Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/4W5cR3AK9d8lelsOC57J0W7-2Fk.roa
File:                     4W5cR3AK9d8lelsOC57J0W7-2Fk.roa (raw, json)
Hash identifier:          X2Wf6WfxyNzwuHzxBq5QLr9wOLan93/6DjKVhwRzxWI=
Subject key identifier:   E1:6E:5C:47:70:0A:F5:DF:25:7A:5B:0E:0B:9E:C9:D1:6E:FE:D8:59
Certificate issuer:       /CN=d4ff0fecd7bf44148931788dfe7f20d67a67a0db
Certificate serial:       0185720350501F4DD32DADCFC7B8A5F687DE
Authority key identifier: D4:FF:0F:EC:D7:BF:44:14:89:31:78:8D:FE:7F:20:D6:7A:67:A0:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1P8P7Ne_RBSJMXiN_n8g1npnoNs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/4W5cR3AK9d8lelsOC57J0W7-2Fk.roa
Signing time:             Mon 02 Jan 2023 10:24:57 +0000
ROA not before:           Mon 02 Jan 2023 10:24:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12570
IP address blocks:        212.96.160.0/19 maxlen: 19
                          80.78.144.0/20 maxlen: 20
                          89.190.40.0/21 maxlen: 21
                          109.105.32.0/19 maxlen: 19
                          89.190.48.0/20 maxlen: 20
                          212.4.128.0/19 maxlen: 19
                          185.8.188.0/22 maxlen: 22
                          88.83.224.0/19 maxlen: 19
                          213.211.32.0/19 maxlen: 19
                          2001:4ba8::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:03:50:50:1f:4d:d3:2d:ad:cf:c7:b8:a5:f6:87:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4ff0fecd7bf44148931788dfe7f20d67a67a0db
        Validity
            Not Before: Jan  2 10:24:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e16e5c47700af5df257a5b0e0b9ec9d16efed859
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:07:79:ad:4b:cc:19:57:9e:cf:8b:53:62:09:
                    cd:1e:f7:0c:f9:5e:a7:58:95:5c:94:f5:18:18:52:
                    b4:45:86:91:e8:69:c4:03:12:1b:a2:f6:93:82:dc:
                    d0:7e:1c:25:e1:94:e8:c4:b6:72:a2:36:12:d0:63:
                    84:03:26:16:61:26:b2:f3:9c:61:2e:58:80:9c:7d:
                    a7:01:46:de:4a:41:8f:af:bc:fe:26:7a:64:29:f4:
                    5b:62:d0:c8:48:ba:ee:37:5d:d4:63:64:16:95:04:
                    08:0f:eb:92:7f:e8:ac:07:8c:5a:2e:e7:b9:99:e8:
                    2a:a7:f3:cb:2e:95:f6:10:f6:b4:a4:4f:45:41:41:
                    b7:69:da:40:da:51:8a:0b:d0:f8:46:c2:39:1d:89:
                    52:d7:2e:bc:f2:06:ff:8b:31:98:6b:60:14:87:a0:
                    fd:fc:66:f4:23:b6:a5:0e:5d:3a:85:25:bd:60:6d:
                    5c:67:9a:00:68:be:b4:55:66:d0:11:15:4e:75:4c:
                    63:ae:44:23:e5:f8:9b:5a:57:e5:d7:70:52:e8:fc:
                    f7:17:be:3c:38:57:59:96:24:20:82:3f:f2:2e:ce:
                    79:dd:f1:f7:e9:ae:3a:32:29:7f:ac:2e:6f:69:82:
                    f0:71:b3:b1:83:2d:a9:87:4f:eb:c6:80:72:40:f3:
                    8d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:6E:5C:47:70:0A:F5:DF:25:7A:5B:0E:0B:9E:C9:D1:6E:FE:D8:59
            X509v3 Authority Key Identifier:
                keyid:D4:FF:0F:EC:D7:BF:44:14:89:31:78:8D:FE:7F:20:D6:7A:67:A0:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1P8P7Ne_RBSJMXiN_n8g1npnoNs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/4W5cR3AK9d8lelsOC57J0W7-2Fk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/1P8P7Ne_RBSJMXiN_n8g1npnoNs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.78.144.0/20
                  88.83.224.0/19
                  89.190.40.0-89.190.63.255
                  109.105.32.0/19
                  185.8.188.0/22
                  212.4.128.0/19
                  212.96.160.0/19
                  213.211.32.0/19
                IPv6:
                  2001:4ba8::/29

    Signature Algorithm: sha256WithRSAEncryption
         18:05:21:4c:a3:0d:96:b4:63:6b:2d:b6:41:73:1a:23:73:b3:
         52:45:17:60:20:25:73:d6:bd:07:52:c9:7e:c7:f5:9b:43:76:
         8a:21:49:af:4f:76:9f:c0:c6:b6:89:21:81:be:28:cb:3e:6d:
         d5:17:94:e1:6a:23:01:7f:50:70:c2:44:2b:05:32:95:f6:bc:
         04:3b:ab:f2:09:c1:8a:da:c0:f8:8a:d4:7c:80:14:27:76:59:
         22:9b:14:db:8f:f0:5c:c7:7f:cd:8b:6f:05:08:ae:07:cf:7e:
         ac:ea:10:cf:d8:2c:bd:f8:17:b1:87:ee:0e:31:42:0c:1f:6e:
         b4:99:df:38:b2:eb:a8:6d:b7:fa:59:fc:84:8b:c3:68:0f:a8:
         ce:39:4e:0d:c4:e4:31:ce:99:10:f1:b9:8f:4c:f0:67:88:56:
         91:2d:6a:87:1c:41:7d:19:8b:91:ea:e3:c1:e8:72:7e:c3:31:
         e3:03:64:90:67:3b:3b:d6:ca:75:98:96:24:45:96:ff:d6:25:
         11:82:23:da:13:be:ae:7a:ca:44:6f:ec:2c:ab:b6:ad:76:7f:
         6c:af:83:70:97:51:12:6c:ad:27:48:82:49:5b:59:f6:de:fb:
         5c:a5:44:51:54:01:14:9e:2d:a1:77:62:b0:af:6a:99:b8:78:
         64:8b:bc:60
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYVyA1BQH03TLa3Px7il9ofeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ZmYwZmVjZDdiZjQ0MTQ4OTMxNzg4ZGZlN2YyMGQ2N2E2
N2EwZGIwHhcNMjMwMTAyMTAyNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTZlNWM0NzcwMGFmNWRmMjU3YTViMGUwYjllYzlkMTZlZmVkODU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngd5rUvMGVeez4tTYgnNHvcM+V6n
WJVclPUYGFK0RYaR6GnEAxIbovaTgtzQfhwl4ZToxLZyojYS0GOEAyYWYSay85xh
LliAnH2nAUbeSkGPr7z+JnpkKfRbYtDISLruN13UY2QWlQQID+uSf+isB4xaLue5
megqp/PLLpX2EPa0pE9FQUG3adpA2lGKC9D4RsI5HYlS1y688gb/izGYa2AUh6D9
/Gb0I7alDl06hSW9YG1cZ5oAaL60VWbQERVOdUxjrkQj5fibWlfl13BS6Pz3F748
OFdZliQggj/yLs553fH36a46Mil/rC5vaYLwcbOxgy2ph0/rxoByQPONGQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOFuXEdwCvXfJXpbDgueydFu/thZMB8GA1UdIwQY
MBaAFNT/D+zXv0QUiTF4jf5/INZ6Z6DbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVA4UDdOZV9SQlNKTVhpTl9uOGcxbnBub05zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wYzBjNjUtOWY4Mi00NDUwLTkxNjUt
ZjBjMjFmODE4NmYwLzEvNFc1Y1IzQUs5ZDhsZWxzT0M1N0owVzctMkZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wYzBjNjUtOWY4Mi00NDUwLTkxNjUtZjBjMjFmODE4NmYw
LzEvMVA4UDdOZV9SQlNKTVhpTl9uOGcxbnBub05zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwQEUE6QAwQF
WFPgMAwDBANZvigDBAZZvgADBAVtaSADBAK5CLwDBAXUBIADBAXUYKADBAXV0yAw
DQQCAAIwBwMFAyABS6gwDQYJKoZIhvcNAQELBQADggEBABgFIUyjDZa0Y2sttkFz
GiNzs1JFF2AgJXPWvQdSyX7H9ZtDdoohSa9Pdp/AxraJIYG+KMs+bdUXlOFqIwF/
UHDCRCsFMpX2vAQ7q/IJwYrawPiK1HyAFCd2WSKbFNuP8FzHf82LbwUIrgfPfqzq
EM/YLL34F7GH7g4xQgwfbrSZ3ziy66htt/pZ/ISLw2gPqM45Tg3E5DHOmRDxuY9M
8GeIVpEtaoccQX0Zi5Hq48Hocn7DMeMDZJBnOzvWynWYliRFlv/WJRGCI9oTvq56
ykRv7Cyrtq12f2yvg3CXURJsrSdIgklbWfbe+1ylRFFUARSeLaF3YrCvapm4eGSL
vGA=
-----END CERTIFICATE-----