Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/CpSzbeyMyi1FGJVqK-g-ACN_RDI.roa
File:                     CpSzbeyMyi1FGJVqK-g-ACN_RDI.roa (raw, json)
Hash identifier:          kMQJ0nSBFZYZmAP4N19FkB91r0cRxz+Hk4YD4GwJjf4=
Subject key identifier:   0A:94:B3:6D:EC:8C:CA:2D:45:18:95:6A:2B:E8:3E:00:23:7F:44:32
Certificate issuer:       /CN=672f0e42b08aa451fc583a358ec370ffbd2dac68
Certificate serial:       0FD321A6
Authority key identifier: 67:2F:0E:42:B0:8A:A4:51:FC:58:3A:35:8E:C3:70:FF:BD:2D:AC:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zy8OQrCKpFH8WDo1jsNw_70trGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/CpSzbeyMyi1FGJVqK-g-ACN_RDI.roa
Signing time:             Wed 12 Jan 2022 08:59:29 +0000
ROA not before:           Wed 12 Jan 2022 08:59:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51776
IP address blocks:        87.238.138.0/24 maxlen: 24
                          87.238.137.0/24 maxlen: 24
                          87.238.136.0/21 maxlen: 24
                          87.238.142.0/24 maxlen: 24
                          87.238.141.0/24 maxlen: 24
                          185.132.128.0/22 maxlen: 24
                          185.188.53.0/24 maxlen: 24
                          185.188.52.0/24 maxlen: 24
                          185.188.55.0/24 maxlen: 24
                          185.188.54.0/24 maxlen: 24
                          91.201.213.0/24 maxlen: 24
                          91.201.212.0/23 maxlen: 24
                          91.201.212.0/24 maxlen: 24
                          2a06:56c0::/29 maxlen: 48
                          2a06:56c0:12::/48 maxlen: 48
                          2001:67c:3fc::/48 maxlen: 48
                          2a06:56c0:11::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 265494950 (0xfd321a6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=672f0e42b08aa451fc583a358ec370ffbd2dac68
        Validity
            Not Before: Jan 12 08:59:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0a94b36dec8cca2d4518956a2be83e00237f4432
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:aa:e5:17:1e:cc:f6:80:d0:5d:8b:49:19:c5:
                    d2:04:5c:40:be:4c:a2:dd:43:f2:15:2e:42:da:6a:
                    a9:cc:3b:6a:2b:86:34:32:c7:50:a9:bc:a8:ea:25:
                    8e:37:10:0d:fb:74:e5:74:df:5e:a4:9a:a3:22:04:
                    ce:d3:52:46:b5:ae:63:5d:4b:6d:59:98:62:e2:25:
                    91:86:2e:b2:ad:32:01:39:cd:1d:86:32:67:d6:21:
                    92:53:29:a9:6b:b9:55:43:ef:aa:52:3e:92:d7:c0:
                    c1:08:f4:17:64:25:8d:8d:3b:5f:52:71:59:44:7b:
                    e0:5a:ae:e0:1f:ed:6f:d6:27:38:c0:da:7f:24:e0:
                    30:36:61:ec:18:48:45:7c:81:a5:6a:ae:4f:76:01:
                    45:d3:4b:43:ef:81:25:6f:8a:c8:46:05:f7:51:3e:
                    9a:35:fc:8a:40:e7:62:86:fe:cb:27:30:3a:ec:83:
                    33:7c:96:bf:99:ea:6c:f4:b3:24:9b:4c:ee:d4:26:
                    fd:53:90:09:ca:52:28:32:63:cb:5c:ef:47:e0:2b:
                    c5:e8:19:9d:33:58:03:99:e5:93:6c:51:79:bb:dc:
                    c0:77:e5:2c:59:1f:30:5b:bb:5c:61:a7:35:f9:63:
                    6a:ab:63:38:fe:5a:0a:e2:a1:4f:c0:8d:2d:c7:c8:
                    99:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:94:B3:6D:EC:8C:CA:2D:45:18:95:6A:2B:E8:3E:00:23:7F:44:32
            X509v3 Authority Key Identifier:
                keyid:67:2F:0E:42:B0:8A:A4:51:FC:58:3A:35:8E:C3:70:FF:BD:2D:AC:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zy8OQrCKpFH8WDo1jsNw_70trGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/CpSzbeyMyi1FGJVqK-g-ACN_RDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/Zy8OQrCKpFH8WDo1jsNw_70trGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.238.136.0/21
                  91.201.212.0/23
                  185.132.128.0/22
                  185.188.52.0/22
                IPv6:
                  2001:67c:3fc::/48
                  2a06:56c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9c:d1:05:13:87:66:d5:c2:1d:23:27:b2:f1:6b:7f:53:fe:9c:
         67:d5:57:15:d6:a9:c1:28:33:72:98:53:2b:77:75:ab:b3:11:
         47:c8:f3:9a:0b:6d:da:19:e2:35:e6:37:8e:d4:44:55:1b:97:
         ad:30:57:bb:da:58:08:cd:c0:4b:b9:11:ba:52:53:7e:85:36:
         5e:d7:d3:98:e1:49:50:de:a2:fb:b3:30:12:c5:2f:e4:c7:45:
         80:04:59:f1:1f:c6:65:e5:ef:8c:aa:ba:da:0f:06:13:82:52:
         3e:44:1e:ec:f9:51:cd:82:1c:9d:20:2d:c6:d7:e6:04:52:ee:
         87:10:3e:50:c4:be:0f:90:b1:c1:03:f6:20:24:85:7b:3d:79:
         e4:02:a7:08:b8:87:ed:98:58:65:fb:a3:80:e0:95:f0:ef:34:
         92:91:d8:7e:f3:09:6d:92:cb:8b:67:2e:ed:c5:fe:95:fe:f8:
         b0:fb:47:05:20:7a:aa:70:38:22:25:dd:06:d7:17:5c:15:2d:
         60:7e:6f:5d:d8:68:ad:29:fc:ab:72:80:39:1d:3a:a5:7c:eb:
         0a:7f:4a:00:26:26:27:76:91:2f:1d:76:43:d9:ff:f3:ba:2e:
         2f:fe:b9:97:20:4a:05:3c:6b:59:61:08:88:34:15:5a:23:b8:
         93:aa:e0:56
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgIED9MhpjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
NzJmMGU0MmIwOGFhNDUxZmM1ODNhMzU4ZWMzNzBmZmJkMmRhYzY4MB4XDTIyMDEx
MjA4NTkyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGE5NGIzNmRlYzhj
Y2EyZDQ1MTg5NTZhMmJlODNlMDAyMzdmNDQzMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAO2q5RcezPaA0F2LSRnF0gRcQL5Mot1D8hUuQtpqqcw7aiuG
NDLHUKm8qOoljjcQDft05XTfXqSaoyIEztNSRrWuY11LbVmYYuIlkYYusq0yATnN
HYYyZ9YhklMpqWu5VUPvqlI+ktfAwQj0F2QljY07X1JxWUR74Fqu4B/tb9YnOMDa
fyTgMDZh7BhIRXyBpWquT3YBRdNLQ++BJW+KyEYF91E+mjX8ikDnYob+yycwOuyD
M3yWv5nqbPSzJJtM7tQm/VOQCcpSKDJjy1zvR+ArxegZnTNYA5nlk2xRebvcwHfl
LFkfMFu7XGGnNfljaqtjOP5aCuKhT8CNLcfImZ8CAwEAAaOCAjMwggIvMB0GA1Ud
DgQWBBQKlLNt7IzKLUUYlWor6D4AI39EMjAfBgNVHSMEGDAWgBRnLw5CsIqkUfxY
OjWOw3D/vS2saDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1p5OE9RckNLcEZIOFdEbzFqc053XzcwdHJHZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTMvNTlhNmI5LWNkMjAtNGNkNy1iNGE3LWYwYjk2MmY1MjQxNC8x
L0NwU3piZXlNeWkxRkdKVnFLLWctQUNOX1JESS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTMv
NTlhNmI5LWNkMjAtNGNkNy1iNGE3LWYwYjk2MmY1MjQxNC8xL1p5OE9RckNLcEZI
OFdEbzFqc053XzcwdHJHZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBJ
BggrBgEFBQcBBwEB/wQ6MDgwHgQCAAEwGAMEA1fuiAMEAVvJ1AMEArmEgAMEArm8
NDAWBAIAAjAQAwcAIAEGfAP8AwUDKgZWwDANBgkqhkiG9w0BAQsFAAOCAQEAnNEF
E4dm1cIdIyey8Wt/U/6cZ9VXFdapwSgzcphTK3d1q7MRR8jzmgtt2hniNeY3jtRE
VRuXrTBXu9pYCM3AS7kRulJTfoU2XtfTmOFJUN6i+7MwEsUv5MdFgARZ8R/GZeXv
jKq62g8GE4JSPkQe7PlRzYIcnSAtxtfmBFLuhxA+UMS+D5CxwQP2ICSFez155AKn
CLiH7ZhYZfujgOCV8O80kpHYfvMJbZLLi2cu7cX+lf74sPtHBSB6qnA4IiXdBtcX
XBUtYH5vXdhorSn8q3KAOR06pXzrCn9KACYmJ3aRLx12Q9n/87ouL/65lyBKBTxr
WWEIiDQVWiO4k6rgVg==
-----END CERTIFICATE-----