Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/8CYEQaF3QUMONjZiRoHwvuHp688.roa
File:                     8CYEQaF3QUMONjZiRoHwvuHp688.roa (raw, json)
Hash identifier:          k2ekn2OMkvn/Vo6tiWo1E/MpsZ3bYRwELZDNApKz9Fc=
Subject key identifier:   F0:26:04:41:A1:77:41:43:0E:36:36:62:46:81:F0:BE:E1:E9:EB:CF
Certificate issuer:       /CN=390b67368c91b85e84888c5ed2e824d1390810bb
Certificate serial:       01849F5F0C38DE75E8F264748C09C5924737
Authority key identifier: 39:0B:67:36:8C:91:B8:5E:84:88:8C:5E:D2:E8:24:D1:39:08:10:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OQtnNoyRuF6EiIxe0ugk0TkIELs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/8CYEQaF3QUMONjZiRoHwvuHp688.roa
Signing time:             Tue 22 Nov 2022 12:45:17 +0000
ROA not before:           Tue 22 Nov 2022 12:45:17 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        193.109.192.0/21 maxlen: 24
                          85.237.192.0/21 maxlen: 24
                          85.237.206.0/23 maxlen: 24
                          85.237.205.0/24 maxlen: 24
                          85.237.203.0/24 maxlen: 24
                          85.158.56.0/21 maxlen: 24
                          85.237.208.0/20 maxlen: 24
                          185.89.76.0/22 maxlen: 24
                          185.93.32.0/24 maxlen: 24
                          185.93.34.0/23 maxlen: 24
                          194.169.217.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:9f:5f:0c:38:de:75:e8:f2:64:74:8c:09:c5:92:47:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=390b67368c91b85e84888c5ed2e824d1390810bb
        Validity
            Not Before: Nov 22 12:45:17 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f0260441a17741430e3636624681f0bee1e9ebcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d8:cb:eb:91:61:be:a5:3e:db:c4:6f:c7:51:
                    7a:c6:10:68:78:b2:ec:c5:bc:7b:2d:83:13:89:03:
                    9a:06:49:5b:0f:f5:75:c1:1f:4b:5e:f3:7a:fe:16:
                    da:8a:f9:0c:2c:82:5b:42:d6:bc:c1:4c:eb:b9:53:
                    db:c7:05:f8:d6:5b:95:8e:9f:0c:80:6d:29:a1:4e:
                    dd:39:58:8f:e5:61:23:ce:0c:19:65:06:db:a9:b2:
                    0c:33:dc:5b:81:09:f2:53:63:1a:42:f4:4b:1d:7a:
                    c9:54:55:9d:05:ba:f1:ab:91:32:36:ad:2b:83:70:
                    c2:20:2e:83:87:1c:07:73:55:4f:6b:86:e0:b3:99:
                    7a:d0:60:20:28:07:86:cd:98:3f:15:f3:4e:ef:c7:
                    8c:32:95:31:47:f9:9f:83:18:a6:a5:2e:05:8a:7d:
                    a1:61:6d:0b:80:ce:83:d4:43:0f:99:8e:45:11:30:
                    c6:b5:47:6b:df:d8:9a:c4:fa:7f:0f:48:b7:e5:5c:
                    ae:e5:5c:49:86:d6:58:2a:02:78:eb:68:b5:26:e2:
                    f2:70:9c:91:3a:da:8b:8a:57:eb:86:c5:13:51:cb:
                    90:58:99:52:67:1d:6a:13:63:b0:42:37:51:a6:8e:
                    47:e6:25:b8:6c:24:ba:f0:dc:03:8a:e1:d9:d8:26:
                    26:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:26:04:41:A1:77:41:43:0E:36:36:62:46:81:F0:BE:E1:E9:EB:CF
            X509v3 Authority Key Identifier:
                keyid:39:0B:67:36:8C:91:B8:5E:84:88:8C:5E:D2:E8:24:D1:39:08:10:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQtnNoyRuF6EiIxe0ugk0TkIELs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/8CYEQaF3QUMONjZiRoHwvuHp688.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/OQtnNoyRuF6EiIxe0ugk0TkIELs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.56.0/21
                  85.237.192.0/21
                  85.237.203.0/24
                  85.237.205.0-85.237.223.255
                  185.89.76.0/22
                  185.93.32.0/24
                  185.93.34.0/23
                  193.109.192.0/21
                  194.169.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:6a:23:d7:e7:aa:2f:a0:2a:5e:66:7d:96:72:76:b7:ec:12:
         41:44:be:48:9c:aa:9a:3e:08:0e:d8:29:a6:8a:33:9a:3b:77:
         23:12:57:07:90:79:a6:ca:b2:38:fd:1c:b4:dc:e8:f8:23:9f:
         f1:e9:c9:a1:22:42:ab:18:3d:8b:93:17:9f:f1:c6:2e:14:b6:
         cd:be:cd:68:59:37:90:bf:83:73:43:49:64:a1:91:91:dd:70:
         dc:ae:01:50:7f:96:7c:48:73:b3:a7:fe:50:e9:22:0b:84:2e:
         c2:d2:d8:1a:3a:ad:f2:e9:88:ba:18:79:91:88:26:ef:ba:cd:
         55:e9:35:06:e4:b6:73:32:fe:b8:2b:2c:28:c7:5a:bf:45:2c:
         15:a9:a9:7a:0f:5e:40:26:a0:5d:d5:5c:d3:e2:0f:da:6f:45:
         8c:b2:c4:16:7f:02:5c:fd:97:55:60:18:5c:77:66:d8:32:4a:
         6b:3a:44:92:50:b5:59:63:70:42:94:b5:79:3e:d8:bc:c3:92:
         55:6d:9f:58:75:b1:9a:9a:97:bd:86:35:ec:d6:4a:a6:5e:62:
         a8:37:1f:99:cf:8c:02:93:7e:15:8b:2c:5c:62:ab:59:2c:56:
         29:91:5c:1e:ce:96:cb:9b:4f:f1:e3:89:f3:ef:3e:9d:b4:54:
         22:5c:52:fa
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYSfXww43nXo8mR0jAnFkkc3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MGI2NzM2OGM5MWI4NWU4NDg4OGM1ZWQyZTgyNGQxMzkw
ODEwYmIwHhcNMjIxMTIyMTI0NTE3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDI2MDQ0MWExNzc0MTQzMGUzNjM2NjI0NjgxZjBiZWUxZTllYmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdjL65FhvqU+28Rvx1F6xhBoeLLs
xbx7LYMTiQOaBklbD/V1wR9LXvN6/hbaivkMLIJbQta8wUzruVPbxwX41luVjp8M
gG0poU7dOViP5WEjzgwZZQbbqbIMM9xbgQnyU2MaQvRLHXrJVFWdBbrxq5EyNq0r
g3DCIC6DhxwHc1VPa4bgs5l60GAgKAeGzZg/FfNO78eMMpUxR/mfgximpS4Fin2h
YW0LgM6D1EMPmY5FETDGtUdr39iaxPp/D0i35Vyu5VxJhtZYKgJ462i1JuLycJyR
OtqLilfrhsUTUcuQWJlSZx1qE2OwQjdRpo5H5iW4bCS68NwDiuHZ2CYm8wIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFPAmBEGhd0FDDjY2YkaB8L7h6evPMB8GA1UdIwQY
MBaAFDkLZzaMkbhehIiMXtLoJNE5CBC7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1F0bk5veVJ1RjZFaUl4ZTB1Z2swVGtJRUxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8xNmNjZTQtZTk4MS00YmU1LWI5ZjYt
NWM5ZDYyNjI5Yzg2LzEvOENZRVFhRjNRVU1PTmpaaVJvSHd2dUhwNjg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8xNmNjZTQtZTk4MS00YmU1LWI5ZjYtNWM5ZDYyNjI5Yzg2
LzEvT1F0bk5veVJ1RjZFaUl4ZTB1Z2swVGtJRUxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQDVZ44AwQD
Ve3AAwQAVe3LMAwDBABV7c0DBAVV7cADBAK5WUwDBAC5XSADBAG5XSIDBAPBbcAD
BADCqdkwDQYJKoZIhvcNAQELBQADggEBAKdqI9fnqi+gKl5mfZZydrfsEkFEvkic
qpo+CA7YKaaKM5o7dyMSVweQeabKsjj9HLTc6Pgjn/HpyaEiQqsYPYuTF5/xxi4U
ts2+zWhZN5C/g3NDSWShkZHdcNyuAVB/lnxIc7On/lDpIguELsLS2Bo6rfLpiLoY
eZGIJu+6zVXpNQbktnMy/rgrLCjHWr9FLBWpqXoPXkAmoF3VXNPiD9pvRYyyxBZ/
Alz9l1VgGFx3ZtgySms6RJJQtVljcEKUtXk+2LzDklVtn1h1sZqal72GNezWSqZe
Yqg3H5nPjAKTfhWLLFxiq1ksVimRXB7OlsubT/HjifPvPp20VCJcUvo=
-----END CERTIFICATE-----