Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/U6OISQjy13qkCUDuZYkGWThoE7k.roa
File:                     U6OISQjy13qkCUDuZYkGWThoE7k.roa (raw, json)
Hash identifier:          D9OeBp4a+7ioH1XtuTRtR7BCLtvMShpHVabh2DJk+Qs=
Subject key identifier:   53:A3:88:49:08:F2:D7:7A:A4:09:40:EE:65:89:06:59:38:68:13:B9
Certificate issuer:       /CN=a865bae25778beed8880c08df2d3f37fc37abc1e
Certificate serial:       018CCA2BCD3C6673AB06E4AB57EC92DE20FD
Authority key identifier: A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/U6OISQjy13qkCUDuZYkGWThoE7k.roa
Signing time:             Tue 02 Jan 2024 12:35:17 +0000
ROA not before:           Tue 02 Jan 2024 12:35:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49223
IP address blocks:        141.105.130.0/23 maxlen: 23
                          212.79.112.0/22 maxlen: 22
                          141.105.140.0/22 maxlen: 22
                          212.79.116.0/22 maxlen: 22
                          212.79.120.0/23 maxlen: 23
                          212.87.160.0/21 maxlen: 21
                          212.87.172.0/22 maxlen: 22
                          212.87.176.0/22 maxlen: 22
                          212.87.184.0/22 maxlen: 22
                          212.87.182.0/23 maxlen: 23
                          212.87.188.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:cd:3c:66:73:ab:06:e4:ab:57:ec:92:de:20:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a865bae25778beed8880c08df2d3f37fc37abc1e
        Validity
            Not Before: Jan  2 12:35:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53a3884908f2d77aa40940ee65890659386813b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d6:e7:d9:3a:52:c0:d4:71:b2:4c:da:cc:ca:
                    e5:bd:74:c3:6a:32:2a:26:a9:6c:39:05:6b:23:85:
                    25:45:da:2a:80:e4:84:d7:90:d9:1a:1c:2f:46:70:
                    70:cc:9c:c6:42:cb:fd:1c:19:4f:e6:be:59:9c:1e:
                    c3:1f:b6:57:87:df:f5:cf:b8:9e:03:bd:b0:5f:f7:
                    93:91:1d:06:8c:7d:c6:9e:9f:90:09:a6:02:0d:85:
                    1a:a8:cf:71:74:5e:4d:16:0a:63:52:7c:22:73:52:
                    19:a4:38:67:a4:bb:72:45:b2:83:01:4d:2e:c1:22:
                    8b:ff:91:39:c1:7e:b5:8e:1d:5b:19:4d:c0:8b:11:
                    64:6a:5d:04:de:42:6d:a7:15:fb:11:8e:39:85:bf:
                    6a:22:d2:02:9a:bc:f4:e7:a6:da:75:26:6f:de:9b:
                    d3:ac:cf:8c:f6:5e:ea:c7:9d:68:f4:3e:74:f5:bd:
                    c5:c3:ac:96:04:4b:35:80:da:76:46:09:b4:0c:9d:
                    90:3d:a5:7b:25:d8:47:7b:60:b2:09:84:37:cc:c9:
                    41:37:3b:cc:c7:28:05:a5:45:e2:a1:d3:51:dc:d0:
                    07:5d:65:8c:3e:54:33:9b:cc:f0:0f:f4:d9:22:80:
                    1b:46:a7:86:84:ed:ba:aa:6b:49:d9:2e:7b:4b:e7:
                    05:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:A3:88:49:08:F2:D7:7A:A4:09:40:EE:65:89:06:59:38:68:13:B9
            X509v3 Authority Key Identifier:
                keyid:A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/U6OISQjy13qkCUDuZYkGWThoE7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.105.130.0/23
                  141.105.140.0/22
                  212.79.112.0-212.79.121.255
                  212.87.160.0/21
                  212.87.172.0-212.87.179.255
                  212.87.182.0-212.87.191.255

    Signature Algorithm: sha256WithRSAEncryption
         37:cf:4f:20:fc:e3:1c:d8:fe:23:79:07:73:7b:32:fe:d1:fb:
         b9:e8:9e:a2:fa:60:e0:2b:11:a0:24:ce:87:9e:35:35:20:54:
         91:c4:58:49:fe:61:27:d0:96:f1:80:d5:5a:96:ef:ca:1b:5d:
         08:25:0d:1a:6c:a5:fa:a6:72:7c:58:f5:17:98:c0:94:97:bf:
         71:bf:68:05:d7:64:9e:9f:4f:74:30:4d:ce:1f:f7:d1:6c:a6:
         ce:8b:d6:72:8c:82:c8:24:f5:fd:26:78:97:fc:7c:44:e1:32:
         7b:66:18:5c:4d:26:c6:94:ff:b6:e7:35:d0:f9:b7:14:2b:9a:
         ad:f2:ee:fc:b6:02:dd:30:34:38:ad:23:d0:0c:ba:4d:a8:a2:
         72:77:e2:dd:66:9a:1d:89:27:98:30:58:68:5e:31:fa:ca:14:
         40:60:da:0d:28:84:2a:ef:07:dc:4c:12:4c:6d:dc:d2:5e:aa:
         18:09:39:61:7b:dc:1b:66:94:55:d0:0c:cd:c0:e4:0c:be:df:
         e2:db:f2:08:df:c1:61:e9:37:dc:6c:8b:f5:1c:3c:01:4c:3b:
         d2:38:a2:d2:f5:bf:10:ac:00:7a:70:8e:2e:ce:3c:35:c3:63:
         9b:ad:88:55:3b:a9:35:18:3c:06:c2:1e:1a:b1:b9:2e:09:65:
         57:69:63:54
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYzKK808ZnOrBuSrV+yS3iD9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjViYWUyNTc3OGJlZWQ4ODgwYzA4ZGYyZDNmMzdmYzM3
YWJjMWUwHhcNMjQwMTAyMTIzNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2EzODg0OTA4ZjJkNzdhYTQwOTQwZWU2NTg5MDY1OTM4NjgxM2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtbn2TpSwNRxskzazMrlvXTDajIq
JqlsOQVrI4UlRdoqgOSE15DZGhwvRnBwzJzGQsv9HBlP5r5ZnB7DH7ZXh9/1z7ie
A72wX/eTkR0GjH3Gnp+QCaYCDYUaqM9xdF5NFgpjUnwic1IZpDhnpLtyRbKDAU0u
wSKL/5E5wX61jh1bGU3AixFkal0E3kJtpxX7EY45hb9qItICmrz056badSZv3pvT
rM+M9l7qx51o9D509b3Fw6yWBEs1gNp2Rgm0DJ2QPaV7JdhHe2CyCYQ3zMlBNzvM
xygFpUXiodNR3NAHXWWMPlQzm8zwD/TZIoAbRqeGhO26qmtJ2S57S+cFiwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFFOjiEkI8td6pAlA7mWJBlk4aBO5MB8GA1UdIwQY
MBaAFKhluuJXeL7tiIDAjfLT83/DerweMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTkt
MWI2Zjc1MGNmOWEyLzEvVTZPSVNRankxM3FrQ1VEdVpZa0dXVGhvRTdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTktMWI2Zjc1MGNmOWEy
LzEvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBjWmCAwQC
jWmMMAwDBATUT3ADBAHUT3gDBAPUV6AwDAMEAtRXrAMEAtRXsDAMAwQB1Fe2AwQG
1FeAMA0GCSqGSIb3DQEBCwUAA4IBAQA3z08g/OMc2P4jeQdzezL+0fu56J6i+mDg
KxGgJM6HnjU1IFSRxFhJ/mEn0JbxgNValu/KG10IJQ0abKX6pnJ8WPUXmMCUl79x
v2gF12Sen090ME3OH/fRbKbOi9ZyjILIJPX9JniX/HxE4TJ7ZhhcTSbGlP+25zXQ
+bcUK5qt8u78tgLdMDQ4rSPQDLpNqKJyd+LdZpodiSeYMFhoXjH6yhRAYNoNKIQq
7wfcTBJMbdzSXqoYCTlhe9wbZpRV0AzNwOQMvt/i2/II38Fh6TfcbIv1HDwBTDvS
OKLS9b8QrAB6cI4uzjw1w2ObrYhVO6k1GDwGwh4asbkuCWVXaWNU
-----END CERTIFICATE-----