Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/KyEfaa89zGfYEOyTQL6wxFwaPsY.roa
File:                     KyEfaa89zGfYEOyTQL6wxFwaPsY.roa (raw, json)
Hash identifier:          NtdMB25MXY5Xo6v6oQaaX0jNkCdbCG2q0Xul3MKaMz8=
Subject key identifier:   2B:21:1F:69:AF:3D:CC:67:D8:10:EC:93:40:BE:B0:C4:5C:1A:3E:C6
Certificate issuer:       /CN=6a8edda2f21c885fbe67286218b8318d6ad23896
Certificate serial:       018CCA29AC983F6FD3C1024A545D69FB5961
Authority key identifier: 6A:8E:DD:A2:F2:1C:88:5F:BE:67:28:62:18:B8:31:8D:6A:D2:38:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ao7dovIciF--ZyhiGLgxjWrSOJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/KyEfaa89zGfYEOyTQL6wxFwaPsY.roa
Signing time:             Tue 02 Jan 2024 12:32:57 +0000
ROA not before:           Tue 02 Jan 2024 12:32:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198193
IP address blocks:        185.28.216.0/22 maxlen: 24
                          185.104.164.0/22 maxlen: 24
                          91.216.73.0/24 maxlen: 24
                          91.216.77.0/24 maxlen: 24
                          37.10.108.0/24 maxlen: 24
                          185.91.192.0/22 maxlen: 24
                          91.216.100.0/24 maxlen: 24
                          185.42.20.0/22 maxlen: 24
                          91.216.122.0/24 maxlen: 24
                          185.217.112.0/22 maxlen: 24
                          37.10.70.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:ac:98:3f:6f:d3:c1:02:4a:54:5d:69:fb:59:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a8edda2f21c885fbe67286218b8318d6ad23896
        Validity
            Not Before: Jan  2 12:32:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b211f69af3dcc67d810ec9340beb0c45c1a3ec6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d3:3a:24:bf:8d:a4:e3:c8:dd:22:61:89:9a:
                    f6:69:3e:bc:3a:01:37:6b:ba:d0:3e:32:01:80:56:
                    fc:24:fb:42:76:69:71:cb:44:ad:56:5e:db:ce:37:
                    79:37:d5:76:8b:c6:55:81:be:a8:db:80:75:c0:27:
                    8b:a3:24:1e:ae:c1:16:4f:76:19:ae:09:b9:90:5a:
                    89:ea:e5:df:6a:e7:6f:ac:5f:57:00:5f:e2:68:9a:
                    70:01:90:c8:b3:4f:59:4d:d6:1d:3a:62:3b:b3:39:
                    e4:99:60:67:69:0a:aa:b7:ac:7a:49:66:87:40:f2:
                    bc:6b:22:10:dd:f0:d5:7a:36:42:e9:fd:aa:89:b7:
                    89:3d:87:8d:6a:19:0e:bf:a2:77:36:82:41:64:ca:
                    80:35:a6:ef:f7:9d:f6:a5:73:05:00:91:51:54:6c:
                    82:1c:ed:50:3c:57:d0:71:a5:89:ce:4b:06:2c:bc:
                    75:ec:be:29:21:2f:e5:e0:8c:59:22:6a:3e:f8:44:
                    42:29:f0:a7:a3:da:1c:b1:03:72:10:ee:dd:68:54:
                    a0:b5:fb:04:d2:2c:3c:07:83:92:e1:7b:57:80:0d:
                    c6:5f:d5:d8:83:be:0c:00:54:97:3c:93:e3:b5:3d:
                    62:1d:15:b5:64:33:58:cf:58:fa:17:1c:bd:2c:8a:
                    b5:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:21:1F:69:AF:3D:CC:67:D8:10:EC:93:40:BE:B0:C4:5C:1A:3E:C6
            X509v3 Authority Key Identifier:
                keyid:6A:8E:DD:A2:F2:1C:88:5F:BE:67:28:62:18:B8:31:8D:6A:D2:38:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ao7dovIciF--ZyhiGLgxjWrSOJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/KyEfaa89zGfYEOyTQL6wxFwaPsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/ao7dovIciF--ZyhiGLgxjWrSOJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.10.70.0/24
                  37.10.108.0/24
                  91.216.73.0/24
                  91.216.77.0/24
                  91.216.100.0/24
                  91.216.122.0/24
                  185.28.216.0/22
                  185.42.20.0/22
                  185.91.192.0/22
                  185.104.164.0/22
                  185.217.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:93:2c:f5:af:0f:8e:01:2b:e5:1c:14:4d:42:b9:05:1f:79:
         b2:c8:8f:fd:a4:a7:02:fc:7b:cc:1e:3d:f0:36:17:59:12:35:
         24:60:b0:a1:95:1d:fc:5f:b9:3e:e5:53:59:49:c3:d1:f1:25:
         2b:58:32:0f:02:b2:b3:24:66:a0:f4:64:cf:c2:06:ed:6f:9f:
         cc:12:20:49:3e:f9:41:c4:1d:01:6a:2e:25:b8:a0:e1:fd:88:
         8a:01:66:1a:a5:dc:d7:9d:3b:24:19:9e:72:a9:54:af:25:60:
         25:94:4a:3e:73:09:a9:bd:b1:2c:31:a3:fd:26:78:fc:df:15:
         97:4d:6a:3e:70:31:f2:51:e6:31:46:d8:39:69:24:9d:46:c3:
         36:aa:7a:20:f7:c9:b5:4d:05:a8:39:6a:de:4a:6f:2c:b7:e1:
         ac:07:7f:5f:61:cf:01:f0:24:5d:9f:0f:75:d3:2c:6e:bc:07:
         d4:5e:b7:d7:e0:fd:8a:2b:c0:33:da:ba:0e:9f:59:04:6d:5b:
         ad:70:c6:eb:ef:46:20:c8:a2:45:b6:7d:c2:8a:47:8a:80:50:
         a7:15:35:56:e7:1c:57:62:dd:d6:2c:d1:85:f2:c1:b1:55:22:
         17:29:5a:1b:ec:b3:cc:dc:68:93:c4:4a:49:0b:fc:1d:aa:fa:
         36:1b:19:ca
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYzKKayYP2/TwQJKVF1p+1lhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhOGVkZGEyZjIxYzg4NWZiZTY3Mjg2MjE4YjgzMThkNmFk
MjM4OTYwHhcNMjQwMTAyMTIzMjU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjIxMWY2OWFmM2RjYzY3ZDgxMGVjOTM0MGJlYjBjNDVjMWEzZWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNM6JL+NpOPI3SJhiZr2aT68OgE3
a7rQPjIBgFb8JPtCdmlxy0StVl7bzjd5N9V2i8ZVgb6o24B1wCeLoyQersEWT3YZ
rgm5kFqJ6uXfaudvrF9XAF/iaJpwAZDIs09ZTdYdOmI7sznkmWBnaQqqt6x6SWaH
QPK8ayIQ3fDVejZC6f2qibeJPYeNahkOv6J3NoJBZMqANabv9532pXMFAJFRVGyC
HO1QPFfQcaWJzksGLLx17L4pIS/l4IxZImo++ERCKfCno9ocsQNyEO7daFSgtfsE
0iw8B4OS4XtXgA3GX9XYg74MAFSXPJPjtT1iHRW1ZDNYz1j6Fxy9LIq1NQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFCshH2mvPcxn2BDsk0C+sMRcGj7GMB8GA1UdIwQY
MBaAFGqO3aLyHIhfvmcoYhi4MY1q0jiWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYW83ZG92SWNpRi0tWnloaUdMZ3hqV3JTT0pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82ZGI3OTctYTNkMy00MjQxLTkwM2Et
MGM2Njg0MDE5OGQwLzEvS3lFZmFhODl6R2ZZRU95VFFMNnd4RndhUHNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82ZGI3OTctYTNkMy00MjQxLTkwM2EtMGM2Njg0MDE5OGQw
LzEvYW83ZG92SWNpRi0tWnloaUdMZ3hqV3JTT0pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAJQpGAwQA
JQpsAwQAW9hJAwQAW9hNAwQAW9hkAwQAW9h6AwQCuRzYAwQCuSoUAwQCuVvAAwQC
uWikAwQCudlwMA0GCSqGSIb3DQEBCwUAA4IBAQAnkyz1rw+OASvlHBRNQrkFH3my
yI/9pKcC/HvMHj3wNhdZEjUkYLChlR38X7k+5VNZScPR8SUrWDIPArKzJGag9GTP
wgbtb5/MEiBJPvlBxB0Bai4luKDh/YiKAWYapdzXnTskGZ5yqVSvJWAllEo+cwmp
vbEsMaP9Jnj83xWXTWo+cDHyUeYxRtg5aSSdRsM2qnog98m1TQWoOWreSm8st+Gs
B39fYc8B8CRdnw910yxuvAfUXrfX4P2KK8Az2roOn1kEbVutcMbr70YgyKJFtn3C
ikeKgFCnFTVW5xxXYt3WLNGF8sGxVSIXKVob7LPM3GiTxEpJC/wdqvo2GxnK
-----END CERTIFICATE-----