Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/bxp7yL_yyW_wHUx_GurD8TgPKp0.roa
File:                     bxp7yL_yyW_wHUx_GurD8TgPKp0.roa (raw, json)
Hash identifier:          7VSdhfoNI+ifFdBywcFXG7uPjljKKHKBhm2sgFC4dyQ=
Subject key identifier:   6F:1A:7B:C8:BF:F2:C9:6F:F0:1D:4C:7F:1A:EA:C3:F1:38:0F:2A:9D
Certificate issuer:       /CN=586936266e980dd203b2cbeb1c9c4570604b911b
Certificate serial:       054EE089
Authority key identifier: 58:69:36:26:6E:98:0D:D2:03:B2:CB:EB:1C:9C:45:70:60:4B:91:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WGk2Jm6YDdIDssvrHJxFcGBLkRs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/bxp7yL_yyW_wHUx_GurD8TgPKp0.roa
Signing time:             Thu 07 Apr 2022 12:29:50 +0000
ROA not before:           Thu 07 Apr 2022 12:29:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49628
IP address blocks:        185.46.176.0/22 maxlen: 22
                          193.176.215.0/24 maxlen: 24
                          78.40.106.0/24 maxlen: 24
                          78.40.107.0/24 maxlen: 24
                          193.176.214.0/24 maxlen: 24
                          5.187.9.0/24 maxlen: 24
                          5.187.10.0/24 maxlen: 24
                          5.187.8.0/21 maxlen: 21
                          193.176.212.0/24 maxlen: 24
                          78.40.104.0/24 maxlen: 24
                          193.176.212.0/22 maxlen: 22
                          78.40.104.0/22 maxlen: 22
                          193.176.213.0/24 maxlen: 24
                          78.40.105.0/24 maxlen: 24
                          185.168.224.0/24 maxlen: 24
                          185.168.224.0/22 maxlen: 22
                          185.168.225.0/24 maxlen: 24
                          185.168.226.0/24 maxlen: 24
                          185.168.227.0/24 maxlen: 24
                          37.75.128.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 89055369 (0x54ee089)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=586936266e980dd203b2cbeb1c9c4570604b911b
        Validity
            Not Before: Apr  7 12:29:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6f1a7bc8bff2c96ff01d4c7f1aeac3f1380f2a9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:14:74:d7:31:db:36:d9:fc:b3:39:74:55:65:
                    df:2c:57:14:c5:94:e1:34:26:c7:5c:c1:c5:9a:b4:
                    46:20:b7:79:cb:32:80:27:6a:c0:d1:2b:94:e7:60:
                    5a:10:2d:eb:e5:d2:f2:d7:9d:1a:6d:bd:62:f5:3b:
                    07:85:17:7d:c7:70:15:4a:b8:44:85:9b:b2:91:4e:
                    f5:d3:9b:c4:92:79:47:b3:2b:a1:d2:b6:47:61:4c:
                    9d:dc:d4:4d:fa:73:74:bd:fe:5f:06:86:77:b7:2e:
                    4a:ed:48:eb:7b:a4:6d:0e:79:cd:21:ab:6c:00:be:
                    b4:d1:3f:10:7c:6a:4b:5d:4a:7f:84:9c:2b:24:73:
                    0d:ce:50:e1:95:40:e1:51:e4:d0:f7:ad:1d:6e:16:
                    fe:f3:dc:4a:16:35:4b:8f:cb:b7:cd:2e:7b:45:0a:
                    b9:29:2d:2f:b2:96:89:8a:64:85:1f:fc:74:38:63:
                    4d:ab:8d:02:ad:fd:76:d1:1b:64:0c:2c:98:1a:7e:
                    c5:3e:d6:bc:0c:5e:0d:1c:d7:46:50:71:66:46:9e:
                    05:6c:c9:0a:c8:15:c7:65:94:23:12:47:9c:7c:14:
                    84:52:d2:56:8c:c8:9c:53:95:ed:86:06:ec:fa:01:
                    94:12:e2:c7:40:78:c2:02:71:7c:b0:9e:43:ec:51:
                    47:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:1A:7B:C8:BF:F2:C9:6F:F0:1D:4C:7F:1A:EA:C3:F1:38:0F:2A:9D
            X509v3 Authority Key Identifier:
                keyid:58:69:36:26:6E:98:0D:D2:03:B2:CB:EB:1C:9C:45:70:60:4B:91:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WGk2Jm6YDdIDssvrHJxFcGBLkRs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/bxp7yL_yyW_wHUx_GurD8TgPKp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/WGk2Jm6YDdIDssvrHJxFcGBLkRs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.187.8.0/21
                  37.75.128.0/21
                  78.40.104.0/22
                  185.46.176.0/22
                  185.168.224.0/22
                  193.176.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:3b:c4:f2:9e:82:65:d8:f6:02:e0:c8:4c:7a:84:06:86:76:
         6e:b9:3d:f0:6b:fd:15:23:f6:39:89:1a:16:04:6d:cf:d3:cd:
         72:4c:20:ac:b8:05:ba:fd:72:09:a4:69:77:68:bf:58:c0:21:
         3b:14:4a:15:2d:9d:2e:1f:83:7f:f2:10:ac:78:98:96:0c:50:
         9b:c3:7b:78:26:fd:c7:8f:a9:ba:77:64:fd:f7:9e:13:fe:67:
         29:00:fb:b0:92:f9:16:71:fa:b2:43:62:ac:d2:0c:3d:4a:dc:
         c9:13:4a:d8:b8:f7:8d:9e:9f:1f:15:82:d5:36:ec:73:ad:ac:
         ef:61:0e:d7:d3:c9:20:f2:40:09:5c:19:5d:63:5b:77:8d:f3:
         b8:27:13:a8:a2:e6:9f:55:ee:fc:9b:9e:48:e7:58:df:2a:b9:
         c5:53:6a:f6:33:b4:bc:c1:6b:54:92:b4:4d:04:cc:c0:a7:4c:
         96:d8:60:5d:63:cb:5a:1e:44:0d:da:d3:da:09:b7:00:27:25:
         f8:8b:7b:dd:32:3d:bf:ee:05:02:cf:a5:ec:c0:e0:c3:27:89:
         b8:31:69:dd:09:fb:32:5a:39:64:de:f3:76:79:32:48:ab:22:
         cb:aa:e7:51:5e:99:0c:a4:90:7d:55:d7:6b:7e:ce:2d:38:ea:
         56:8a:c3:49
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIEBU7giTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
ODY5MzYyNjZlOTgwZGQyMDNiMmNiZWIxYzljNDU3MDYwNGI5MTFiMB4XDTIyMDQw
NzEyMjk1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmYxYTdiYzhiZmYy
Yzk2ZmYwMWQ0YzdmMWFlYWMzZjEzODBmMmE5ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ4UdNcx2zbZ/LM5dFVl3yxXFMWU4TQmx1zBxZq0RiC3ecsy
gCdqwNErlOdgWhAt6+XS8tedGm29YvU7B4UXfcdwFUq4RIWbspFO9dObxJJ5R7Mr
odK2R2FMndzUTfpzdL3+XwaGd7cuSu1I63ukbQ55zSGrbAC+tNE/EHxqS11Kf4Sc
KyRzDc5Q4ZVA4VHk0PetHW4W/vPcShY1S4/Lt80ue0UKuSktL7KWiYpkhR/8dDhj
TauNAq39dtEbZAwsmBp+xT7WvAxeDRzXRlBxZkaeBWzJCsgVx2WUIxJHnHwUhFLS
VozInFOV7YYG7PoBlBLix0B4wgJxfLCeQ+xRR2cCAwEAAaOCAicwggIjMB0GA1Ud
DgQWBBRvGnvIv/LJb/AdTH8a6sPxOA8qnTAfBgNVHSMEGDAWgBRYaTYmbpgN0gOy
y+scnEVwYEuRGzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1dHazJKbTZZRGRJRHNzdnJISnhGY0dCTGtScy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGEvNGM2NmNjLWZhOWEtNGY1OC1hZDIxLTdkYTE4M2VmZjExNS8x
L2J4cDd5TF95eVdfd0hVeF9HdXJEOFRnUEtwMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGEv
NGM2NmNjLWZhOWEtNGY1OC1hZDIxLTdkYTE4M2VmZjExNS8xL1dHazJKbTZZRGRJ
RHNzdnJISnhGY0dCTGtScy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA9
BggrBgEFBQcBBwEB/wQuMCwwKgQCAAEwJAMEAwW7CAMEAyVLgAMEAk4oaAMEArku
sAMEArmo4AMEAsGw1DANBgkqhkiG9w0BAQsFAAOCAQEARTvE8p6CZdj2AuDITHqE
BoZ2brk98Gv9FSP2OYkaFgRtz9PNckwgrLgFuv1yCaRpd2i/WMAhOxRKFS2dLh+D
f/IQrHiYlgxQm8N7eCb9x4+pundk/feeE/5nKQD7sJL5FnH6skNirNIMPUrcyRNK
2Lj3jZ6fHxWC1Tbsc62s72EO19PJIPJACVwZXWNbd43zuCcTqKLmn1Xu/JueSOdY
3yq5xVNq9jO0vMFrVJK0TQTMwKdMlthgXWPLWh5EDdrT2gm3ACcl+It73TI9v+4F
As+l7MDgwyeJuDFp3Qn7Mlo5ZN7zdnkySKsiy6rnUV6ZDKSQfVXXa37OLTjqVorD
SQ==
-----END CERTIFICATE-----