Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/syd_OGDRrhegFeKqChunxrBDEPo.roa
File:                     syd_OGDRrhegFeKqChunxrBDEPo.roa (raw, json)
Hash identifier:          BHFI0+yEVCZr7E1/CcYHdyxytDUUzVthCDfZbuwbYWo=
Subject key identifier:   B3:27:7F:38:60:D1:AE:17:A0:15:E2:AA:0A:1B:A7:C6:B0:43:10:FA
Certificate issuer:       /CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
Certificate serial:       0183D063C8D8F33D82F9E37875B01BE7AE4E
Authority key identifier: C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/syd_OGDRrhegFeKqChunxrBDEPo.roa
Signing time:             Thu 13 Oct 2022 08:09:03 +0000
ROA not before:           Thu 13 Oct 2022 08:09:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49999
IP address blocks:        89.117.72.0/21 maxlen: 24
                          89.116.123.0/24 maxlen: 24
                          89.117.88.0/22 maxlen: 24
                          89.116.244.0/24 maxlen: 24
                          89.116.250.0/24 maxlen: 24
                          89.117.112.0/22 maxlen: 24
                          89.117.120.0/22 maxlen: 24
                          89.116.186.0/24 maxlen: 24
                          86.38.216.0/22 maxlen: 24
                          89.116.212.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:d0:63:c8:d8:f3:3d:82:f9:e3:78:75:b0:1b:e7:ae:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
        Validity
            Not Before: Oct 13 08:09:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b3277f3860d1ae17a015e2aa0a1ba7c6b04310fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:03:60:20:c6:00:79:4f:cb:e5:66:b1:33:b6:
                    ca:3c:b3:11:9b:1c:0a:f0:8b:77:7a:2c:6a:15:0a:
                    7a:95:00:ec:71:3a:12:83:53:5d:a7:fa:14:71:bc:
                    24:9d:c4:6c:af:95:50:fa:06:5a:1d:a5:49:96:9b:
                    31:f1:d8:7a:40:16:84:0d:96:1d:14:c8:96:e3:b9:
                    ec:12:ea:4a:b5:eb:fe:9f:32:09:ff:47:f0:a5:5b:
                    28:a7:29:37:33:af:8a:34:e5:bf:55:94:6d:4a:7f:
                    dc:8c:2b:c2:3c:19:23:6e:1b:67:a2:b9:02:eb:34:
                    1f:3d:d2:91:74:72:07:50:c6:20:88:1a:43:db:0e:
                    ab:7f:92:49:88:bb:5d:65:fe:bf:f2:fb:0e:c8:d6:
                    cf:18:44:49:c5:2a:57:10:d6:cb:eb:04:9b:ac:ac:
                    f0:b8:90:8c:3b:3d:9a:c2:1e:6a:c4:0f:e6:24:84:
                    3b:ad:18:01:d5:92:ed:29:de:36:dd:07:72:fc:55:
                    88:49:a6:5f:20:bf:e9:f1:f5:bc:e1:d1:2c:92:dd:
                    47:e5:bb:96:aa:60:cb:bd:6b:14:19:71:cf:15:9c:
                    60:58:ef:ad:b4:96:1b:6e:b6:47:01:39:0c:f3:92:
                    24:55:8e:a5:e8:a1:74:9f:0b:da:da:3e:44:ad:6c:
                    92:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:27:7F:38:60:D1:AE:17:A0:15:E2:AA:0A:1B:A7:C6:B0:43:10:FA
            X509v3 Authority Key Identifier:
                keyid:C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/syd_OGDRrhegFeKqChunxrBDEPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/xGmFheXr0RyWnH7UoyDtr8nReCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.38.216.0/22
                  89.116.123.0/24
                  89.116.186.0/24
                  89.116.212.0/22
                  89.116.244.0/24
                  89.116.250.0/24
                  89.117.72.0/21
                  89.117.88.0/22
                  89.117.112.0/22
                  89.117.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ad:0b:22:93:0e:3e:c3:70:57:88:67:d7:4f:aa:16:50:28:a7:
         63:9d:7a:a4:7d:f1:06:42:ad:3c:1f:60:4c:95:4a:ea:61:20:
         ba:90:34:d1:5a:c7:cf:11:49:5b:3b:9b:ff:15:b3:6c:4d:45:
         b4:32:fc:ea:cf:c1:6e:9d:05:5f:5e:91:b4:c2:cd:26:00:2a:
         fb:90:2b:09:7d:4b:51:b6:7d:9c:72:4d:74:e0:8a:30:b2:1c:
         23:95:ac:b7:84:f6:7c:be:70:9d:3d:19:36:93:6f:79:77:6f:
         1b:33:f0:e2:a8:30:28:4b:3f:d2:ad:2d:60:fb:68:f6:78:2f:
         de:51:85:29:c8:58:2f:6d:1f:0e:ba:e7:17:82:6b:6b:a0:03:
         2b:fd:37:db:84:15:41:1a:49:16:78:89:bb:34:64:4c:dd:7d:
         2e:4e:c8:ef:be:64:74:cc:fb:77:25:bb:99:d2:a6:52:c3:8f:
         82:b3:0d:71:48:0d:99:ff:66:52:7e:4f:c0:e3:b4:b7:d6:db:
         b3:0a:1a:34:cd:f1:d7:70:ae:0e:30:35:47:3f:d8:39:c2:01:
         1d:e6:c3:a8:18:29:28:be:7f:26:ba:0b:04:25:a5:d8:3a:67:
         67:49:c2:00:2a:91:76:c3:82:5a:06:7e:b1:bc:e1:58:5b:27:
         4b:7e:24:f2
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYPQY8jY8z2C+eN4dbAb565OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0Njk4NTg1ZTVlYmQxMWM5NjljN2VkNGEzMjBlZGFmYzlk
MTc4MjIwHhcNMjIxMDEzMDgwOTAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzI3N2YzODYwZDFhZTE3YTAxNWUyYWEwYTFiYTdjNmIwNDMxMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgNgIMYAeU/L5WaxM7bKPLMRmxwK
8It3eixqFQp6lQDscToSg1Ndp/oUcbwkncRsr5VQ+gZaHaVJlpsx8dh6QBaEDZYd
FMiW47nsEupKtev+nzIJ/0fwpVsopyk3M6+KNOW/VZRtSn/cjCvCPBkjbhtnorkC
6zQfPdKRdHIHUMYgiBpD2w6rf5JJiLtdZf6/8vsOyNbPGERJxSpXENbL6wSbrKzw
uJCMOz2awh5qxA/mJIQ7rRgB1ZLtKd423Qdy/FWISaZfIL/p8fW84dEskt1H5buW
qmDLvWsUGXHPFZxgWO+ttJYbbrZHATkM85IkVY6l6KF0nwva2j5ErWySKwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFLMnfzhg0a4XoBXiqgobp8awQxD6MB8GA1UdIwQY
MBaAFMRphYXl69Eclpx+1KMg7a/J0XgiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEdtRmhlWHIwUnlXbkg3VW95RHRyOG5SZUNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS81MzEwZGEtNjgyMS00NjczLTllOTgt
OWQ2MDAxZjc4YTcwLzEvc3lkX09HRFJyaGVnRmVLcUNodW54ckJERVBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS81MzEwZGEtNjgyMS00NjczLTllOTgtOWQ2MDAxZjc4YTcw
LzEveEdtRmhlWHIwUnlXbkg3VW95RHRyOG5SZUNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCVibYAwQA
WXR7AwQAWXS6AwQCWXTUAwQAWXT0AwQAWXT6AwQDWXVIAwQCWXVYAwQCWXVwAwQC
WXV4MA0GCSqGSIb3DQEBCwUAA4IBAQCtCyKTDj7DcFeIZ9dPqhZQKKdjnXqkffEG
Qq08H2BMlUrqYSC6kDTRWsfPEUlbO5v/FbNsTUW0Mvzqz8FunQVfXpG0ws0mACr7
kCsJfUtRtn2cck104Iowshwjlay3hPZ8vnCdPRk2k295d28bM/DiqDAoSz/SrS1g
+2j2eC/eUYUpyFgvbR8OuucXgmtroAMr/TfbhBVBGkkWeIm7NGRM3X0uTsjvvmR0
zPt3JbuZ0qZSw4+Csw1xSA2Z/2ZSfk/A47S31tuzCho0zfHXcK4OMDVHP9g5wgEd
5sOoGCkovn8mugsEJaXYOmdnScIAKpF2w4JaBn6xvOFYWydLfiTy
-----END CERTIFICATE-----