Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/IUE6ZlK6l_qSY6gKmK0bi0oaDhc.roa
File:                     IUE6ZlK6l_qSY6gKmK0bi0oaDhc.roa (raw, json)
Hash identifier:          ncf18VxPbU+3wXi3+Y7NoA5c+t7gf3Y/Tp0tI2kM828=
Subject key identifier:   21:41:3A:66:52:BA:97:FA:92:63:A8:0A:98:AD:1B:8B:4A:1A:0E:17
Certificate issuer:       /CN=390b67368c91b85e84888c5ed2e824d1390810bb
Certificate serial:       018736BA098FCE7DA4D6A91230BAEDE3ACA6
Authority key identifier: 39:0B:67:36:8C:91:B8:5E:84:88:8C:5E:D2:E8:24:D1:39:08:10:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OQtnNoyRuF6EiIxe0ugk0TkIELs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/IUE6ZlK6l_qSY6gKmK0bi0oaDhc.roa
Signing time:             Fri 31 Mar 2023 08:12:54 +0000
ROA not before:           Fri 31 Mar 2023 08:12:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        193.109.192.0/21 maxlen: 24
                          85.237.196.0/24 maxlen: 24
                          85.237.205.0/24 maxlen: 24
                          85.237.203.0/24 maxlen: 24
                          85.158.58.0/24 maxlen: 24
                          85.158.57.0/24 maxlen: 24
                          85.237.208.0/20 maxlen: 24
                          85.158.60.0/24 maxlen: 24
                          185.93.32.0/24 maxlen: 24
                          185.93.34.0/23 maxlen: 24
                          194.169.217.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:36:ba:09:8f:ce:7d:a4:d6:a9:12:30:ba:ed:e3:ac:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=390b67368c91b85e84888c5ed2e824d1390810bb
        Validity
            Not Before: Mar 31 08:12:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=21413a6652ba97fa9263a80a98ad1b8b4a1a0e17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f6:49:89:86:c4:74:96:68:78:35:ff:81:b9:
                    ae:42:2e:50:e4:19:c6:dc:9a:fe:69:f9:e4:a3:4c:
                    6f:65:e9:4d:f6:77:a2:a0:6a:d3:d2:11:74:2c:56:
                    37:6a:fd:7d:6e:92:96:65:de:67:8a:ac:9b:66:a5:
                    52:0a:e1:45:56:0e:f7:12:24:0f:8e:61:c1:ec:9a:
                    87:08:9a:dd:28:9c:d8:09:fb:37:ed:21:95:0b:3e:
                    a8:5c:22:69:c7:88:45:83:0d:b7:1a:40:88:52:b4:
                    0b:f3:40:28:ae:74:4e:2b:c7:34:b5:fd:3b:f5:8b:
                    f6:d7:d9:4c:fa:b4:1a:71:e1:51:6d:aa:f0:23:05:
                    19:3d:c4:45:14:08:f5:d8:fc:3d:75:43:c0:dc:87:
                    34:9c:95:a8:c6:65:50:cf:8b:fc:4a:a1:09:a3:6c:
                    cf:00:e0:59:79:03:6a:fd:77:f0:66:ad:85:0e:fb:
                    c8:8a:40:18:9e:12:28:6d:1e:6b:15:a0:19:63:c6:
                    a5:dd:f8:a3:5f:19:9a:b7:75:d7:dc:9a:f4:8a:79:
                    d0:ae:2a:ba:ba:66:56:45:64:59:7f:7f:fa:85:e7:
                    ea:b0:9a:03:0f:84:a9:fc:56:e9:75:30:b7:88:d9:
                    a8:45:10:78:0b:5e:78:02:ae:9e:82:a0:fe:8b:c7:
                    71:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:41:3A:66:52:BA:97:FA:92:63:A8:0A:98:AD:1B:8B:4A:1A:0E:17
            X509v3 Authority Key Identifier:
                keyid:39:0B:67:36:8C:91:B8:5E:84:88:8C:5E:D2:E8:24:D1:39:08:10:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQtnNoyRuF6EiIxe0ugk0TkIELs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/IUE6ZlK6l_qSY6gKmK0bi0oaDhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/OQtnNoyRuF6EiIxe0ugk0TkIELs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.57.0-85.158.58.255
                  85.158.60.0/24
                  85.237.196.0/24
                  85.237.203.0/24
                  85.237.205.0/24
                  85.237.208.0/20
                  185.93.32.0/24
                  185.93.34.0/23
                  193.109.192.0/21
                  194.169.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:19:4b:43:86:a3:8b:2b:50:7d:91:f0:1d:6d:bf:7c:aa:ab:
         29:99:0c:8a:d6:b4:b7:bb:2f:28:15:ad:92:b2:25:1a:cd:fe:
         09:4c:93:2f:b2:1b:1c:de:5e:3b:22:ba:89:9a:5c:02:26:bb:
         82:1a:db:3a:94:c9:1b:62:bd:5c:b8:5f:80:a1:dc:4c:6c:e3:
         39:b0:13:ce:88:ab:fc:f1:c5:0b:a6:ab:25:a5:4e:ef:31:d6:
         b4:34:2f:91:d1:cc:42:bb:ca:80:cb:d7:2c:a3:c1:a3:59:a8:
         f8:ae:59:49:fc:74:04:bb:dd:a8:44:b4:ee:d4:01:3e:38:e9:
         6d:a0:f3:32:a1:80:bf:96:32:b0:4d:92:b3:f1:23:33:f4:9c:
         f7:22:54:c5:04:86:5f:33:bc:ff:b4:38:3a:aa:42:69:e0:41:
         93:90:06:7d:51:65:1f:d4:ae:b1:87:21:6a:6c:c0:d4:e7:1e:
         2a:63:1d:4f:e6:19:b0:30:51:0d:f8:53:49:70:8c:28:19:e5:
         11:a2:60:1f:47:99:33:71:9b:47:f6:d9:bd:e1:ca:67:98:eb:
         53:ee:b6:51:12:06:43:1f:11:57:4c:8f:58:0c:cd:0e:06:45:
         34:21:45:fb:bb:a6:13:75:e7:99:ae:c6:63:f5:6b:af:29:72:
         6b:b6:24:3b
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYc2ugmPzn2k1qkSMLrt46ymMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MGI2NzM2OGM5MWI4NWU4NDg4OGM1ZWQyZTgyNGQxMzkw
ODEwYmIwHhcNMjMwMzMxMDgxMjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTQxM2E2NjUyYmE5N2ZhOTI2M2E4MGE5OGFkMWI4YjRhMWEwZTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPZJiYbEdJZoeDX/gbmuQi5Q5BnG
3Jr+afnko0xvZelN9neioGrT0hF0LFY3av19bpKWZd5niqybZqVSCuFFVg73EiQP
jmHB7JqHCJrdKJzYCfs37SGVCz6oXCJpx4hFgw23GkCIUrQL80AornROK8c0tf07
9Yv219lM+rQaceFRbarwIwUZPcRFFAj12Pw9dUPA3Ic0nJWoxmVQz4v8SqEJo2zP
AOBZeQNq/XfwZq2FDvvIikAYnhIobR5rFaAZY8al3fijXxmat3XX3Jr0innQriq6
umZWRWRZf3/6hefqsJoDD4Sp/FbpdTC3iNmoRRB4C154Aq6egqD+i8dxIwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFCFBOmZSupf6kmOoCpitG4tKGg4XMB8GA1UdIwQY
MBaAFDkLZzaMkbhehIiMXtLoJNE5CBC7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1F0bk5veVJ1RjZFaUl4ZTB1Z2swVGtJRUxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8xNmNjZTQtZTk4MS00YmU1LWI5ZjYt
NWM5ZDYyNjI5Yzg2LzEvSVVFNlpsSzZsX3FTWTZnS21LMGJpMG9hRGhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8xNmNjZTQtZTk4MS00YmU1LWI5ZjYtNWM5ZDYyNjI5Yzg2
LzEvT1F0bk5veVJ1RjZFaUl4ZTB1Z2swVGtJRUxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEMAwDBABVnjkD
BABVnjoDBABVnjwDBABV7cQDBABV7csDBABV7c0DBARV7dADBAC5XSADBAG5XSID
BAPBbcADBADCqdkwDQYJKoZIhvcNAQELBQADggEBAKoZS0OGo4srUH2R8B1tv3yq
qymZDIrWtLe7LygVrZKyJRrN/glMky+yGxzeXjsiuomaXAImu4Ia2zqUyRtivVy4
X4Ch3Exs4zmwE86Iq/zxxQumqyWlTu8x1rQ0L5HRzEK7yoDL1yyjwaNZqPiuWUn8
dAS73ahEtO7UAT446W2g8zKhgL+WMrBNkrPxIzP0nPciVMUEhl8zvP+0ODqqQmng
QZOQBn1RZR/UrrGHIWpswNTnHipjHU/mGbAwUQ34U0lwjCgZ5RGiYB9HmTNxm0f2
2b3hymeY61PutlESBkMfEVdMj1gMzQ4GRTQhRfu7phN155muxmP1a68pcmu2JDs=
-----END CERTIFICATE-----