Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/p8JZ-9ivxJO-rXRtb1-9atY34tA.roa
File:                     p8JZ-9ivxJO-rXRtb1-9atY34tA.roa (raw, json)
Hash identifier:          OSAHRop4HlMWznatEDxVzJFXVIXstC7C7EllYOeHGlY=
Subject key identifier:   A7:C2:59:FB:D8:AF:C4:93:BE:AD:74:6D:6F:5F:BD:6A:D6:37:E2:D0
Certificate issuer:       /CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Certificate serial:       018CC72662F17127902B351499D17B36B905
Authority key identifier: 85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/p8JZ-9ivxJO-rXRtb1-9atY34tA.roa
Signing time:             Mon 01 Jan 2024 22:30:30 +0000
ROA not before:           Mon 01 Jan 2024 22:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28761
IP address blocks:        193.138.84.0/24 maxlen: 24
                          194.9.26.0/23 maxlen: 24
                          193.238.108.0/24 maxlen: 24
                          193.238.111.0/24 maxlen: 24
                          193.238.109.0/24 maxlen: 24
                          91.194.163.0/24 maxlen: 24
                          193.238.110.0/24 maxlen: 24
                          193.27.242.0/24 maxlen: 24
                          193.27.243.0/24 maxlen: 24
                          195.3.244.0/22 maxlen: 24
                          2a05:5840::/32 maxlen: 32
                          2a05:5841::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:62:f1:71:27:90:2b:35:14:99:d1:7b:36:b9:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=852ece9c9a324d45c35f9559f329d8869dab53ba
        Validity
            Not Before: Jan  1 22:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7c259fbd8afc493bead746d6f5fbd6ad637e2d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:5f:d7:8c:8b:3f:d4:ac:42:4c:50:7c:12:8e:
                    b2:95:1f:ee:e9:3b:07:d8:f7:3f:89:f2:e0:08:8d:
                    fb:aa:06:af:8e:ba:0b:ba:5c:94:6c:a4:91:75:51:
                    57:b1:0e:55:d3:c0:32:66:8c:e4:ac:b7:5c:ce:7d:
                    62:9c:ec:81:3f:6c:ac:30:82:4b:c9:36:b5:27:aa:
                    2c:9f:7f:26:2d:a2:6a:b1:57:fb:28:01:95:f7:16:
                    f3:fc:2a:31:58:9e:1d:4b:aa:cb:f9:50:cd:d5:25:
                    16:ac:4d:cb:14:78:3b:f5:6e:53:6a:c5:95:63:4a:
                    98:2b:b6:c1:75:2d:c9:af:e7:a7:4a:4d:12:5e:d6:
                    ac:35:42:a6:95:6c:78:07:9d:40:7a:35:dc:d5:e2:
                    d9:c7:e7:7d:ef:f7:db:e8:8c:b8:a4:1c:3c:07:af:
                    39:68:57:af:c8:92:4c:ba:da:16:35:98:e7:23:2d:
                    06:72:6b:2f:be:00:58:1b:3d:5d:28:6f:aa:a9:bf:
                    78:ac:cc:87:4c:5c:58:7b:4f:2f:12:4b:c3:6d:0f:
                    d1:b2:a8:ee:c1:ca:d3:b4:a7:31:51:90:b0:41:7c:
                    e7:8b:be:7b:39:e3:4a:a0:c3:06:3d:84:fc:5a:b9:
                    ea:23:0e:00:a7:8e:7b:3a:8e:ba:91:21:93:4a:8f:
                    50:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:C2:59:FB:D8:AF:C4:93:BE:AD:74:6D:6F:5F:BD:6A:D6:37:E2:D0
            X509v3 Authority Key Identifier:
                keyid:85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/p8JZ-9ivxJO-rXRtb1-9atY34tA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.163.0/24
                  193.27.242.0/23
                  193.138.84.0/24
                  193.238.108.0/22
                  194.9.26.0/23
                  195.3.244.0/22
                IPv6:
                  2a05:5840::/31

    Signature Algorithm: sha256WithRSAEncryption
         8a:8f:2f:16:98:43:96:55:0a:21:65:d8:02:db:b9:41:42:a7:
         d5:b5:37:ed:98:0a:82:b1:ed:9a:ef:7f:84:2e:82:a0:ed:2d:
         15:71:fa:9c:f5:70:f3:28:b8:7c:e7:1f:a6:6a:58:b2:75:16:
         95:ce:09:78:9a:83:2e:d9:09:2a:5d:fa:d2:7e:70:18:49:d7:
         4b:71:ba:19:e3:da:80:0b:4b:ae:64:5f:96:4e:1a:e3:f0:ab:
         d5:df:64:3d:59:d1:15:72:53:41:51:cc:50:7e:9f:c1:5e:c0:
         f5:bf:6f:24:69:44:5d:04:2d:9e:dc:83:b6:2b:2f:7d:52:92:
         53:2c:5f:e0:8f:74:eb:a9:c0:ed:fc:d4:4a:a0:84:cb:69:31:
         6f:43:7f:73:4f:ed:92:40:2c:69:74:77:57:fb:23:7d:15:98:
         41:27:62:88:3a:1a:e0:ae:56:e2:f4:d9:e1:69:10:f0:02:dd:
         9b:ca:88:d2:8b:05:f1:c0:11:4a:e3:36:8a:2b:d5:e7:cd:04:
         66:73:53:c5:21:5e:f2:be:20:e5:b9:bd:65:8b:4f:ce:e4:75:
         f1:8d:3d:a1:6b:d2:db:08:a0:70:36:03:0c:cb:6d:fa:96:87:
         17:20:e7:f7:c9:63:3b:45:f3:0e:7a:13:d6:19:10:ad:d6:f4:
         f5:b9:8a:e9
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzHJmLxcSeQKzUUmdF7NrkFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MmVjZTljOWEzMjRkNDVjMzVmOTU1OWYzMjlkODg2OWRh
YjUzYmEwHhcNMjQwMTAxMjIzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2MyNTlmYmQ4YWZjNDkzYmVhZDc0NmQ2ZjVmYmQ2YWQ2MzdlMmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1/XjIs/1KxCTFB8Eo6ylR/u6TsH
2Pc/ifLgCI37qgavjroLulyUbKSRdVFXsQ5V08AyZozkrLdczn1inOyBP2ysMIJL
yTa1J6osn38mLaJqsVf7KAGV9xbz/CoxWJ4dS6rL+VDN1SUWrE3LFHg79W5TasWV
Y0qYK7bBdS3Jr+enSk0SXtasNUKmlWx4B51AejXc1eLZx+d97/fb6Iy4pBw8B685
aFevyJJMutoWNZjnIy0GcmsvvgBYGz1dKG+qqb94rMyHTFxYe08vEkvDbQ/Rsqju
wcrTtKcxUZCwQXzni757OeNKoMMGPYT8WrnqIw4Ap457Oo66kSGTSo9Q6wIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFKfCWfvYr8STvq10bW9fvWrWN+LQMB8GA1UdIwQY
MBaAFIUuzpyaMk1Fw1+VWfMp2Iadq1O6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYt
ZWIyNDExZDIxMmFiLzEvcDhKWi05aXZ4Sk8tclhSdGIxLTlhdFkzNHRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYtZWIyNDExZDIxMmFi
LzEvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQAW8KjAwQB
wRvyAwQAwYpUAwQCwe5sAwQBwgkaAwQCwwP0MA0EAgACMAcDBQEqBVhAMA0GCSqG
SIb3DQEBCwUAA4IBAQCKjy8WmEOWVQohZdgC27lBQqfVtTftmAqCse2a73+ELoKg
7S0Vcfqc9XDzKLh85x+maliydRaVzgl4moMu2QkqXfrSfnAYSddLcboZ49qAC0uu
ZF+WThrj8KvV32Q9WdEVclNBUcxQfp/BXsD1v28kaURdBC2e3IO2Ky99UpJTLF/g
j3TrqcDt/NRKoITLaTFvQ39zT+2SQCxpdHdX+yN9FZhBJ2KIOhrgrlbi9NnhaRDw
At2byojSiwXxwBFK4zaKK9XnzQRmc1PFIV7yviDlub1li0/O5HXxjT2ha9LbCKBw
NgMMy236locXIOf3yWM7RfMOehPWGRCt1vT1uYrp
-----END CERTIFICATE-----