Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/RlHuWsl8qgESalGXEjXeBILdaos.roa
File:                     RlHuWsl8qgESalGXEjXeBILdaos.roa (raw, json)
Hash identifier:          cPOhZ1EYUlMurchjNxUgBmi8zuXKU3WpNampxzHupww=
Subject key identifier:   46:51:EE:5A:C9:7C:AA:01:12:6A:51:97:12:35:DE:04:82:DD:6A:8B
Certificate issuer:       /CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
Certificate serial:       0B208286
Authority key identifier: C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/RlHuWsl8qgESalGXEjXeBILdaos.roa
Signing time:             Tue 31 May 2022 09:59:13 +0000
ROA not before:           Tue 31 May 2022 09:59:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211975
IP address blocks:        89.116.137.0/24 maxlen: 24
                          84.46.171.0/24 maxlen: 24
                          89.117.118.0/24 maxlen: 24
                          89.117.15.0/24 maxlen: 24
                          82.140.182.0/24 maxlen: 24
                          89.117.38.0/24 maxlen: 24
                          86.38.7.0/24 maxlen: 24
                          89.116.96.0/24 maxlen: 24
                          86.38.151.0/24 maxlen: 24
                          89.117.6.0/23 maxlen: 24
                          89.117.124.0/24 maxlen: 24
                          89.116.168.0/24 maxlen: 24
                          89.117.136.0/24 maxlen: 24
                          89.116.193.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 186679942 (0xb208286)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
        Validity
            Not Before: May 31 09:59:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4651ee5ac97caa01126a51971235de0482dd6a8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b2:b4:44:59:a3:c4:60:98:f4:53:6c:11:0c:
                    51:ae:77:23:ef:c5:41:56:84:fc:83:fb:47:55:49:
                    b4:19:9a:aa:cf:6e:d2:30:f4:3c:45:77:fc:56:0b:
                    c2:c1:4d:53:b0:d8:f7:d1:b6:18:47:af:68:ba:5c:
                    0a:46:12:e6:09:29:fb:1d:e2:c0:8c:50:20:2b:37:
                    eb:24:69:75:ab:18:c8:41:fc:ae:62:8b:33:09:76:
                    11:c0:57:1d:32:88:2b:5c:6e:15:9f:51:8b:0c:c9:
                    b4:6f:18:c7:64:84:2b:8f:f3:ed:19:9e:04:7b:4e:
                    30:bc:c8:e8:f6:11:c9:f4:6e:8b:ef:2d:d3:73:30:
                    84:35:21:2b:32:ed:c8:5c:70:63:ff:2b:e7:d3:05:
                    37:1f:8b:0a:f1:6b:13:06:47:de:cc:f1:7c:6f:55:
                    cb:75:a9:0a:cf:b1:76:27:cd:9a:70:4b:19:2b:0a:
                    83:69:72:ec:8b:2d:39:6f:bd:53:93:30:ae:36:f4:
                    6d:51:11:80:57:cb:d2:95:06:f0:5a:c1:16:f8:d3:
                    eb:6e:9f:5d:d4:ef:4c:54:0e:5d:9f:34:4b:a4:43:
                    ea:c8:54:fb:ff:57:cd:5a:ef:be:55:ef:4d:76:b0:
                    4c:e6:ad:e0:c0:b3:4d:94:9e:a1:57:1f:06:21:37:
                    3b:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:51:EE:5A:C9:7C:AA:01:12:6A:51:97:12:35:DE:04:82:DD:6A:8B
            X509v3 Authority Key Identifier:
                keyid:C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/RlHuWsl8qgESalGXEjXeBILdaos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/xGmFheXr0RyWnH7UoyDtr8nReCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.140.182.0/24
                  84.46.171.0/24
                  86.38.7.0/24
                  86.38.151.0/24
                  89.116.96.0/24
                  89.116.137.0/24
                  89.116.168.0/24
                  89.116.193.0/24
                  89.117.6.0/23
                  89.117.15.0/24
                  89.117.38.0/24
                  89.117.118.0/24
                  89.117.124.0/24
                  89.117.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:98:6f:7b:be:9e:44:61:5b:49:02:7c:3b:b9:c4:c6:22:a5:
         75:78:ed:54:51:63:c1:05:0f:c1:31:9d:23:77:02:ad:b6:c2:
         06:7c:99:f5:f1:d3:10:63:39:c5:6d:0b:36:25:18:99:d9:2e:
         ed:6b:a4:ed:d1:c6:1c:6f:c1:fe:2d:7f:1d:a8:76:cd:13:be:
         9e:d5:99:0b:95:bd:5d:72:23:7b:dd:e2:67:b4:d1:35:a4:ea:
         74:ec:47:b0:f8:8d:6e:79:06:e9:04:ac:2b:bc:9e:9e:ca:3d:
         40:54:fb:4f:1f:7a:5c:a9:28:66:f0:38:ce:9a:ec:98:02:78:
         86:45:08:55:db:36:84:10:3f:c8:7d:c1:a8:96:6d:50:2e:05:
         dd:1d:e9:48:c0:e6:d1:02:11:86:2d:c3:17:cc:90:0e:cf:de:
         09:6b:c7:37:92:43:ed:e3:e2:1e:15:6c:36:e0:42:7b:13:7e:
         fa:e4:c3:f5:cd:0d:8b:21:c8:c5:61:ff:55:6f:99:0e:c3:98:
         18:13:56:da:82:1f:cb:35:c6:34:51:97:18:ba:53:0a:d3:ea:
         2d:17:d1:d7:eb:18:a3:04:42:c4:13:f7:4b:40:a9:a6:05:58:
         0f:48:4b:43:58:49:c1:72:09:54:e6:d5:6f:6a:95:e5:86:f3:
         7b:01:41:47
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgIECyCChjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
NDY5ODU4NWU1ZWJkMTFjOTY5YzdlZDRhMzIwZWRhZmM5ZDE3ODIyMB4XDTIyMDUz
MTA5NTkxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDY1MWVlNWFjOTdj
YWEwMTEyNmE1MTk3MTIzNWRlMDQ4MmRkNmE4YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJeytERZo8RgmPRTbBEMUa53I+/FQVaE/IP7R1VJtBmaqs9u
0jD0PEV3/FYLwsFNU7DY99G2GEevaLpcCkYS5gkp+x3iwIxQICs36yRpdasYyEH8
rmKLMwl2EcBXHTKIK1xuFZ9RiwzJtG8Yx2SEK4/z7RmeBHtOMLzI6PYRyfRui+8t
03MwhDUhKzLtyFxwY/8r59MFNx+LCvFrEwZH3szxfG9Vy3WpCs+xdifNmnBLGSsK
g2ly7IstOW+9U5Mwrjb0bVERgFfL0pUG8FrBFvjT626fXdTvTFQOXZ80S6RD6shU
+/9XzVrvvlXvTXawTOat4MCzTZSeoVcfBiE3OxsCAwEAAaOCAlcwggJTMB0GA1Ud
DgQWBBRGUe5ayXyqARJqUZcSNd4Egt1qizAfBgNVHSMEGDAWgBTEaYWF5evRHJac
ftSjIO2vydF4IjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3hHbUZoZVhyMFJ5V25IN1VveUR0cjhuUmVDSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvNTMxMGRhLTY4MjEtNDY3My05ZTk4LTlkNjAwMWY3OGE3MC8x
L1JsSHVXc2w4cWdFU2FsR1hFalhlQklMZGFvcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
NTMxMGRhLTY4MjEtNDY3My05ZTk4LTlkNjAwMWY3OGE3MC8xL3hHbUZoZVhyMFJ5
V25IN1VveUR0cjhuUmVDSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBt
BggrBgEFBQcBBwEB/wReMFwwWgQCAAEwVAMEAFKMtgMEAFQuqwMEAFYmBwMEAFYm
lwMEAFl0YAMEAFl0iQMEAFl0qAMEAFl0wQMEAVl1BgMEAFl1DwMEAFl1JgMEAFl1
dgMEAFl1fAMEAFl1iDANBgkqhkiG9w0BAQsFAAOCAQEAZZhve76eRGFbSQJ8O7nE
xiKldXjtVFFjwQUPwTGdI3cCrbbCBnyZ9fHTEGM5xW0LNiUYmdku7Wuk7dHGHG/B
/i1/Hah2zRO+ntWZC5W9XXIje93iZ7TRNaTqdOxHsPiNbnkG6QSsK7yenso9QFT7
Tx96XKkoZvA4zprsmAJ4hkUIVds2hBA/yH3BqJZtUC4F3R3pSMDm0QIRhi3DF8yQ
Ds/eCWvHN5JD7ePiHhVsNuBCexN++uTD9c0NiyHIxWH/VW+ZDsOYGBNW2oIfyzXG
NFGXGLpTCtPqLRfR1+sYowRCxBP3S0CppgVYD0hLQ1hJwXIJVObVb2qV5YbzewFB
Rw==
-----END CERTIFICATE-----