Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/twDeiCkL2NVVIIidEXPr-0lfLxE.roa
File:                     twDeiCkL2NVVIIidEXPr-0lfLxE.roa (raw, json)
Hash identifier:          Gkt3+/oIVjjBXKVG4XjfFS62BkOLxTSCslsc4vbMlkI=
Subject key identifier:   B7:00:DE:88:29:0B:D8:D5:55:20:88:9D:11:73:EB:FB:49:5F:2F:11
Certificate issuer:       /CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
Certificate serial:       0B05B286
Authority key identifier: C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/twDeiCkL2NVVIIidEXPr-0lfLxE.roa
Signing time:             Wed 25 May 2022 08:14:14 +0000
ROA not before:           Wed 25 May 2022 08:14:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211975
IP address blocks:        84.46.171.0/24 maxlen: 24
                          89.117.118.0/24 maxlen: 24
                          89.117.15.0/24 maxlen: 24
                          82.140.182.0/24 maxlen: 24
                          89.117.38.0/24 maxlen: 24
                          86.38.7.0/24 maxlen: 24
                          89.116.96.0/24 maxlen: 24
                          86.38.151.0/24 maxlen: 24
                          89.117.6.0/23 maxlen: 24
                          89.117.124.0/24 maxlen: 24
                          89.116.168.0/24 maxlen: 24
                          89.117.136.0/24 maxlen: 24
                          89.116.193.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 184922758 (0xb05b286)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
        Validity
            Not Before: May 25 08:14:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b700de88290bd8d55520889d1173ebfb495f2f11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:12:f7:ad:4f:03:b9:c8:b7:05:9c:ff:e9:b4:
                    94:a9:66:82:77:7b:8b:64:81:d8:41:30:8b:61:11:
                    a5:19:27:a1:2f:00:9b:1c:1c:78:25:d5:56:a2:07:
                    34:22:8a:e2:d3:96:58:35:45:89:cf:cd:4a:3e:6c:
                    de:4e:9b:16:04:53:19:09:e4:94:a5:3d:2a:80:35:
                    63:68:76:31:44:4c:f8:96:3e:e0:f3:8e:b9:f5:b2:
                    4e:af:6a:b8:77:dd:f8:5f:ce:d1:88:ce:a6:2f:7c:
                    ab:0b:05:a7:9a:4f:1f:5d:86:33:a9:30:9f:3c:b0:
                    4c:a5:93:c7:c0:63:1a:ae:e6:b1:1c:14:41:58:a8:
                    ff:8c:6b:13:1b:f0:94:e8:22:d8:dd:e4:7b:64:95:
                    27:74:50:45:4e:a0:44:29:39:dc:71:c4:94:fe:45:
                    b7:30:76:9b:7b:67:fe:81:8c:75:7e:68:cb:ab:f3:
                    17:45:96:b6:99:b8:e1:2e:43:ed:6b:ff:97:95:57:
                    47:4c:73:00:b4:9a:fc:4c:51:a2:c3:5e:99:96:33:
                    e2:28:49:67:7d:02:1b:e2:b0:0f:78:80:bf:c0:82:
                    09:43:a7:54:5d:32:62:40:6f:07:7e:87:72:1c:98:
                    bc:ae:2b:92:6a:94:8a:01:61:5b:9c:0a:d9:83:b8:
                    44:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:00:DE:88:29:0B:D8:D5:55:20:88:9D:11:73:EB:FB:49:5F:2F:11
            X509v3 Authority Key Identifier:
                keyid:C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/twDeiCkL2NVVIIidEXPr-0lfLxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/xGmFheXr0RyWnH7UoyDtr8nReCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.140.182.0/24
                  84.46.171.0/24
                  86.38.7.0/24
                  86.38.151.0/24
                  89.116.96.0/24
                  89.116.168.0/24
                  89.116.193.0/24
                  89.117.6.0/23
                  89.117.15.0/24
                  89.117.38.0/24
                  89.117.118.0/24
                  89.117.124.0/24
                  89.117.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:59:6d:ea:15:7b:46:99:89:dc:a2:05:b3:0d:fd:eb:8a:45:
         f1:7c:22:e0:e0:35:3e:00:67:e1:20:5c:73:31:19:cc:01:b0:
         53:fc:c1:5c:76:3f:9c:60:1f:df:88:ff:79:db:2a:f1:c1:57:
         27:2a:90:20:e6:f6:3a:7e:08:43:fb:7c:f2:bc:06:3e:59:ce:
         bc:f0:97:7f:b7:fe:d6:97:82:48:a2:27:a3:0b:b4:11:11:cb:
         27:c5:e4:2b:e2:3f:5a:a4:b9:06:70:f2:d7:01:7f:df:e4:69:
         a3:6d:83:75:4b:1e:65:a9:c8:b8:d3:e6:00:b6:d6:1e:c8:23:
         f6:40:a1:89:d7:95:51:5a:e5:2e:7d:24:6d:6f:03:8e:09:37:
         f9:b0:75:7c:10:75:80:fe:76:83:d4:ad:5e:a2:39:84:b8:be:
         eb:2d:48:2d:7a:2b:8c:12:2e:15:7a:38:b9:04:08:d8:68:d0:
         88:37:a1:84:55:88:c3:46:bc:0a:37:94:84:8e:f3:7b:ae:33:
         78:21:f4:93:f1:c0:2b:ee:57:20:79:76:7d:e1:41:70:fc:8f:
         22:97:a7:16:05:87:78:31:60:de:f6:01:32:20:f2:23:6f:b4:
         cd:b0:af:0a:16:b5:12:0f:d2:22:d2:05:5f:2c:c2:d6:92:3a:
         4e:40:65:f9
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIECwWyhjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
NDY5ODU4NWU1ZWJkMTFjOTY5YzdlZDRhMzIwZWRhZmM5ZDE3ODIyMB4XDTIyMDUy
NTA4MTQxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjcwMGRlODgyOTBi
ZDhkNTU1MjA4ODlkMTE3M2ViZmI0OTVmMmYxMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL4S961PA7nItwWc/+m0lKlmgnd7i2SB2EEwi2ERpRknoS8A
mxwceCXVVqIHNCKK4tOWWDVFic/NSj5s3k6bFgRTGQnklKU9KoA1Y2h2MURM+JY+
4POOufWyTq9quHfd+F/O0YjOpi98qwsFp5pPH12GM6kwnzywTKWTx8BjGq7msRwU
QVio/4xrExvwlOgi2N3ke2SVJ3RQRU6gRCk53HHElP5FtzB2m3tn/oGMdX5oy6vz
F0WWtpm44S5D7Wv/l5VXR0xzALSa/ExRosNemZYz4ihJZ30CG+KwD3iAv8CCCUOn
VF0yYkBvB36HchyYvK4rkmqUigFhW5wK2YO4RBsCAwEAAaOCAlEwggJNMB0GA1Ud
DgQWBBS3AN6IKQvY1VUgiJ0Rc+v7SV8vETAfBgNVHSMEGDAWgBTEaYWF5evRHJac
ftSjIO2vydF4IjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3hHbUZoZVhyMFJ5V25IN1VveUR0cjhuUmVDSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvNTMxMGRhLTY4MjEtNDY3My05ZTk4LTlkNjAwMWY3OGE3MC8x
L3R3RGVpQ2tMMk5WVklJaWRFWFByLTBsZkx4RS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
NTMxMGRhLTY4MjEtNDY3My05ZTk4LTlkNjAwMWY3OGE3MC8xL3hHbUZoZVhyMFJ5
V25IN1VveUR0cjhuUmVDSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBn
BggrBgEFBQcBBwEB/wRYMFYwVAQCAAEwTgMEAFKMtgMEAFQuqwMEAFYmBwMEAFYm
lwMEAFl0YAMEAFl0qAMEAFl0wQMEAVl1BgMEAFl1DwMEAFl1JgMEAFl1dgMEAFl1
fAMEAFl1iDANBgkqhkiG9w0BAQsFAAOCAQEAHllt6hV7RpmJ3KIFsw3964pF8Xwi
4OA1PgBn4SBcczEZzAGwU/zBXHY/nGAf34j/edsq8cFXJyqQIOb2On4IQ/t88rwG
PlnOvPCXf7f+1peCSKInowu0ERHLJ8XkK+I/WqS5BnDy1wF/3+Rpo22DdUseZanI
uNPmALbWHsgj9kChideVUVrlLn0kbW8Djgk3+bB1fBB1gP52g9StXqI5hLi+6y1I
LXorjBIuFXo4uQQI2GjQiDehhFWIw0a8CjeUhI7ze64zeCH0k/HAK+5XIHl2feFB
cPyPIpenFgWHeDFg3vYBMiDyI2+0zbCvCha1Eg/SItIFXyzC1pI6TkBl+Q==
-----END CERTIFICATE-----