Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/48cfd0-3238-4aaf-b663-4373b65790b8/1/lZxu2fvm85UJF4FD4p5IHTEW-mo.roa
File:                     lZxu2fvm85UJF4FD4p5IHTEW-mo.roa (raw, json)
Hash identifier:          a7UQlxfdop00AlAod5F1IFNb+pftTknf+0HTmKIZG04=
Subject key identifier:   95:9C:6E:D9:FB:E6:F3:95:09:17:81:43:E2:9E:48:1D:31:16:FA:6A
Certificate issuer:       /CN=8166038385b343d55e76b728efe23c0731787668
Certificate serial:       01857094EE4FB160F7B59B2BAAA009012389
Authority key identifier: 81:66:03:83:85:B3:43:D5:5E:76:B7:28:EF:E2:3C:07:31:78:76:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gWYDg4WzQ9Vedrco7-I8BzF4dmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/48cfd0-3238-4aaf-b663-4373b65790b8/1/lZxu2fvm85UJF4FD4p5IHTEW-mo.roa
Signing time:             Mon 02 Jan 2023 03:44:46 +0000
ROA not before:           Mon 02 Jan 2023 03:44:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201825
IP address blocks:        89.17.35.0/24 maxlen: 24
                          185.127.224.0/22 maxlen: 22
                          89.17.33.0/24 maxlen: 24
                          89.17.49.0/24 maxlen: 24
                          89.17.51.0/24 maxlen: 24
                          89.17.52.0/22 maxlen: 22
                          89.17.56.0/21 maxlen: 21
                          185.62.192.0/22 maxlen: 22
                          217.15.53.0/24 maxlen: 24
                          217.15.62.0/23 maxlen: 23
                          2a04:f240::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:94:ee:4f:b1:60:f7:b5:9b:2b:aa:a0:09:01:23:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8166038385b343d55e76b728efe23c0731787668
        Validity
            Not Before: Jan  2 03:44:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=959c6ed9fbe6f39509178143e29e481d3116fa6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:07:6a:e5:fe:44:2f:0a:f0:5f:3e:e2:a4:87:
                    e8:a9:a7:8b:14:df:36:89:46:c0:bd:bc:b0:7d:df:
                    54:c2:16:31:fb:29:81:f2:52:13:23:d3:f6:81:8d:
                    ed:f6:10:87:b6:ea:4a:7a:1d:97:db:9b:2a:3a:17:
                    18:3c:d4:d6:75:4a:b5:95:55:80:e0:f0:6f:f9:39:
                    a2:46:ea:79:04:61:69:18:24:de:97:ba:c4:82:cd:
                    81:9a:0c:29:2a:70:88:e4:7e:a3:e6:67:70:0c:f4:
                    3b:fe:2e:4a:03:41:ae:6a:6c:27:05:38:93:7d:c9:
                    f2:3e:be:78:9f:12:8e:3b:2f:ee:65:01:72:10:82:
                    c8:8a:67:d6:0d:8a:d5:43:4a:1d:f1:a7:90:dc:88:
                    1c:f6:32:68:a5:6c:f8:0e:81:1d:cb:45:64:1c:2e:
                    e3:0f:29:66:be:b6:9b:a4:95:8f:76:19:1a:02:48:
                    de:57:bb:a1:d9:6a:80:90:ab:8e:2b:2f:40:a3:9d:
                    db:d6:a6:11:a2:54:d3:f7:87:9d:88:a7:35:55:b9:
                    1d:6e:d2:22:af:1d:de:13:e5:cf:9b:94:c6:8b:6b:
                    eb:d9:ce:6d:66:2e:59:c1:dd:d1:7b:fc:20:af:96:
                    4c:0d:52:68:ba:2d:26:ee:79:99:12:d7:2f:95:b1:
                    b6:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:9C:6E:D9:FB:E6:F3:95:09:17:81:43:E2:9E:48:1D:31:16:FA:6A
            X509v3 Authority Key Identifier:
                keyid:81:66:03:83:85:B3:43:D5:5E:76:B7:28:EF:E2:3C:07:31:78:76:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gWYDg4WzQ9Vedrco7-I8BzF4dmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/48cfd0-3238-4aaf-b663-4373b65790b8/1/lZxu2fvm85UJF4FD4p5IHTEW-mo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/48cfd0-3238-4aaf-b663-4373b65790b8/1/gWYDg4WzQ9Vedrco7-I8BzF4dmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.17.33.0/24
                  89.17.35.0/24
                  89.17.49.0/24
                  89.17.51.0-89.17.63.255
                  185.62.192.0/22
                  185.127.224.0/22
                  217.15.53.0/24
                  217.15.62.0/23
                IPv6:
                  2a04:f240::/29

    Signature Algorithm: sha256WithRSAEncryption
         79:ab:e1:51:ef:f3:c8:0f:e5:f5:c3:85:6c:7d:93:fe:f4:03:
         27:ea:b3:24:09:c5:09:27:e4:a5:ae:a9:62:2f:13:e5:58:e7:
         b8:01:e1:4f:26:1a:d6:7a:29:24:6f:49:29:bc:25:63:94:73:
         ec:1d:f4:27:a1:d9:5f:96:10:25:c2:ba:ae:dd:65:8b:39:9a:
         3f:da:26:0a:19:77:7b:40:5a:d1:b2:48:6d:a4:68:ae:2d:c9:
         85:90:d9:4b:4c:bf:be:cf:b6:cc:bd:98:ec:4f:6a:a2:bc:ca:
         2c:c4:83:f6:ad:02:08:b2:82:54:5e:2c:56:2b:1b:df:97:59:
         7a:e1:03:79:34:bb:5a:02:af:84:fd:1a:1f:e4:11:8f:5d:87:
         c9:42:7b:ab:59:70:c2:53:d6:c0:26:e5:cb:a8:c3:a0:7e:f2:
         cc:eb:de:99:f8:69:f2:f9:dc:11:bf:9a:cd:1b:c9:82:66:7d:
         86:f2:3b:c6:48:44:25:86:c8:30:d4:7e:cf:16:6f:88:6f:4d:
         44:90:12:c9:76:a8:6a:d7:35:90:db:22:bd:4d:f9:96:4f:8d:
         c4:73:44:7b:fb:79:87:7b:48:d3:3c:57:de:29:ca:ee:fd:de:
         81:3f:f7:c9:e3:51:1e:7a:cb:76:2d:bb:22:ea:12:5e:e5:f4:
         86:74:25:36
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYVwlO5PsWD3tZsrqqAJASOJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNjYwMzgzODViMzQzZDU1ZTc2YjcyOGVmZTIzYzA3MzE3
ODc2NjgwHhcNMjMwMTAyMDM0NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTljNmVkOWZiZTZmMzk1MDkxNzgxNDNlMjllNDgxZDMxMTZmYTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgdq5f5ELwrwXz7ipIfoqaeLFN82
iUbAvbywfd9UwhYx+ymB8lITI9P2gY3t9hCHtupKeh2X25sqOhcYPNTWdUq1lVWA
4PBv+TmiRup5BGFpGCTel7rEgs2BmgwpKnCI5H6j5mdwDPQ7/i5KA0GuamwnBTiT
fcnyPr54nxKOOy/uZQFyEILIimfWDYrVQ0od8aeQ3Igc9jJopWz4DoEdy0VkHC7j
DylmvrabpJWPdhkaAkjeV7uh2WqAkKuOKy9Ao53b1qYRolTT94ediKc1VbkdbtIi
rx3eE+XPm5TGi2vr2c5tZi5Zwd3Re/wgr5ZMDVJoui0m7nmZEtcvlbG27QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFJWcbtn75vOVCReBQ+KeSB0xFvpqMB8GA1UdIwQY
MBaAFIFmA4OFs0PVXna3KO/iPAcxeHZoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1dZRGc0V3pROVZlZHJjbzctSThCekY0ZG1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy80OGNmZDAtMzIzOC00YWFmLWI2NjMt
NDM3M2I2NTc5MGI4LzEvbFp4dTJmdm04NVVKRjRGRDRwNUlIVEVXLW1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy80OGNmZDAtMzIzOC00YWFmLWI2NjMtNDM3M2I2NTc5MGI4
LzEvZ1dZRGc0V3pROVZlZHJjbzctSThCekY0ZG1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwQAWREhAwQA
WREjAwQAWRExMAwDBABZETMDBAZZEQADBAK5PsADBAK5f+ADBADZDzUDBAHZDz4w
DQQCAAIwBwMFAyoE8kAwDQYJKoZIhvcNAQELBQADggEBAHmr4VHv88gP5fXDhWx9
k/70AyfqsyQJxQkn5KWuqWIvE+VY57gB4U8mGtZ6KSRvSSm8JWOUc+wd9Ceh2V+W
ECXCuq7dZYs5mj/aJgoZd3tAWtGySG2kaK4tyYWQ2UtMv77Ptsy9mOxPaqK8yizE
g/atAgiyglReLFYrG9+XWXrhA3k0u1oCr4T9Gh/kEY9dh8lCe6tZcMJT1sAm5cuo
w6B+8szr3pn4afL53BG/ms0byYJmfYbyO8ZIRCWGyDDUfs8Wb4hvTUSQEsl2qGrX
NZDbIr1N+ZZPjcRzRHv7eYd7SNM8V94pyu793oE/98njUR56y3YtuyLqEl7l9IZ0
JTY=
-----END CERTIFICATE-----