Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/1-gK8-IqD0LS7lwrszJJjfcH8RvM.roa
File:                     1-gK8-IqD0LS7lwrszJJjfcH8RvM.roa (raw, json)
Hash identifier:          3wOOMaNsyk0G4gF8iKJqw4QkdNZK9dmwfQeyZtn3RkI=
Subject key identifier:   FA:02:BC:F8:8A:83:D0:B4:BB:97:0A:EC:CC:92:63:7D:C1:FC:46:F3
Certificate issuer:       /CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Certificate serial:       01856DC1E405474D8A9D7FF28E2DBAD0962B
Authority key identifier: 85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/1-gK8-IqD0LS7lwrszJJjfcH8RvM.roa
Signing time:             Sun 01 Jan 2023 14:35:01 +0000
ROA not before:           Sun 01 Jan 2023 14:35:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     28761
IP address blocks:        193.138.84.0/24 maxlen: 24
                          194.9.26.0/23 maxlen: 24
                          193.238.108.0/24 maxlen: 24
                          193.238.111.0/24 maxlen: 24
                          193.238.109.0/24 maxlen: 24
                          91.194.163.0/24 maxlen: 24
                          193.238.110.0/24 maxlen: 24
                          193.27.242.0/24 maxlen: 24
                          193.27.243.0/24 maxlen: 24
                          195.3.244.0/22 maxlen: 24
                          2a05:5840::/32 maxlen: 32
                          2a05:5841::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:c1:e4:05:47:4d:8a:9d:7f:f2:8e:2d:ba:d0:96:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=852ece9c9a324d45c35f9559f329d8869dab53ba
        Validity
            Not Before: Jan  1 14:35:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fa02bcf88a83d0b4bb970aeccc92637dc1fc46f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:cb:b0:dc:78:21:6e:68:76:02:bd:13:8b:a8:
                    5c:66:6c:6c:35:a7:f4:bf:a9:a8:e1:90:cc:86:e6:
                    24:16:82:7a:9b:8f:98:07:c8:46:8b:cd:9b:9e:ef:
                    63:97:3f:aa:16:9b:98:8b:ff:40:71:1d:16:09:a4:
                    d1:dc:f1:aa:e8:53:22:8c:83:cc:bd:a7:f5:9b:57:
                    4c:90:fd:e2:15:3e:b6:80:ee:51:43:20:79:40:e1:
                    cb:6d:04:a7:a3:9b:6a:b2:b6:f5:f2:a4:8d:30:a4:
                    16:6a:21:00:fa:27:66:3b:c9:47:32:35:b7:82:32:
                    3a:67:c7:b5:d4:ff:66:75:4c:ee:fe:3d:bd:99:71:
                    9d:97:da:57:01:2a:8a:9a:e9:f6:5f:76:a4:0e:92:
                    fe:28:63:ed:bd:e6:ab:ba:d9:80:98:57:9a:a6:c0:
                    b7:0d:7d:dc:84:a6:f7:53:e2:8e:89:4a:57:4d:47:
                    11:2b:4a:ba:11:b7:f9:4e:77:89:1c:c1:94:64:1e:
                    2d:0d:bd:20:bb:88:f0:d7:12:26:13:ac:93:f1:88:
                    e2:9e:d9:92:8d:65:7f:f4:17:33:b0:ab:12:f3:77:
                    ea:65:df:84:cb:35:ee:1f:bc:9c:ce:f1:cf:07:81:
                    20:9b:1c:0b:4c:6b:3f:81:1d:ae:76:cf:8f:5d:d2:
                    3f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:02:BC:F8:8A:83:D0:B4:BB:97:0A:EC:CC:92:63:7D:C1:FC:46:F3
            X509v3 Authority Key Identifier:
                keyid:85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/1-gK8-IqD0LS7lwrszJJjfcH8RvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.163.0/24
                  193.27.242.0/23
                  193.138.84.0/24
                  193.238.108.0/22
                  194.9.26.0/23
                  195.3.244.0/22
                IPv6:
                  2a05:5840::/31

    Signature Algorithm: sha256WithRSAEncryption
         1d:a9:98:c5:67:52:49:8b:89:43:54:8c:e5:15:1f:1f:b6:af:
         45:9b:76:fa:25:9e:a9:6f:66:2b:89:19:a2:f3:a1:1c:7c:1c:
         63:74:f6:3c:72:d1:f9:3c:2c:be:1f:af:02:b2:2b:06:04:75:
         13:5f:ec:57:9c:4b:22:f2:a1:68:57:58:a5:0b:5c:ef:09:8f:
         3a:83:a4:b0:34:7a:b0:31:46:dc:95:b6:f8:66:f3:df:be:14:
         67:63:ae:50:86:59:c0:e0:37:a1:d6:49:80:ca:15:52:e8:e5:
         cb:e9:13:98:7f:61:c4:0b:4a:cb:37:4a:65:55:f6:78:d8:94:
         9a:7e:9e:17:79:55:e2:2d:83:e3:d7:93:fb:a2:5a:51:b6:ab:
         17:84:90:9d:93:3f:2d:9b:d6:c4:e1:80:18:4d:2a:3b:b7:e5:
         85:a9:10:22:96:4d:54:39:b1:2b:7e:68:f6:24:e7:63:96:ed:
         22:cd:ae:50:df:11:d8:61:1b:19:c6:32:54:dc:c5:c9:2f:03:
         c9:69:58:d2:4a:ec:52:97:c4:a3:a3:3a:5c:6f:a7:d7:b1:b9:
         7e:48:00:f7:1d:5d:55:5b:1a:1a:fd:41:1c:d3:7d:e1:39:9a:
         77:4c:13:24:d0:be:ac:ed:f3:02:07:20:32:11:f4:08:5c:a7:
         e0:d5:21:c3
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYVtweQFR02KnX/yji260JYrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MmVjZTljOWEzMjRkNDVjMzVmOTU1OWYzMjlkODg2OWRh
YjUzYmEwHhcNMjMwMTAxMTQzNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTAyYmNmODhhODNkMGI0YmI5NzBhZWNjYzkyNjM3ZGMxZmM0NmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMuw3Hghbmh2Ar0Ti6hcZmxsNaf0
v6mo4ZDMhuYkFoJ6m4+YB8hGi82bnu9jlz+qFpuYi/9AcR0WCaTR3PGq6FMijIPM
vaf1m1dMkP3iFT62gO5RQyB5QOHLbQSno5tqsrb18qSNMKQWaiEA+idmO8lHMjW3
gjI6Z8e11P9mdUzu/j29mXGdl9pXASqKmun2X3akDpL+KGPtvearutmAmFeapsC3
DX3chKb3U+KOiUpXTUcRK0q6Ebf5TneJHMGUZB4tDb0gu4jw1xImE6yT8YjintmS
jWV/9BczsKsS83fqZd+EyzXuH7yczvHPB4EgmxwLTGs/gR2uds+PXdI/PwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFPoCvPiKg9C0u5cK7MySY33B/EbzMB8GA1UdIwQY
MBaAFIUuzpyaMk1Fw1+VWfMp2Iadq1O6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYt
ZWIyNDExZDIxMmFiLzEvMS1nSzgtSXFEMExTN2x3cnN6SkpqZmNIOFJ2TS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzgvZDNjY2U2LWI0N2ItNGQwNi1hMzBmLWViMjQxMWQyMTJh
Yi8xL2hTN09uSm95VFVYRFg1Vlo4eW5ZaHAyclU3by5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBMBggrBgEFBQcBBwEB/wQ9MDswKgQCAAEwJAMEAFvCowME
AcEb8gMEAMGKVAMEAsHubAMEAcIJGgMEAsMD9DANBAIAAjAHAwUBKgVYQDANBgkq
hkiG9w0BAQsFAAOCAQEAHamYxWdSSYuJQ1SM5RUfH7avRZt2+iWeqW9mK4kZovOh
HHwcY3T2PHLR+Twsvh+vArIrBgR1E1/sV5xLIvKhaFdYpQtc7wmPOoOksDR6sDFG
3JW2+Gbz374UZ2OuUIZZwOA3odZJgMoVUujly+kTmH9hxAtKyzdKZVX2eNiUmn6e
F3lV4i2D49eT+6JaUbarF4SQnZM/LZvWxOGAGE0qO7flhakQIpZNVDmxK35o9iTn
Y5btIs2uUN8R2GEbGcYyVNzFyS8DyWlY0krsUpfEo6M6XG+n17G5fkgA9x1dVVsa
Gv1BHNN94Tmad0wTJNC+rO3zAgcgMhH0CFyn4NUhww==
-----END CERTIFICATE-----