6VS+vGcFEPuBucWhvu8IX+liPtfTymwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFC40eThbeE4zyA4Novk0ZEcXzmZaMB8GA1UdIwQY
MBaAFMCJQjrxvgMCcZbR+B3yKZKXjNpuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgt
NjUzMzJiNDdmNWViLzEvTGpSNU9GdDRUalBJRGcyaS1UUmtSeGZPWmxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgtNjUzMzJiNDdmNWVi
LzEvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQBVPxmAwQC
XbFMAwQCbc70AwQCue9UAwQCufLoAwQCufPwAwQCufUoMBQEAgACMA4DBQMqDPSA
AwUDKg0kgDANBgkqhkiG9w0BAQsFAAOCAQEAFMKszv5f//rWm4iXlmWBRJtz+igz
dV6xvBztgw/0oByXF2M4Zj4ZIVuIJEMjONhDTWj1iKrpsWRypUSJjTGVsKAmGu1+
QrMJoQi0UtkPY1ghWrEQDadeXtkAYiprOnITYDCPEAI/ncWLlYpNLnGBX/KujCZW
Uj7ilVGNIcw1D8e8ZVFfcFwIjmLItvGHk2JXRxDvW4Q7x0HCi1AFXXOZnrcC7Vm+
FwM9VR/+AKhk5J5Tu3e6Duf0+mHHZlsABqkHKUk6/ztj6ssVH2CmcHV3uKmLvTrP
AAmC3rx1UuRlm2NzoEJakMZWSj1PeHQwIY1Fn8DCF8kt6NNOm/XCy0Gvxg==
-----END CERTIFICATE-----