Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/37fd7b-1303-404f-a588-cbb3cd9fedfe/1/l0rOB8ejjkgCGp8tjQdWrczSyxE.roa
File:                     l0rOB8ejjkgCGp8tjQdWrczSyxE.roa (raw, json)
Hash identifier:          +ymySASo8sg4jIdYqBuF5zFN7yh4TH5e/FI8ohW+pOw=
Subject key identifier:   97:4A:CE:07:C7:A3:8E:48:02:1A:9F:2D:8D:07:56:AD:CC:D2:CB:11
Certificate issuer:       /CN=bc55b1ca3724255d60a0a1ef295727df08e3b14c
Certificate serial:       0182F2AB346DF1D7531A563FAD50F7B65782
Authority key identifier: BC:55:B1:CA:37:24:25:5D:60:A0:A1:EF:29:57:27:DF:08:E3:B1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vFWxyjckJV1goKHvKVcn3wjjsUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/37fd7b-1303-404f-a588-cbb3cd9fedfe/1/l0rOB8ejjkgCGp8tjQdWrczSyxE.roa
Signing time:             Wed 31 Aug 2022 06:51:22 +0000
ROA not before:           Wed 31 Aug 2022 06:51:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212144
IP address blocks:        2a0f:e3c0::/30 maxlen: 30
                          2a0f:89c0::/29 maxlen: 29
                          2a0f:e3c4::/31 maxlen: 31
                          2a10:3e84::/30 maxlen: 30
                          2a10:3e80::/30 maxlen: 30
                          2a0f:63c0::/29 maxlen: 29
                          2a07:f240::/29 maxlen: 32
                          2a10:a9c0::/29 maxlen: 29
                          2a0f:9bc0::/29 maxlen: 30
                          2a0b:a4c0::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:f2:ab:34:6d:f1:d7:53:1a:56:3f:ad:50:f7:b6:57:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc55b1ca3724255d60a0a1ef295727df08e3b14c
        Validity
            Not Before: Aug 31 06:51:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=974ace07c7a38e48021a9f2d8d0756adccd2cb11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:10:03:af:49:41:0b:c0:dc:63:71:f3:03:02:
                    60:88:8c:8c:9b:88:9f:b4:bb:d0:26:74:17:49:d0:
                    1b:08:79:a5:97:6d:cd:f1:ad:4b:bc:51:6d:a9:0c:
                    99:d1:7a:f4:c3:99:e7:33:cb:c0:31:18:8a:51:97:
                    83:8e:28:f4:b1:28:85:2a:43:7c:7e:9e:45:38:81:
                    fa:43:b1:5f:07:a1:95:50:60:a9:9a:e5:d6:de:44:
                    b4:41:c8:3c:33:aa:ef:ee:07:71:d2:1f:63:50:a1:
                    e1:c9:de:78:f6:fb:1a:41:37:35:36:54:e0:25:80:
                    9b:75:fb:59:14:09:5c:04:c3:95:cb:ca:3d:4d:88:
                    14:6c:6c:68:92:c6:65:78:61:8d:1b:ea:ff:71:bf:
                    cd:7b:bd:2a:2f:a8:4d:2e:42:de:e6:b2:6c:a6:4c:
                    c9:5d:f8:b0:ef:4e:79:b3:ec:0f:b7:a2:59:0f:75:
                    ff:2d:c6:e8:fa:45:22:ef:1e:0b:4a:9e:7b:fe:5f:
                    f6:10:b6:76:ce:e3:03:35:6e:24:b6:eb:00:d1:c8:
                    4d:75:f6:8f:67:95:52:ae:c5:c6:0e:22:6b:a2:ca:
                    51:65:5b:91:d3:cd:f0:69:be:2b:f7:8d:bb:ac:e3:
                    5f:23:dd:f7:8e:a3:fc:cf:b3:17:46:1d:14:7e:a5:
                    b7:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:4A:CE:07:C7:A3:8E:48:02:1A:9F:2D:8D:07:56:AD:CC:D2:CB:11
            X509v3 Authority Key Identifier:
                keyid:BC:55:B1:CA:37:24:25:5D:60:A0:A1:EF:29:57:27:DF:08:E3:B1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vFWxyjckJV1goKHvKVcn3wjjsUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/37fd7b-1303-404f-a588-cbb3cd9fedfe/1/l0rOB8ejjkgCGp8tjQdWrczSyxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/37fd7b-1303-404f-a588-cbb3cd9fedfe/1/vFWxyjckJV1goKHvKVcn3wjjsUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:f240::/29
                  2a0b:a4c0::/29
                  2a0f:63c0::/29
                  2a0f:89c0::/29
                  2a0f:9bc0::/29
                  2a0f:e3c0::-2a0f:e3c5:ffff:ffff:ffff:ffff:ffff:ffff
                  2a10:3e80::/29
                  2a10:a9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:09:3b:74:cd:b1:bf:28:52:58:03:da:dc:74:96:63:2f:49:
         19:a1:12:3e:9b:ff:61:f5:eb:ef:e7:13:75:44:15:06:c8:27:
         02:f6:71:de:a3:1c:08:4b:c1:28:43:e5:d4:86:e0:54:c5:90:
         b6:6b:b5:8c:b4:02:eb:76:58:35:98:ee:22:6e:c7:d3:0f:16:
         a7:8d:94:e7:67:95:7b:07:f5:6b:df:41:27:fe:0c:b3:1f:68:
         79:04:65:d0:1b:12:34:97:02:59:27:74:0c:d1:1a:43:83:ac:
         12:6d:04:f9:63:f7:96:c8:31:e3:35:fd:60:0d:0b:16:73:ae:
         39:88:b5:d4:0c:13:46:38:b5:91:d1:8a:da:77:2e:03:ca:e1:
         62:a8:01:35:c3:53:cb:01:a9:e5:3e:61:03:5f:02:66:80:41:
         d3:fd:ec:83:51:72:c1:c6:ba:c8:01:cf:2b:63:8f:d7:86:9c:
         5e:67:6e:7a:b3:78:44:d3:7a:65:5b:93:82:b5:22:02:a3:33:
         a0:db:ef:2e:88:0e:e3:46:12:12:84:2c:7d:1e:84:b7:22:21:
         99:81:df:0a:94:07:f0:ad:a6:a9:40:52:c2:b9:98:45:04:5f:
         e1:21:47:e5:00:2f:17:96:78:c4:bf:e9:aa:85:d3:7a:94:d0:
         3e:8d:e5:02
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYLyqzRt8ddTGlY/rVD3tleCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNTViMWNhMzcyNDI1NWQ2MGEwYTFlZjI5NTcyN2RmMDhl
M2IxNGMwHhcNMjIwODMxMDY1MTIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzRhY2UwN2M3YTM4ZTQ4MDIxYTlmMmQ4ZDA3NTZhZGNjZDJjYjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhxADr0lBC8DcY3HzAwJgiIyMm4if
tLvQJnQXSdAbCHmll23N8a1LvFFtqQyZ0Xr0w5nnM8vAMRiKUZeDjij0sSiFKkN8
fp5FOIH6Q7FfB6GVUGCpmuXW3kS0Qcg8M6rv7gdx0h9jUKHhyd549vsaQTc1NlTg
JYCbdftZFAlcBMOVy8o9TYgUbGxoksZleGGNG+r/cb/Ne70qL6hNLkLe5rJspkzJ
Xfiw7055s+wPt6JZD3X/Lcbo+kUi7x4LSp57/l/2ELZ2zuMDNW4ktusA0chNdfaP
Z5VSrsXGDiJrospRZVuR083wab4r9427rONfI933jqP8z7MXRh0UfqW3RwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFJdKzgfHo45IAhqfLY0HVq3M0ssRMB8GA1UdIwQY
MBaAFLxVsco3JCVdYKCh7ylXJ98I47FMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkZXeHlqY2tKVjFnb0tIdktWY24zd2pqc1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zN2ZkN2ItMTMwMy00MDRmLWE1ODgt
Y2JiM2NkOWZlZGZlLzEvbDByT0I4ZWpqa2dDR3A4dGpRZFdyY3pTeXhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zN2ZkN2ItMTMwMy00MDRmLWE1ODgtY2JiM2NkOWZlZGZl
LzEvdkZXeHlqY2tKVjFnb0tIdktWY24zd2pqc1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTBHBAIAAjBBAwUDKgfyQAMF
AyoLpMADBQMqD2PAAwUDKg+JwAMFAyoPm8AwDgMFBioP48ADBQEqD+PEAwUDKhA+
gAMFAyoQqcAwDQYJKoZIhvcNAQELBQADggEBAIEJO3TNsb8oUlgD2tx0lmMvSRmh
Ej6b/2H16+/nE3VEFQbIJwL2cd6jHAhLwShD5dSG4FTFkLZrtYy0Aut2WDWY7iJu
x9MPFqeNlOdnlXsH9WvfQSf+DLMfaHkEZdAbEjSXAlkndAzRGkODrBJtBPlj95bI
MeM1/WANCxZzrjmItdQME0Y4tZHRitp3LgPK4WKoATXDU8sBqeU+YQNfAmaAQdP9
7INRcsHGusgBzytjj9eGnF5nbnqzeETTemVbk4K1IgKjM6Db7y6IDuNGEhKELH0e
hLciIZmB3wqUB/CtpqlAUsK5mEUEX+EhR+UALxeWeMS/6aqF03qU0D6N5QI=
-----END CERTIFICATE-----