Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/QJg0pwTh0wcJQbiDBxUb97AguME.roa
File:                     QJg0pwTh0wcJQbiDBxUb97AguME.roa (raw, json)
Hash identifier:          8cDzaPmuKZdSgm0ESGykamuFGoF1Yx6Y/LV8SoZwuUg=
Subject key identifier:   40:98:34:A7:04:E1:D3:07:09:41:B8:83:07:15:1B:F7:B0:20:B8:C1
Certificate issuer:       /CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
Certificate serial:       0182D8FDD7C4D91D82164FC020602CF2C578
Authority key identifier: C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/QJg0pwTh0wcJQbiDBxUb97AguME.roa
Signing time:             Fri 26 Aug 2022 07:11:30 +0000
ROA not before:           Fri 26 Aug 2022 07:11:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205220
IP address blocks:        89.117.70.0/23 maxlen: 24
                          89.116.130.0/23 maxlen: 24
                          89.116.148.0/23 maxlen: 24
                          86.38.182.0/23 maxlen: 24
                          89.117.226.0/23 maxlen: 24
                          89.117.6.0/23 maxlen: 24
                          89.117.12.0/23 maxlen: 24
                          89.117.24.0/23 maxlen: 24
                          89.117.36.0/23 maxlen: 24
                          89.117.158.0/23 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:d8:fd:d7:c4:d9:1d:82:16:4f:c0:20:60:2c:f2:c5:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
        Validity
            Not Before: Aug 26 07:11:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=409834a704e1d3070941b88307151bf7b020b8c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:5c:25:b6:ad:7c:be:42:32:3c:88:4b:74:db:
                    d0:d2:27:fc:61:10:61:6a:f7:73:35:c6:95:e2:f8:
                    8c:a7:4b:a9:87:2b:78:e4:4a:e6:e3:f5:85:4c:3e:
                    a6:67:92:33:8c:8d:19:59:d1:44:66:ab:56:c5:5b:
                    5b:bc:fa:c5:02:86:69:a2:03:bf:2a:f1:af:9c:53:
                    37:59:64:f6:b9:ae:11:e9:ad:af:cf:e0:10:40:b7:
                    de:0f:23:64:81:e6:f8:13:21:78:a5:ec:09:0f:2f:
                    57:28:d0:b9:dd:50:52:f9:1f:f5:55:75:7f:a6:86:
                    48:88:32:b6:0d:93:75:d1:cf:bb:aa:ae:96:cd:8f:
                    d7:06:84:45:fc:9b:fa:80:2e:87:fc:6c:3a:68:12:
                    c2:c2:7b:34:41:29:05:7b:a5:2d:6c:c0:7d:77:da:
                    93:31:95:9b:06:62:c7:16:65:d7:90:47:2d:58:84:
                    00:e6:23:57:6d:a8:bc:dd:36:96:7a:59:45:44:94:
                    4f:d7:df:72:fc:88:e5:8e:e0:ac:0d:b9:49:62:7b:
                    b4:12:51:7e:2f:c0:24:0a:a7:2e:7f:6a:3d:7f:cf:
                    ba:8e:ab:c9:5d:ba:1d:6d:bd:e0:ea:e8:cd:d6:60:
                    b3:55:25:d0:4d:c1:43:d7:3e:7d:12:f2:98:3b:2f:
                    bc:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:98:34:A7:04:E1:D3:07:09:41:B8:83:07:15:1B:F7:B0:20:B8:C1
            X509v3 Authority Key Identifier:
                keyid:C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/QJg0pwTh0wcJQbiDBxUb97AguME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/xGmFheXr0RyWnH7UoyDtr8nReCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.38.182.0/23
                  89.116.130.0/23
                  89.116.148.0/23
                  89.117.6.0/23
                  89.117.12.0/23
                  89.117.24.0/23
                  89.117.36.0/23
                  89.117.70.0/23
                  89.117.158.0/23
                  89.117.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6f:0d:5c:0d:7d:d3:de:2f:bd:8b:71:7b:9b:3b:a6:1f:38:2e:
         54:a1:09:90:b5:7c:9c:ac:a6:86:58:76:0b:88:2c:c8:9b:9f:
         35:d3:93:04:24:67:7b:db:c1:2f:69:e3:68:0b:28:52:e3:47:
         bd:f5:00:c1:f8:d9:65:75:5c:99:d7:cb:62:16:87:84:70:13:
         61:57:1f:05:e8:1d:66:48:7e:a0:bd:21:4d:dc:d4:6e:15:20:
         06:48:9f:39:7c:66:71:00:97:8f:04:f9:cd:23:de:9e:20:34:
         37:8f:9f:35:43:8d:fd:f5:0d:5b:79:9b:ed:68:18:c9:9c:3c:
         aa:d0:9a:0f:35:b2:fd:66:0b:84:eb:4c:30:fa:04:ba:5c:b2:
         cf:35:a2:c7:23:e2:4c:fc:a5:7a:bb:7b:a6:96:78:80:e9:70:
         cc:1e:f5:f9:69:49:9d:25:4f:97:4e:54:0c:e8:ad:70:5c:0f:
         f8:9b:ba:90:d4:52:99:26:e1:27:70:c1:e7:9c:f6:49:40:1e:
         0d:c7:2e:3b:cd:ec:78:5a:24:24:1f:53:ee:a9:58:21:93:cd:
         06:a3:d1:8e:b1:21:c9:b0:d9:07:7a:f9:50:23:d9:8c:25:33:
         9f:25:2b:ff:f0:6e:d7:3d:cf:3e:ff:13:7d:40:de:5b:81:85:
         07:55:b2:c4
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYLY/dfE2R2CFk/AIGAs8sV4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0Njk4NTg1ZTVlYmQxMWM5NjljN2VkNGEzMjBlZGFmYzlk
MTc4MjIwHhcNMjIwODI2MDcxMTMwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDk4MzRhNzA0ZTFkMzA3MDk0MWI4ODMwNzE1MWJmN2IwMjBiOGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFwltq18vkIyPIhLdNvQ0if8YRBh
avdzNcaV4viMp0uphyt45Erm4/WFTD6mZ5IzjI0ZWdFEZqtWxVtbvPrFAoZpogO/
KvGvnFM3WWT2ua4R6a2vz+AQQLfeDyNkgeb4EyF4pewJDy9XKNC53VBS+R/1VXV/
poZIiDK2DZN10c+7qq6WzY/XBoRF/Jv6gC6H/Gw6aBLCwns0QSkFe6UtbMB9d9qT
MZWbBmLHFmXXkEctWIQA5iNXbai83TaWellFRJRP199y/IjljuCsDblJYnu0ElF+
L8AkCqcuf2o9f8+6jqvJXbodbb3g6ujN1mCzVSXQTcFD1z59EvKYOy+8JwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFECYNKcE4dMHCUG4gwcVG/ewILjBMB8GA1UdIwQY
MBaAFMRphYXl69Eclpx+1KMg7a/J0XgiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEdtRmhlWHIwUnlXbkg3VW95RHRyOG5SZUNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS81MzEwZGEtNjgyMS00NjczLTllOTgt
OWQ2MDAxZjc4YTcwLzEvUUpnMHB3VGgwd2NKUWJpREJ4VWI5N0FndU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS81MzEwZGEtNjgyMS00NjczLTllOTgtOWQ2MDAxZjc4YTcw
LzEveEdtRmhlWHIwUnlXbkg3VW95RHRyOG5SZUNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBVia2AwQB
WXSCAwQBWXSUAwQBWXUGAwQBWXUMAwQBWXUYAwQBWXUkAwQBWXVGAwQBWXWeAwQB
WXXiMA0GCSqGSIb3DQEBCwUAA4IBAQBvDVwNfdPeL72LcXubO6YfOC5UoQmQtXyc
rKaGWHYLiCzIm58105MEJGd728EvaeNoCyhS40e99QDB+NlldVyZ18tiFoeEcBNh
Vx8F6B1mSH6gvSFN3NRuFSAGSJ85fGZxAJePBPnNI96eIDQ3j581Q4399Q1beZvt
aBjJnDyq0JoPNbL9ZguE60ww+gS6XLLPNaLHI+JM/KV6u3umlniA6XDMHvX5aUmd
JU+XTlQM6K1wXA/4m7qQ1FKZJuEncMHnnPZJQB4Nxy47zex4WiQkH1PuqVghk80G
o9GOsSHJsNkHevlQI9mMJTOfJSv/8G7XPc8+/xN9QN5bgYUHVbLE
-----END CERTIFICATE-----