Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/AFXhAsDkDe_ZesFPW-LgEJfHvxk.roa
File:                     AFXhAsDkDe_ZesFPW-LgEJfHvxk.roa (raw, json)
Hash identifier:          LlSjFafLcll8QPwjjkFRHXFo3jZeTYIpd5/0zF0CutE=
Subject key identifier:   00:55:E1:02:C0:E4:0D:EF:D9:7A:C1:4F:5B:E2:E0:10:97:C7:BF:19
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       01890C44B8116E4837BB62D438902352F3C9
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/AFXhAsDkDe_ZesFPW-LgEJfHvxk.roa
Signing time:             Fri 30 Jun 2023 12:26:17 +0000
ROA not before:           Fri 30 Jun 2023 12:26:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.235.71.0/24 maxlen: 24
                          95.111.128.0/20 maxlen: 20
                          95.111.144.0/20 maxlen: 20
                          185.149.12.0/23 maxlen: 24
                          185.149.13.0/24 maxlen: 24
                          185.149.14.0/23 maxlen: 24
                          89.46.97.0/24 maxlen: 24
                          89.46.98.0/24 maxlen: 24
                          89.46.96.0/22 maxlen: 24
                          89.46.96.0/24 maxlen: 24
                          89.46.99.0/24 maxlen: 24
                          171.22.144.0/24 maxlen: 24
                          171.22.146.0/24 maxlen: 24
                          91.103.120.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:0c:44:b8:11:6e:48:37:bb:62:d4:38:90:23:52:f3:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Jun 30 12:26:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0055e102c0e40defd97ac14f5be2e01097c7bf19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:99:7a:56:e6:19:02:fa:ed:f0:2d:ac:76:d5:
                    9f:0d:be:a5:af:91:54:2a:7e:01:f2:0b:a9:07:9c:
                    ff:b1:76:c1:4e:c0:c1:9d:1a:be:eb:ea:c0:ef:50:
                    38:e9:a6:ec:9e:78:d1:85:80:01:f6:ba:ec:97:b0:
                    56:15:71:e0:b4:17:ac:0c:94:f3:d5:26:f4:f2:bf:
                    e8:a8:c6:a4:f9:13:4a:86:68:7f:78:1d:f7:d1:75:
                    ac:17:8a:79:13:8d:dc:4c:91:14:5e:f8:8f:0e:50:
                    a3:10:c6:1c:81:93:40:1f:cd:1b:d6:58:47:9c:bb:
                    ed:bc:c8:20:1d:d8:b3:02:5e:08:c8:88:1e:9d:41:
                    e3:17:e3:01:7f:a3:34:f6:67:3d:e2:2c:65:b1:13:
                    77:65:36:6e:8b:35:5d:21:2b:69:3e:3e:81:ed:1c:
                    5e:fc:53:2f:bd:eb:9a:f6:ec:72:eb:a0:a8:86:b6:
                    dd:58:b6:c2:61:15:f1:4c:19:b2:c4:ac:8c:0e:68:
                    1d:14:4e:33:f0:2c:52:c7:7e:65:ec:5e:da:57:05:
                    70:e5:92:b8:43:ed:c4:6a:0d:99:3d:be:10:e6:72:
                    ce:81:60:9c:96:ee:b0:d0:ca:9e:a9:dc:98:b0:f2:
                    ed:17:90:83:af:d9:cd:81:97:9b:e1:04:17:c8:5e:
                    e3:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:55:E1:02:C0:E4:0D:EF:D9:7A:C1:4F:5B:E2:E0:10:97:C7:BF:19
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/AFXhAsDkDe_ZesFPW-LgEJfHvxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.96.0/22
                  91.103.120.0/21
                  95.111.128.0/19
                  171.22.144.0/24
                  171.22.146.0/24
                  185.149.12.0/22
                  185.235.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:cd:e5:58:df:83:4d:49:f3:c4:ad:69:c3:14:76:fc:2b:72:
         88:d7:86:ad:82:98:36:02:4c:da:fa:62:f9:40:f6:c0:cf:27:
         1e:28:df:3f:53:7b:15:97:c1:ec:4b:98:91:20:3b:0e:89:72:
         8d:e8:8f:04:dd:1e:f6:37:08:ab:75:76:36:50:22:73:4f:f8:
         87:2a:1e:4b:0c:dd:49:8d:0d:00:29:38:2d:84:de:f6:2d:cb:
         23:d7:a4:86:53:3c:ff:9f:2f:59:f0:e4:5b:64:0c:18:5d:2d:
         e8:4d:13:12:c9:96:f0:96:54:5a:e4:c3:8c:5a:22:ac:2c:8f:
         08:10:12:b2:5c:d3:33:80:3c:df:c6:aa:29:a3:ff:38:6d:30:
         75:72:d1:17:3b:d4:40:b2:21:2c:e2:3b:f9:cb:ed:68:85:ef:
         c3:c0:f8:cf:59:6e:f4:95:85:c4:d8:3d:14:3c:02:ea:0a:a8:
         ba:ad:ab:05:45:1f:70:52:ad:d7:2f:63:8c:bd:0c:58:ee:f8:
         bc:84:0d:4a:b1:c0:9b:66:33:d6:61:a7:9b:c9:b7:4e:02:54:
         a2:d7:c2:76:f8:83:79:6f:5c:7a:57:99:ea:ca:ed:c7:a6:43:
         9e:e6:1d:5c:24:29:33:52:7c:cc:15:ab:97:6e:11:b9:1c:f8:
         93:ed:c2:ef
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYkMRLgRbkg3u2LUOJAjUvPJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwNjMwMTIyNjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDU1ZTEwMmMwZTQwZGVmZDk3YWMxNGY1YmUyZTAxMDk3YzdiZjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgZl6VuYZAvrt8C2sdtWfDb6lr5FU
Kn4B8gupB5z/sXbBTsDBnRq+6+rA71A46absnnjRhYAB9rrsl7BWFXHgtBesDJTz
1Sb08r/oqMak+RNKhmh/eB330XWsF4p5E43cTJEUXviPDlCjEMYcgZNAH80b1lhH
nLvtvMggHdizAl4IyIgenUHjF+MBf6M09mc94ixlsRN3ZTZuizVdIStpPj6B7Rxe
/FMvveua9uxy66CohrbdWLbCYRXxTBmyxKyMDmgdFE4z8CxSx35l7F7aVwVw5ZK4
Q+3Eag2ZPb4Q5nLOgWCclu6w0MqeqdyYsPLtF5CDr9nNgZeb4QQXyF7j8QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFABV4QLA5A3v2XrBT1vi4BCXx78ZMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvQUZYaEFzRGtEZV9aZXNGUFctTGdFSmZIdnhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCWS5gAwQD
W2d4AwQFX2+AAwQAqxaQAwQAqxaSAwQCuZUMAwQAuetHMA0GCSqGSIb3DQEBCwUA
A4IBAQBhzeVY34NNSfPErWnDFHb8K3KI14atgpg2Akza+mL5QPbAzyceKN8/U3sV
l8HsS5iRIDsOiXKN6I8E3R72NwirdXY2UCJzT/iHKh5LDN1JjQ0AKTgthN72Lcsj
16SGUzz/ny9Z8ORbZAwYXS3oTRMSyZbwllRa5MOMWiKsLI8IEBKyXNMzgDzfxqop
o/84bTB1ctEXO9RAsiEs4jv5y+1ohe/DwPjPWW70lYXE2D0UPALqCqi6rasFRR9w
Uq3XL2OMvQxY7vi8hA1KscCbZjPWYaebybdOAlSi18J2+IN5b1x6V5nqyu3HpkOe
5h1cJCkzUnzMFauXbhG5HPiT7cLv
-----END CERTIFICATE-----