Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/LkJz__tJcTZC7_qed4GijbajLII.roa
File:                     LkJz__tJcTZC7_qed4GijbajLII.roa (raw, json)
Hash identifier:          wwl63Ey8dphdx/aaH7vlgZ0dkYCiawTjbcN1+2q2yZ0=
Subject key identifier:   2E:42:73:FF:FB:49:71:36:42:EF:FA:9E:77:81:A2:8D:B6:A3:2C:82
Certificate issuer:       /CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
Certificate serial:       0B255CE5
Authority key identifier: C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/LkJz__tJcTZC7_qed4GijbajLII.roa
Signing time:             Wed 01 Jun 2022 08:14:21 +0000
ROA not before:           Wed 01 Jun 2022 08:14:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49999
IP address blocks:        89.117.72.0/21 maxlen: 24
                          89.116.123.0/24 maxlen: 24
                          89.117.88.0/22 maxlen: 24
                          89.117.96.0/22 maxlen: 24
                          89.116.140.0/24 maxlen: 24
                          89.117.12.0/23 maxlen: 24
                          89.117.24.0/23 maxlen: 24
                          89.116.76.0/24 maxlen: 24
                          86.38.216.0/22 maxlen: 24
                          89.116.91.0/24 maxlen: 24
                          86.38.232.0/24 maxlen: 24
                          89.116.250.0/24 maxlen: 24
                          89.116.202.0/24 maxlen: 24
                          89.116.212.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 186997989 (0xb255ce5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
        Validity
            Not Before: Jun  1 08:14:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2e4273fffb49713642effa9e7781a28db6a32c82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:bc:92:cd:85:b0:7b:35:54:c4:49:cb:56:cc:
                    cd:e2:25:0a:0f:0c:94:82:54:2d:82:aa:2c:20:88:
                    db:c6:cb:ed:b9:dc:a9:79:ce:2f:1a:25:a0:af:b9:
                    91:15:48:bc:b3:81:1d:a8:a3:19:a0:15:e0:14:1a:
                    d2:35:9a:75:ca:30:09:73:8c:b1:9c:24:74:00:f2:
                    45:8f:97:33:47:51:18:db:e0:9c:cd:b1:03:c2:2a:
                    2b:ca:f5:e6:00:f1:8d:7f:3f:65:76:d4:fe:d9:f5:
                    09:d1:1c:7e:eb:91:59:0e:90:86:d9:4a:8a:06:9d:
                    a4:6f:4b:1d:b9:74:e7:f3:1c:ce:5e:cd:51:44:77:
                    58:f7:1c:bd:ae:0e:65:f0:a6:83:9a:ce:ac:76:10:
                    90:26:5c:fb:48:88:f2:44:56:41:e3:cd:c0:dd:11:
                    b1:25:bc:fa:c7:a7:8c:45:7b:2a:f6:44:20:3d:9d:
                    79:69:ea:3a:33:21:4c:ea:05:86:69:a7:22:ce:7f:
                    5e:03:df:f2:66:61:c1:41:73:c4:d2:cf:8e:fa:54:
                    86:08:91:f0:73:9d:ce:5b:ef:30:77:fc:ca:b0:e0:
                    73:8c:81:95:e7:07:88:da:60:27:07:05:e4:4f:2b:
                    b7:51:64:f0:d3:8f:68:8d:73:34:94:06:83:66:fd:
                    2b:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:42:73:FF:FB:49:71:36:42:EF:FA:9E:77:81:A2:8D:B6:A3:2C:82
            X509v3 Authority Key Identifier:
                keyid:C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/LkJz__tJcTZC7_qed4GijbajLII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/xGmFheXr0RyWnH7UoyDtr8nReCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.38.216.0/22
                  86.38.232.0/24
                  89.116.76.0/24
                  89.116.91.0/24
                  89.116.123.0/24
                  89.116.140.0/24
                  89.116.202.0/24
                  89.116.212.0/22
                  89.116.250.0/24
                  89.117.12.0/23
                  89.117.24.0/23
                  89.117.72.0/21
                  89.117.88.0/22
                  89.117.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:01:21:0f:c9:7f:ba:26:63:99:b3:3e:35:41:58:66:4a:80:
         ba:37:81:ea:3c:5b:40:83:81:4e:2a:cd:2a:ea:01:bd:1d:42:
         1a:2d:14:ba:1a:65:36:60:c7:13:63:70:02:72:bc:f5:5e:a1:
         05:d5:4f:5a:ae:ba:66:76:f2:d4:42:54:b8:ce:36:e2:5c:ee:
         a9:a5:80:56:bb:95:d9:99:8d:5b:70:a9:c0:d6:45:d9:6c:69:
         49:6b:12:09:4d:ca:67:58:87:b4:66:a1:21:25:8e:5b:8b:89:
         ad:c6:89:d1:af:9d:a8:7b:fd:da:75:f9:0c:9c:89:44:2e:8b:
         67:bd:31:56:72:98:fd:26:62:68:1a:7b:a1:26:88:38:b3:ff:
         a6:5d:7a:e6:88:90:d0:fb:22:31:57:5a:73:d1:d9:b7:e8:bd:
         9e:1a:5a:ba:95:6f:e8:cf:aa:d3:08:16:e9:9b:fa:61:ca:41:
         31:af:d4:23:42:e8:1e:c9:96:54:06:88:5c:84:4d:85:b9:c1:
         0c:3c:f6:b4:27:da:f2:02:b0:78:55:28:79:b7:ec:53:1d:a9:
         fe:a0:13:75:3c:4b:cb:90:cc:0b:9a:7d:e5:35:52:43:07:c6:
         e6:e1:4a:02:4d:aa:48:3f:ee:64:bb:e8:1e:55:aa:51:1e:4d:
         a1:65:d0:52
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgIECyVc5TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
NDY5ODU4NWU1ZWJkMTFjOTY5YzdlZDRhMzIwZWRhZmM5ZDE3ODIyMB4XDTIyMDYw
MTA4MTQyMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmU0MjczZmZmYjQ5
NzEzNjQyZWZmYTllNzc4MWEyOGRiNmEzMmM4MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMm8ks2FsHs1VMRJy1bMzeIlCg8MlIJULYKqLCCI28bL7bnc
qXnOLxoloK+5kRVIvLOBHaijGaAV4BQa0jWadcowCXOMsZwkdADyRY+XM0dRGNvg
nM2xA8IqK8r15gDxjX8/ZXbU/tn1CdEcfuuRWQ6QhtlKigadpG9LHbl05/Mczl7N
UUR3WPccva4OZfCmg5rOrHYQkCZc+0iI8kRWQePNwN0RsSW8+senjEV7KvZEID2d
eWnqOjMhTOoFhmmnIs5/XgPf8mZhwUFzxNLPjvpUhgiR8HOdzlvvMHf8yrDgc4yB
lecHiNpgJwcF5E8rt1Fk8NOPaI1zNJQGg2b9K7UCAwEAAaOCAlcwggJTMB0GA1Ud
DgQWBBQuQnP/+0lxNkLv+p53gaKNtqMsgjAfBgNVHSMEGDAWgBTEaYWF5evRHJac
ftSjIO2vydF4IjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3hHbUZoZVhyMFJ5V25IN1VveUR0cjhuUmVDSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvNTMxMGRhLTY4MjEtNDY3My05ZTk4LTlkNjAwMWY3OGE3MC8x
L0xrSnpfX3RKY1RaQzdfcWVkNEdpamJhakxJSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
NTMxMGRhLTY4MjEtNDY3My05ZTk4LTlkNjAwMWY3OGE3MC8xL3hHbUZoZVhyMFJ5
V25IN1VveUR0cjhuUmVDSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBt
BggrBgEFBQcBBwEB/wReMFwwWgQCAAEwVAMEAlYm2AMEAFYm6AMEAFl0TAMEAFl0
WwMEAFl0ewMEAFl0jAMEAFl0ygMEAll01AMEAFl0+gMEAVl1DAMEAVl1GAMEA1l1
SAMEAll1WAMEAll1YDANBgkqhkiG9w0BAQsFAAOCAQEAhwEhD8l/uiZjmbM+NUFY
ZkqAujeB6jxbQIOBTirNKuoBvR1CGi0UuhplNmDHE2NwAnK89V6hBdVPWq66Znby
1EJUuM424lzuqaWAVruV2ZmNW3CpwNZF2WxpSWsSCU3KZ1iHtGahISWOW4uJrcaJ
0a+dqHv92nX5DJyJRC6LZ70xVnKY/SZiaBp7oSaIOLP/pl165oiQ0PsiMVdac9HZ
t+i9nhpaupVv6M+q0wgW6Zv6YcpBMa/UI0LoHsmWVAaIXIRNhbnBDDz2tCfa8gKw
eFUoebfsUx2p/qATdTxLy5DMC5p95TVSQwfG5uFKAk2qSD/uZLvoHlWqUR5NoWXQ
Ug==
-----END CERTIFICATE-----