Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/3309b5-f93f-4c62-8dce-b0c151e516cf/1/yQw1ThMjqtRmS9Fut0jNK_26g68.roa
File:                     yQw1ThMjqtRmS9Fut0jNK_26g68.roa (raw, json)
Hash identifier:          r8yJ233wHanY//YHLKKL3N1GeOuC7UreLGqzIWm6M78=
Subject key identifier:   C9:0C:35:4E:13:23:AA:D4:66:4B:D1:6E:B7:48:CD:2B:FD:BA:83:AF
Certificate issuer:       /CN=a67850e571f3f2aca2c1ec1d7e502d9bd184c45c
Certificate serial:       08BCAB00
Authority key identifier: A6:78:50:E5:71:F3:F2:AC:A2:C1:EC:1D:7E:50:2D:9B:D1:84:C4:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pnhQ5XHz8qyiwewdflAtm9GExFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/3309b5-f93f-4c62-8dce-b0c151e516cf/1/yQw1ThMjqtRmS9Fut0jNK_26g68.roa
Signing time:             Wed 02 Mar 2022 15:06:59 +0000
ROA not before:           Wed 02 Mar 2022 15:06:59 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     398343
IP address blocks:        91.149.228.0/22 maxlen: 22
                          91.149.232.0/23 maxlen: 23
                          91.149.236.0/22 maxlen: 22
                          91.149.235.0/24 maxlen: 24
                          91.149.240.0/20 maxlen: 20
                          91.149.198.0/23 maxlen: 23
                          91.149.201.0/24 maxlen: 24
                          91.149.202.0/23 maxlen: 23
                          91.149.213.0/24 maxlen: 24
                          91.149.215.0/24 maxlen: 24
                          91.149.218.0/23 maxlen: 23
                          91.149.221.0/24 maxlen: 24
                          91.149.222.0/23 maxlen: 23

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 146582272 (0x8bcab00)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a67850e571f3f2aca2c1ec1d7e502d9bd184c45c
        Validity
            Not Before: Mar  2 15:06:59 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c90c354e1323aad4664bd16eb748cd2bfdba83af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ed:d5:dc:d5:7b:5d:52:ce:b6:2e:5d:74:28:
                    43:1d:be:d7:61:41:2c:78:69:fe:86:ab:10:fa:af:
                    26:f0:b8:6c:35:2d:54:a9:e1:69:33:a5:6c:9d:5c:
                    c9:31:b7:1b:ab:ff:67:46:e5:34:96:9b:f2:fb:ac:
                    bd:26:8e:85:91:e3:a5:1c:40:41:6c:f9:d7:2e:4c:
                    9a:49:78:7d:c8:09:6a:df:6a:c9:06:05:31:4e:a0:
                    21:4f:bb:7b:45:3e:c9:10:55:dd:0e:09:7a:bd:54:
                    f2:87:6c:a7:ef:0f:c3:9b:06:b4:9b:c0:ea:38:65:
                    e0:ea:48:79:e6:6f:c8:87:35:a7:71:91:9a:81:23:
                    df:da:b7:d1:0f:f6:76:50:25:6c:0b:55:a6:e6:4e:
                    6a:bf:da:94:23:d6:39:c8:9a:c7:fd:f8:b3:51:56:
                    dd:c5:44:e0:35:71:59:ed:a2:09:38:ee:dc:11:f0:
                    d8:16:74:d8:92:fd:df:a3:2b:16:95:f0:72:b5:65:
                    4a:de:84:02:42:42:be:4b:b4:8b:ae:36:b9:72:8d:
                    f7:c0:46:67:c2:e1:d4:87:21:97:27:43:2e:2c:47:
                    d2:73:7a:c3:de:c5:c3:d9:23:93:c7:8d:5b:f8:6b:
                    51:16:d5:a2:aa:76:a8:41:db:9a:b1:76:fd:9c:79:
                    7d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:0C:35:4E:13:23:AA:D4:66:4B:D1:6E:B7:48:CD:2B:FD:BA:83:AF
            X509v3 Authority Key Identifier:
                keyid:A6:78:50:E5:71:F3:F2:AC:A2:C1:EC:1D:7E:50:2D:9B:D1:84:C4:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pnhQ5XHz8qyiwewdflAtm9GExFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/3309b5-f93f-4c62-8dce-b0c151e516cf/1/yQw1ThMjqtRmS9Fut0jNK_26g68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/3309b5-f93f-4c62-8dce-b0c151e516cf/1/pnhQ5XHz8qyiwewdflAtm9GExFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.149.198.0/23
                  91.149.201.0-91.149.203.255
                  91.149.213.0/24
                  91.149.215.0/24
                  91.149.218.0/23
                  91.149.221.0-91.149.223.255
                  91.149.228.0-91.149.233.255
                  91.149.235.0-91.149.255.255

    Signature Algorithm: sha256WithRSAEncryption
         5a:29:c0:ff:0d:e5:4d:6a:5a:67:98:df:ad:61:48:5d:b6:57:
         10:0b:2b:60:ed:6a:c4:85:0a:21:f2:17:b5:06:5a:9d:27:03:
         99:dd:cd:8c:5e:43:78:dc:5a:f0:36:72:af:f1:a6:1f:0e:64:
         3f:b4:62:d4:c3:d8:8b:62:91:64:d4:f8:79:67:d1:dc:df:07:
         76:a8:55:bd:7b:04:62:d4:28:d8:64:76:14:b8:39:4d:e6:71:
         db:1f:47:f6:e3:b6:8e:6c:90:d3:b1:d7:7a:0a:91:be:05:ee:
         77:0e:29:11:d4:b5:73:32:57:90:f6:31:1e:47:11:25:3b:5d:
         da:90:60:72:0e:2b:0f:26:73:bc:44:50:2b:9c:50:2b:b6:a2:
         76:91:96:8d:9d:38:d3:79:46:f0:a5:05:fe:eb:fc:48:67:a9:
         f3:35:1e:55:78:d3:4e:83:6b:c8:fc:ba:04:42:38:95:d6:ed:
         f9:3d:72:1d:60:0a:28:fc:ca:5f:40:b8:15:58:28:5d:fd:59:
         41:13:a6:55:ac:24:54:54:c7:54:10:ff:a0:df:d5:ab:46:72:
         6e:31:78:5a:69:50:8d:5e:e8:19:5b:24:8c:1f:96:d7:cb:8f:
         13:ec:0c:09:84:5b:a7:d3:6e:ff:3d:3e:92:73:f3:3e:ed:1b:
         d7:4a:94:19
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgIECLyrADANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
Njc4NTBlNTcxZjNmMmFjYTJjMWVjMWQ3ZTUwMmQ5YmQxODRjNDVjMB4XDTIyMDMw
MjE1MDY1OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzkwYzM1NGUxMzIz
YWFkNDY2NGJkMTZlYjc0OGNkMmJmZGJhODNhZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL7t1dzVe11SzrYuXXQoQx2+12FBLHhp/oarEPqvJvC4bDUt
VKnhaTOlbJ1cyTG3G6v/Z0blNJab8vusvSaOhZHjpRxAQWz51y5Mmkl4fcgJat9q
yQYFMU6gIU+7e0U+yRBV3Q4Jer1U8odsp+8Pw5sGtJvA6jhl4OpIeeZvyIc1p3GR
moEj39q30Q/2dlAlbAtVpuZOar/alCPWOciax/34s1FW3cVE4DVxWe2iCTju3BHw
2BZ02JL936MrFpXwcrVlSt6EAkJCvku0i642uXKN98BGZ8Lh1IchlydDLixH0nN6
w97Fw9kjk8eNW/hrURbVoqp2qEHbmrF2/Zx5fTUCAwEAAaOCAlIwggJOMB0GA1Ud
DgQWBBTJDDVOEyOq1GZL0W63SM0r/bqDrzAfBgNVHSMEGDAWgBSmeFDlcfPyrKLB
7B1+UC2b0YTEXDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3BuaFE1WEh6OHF5aXdld2RmbEF0bTlHRXhGdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTkvMzMwOWI1LWY5M2YtNGM2Mi04ZGNlLWIwYzE1MWU1MTZjZi8x
L3lRdzFUaE1qcXRSbVM5RnV0MGpOS18yNmc2OC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTkv
MzMwOWI1LWY5M2YtNGM2Mi04ZGNlLWIwYzE1MWU1MTZjZi8xL3BuaFE1WEh6OHF5
aXdld2RmbEF0bTlHRXhGdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBo
BggrBgEFBQcBBwEB/wRZMFcwVQQCAAEwTwMEAVuVxjAMAwQAW5XJAwQCW5XIAwQA
W5XVAwQAW5XXAwQBW5XaMAwDBABbld0DBAVblcAwDAMEAluV5AMEAVuV6DALAwQA
W5XrAwMBW5QwDQYJKoZIhvcNAQELBQADggEBAFopwP8N5U1qWmeY361hSF22VxAL
K2DtasSFCiHyF7UGWp0nA5ndzYxeQ3jcWvA2cq/xph8OZD+0YtTD2ItikWTU+Hln
0dzfB3aoVb17BGLUKNhkdhS4OU3mcdsfR/bjto5skNOx13oKkb4F7ncOKRHUtXMy
V5D2MR5HESU7XdqQYHIOKw8mc7xEUCucUCu2onaRlo2dONN5RvClBf7r/EhnqfM1
HlV4006Da8j8ugRCOJXW7fk9ch1gCij8yl9AuBVYKF39WUETplWsJFRUx1QQ/6Df
1atGcm4xeFppUI1e6BlbJIwfltfLjxPsDAmEW6fTbv89PpJz8z7tG9dKlBk=
-----END CERTIFICATE-----