Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/2a965c-3347-443e-88c7-5b4d52dc2de2/1/UdbaQy1U9wSepDHDq1fUYxi9PdI.roa
File:                     UdbaQy1U9wSepDHDq1fUYxi9PdI.roa (raw, json)
Hash identifier:          5iW75EWgbQzYCPOXyFNkIrIEnJlh4WDPmQ0AwQ0QEBg=
Subject key identifier:   51:D6:DA:43:2D:54:F7:04:9E:A4:31:C3:AB:57:D4:63:18:BD:3D:D2
Certificate issuer:       /CN=ad12daa384888b5247df712965803f0d3fa8989d
Certificate serial:       018709C4D41E08CB21AF25E5728C764B5B90
Authority key identifier: AD:12:DA:A3:84:88:8B:52:47:DF:71:29:65:80:3F:0D:3F:A8:98:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rRLao4SIi1JH33EpZYA_DT-omJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/2a965c-3347-443e-88c7-5b4d52dc2de2/1/UdbaQy1U9wSepDHDq1fUYxi9PdI.roa
Signing time:             Wed 22 Mar 2023 14:41:46 +0000
ROA not before:           Wed 22 Mar 2023 14:41:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42263
IP address blocks:        45.140.116.0/22 maxlen: 22
                          185.182.32.0/22 maxlen: 22
                          185.115.48.0/22 maxlen: 22
                          5.253.192.0/22 maxlen: 22
                          185.32.80.0/22 maxlen: 22
                          185.116.244.0/24 maxlen: 24
                          185.116.244.0/22 maxlen: 22
                          192.70.192.0/22 maxlen: 22
                          185.173.240.0/22 maxlen: 22
                          185.145.196.0/22 maxlen: 22
                          2a00:c320::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:09:c4:d4:1e:08:cb:21:af:25:e5:72:8c:76:4b:5b:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad12daa384888b5247df712965803f0d3fa8989d
        Validity
            Not Before: Mar 22 14:41:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=51d6da432d54f7049ea431c3ab57d46318bd3dd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:52:fa:29:7c:e6:ec:58:69:3f:72:41:ee:3f:
                    90:8f:0d:09:d4:5b:83:fd:db:c8:8b:75:cb:04:e2:
                    7f:0b:0f:4d:e3:d2:60:8a:2e:c4:01:f9:d6:1e:1b:
                    da:34:3e:9b:4b:5c:ea:96:4f:e1:92:7f:cc:cb:d7:
                    e9:6a:2c:9e:d4:72:55:dc:98:a7:dd:b0:ed:ba:11:
                    18:ce:da:4a:1d:aa:43:05:b9:e8:3d:10:24:bd:64:
                    0e:04:d4:36:fc:db:fd:2e:70:79:ed:aa:83:19:84:
                    59:8c:47:da:e9:10:e5:d3:bf:b1:30:27:e2:0d:84:
                    ef:8b:65:54:ad:ea:5d:28:91:0b:0f:00:4a:b2:21:
                    66:52:98:1e:af:d1:e0:ab:28:23:4d:74:20:91:2b:
                    0d:e8:b4:0d:4d:92:bc:fc:be:ee:b5:f1:cc:40:40:
                    f7:c2:dc:e8:41:26:a5:1c:62:2b:02:df:c0:e5:f5:
                    5a:0d:e3:13:45:d9:e9:66:10:8a:7c:f6:c0:05:c9:
                    23:c4:68:c0:72:21:42:df:e4:d4:63:b7:5c:74:a8:
                    7a:d4:29:27:a6:ea:d0:54:77:fd:de:f2:65:05:5c:
                    ab:4b:0c:65:3b:ad:c3:55:d6:e7:ee:e9:e0:dc:4b:
                    e3:0c:72:3d:71:28:36:05:53:e0:46:f5:65:61:53:
                    8d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:D6:DA:43:2D:54:F7:04:9E:A4:31:C3:AB:57:D4:63:18:BD:3D:D2
            X509v3 Authority Key Identifier:
                keyid:AD:12:DA:A3:84:88:8B:52:47:DF:71:29:65:80:3F:0D:3F:A8:98:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rRLao4SIi1JH33EpZYA_DT-omJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/2a965c-3347-443e-88c7-5b4d52dc2de2/1/UdbaQy1U9wSepDHDq1fUYxi9PdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/2a965c-3347-443e-88c7-5b4d52dc2de2/1/rRLao4SIi1JH33EpZYA_DT-omJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.192.0/22
                  45.140.116.0/22
                  185.32.80.0/22
                  185.115.48.0/22
                  185.116.244.0/22
                  185.145.196.0/22
                  185.173.240.0/22
                  185.182.32.0/22
                  192.70.192.0/22
                IPv6:
                  2a00:c320::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:0f:4d:9e:72:2a:ff:bc:5d:54:fa:2a:a5:18:96:e5:24:e0:
         b9:14:47:4b:18:38:ae:46:e1:0f:b1:fa:b9:41:77:7f:19:93:
         42:e3:40:7c:5d:fb:e8:9c:85:ac:97:6d:57:1f:4a:19:47:8b:
         02:03:7f:d0:bb:a6:03:3d:f1:85:16:a9:64:40:80:8d:5d:c5:
         ee:4f:31:21:b5:54:e3:76:73:b1:c3:35:2c:98:e3:8a:28:8f:
         81:0e:04:56:c2:fb:06:e0:92:8a:d0:a1:4b:dc:70:24:aa:f3:
         fc:ca:6a:a8:bf:54:81:ff:f6:f0:00:e8:d3:69:0e:f3:1e:0a:
         0e:90:3e:39:29:87:f5:ad:c7:60:5f:5e:c6:45:a0:4c:d4:dd:
         cb:bb:1b:b6:27:05:98:e0:dd:2c:40:f1:9e:8f:91:30:85:77:
         8a:2a:72:e6:e1:6c:b4:9d:fb:c1:3a:fa:52:d3:7a:fb:1c:a4:
         2d:96:16:e5:89:76:1a:2a:6a:88:cc:16:e7:a7:28:f9:47:dd:
         09:e2:2a:c2:3d:f0:68:a1:b8:e5:4a:3d:12:19:c6:3b:6e:d8:
         b3:76:54:6b:8f:d3:cb:29:f4:0d:fe:71:c4:1c:3d:55:13:ba:
         73:44:a3:f9:c8:86:24:e3:cd:a5:9e:8f:98:40:75:65:e1:68:
         9b:94:81:18
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYcJxNQeCMshryXlcox2S1uQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMTJkYWEzODQ4ODhiNTI0N2RmNzEyOTY1ODAzZjBkM2Zh
ODk4OWQwHhcNMjMwMzIyMTQ0MTQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWQ2ZGE0MzJkNTRmNzA0OWVhNDMxYzNhYjU3ZDQ2MzE4YmQzZGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVL6KXzm7FhpP3JB7j+Qjw0J1FuD
/dvIi3XLBOJ/Cw9N49Jgii7EAfnWHhvaND6bS1zqlk/hkn/My9fpaiye1HJV3Jin
3bDtuhEYztpKHapDBbnoPRAkvWQOBNQ2/Nv9LnB57aqDGYRZjEfa6RDl07+xMCfi
DYTvi2VUrepdKJELDwBKsiFmUpger9HgqygjTXQgkSsN6LQNTZK8/L7utfHMQED3
wtzoQSalHGIrAt/A5fVaDeMTRdnpZhCKfPbABckjxGjAciFC3+TUY7dcdKh61Ckn
purQVHf93vJlBVyrSwxlO63DVdbn7ung3EvjDHI9cSg2BVPgRvVlYVONTQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFFHW2kMtVPcEnqQxw6tX1GMYvT3SMB8GA1UdIwQY
MBaAFK0S2qOEiItSR99xKWWAPw0/qJidMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclJMYW80U0lpMUpIMzNFcFpZQV9EVC1vbUowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8yYTk2NWMtMzM0Ny00NDNlLTg4Yzct
NWI0ZDUyZGMyZGUyLzEvVWRiYVF5MVU5d1NlcERIRHExZlVZeGk5UGRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8yYTk2NWMtMzM0Ny00NDNlLTg4YzctNWI0ZDUyZGMyZGUy
LzEvclJMYW80U0lpMUpIMzNFcFpZQV9EVC1vbUowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQCBf3AAwQC
LYx0AwQCuSBQAwQCuXMwAwQCuXT0AwQCuZHEAwQCua3wAwQCubYgAwQCwEbAMA0E
AgACMAcDBQAqAMMgMA0GCSqGSIb3DQEBCwUAA4IBAQA+D02ecir/vF1U+iqlGJbl
JOC5FEdLGDiuRuEPsfq5QXd/GZNC40B8XfvonIWsl21XH0oZR4sCA3/Qu6YDPfGF
FqlkQICNXcXuTzEhtVTjdnOxwzUsmOOKKI+BDgRWwvsG4JKK0KFL3HAkqvP8ymqo
v1SB//bwAOjTaQ7zHgoOkD45KYf1rcdgX17GRaBM1N3Luxu2JwWY4N0sQPGej5Ew
hXeKKnLm4Wy0nfvBOvpS03r7HKQtlhbliXYaKmqIzBbnpyj5R90J4irCPfBoobjl
Sj0SGcY7btizdlRrj9PLKfQN/nHEHD1VE7pzRKP5yIYk482lno+YQHVl4WiblIEY
-----END CERTIFICATE-----