Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/O81fFJMMKG7btxnFqNa9lyNr6TY.roa
File:                     O81fFJMMKG7btxnFqNa9lyNr6TY.roa (raw, json)
Hash identifier:          imOdbamTjvGDTLGB4AzMypFDuaU3mTZgk3XKEL17Z04=
Subject key identifier:   3B:CD:5F:14:93:0C:28:6E:DB:B7:19:C5:A8:D6:BD:97:23:6B:E9:36
Certificate issuer:       /CN=390b67368c91b85e84888c5ed2e824d1390810bb
Certificate serial:       01885FE295400C9564EF03FD64CD6A7AB453
Authority key identifier: 39:0B:67:36:8C:91:B8:5E:84:88:8C:5E:D2:E8:24:D1:39:08:10:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OQtnNoyRuF6EiIxe0ugk0TkIELs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/O81fFJMMKG7btxnFqNa9lyNr6TY.roa
Signing time:             Sun 28 May 2023 01:04:24 +0000
ROA not before:           Sun 28 May 2023 01:04:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        85.237.196.0/24 maxlen: 24
                          85.237.205.0/24 maxlen: 24
                          85.237.203.0/24 maxlen: 24
                          85.237.208.0/20 maxlen: 24
                          85.237.214.0/24 maxlen: 24
                          85.158.58.0/24 maxlen: 24
                          85.158.57.0/24 maxlen: 24
                          85.158.61.0/24 maxlen: 24
                          85.158.63.0/24 maxlen: 24
                          85.158.62.0/24 maxlen: 24
                          85.158.60.0/24 maxlen: 24
                          185.93.32.0/24 maxlen: 24
                          185.93.34.0/23 maxlen: 24
                          185.93.35.0/24 maxlen: 24
                          194.169.217.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:5f:e2:95:40:0c:95:64:ef:03:fd:64:cd:6a:7a:b4:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=390b67368c91b85e84888c5ed2e824d1390810bb
        Validity
            Not Before: May 28 01:04:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3bcd5f14930c286edbb719c5a8d6bd97236be936
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:9d:2b:44:74:7f:39:4c:bb:46:52:11:bc:86:
                    cb:47:1b:a9:44:00:bc:60:16:61:2c:34:24:2d:bb:
                    a8:a2:bf:f4:87:31:f7:49:72:79:0a:9c:71:21:a3:
                    ac:ed:5b:84:9f:f7:75:81:85:c2:95:3b:e1:07:87:
                    0e:47:d5:f4:b9:ef:fe:a8:10:4e:89:6f:74:fb:6f:
                    12:5b:34:3b:fc:69:94:6e:86:d8:0f:81:16:96:d9:
                    81:97:1e:4b:64:4d:83:91:9d:50:c7:68:19:ff:5e:
                    3b:d6:8d:37:0f:5f:05:8b:e0:9c:bc:24:4b:70:eb:
                    3b:29:15:01:49:8e:9e:2c:47:cc:31:88:88:02:bc:
                    59:5d:78:bb:34:ef:56:35:40:67:cf:cf:8c:80:c1:
                    bf:47:b9:cc:90:41:17:09:cf:e9:74:35:e7:4f:06:
                    da:44:8b:3c:77:f2:54:e8:6f:f3:13:3b:61:e5:3b:
                    82:6d:94:9b:a6:29:73:64:4f:db:72:61:0a:30:f6:
                    31:3b:f4:23:5f:55:18:a0:43:6d:2b:e7:7f:be:ee:
                    81:f9:f9:fd:19:1d:25:7b:66:08:29:ff:65:68:23:
                    ab:5a:47:6f:29:8b:3e:36:d6:4e:b1:01:4d:f7:f6:
                    3b:e5:da:07:93:14:91:7c:22:48:4d:27:d3:3d:44:
                    57:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:CD:5F:14:93:0C:28:6E:DB:B7:19:C5:A8:D6:BD:97:23:6B:E9:36
            X509v3 Authority Key Identifier:
                keyid:39:0B:67:36:8C:91:B8:5E:84:88:8C:5E:D2:E8:24:D1:39:08:10:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQtnNoyRuF6EiIxe0ugk0TkIELs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/O81fFJMMKG7btxnFqNa9lyNr6TY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/16cce4-e981-4be5-b9f6-5c9d62629c86/1/OQtnNoyRuF6EiIxe0ugk0TkIELs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.57.0-85.158.58.255
                  85.158.60.0/22
                  85.237.196.0/24
                  85.237.203.0/24
                  85.237.205.0/24
                  85.237.208.0/20
                  185.93.32.0/24
                  185.93.34.0/23
                  194.169.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:7a:6c:d1:3f:ef:c4:92:c6:8d:f7:04:5e:0e:22:b9:27:af:
         2d:3c:6e:80:a3:be:1c:00:cb:5a:eb:c6:1e:48:8f:b0:25:d2:
         24:45:2a:e6:f5:7c:99:14:f6:d7:68:c4:2c:19:09:30:1d:de:
         60:d0:05:83:38:f9:75:22:0e:65:12:91:a0:1c:5b:ab:8f:09:
         39:d0:41:15:bb:fb:c9:b8:11:c2:f3:82:ff:01:a0:37:da:22:
         56:ef:57:c0:35:6a:3f:55:f1:b1:95:f9:e2:fb:5c:5b:a7:30:
         8a:75:b6:28:15:ee:61:91:14:b1:c5:29:b4:64:11:7e:6c:e3:
         08:db:71:e6:72:d6:22:a8:2c:1c:80:67:3c:8e:fa:6f:93:18:
         1c:c6:81:d4:61:92:b5:5e:b7:38:f6:81:e7:e7:93:08:fc:65:
         71:b6:db:7a:09:d3:a5:6d:fe:63:c9:4b:74:fd:c7:34:47:4a:
         72:bf:fb:93:b1:ce:bb:22:16:8e:60:dc:c3:fc:f1:f1:2b:56:
         ad:de:cc:eb:ee:56:9b:72:8c:19:37:07:13:10:1c:32:6a:f6:
         17:40:1a:4d:6e:92:93:ba:90:29:98:2c:26:3b:e7:15:7a:df:
         db:a6:98:6a:3f:69:1f:83:35:6a:09:11:79:9d:f2:6b:d7:6d:
         79:c4:c8:f2
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYhf4pVADJVk7wP9ZM1qerRTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MGI2NzM2OGM5MWI4NWU4NDg4OGM1ZWQyZTgyNGQxMzkw
ODEwYmIwHhcNMjMwNTI4MDEwNDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmNkNWYxNDkzMGMyODZlZGJiNzE5YzVhOGQ2YmQ5NzIzNmJlOTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhp0rRHR/OUy7RlIRvIbLRxupRAC8
YBZhLDQkLbuoor/0hzH3SXJ5CpxxIaOs7VuEn/d1gYXClTvhB4cOR9X0ue/+qBBO
iW90+28SWzQ7/GmUbobYD4EWltmBlx5LZE2DkZ1Qx2gZ/1471o03D18Fi+CcvCRL
cOs7KRUBSY6eLEfMMYiIArxZXXi7NO9WNUBnz8+MgMG/R7nMkEEXCc/pdDXnTwba
RIs8d/JU6G/zEzth5TuCbZSbpilzZE/bcmEKMPYxO/QjX1UYoENtK+d/vu6B+fn9
GR0le2YIKf9laCOrWkdvKYs+NtZOsQFN9/Y75doHkxSRfCJITSfTPURXKwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFDvNXxSTDChu27cZxajWvZcja+k2MB8GA1UdIwQY
MBaAFDkLZzaMkbhehIiMXtLoJNE5CBC7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1F0bk5veVJ1RjZFaUl4ZTB1Z2swVGtJRUxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8xNmNjZTQtZTk4MS00YmU1LWI5ZjYt
NWM5ZDYyNjI5Yzg2LzEvTzgxZkZKTU1LRzdidHhuRnFOYTlseU5yNlRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8xNmNjZTQtZTk4MS00YmU1LWI5ZjYtNWM5ZDYyNjI5Yzg2
LzEvT1F0bk5veVJ1RjZFaUl4ZTB1Z2swVGtJRUxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+MAwDBABVnjkD
BABVnjoDBAJVnjwDBABV7cQDBABV7csDBABV7c0DBARV7dADBAC5XSADBAG5XSID
BADCqdkwDQYJKoZIhvcNAQELBQADggEBAD96bNE/78SSxo33BF4OIrknry08boCj
vhwAy1rrxh5Ij7Al0iRFKub1fJkU9tdoxCwZCTAd3mDQBYM4+XUiDmUSkaAcW6uP
CTnQQRW7+8m4EcLzgv8BoDfaIlbvV8A1aj9V8bGV+eL7XFunMIp1tigV7mGRFLHF
KbRkEX5s4wjbceZy1iKoLByAZzyO+m+TGBzGgdRhkrVetzj2gefnkwj8ZXG223oJ
06Vt/mPJS3T9xzRHSnK/+5OxzrsiFo5g3MP88fErVq3ezOvuVptyjBk3BxMQHDJq
9hdAGk1ukpO6kCmYLCY75xV639ummGo/aR+DNWoJEXmd8mvXbXnEyPI=
-----END CERTIFICATE-----