Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/395224-8ca2-444f-985b-5f0b4ce64867/1/3L-ZNvAKjnaqyZ4byM3jBrGTeBo.roa
File:                     3L-ZNvAKjnaqyZ4byM3jBrGTeBo.roa (raw, json)
Hash identifier:          de5299w+1JueRfUpEGsshLN8TcvKAWdCiP6ZAOs1wHU=
Subject key identifier:   DC:BF:99:36:F0:0A:8E:76:AA:C9:9E:1B:C8:CD:E3:06:B1:93:78:1A
Certificate issuer:       /CN=c66479bdf7edb90b51aa729634104c0d2802ac9f
Certificate serial:       0183CB60B64AFFA0B0E44A68EEC24F203DB6
Authority key identifier: C6:64:79:BD:F7:ED:B9:0B:51:AA:72:96:34:10:4C:0D:28:02:AC:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmR5vfftuQtRqnKWNBBMDSgCrJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/395224-8ca2-444f-985b-5f0b4ce64867/1/3L-ZNvAKjnaqyZ4byM3jBrGTeBo.roa
Signing time:             Wed 12 Oct 2022 08:47:36 +0000
ROA not before:           Wed 12 Oct 2022 08:47:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     200780
IP address blocks:        93.177.69.0/24 maxlen: 24
                          93.177.70.0/23 maxlen: 23
                          45.85.132.0/22 maxlen: 22
                          185.144.24.0/22 maxlen: 22
                          185.73.206.0/24 maxlen: 24
                          185.73.204.0/22 maxlen: 22
                          185.73.204.0/24 maxlen: 24
                          185.73.205.0/24 maxlen: 24
                          45.9.104.0/22 maxlen: 22
                          91.227.36.0/22 maxlen: 22
                          2a05:46c0::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:cb:60:b6:4a:ff:a0:b0:e4:4a:68:ee:c2:4f:20:3d:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66479bdf7edb90b51aa729634104c0d2802ac9f
        Validity
            Not Before: Oct 12 08:47:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dcbf9936f00a8e76aac99e1bc8cde306b193781a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:62:d8:46:63:dc:51:33:ce:af:fc:45:99:57:
                    3e:b2:70:9f:50:f9:63:da:b8:00:24:fc:3f:cc:f9:
                    b6:03:f3:2a:aa:b9:bd:8c:1a:29:45:e8:d6:fb:b8:
                    37:61:73:70:fe:a3:69:29:be:fb:68:1b:c9:8d:ae:
                    e7:fd:94:4e:ef:58:f1:b7:a8:5f:d4:77:31:45:84:
                    32:c0:4c:0c:da:5e:a1:13:93:9a:8d:d0:d8:30:43:
                    bd:e9:d6:7e:16:32:f7:d6:cf:62:e8:61:3e:fc:36:
                    48:4b:a3:aa:e7:f9:eb:bb:b2:90:b6:0e:dc:57:e6:
                    11:91:65:df:2e:58:28:4e:d9:8e:ad:ba:6b:5d:17:
                    1b:e3:a4:00:8d:d0:39:0d:3f:48:b7:de:11:f6:f2:
                    5a:49:41:b5:92:6c:d6:2b:71:61:a5:6c:25:f7:87:
                    9e:4a:14:68:44:ef:e0:86:3a:8b:b2:d0:9f:f2:76:
                    3f:a0:72:34:68:57:bf:09:1d:83:5c:b9:4a:23:ef:
                    e6:f4:b9:30:d9:e0:7e:65:67:31:0f:76:e0:eb:bb:
                    27:02:c0:0f:7c:71:ca:5e:f8:97:8d:07:c9:6f:7c:
                    de:33:9e:41:3d:a1:e2:74:74:8b:90:95:59:fe:8a:
                    55:b1:eb:26:35:8a:dd:14:a0:0f:29:46:d4:61:7a:
                    c1:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:BF:99:36:F0:0A:8E:76:AA:C9:9E:1B:C8:CD:E3:06:B1:93:78:1A
            X509v3 Authority Key Identifier:
                keyid:C6:64:79:BD:F7:ED:B9:0B:51:AA:72:96:34:10:4C:0D:28:02:AC:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmR5vfftuQtRqnKWNBBMDSgCrJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/395224-8ca2-444f-985b-5f0b4ce64867/1/3L-ZNvAKjnaqyZ4byM3jBrGTeBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/395224-8ca2-444f-985b-5f0b4ce64867/1/xmR5vfftuQtRqnKWNBBMDSgCrJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.104.0/22
                  45.85.132.0/22
                  91.227.36.0/22
                  93.177.69.0-93.177.71.255
                  185.73.204.0/22
                  185.144.24.0/22
                IPv6:
                  2a05:46c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:3f:5f:24:30:ac:77:1e:ba:d8:ef:4b:70:b6:d0:b8:30:d1:
         80:db:0d:b0:a4:c1:43:7e:c8:b8:1b:71:18:2c:8b:cc:f6:f2:
         7d:34:79:95:64:0b:0c:e8:01:a2:7c:cd:cf:50:50:e3:c1:2a:
         c7:d0:bd:8e:6b:2c:29:f8:c6:2a:de:f2:89:81:d4:74:f7:09:
         fd:8f:59:eb:fa:2c:80:97:04:0c:f0:a0:f9:9a:d5:56:a6:39:
         34:a7:bd:ca:de:5f:0e:f6:c8:95:d6:6a:bd:a5:e2:95:77:93:
         85:8c:d7:b7:25:ab:b6:88:08:06:9d:e3:5c:b4:a4:bc:b3:1e:
         1a:8d:f0:18:65:8e:a1:45:29:d1:f5:04:79:6a:f5:e6:40:1c:
         0e:7f:71:98:85:89:e6:7f:c4:5f:d9:34:91:7d:fa:08:cb:55:
         66:ac:d7:4f:9a:77:8b:df:77:fd:ba:e0:11:4b:b2:b8:23:4a:
         f2:8c:7b:1c:22:8a:ea:eb:0b:22:43:e0:c3:66:73:49:d7:4c:
         be:04:d5:89:87:30:bf:39:d9:ec:44:d9:c0:1f:3b:ad:51:1c:
         27:fe:50:b3:de:23:fd:0c:11:9a:1f:0f:28:2f:e8:32:99:1c:
         38:d0:4c:b3:1f:e7:7b:e8:90:33:30:9b:f1:f6:20:6e:51:59:
         10:44:9f:57
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYPLYLZK/6Cw5Epo7sJPID22MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjQ3OWJkZjdlZGI5MGI1MWFhNzI5NjM0MTA0YzBkMjgw
MmFjOWYwHhcNMjIxMDEyMDg0NzM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2JmOTkzNmYwMGE4ZTc2YWFjOTllMWJjOGNkZTMwNmIxOTM3ODFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGLYRmPcUTPOr/xFmVc+snCfUPlj
2rgAJPw/zPm2A/Mqqrm9jBopRejW+7g3YXNw/qNpKb77aBvJja7n/ZRO71jxt6hf
1HcxRYQywEwM2l6hE5OajdDYMEO96dZ+FjL31s9i6GE+/DZIS6Oq5/nru7KQtg7c
V+YRkWXfLlgoTtmOrbprXRcb46QAjdA5DT9It94R9vJaSUG1kmzWK3FhpWwl94ee
ShRoRO/ghjqLstCf8nY/oHI0aFe/CR2DXLlKI+/m9Lkw2eB+ZWcxD3bg67snAsAP
fHHKXviXjQfJb3zeM55BPaHidHSLkJVZ/opVsesmNYrdFKAPKUbUYXrBOwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFNy/mTbwCo52qsmeG8jN4waxk3gaMB8GA1UdIwQY
MBaAFMZkeb337bkLUapyljQQTA0oAqyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1SNXZmZnR1UXRScW5LV05CQk1EU2dDcko4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8zOTUyMjQtOGNhMi00NDRmLTk4NWIt
NWYwYjRjZTY0ODY3LzEvM0wtWk52QUtqbmFxeVo0YnlNM2pCckdUZUJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8zOTUyMjQtOGNhMi00NDRmLTk4NWItNWYwYjRjZTY0ODY3
LzEveG1SNXZmZnR1UXRScW5LV05CQk1EU2dDcko4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwQCLQloAwQC
LVWEAwQCW+MkMAwDBABdsUUDBANdsUADBAK5ScwDBAK5kBgwDQQCAAIwBwMFAyoF
RsAwDQYJKoZIhvcNAQELBQADggEBACQ/XyQwrHceutjvS3C20Lgw0YDbDbCkwUN+
yLgbcRgsi8z28n00eZVkCwzoAaJ8zc9QUOPBKsfQvY5rLCn4xire8omB1HT3Cf2P
Wev6LICXBAzwoPma1VamOTSnvcreXw72yJXWar2l4pV3k4WM17clq7aICAad41y0
pLyzHhqN8BhljqFFKdH1BHlq9eZAHA5/cZiFieZ/xF/ZNJF9+gjLVWas10+ad4vf
d/264BFLsrgjSvKMexwiiurrCyJD4MNmc0nXTL4E1YmHML852exE2cAfO61RHCf+
ULPeI/0MEZofDygv6DKZHDjQTLMf53vokDMwm/H2IG5RWRBEn1c=
-----END CERTIFICATE-----