Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/2RuzH2PbzVmDIZA5zLMk99jdvO8.roa
File:                     2RuzH2PbzVmDIZA5zLMk99jdvO8.roa (raw, json)
Hash identifier:          FRFdmawMaFWevbC1uqc+wMPrCUtYbFZr4pV6W57Sbwo=
Subject key identifier:   D9:1B:B3:1F:63:DB:CD:59:83:21:90:39:CC:B3:24:F7:D8:DD:BC:EF
Certificate issuer:       /CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
Certificate serial:       0182C7426F675EBC1ECA797B1BEACF22EC49
Authority key identifier: C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/2RuzH2PbzVmDIZA5zLMk99jdvO8.roa
Signing time:             Mon 22 Aug 2022 20:33:16 +0000
ROA not before:           Mon 22 Aug 2022 20:33:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211585
IP address blocks:        89.117.96.0/22 maxlen: 24
                          89.116.137.0/24 maxlen: 24
                          89.117.104.0/22 maxlen: 24
                          89.116.63.0/24 maxlen: 24
                          89.116.61.0/24 maxlen: 24
                          89.116.60.0/22 maxlen: 24
                          89.116.60.0/24 maxlen: 24
                          89.116.62.0/24 maxlen: 24
                          89.116.44.0/22 maxlen: 24
                          89.116.48.0/22 maxlen: 24
                          89.117.126.0/24 maxlen: 24
                          89.117.152.0/22 maxlen: 24
                          89.116.212.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:c7:42:6f:67:5e:bc:1e:ca:79:7b:1b:ea:cf:22:ec:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
        Validity
            Not Before: Aug 22 20:33:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d91bb31f63dbcd5983219039ccb324f7d8ddbcef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:6f:e6:63:e1:8e:bb:d8:78:a7:a9:58:d8:1c:
                    35:58:c7:ed:36:4c:66:34:a3:3b:30:29:ad:a5:e8:
                    09:58:41:5b:2f:17:8a:75:3e:9b:6a:7a:84:57:e6:
                    80:68:6e:d4:26:f6:dc:bd:ad:15:e3:c0:5f:ca:7c:
                    76:05:ff:e4:ea:c7:cb:1f:a9:65:31:0f:8f:7c:12:
                    df:5c:7f:5c:17:0b:c0:d5:5c:5d:a6:6b:ae:32:3a:
                    89:d2:68:53:39:6d:11:07:0f:ce:a0:d4:cf:63:5b:
                    13:03:90:3f:c2:2a:92:ee:1a:e2:7b:84:1d:e1:22:
                    94:09:79:0e:ab:13:f5:e1:24:b8:fa:7c:79:64:30:
                    a1:33:ac:32:06:fb:93:cb:00:d1:6a:28:70:4f:d7:
                    0b:46:88:6a:b9:e6:9c:d7:ba:2d:68:e3:8c:33:ee:
                    7a:ac:db:6b:ff:89:fe:31:fb:4f:ff:bf:db:e9:fd:
                    86:19:fb:6e:2a:44:b6:a1:27:ff:3e:78:9b:42:41:
                    5c:9e:d7:00:5c:50:78:5b:3d:8e:6b:3d:b2:49:11:
                    8a:cb:76:b9:09:5f:ac:b0:ea:52:90:c9:ab:a0:f8:
                    1c:c4:6b:21:8c:ac:bb:46:57:91:33:98:0c:de:5e:
                    15:a3:6d:f2:ed:96:20:bb:6d:ad:f4:17:e8:9e:ba:
                    b4:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:1B:B3:1F:63:DB:CD:59:83:21:90:39:CC:B3:24:F7:D8:DD:BC:EF
            X509v3 Authority Key Identifier:
                keyid:C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/2RuzH2PbzVmDIZA5zLMk99jdvO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/xGmFheXr0RyWnH7UoyDtr8nReCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.116.44.0-89.116.51.255
                  89.116.60.0/22
                  89.116.137.0/24
                  89.116.212.0/22
                  89.117.96.0/22
                  89.117.104.0/22
                  89.117.126.0/24
                  89.117.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         65:a9:f6:0f:35:1f:7f:7e:72:97:a9:68:31:1a:c5:6b:f5:58:
         9b:fd:e7:25:20:f8:0a:79:1b:d5:10:6d:48:e8:4c:c4:6d:ca:
         0f:b5:ac:a8:bd:3d:dc:60:2f:62:15:20:cb:ca:8d:11:35:63:
         69:2a:90:fc:2b:53:9b:0a:db:28:a6:fe:c2:e6:b2:b7:f9:87:
         2f:41:94:12:0d:78:86:df:c5:23:a9:cf:f4:0a:a2:95:74:da:
         cf:20:0a:ab:cd:a6:30:57:c2:c3:c0:7a:e8:20:6b:1a:05:54:
         70:36:18:bb:f1:9f:0e:e8:8d:ef:ce:49:76:4f:4e:3d:a5:9d:
         62:33:d7:8b:7a:91:72:49:5f:0b:5f:c6:c0:bf:ff:e9:29:7e:
         0b:5b:af:94:c1:98:da:84:1c:63:cb:2c:3c:04:1f:8a:d2:0c:
         0a:84:24:a9:71:67:e0:a0:17:0c:a3:39:d4:d6:6e:28:b5:e4:
         74:25:de:db:4a:f4:d1:49:cc:38:47:ac:45:fe:e8:b7:db:7a:
         f9:10:36:0a:17:8b:ef:d7:90:26:42:24:83:d4:99:32:26:5b:
         9c:4e:80:7f:4b:ed:ec:98:fc:74:4d:4e:87:ec:e4:5f:cf:5d:
         c0:c9:9c:9a:ff:a1:a3:89:5d:6b:99:22:87:7c:2d:ce:15:69:
         62:6c:64:01
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYLHQm9nXrweynl7G+rPIuxJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0Njk4NTg1ZTVlYmQxMWM5NjljN2VkNGEzMjBlZGFmYzlk
MTc4MjIwHhcNMjIwODIyMjAzMzE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTFiYjMxZjYzZGJjZDU5ODMyMTkwMzljY2IzMjRmN2Q4ZGRiY2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhW/mY+GOu9h4p6lY2Bw1WMftNkxm
NKM7MCmtpegJWEFbLxeKdT6banqEV+aAaG7UJvbcva0V48Bfynx2Bf/k6sfLH6ll
MQ+PfBLfXH9cFwvA1VxdpmuuMjqJ0mhTOW0RBw/OoNTPY1sTA5A/wiqS7hrie4Qd
4SKUCXkOqxP14SS4+nx5ZDChM6wyBvuTywDRaihwT9cLRohqueac17otaOOMM+56
rNtr/4n+MftP/7/b6f2GGftuKkS2oSf/PnibQkFcntcAXFB4Wz2Oaz2ySRGKy3a5
CV+ssOpSkMmroPgcxGshjKy7RleRM5gM3l4Vo23y7ZYgu22t9Bfonrq0AQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFNkbsx9j281ZgyGQOcyzJPfY3bzvMB8GA1UdIwQY
MBaAFMRphYXl69Eclpx+1KMg7a/J0XgiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEdtRmhlWHIwUnlXbkg3VW95RHRyOG5SZUNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS81MzEwZGEtNjgyMS00NjczLTllOTgt
OWQ2MDAxZjc4YTcwLzEvMlJ1ekgyUGJ6Vm1ESVpBNXpMTWs5OWpkdk84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS81MzEwZGEtNjgyMS00NjczLTllOTgtOWQ2MDAxZjc4YTcw
LzEveEdtRmhlWHIwUnlXbkg3VW95RHRyOG5SZUNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4MAwDBAJZdCwD
BAJZdDADBAJZdDwDBABZdIkDBAJZdNQDBAJZdWADBAJZdWgDBABZdX4DBAJZdZgw
DQYJKoZIhvcNAQELBQADggEBAGWp9g81H39+cpepaDEaxWv1WJv95yUg+Ap5G9UQ
bUjoTMRtyg+1rKi9PdxgL2IVIMvKjRE1Y2kqkPwrU5sK2yim/sLmsrf5hy9BlBIN
eIbfxSOpz/QKopV02s8gCqvNpjBXwsPAeuggaxoFVHA2GLvxnw7oje/OSXZPTj2l
nWIz14t6kXJJXwtfxsC//+kpfgtbr5TBmNqEHGPLLDwEH4rSDAqEJKlxZ+CgFwyj
OdTWbii15HQl3ttK9NFJzDhHrEX+6LfbevkQNgoXi+/XkCZCJIPUmTImW5xOgH9L
7eyY/HRNTofs5F/PXcDJnJr/oaOJXWuZIod8Lc4VaWJsZAE=
-----END CERTIFICATE-----