Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/M1Tswa8srZZKsVrIJP9_3ZO02Ic.roa
File:                     M1Tswa8srZZKsVrIJP9_3ZO02Ic.roa (raw, json)
Hash identifier:          nfS35BhtpwR6Hl4kXV5iW7+Srp1hWn340A5kuNuLs6U=
Subject key identifier:   33:54:EC:C1:AF:2C:AD:96:4A:B1:5A:C8:24:FF:7F:DD:93:B4:D8:87
Certificate issuer:       /CN=e9e4dc968ed52935a04dee3b229c21ca9bfdbd7e
Certificate serial:       01856CEF10B55A82E3445D440822D8D11D08
Authority key identifier: E9:E4:DC:96:8E:D5:29:35:A0:4D:EE:3B:22:9C:21:CA:9B:FD:BD:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6eTclo7VKTWgTe47Ipwhypv9vX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/M1Tswa8srZZKsVrIJP9_3ZO02Ic.roa
Signing time:             Sun 01 Jan 2023 10:44:44 +0000
ROA not before:           Sun 01 Jan 2023 10:44:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51248
IP address blocks:        185.8.56.0/22 maxlen: 24
                          176.74.216.0/21 maxlen: 24
                          91.241.168.0/21 maxlen: 24
                          158.255.32.0/21 maxlen: 24
                          188.124.56.0/21 maxlen: 24
                          158.255.39.0/24 maxlen: 24
                          193.161.84.0/22 maxlen: 24
                          5.43.224.0/21 maxlen: 24
                          2a03:1840:1::/48 maxlen: 64
                          2a03:1840:2::/48 maxlen: 64
                          2a03:1840::/48 maxlen: 64
                          2a03:1840:3::/48 maxlen: 64
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:ef:10:b5:5a:82:e3:44:5d:44:08:22:d8:d1:1d:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9e4dc968ed52935a04dee3b229c21ca9bfdbd7e
        Validity
            Not Before: Jan  1 10:44:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3354ecc1af2cad964ab15ac824ff7fdd93b4d887
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:0b:7f:72:bd:27:e5:81:5d:77:c6:60:6a:ac:
                    d3:27:9f:29:2b:b6:12:71:cc:87:36:9d:de:ad:78:
                    3b:51:26:ae:99:77:1e:db:2f:e8:7c:bf:4a:bb:31:
                    9a:4f:b8:f0:37:5d:6e:b4:7a:03:b9:38:cf:1a:6b:
                    a9:d6:46:a3:7b:98:0a:66:ba:9c:bc:42:4b:f9:6d:
                    ae:2c:0d:f9:72:56:5d:83:f4:8e:ca:2c:f6:52:b1:
                    e2:26:ae:a5:c0:48:8e:5f:e5:0f:4a:15:c0:db:8d:
                    da:7d:b8:9d:c6:eb:5f:74:3f:90:8d:1f:5b:4b:3e:
                    4d:5c:f0:cd:1e:25:4b:3d:d9:01:dc:c9:06:02:62:
                    18:6f:6e:10:46:4c:27:15:08:61:9e:4c:90:bc:07:
                    9f:37:71:c5:c9:a7:90:49:9b:17:26:83:08:52:ed:
                    4d:56:8d:1b:e9:f9:12:9d:e3:d8:47:55:ea:59:98:
                    b5:55:8f:82:db:53:28:ea:89:b3:a7:97:c0:11:5d:
                    3e:4a:fa:e3:9a:44:54:0a:bd:17:7d:d8:5a:2a:87:
                    19:c6:ce:ca:17:d0:1a:6e:8f:8e:2b:72:ad:49:93:
                    80:51:8a:a4:f0:a7:2c:cf:5c:c1:ef:97:e8:d6:16:
                    65:c2:16:34:55:0c:96:dd:e1:b7:56:55:83:d7:cf:
                    78:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:54:EC:C1:AF:2C:AD:96:4A:B1:5A:C8:24:FF:7F:DD:93:B4:D8:87
            X509v3 Authority Key Identifier:
                keyid:E9:E4:DC:96:8E:D5:29:35:A0:4D:EE:3B:22:9C:21:CA:9B:FD:BD:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6eTclo7VKTWgTe47Ipwhypv9vX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/M1Tswa8srZZKsVrIJP9_3ZO02Ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/6eTclo7VKTWgTe47Ipwhypv9vX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.43.224.0/21
                  91.241.168.0/21
                  158.255.32.0/21
                  176.74.216.0/21
                  185.8.56.0/22
                  188.124.56.0/21
                  193.161.84.0/22
                IPv6:
                  2a03:1840::/46

    Signature Algorithm: sha256WithRSAEncryption
         2a:b5:1f:9c:eb:2a:f2:88:70:56:87:1d:1d:af:33:be:52:92:
         39:e4:a1:14:5d:9a:ef:fd:67:91:72:4c:9f:d2:b6:1e:b5:fc:
         67:d6:06:a1:95:f0:07:3d:d9:dd:25:ad:73:83:5d:66:e7:31:
         9c:a3:8f:9d:61:1f:87:2d:4b:e9:f4:77:c7:7b:c9:be:49:a8:
         d5:a8:49:a3:fb:15:7b:bf:6e:50:5f:41:52:be:7c:0e:82:a5:
         66:6a:f4:e1:a5:ed:0a:ad:91:dc:ee:23:1a:4e:90:78:63:ec:
         24:26:72:b5:90:21:95:59:96:22:ed:a6:fa:cb:07:39:6f:86:
         6f:ba:18:fd:ce:3f:44:19:f2:6f:97:35:9a:0d:47:7f:d5:24:
         3e:ec:73:e0:4b:e0:86:81:79:5c:ca:7e:61:a0:86:f8:10:5e:
         86:81:b6:50:25:b9:50:d5:fe:46:70:9d:c0:fb:92:95:37:2d:
         e5:43:37:9e:62:b4:7f:c9:a9:22:ae:c4:cb:16:3d:0c:12:a7:
         f4:70:b7:c7:2b:a8:0e:33:43:22:3a:26:70:58:38:b9:c5:42:
         91:b0:c6:b9:c7:b4:2b:b7:da:a7:22:ef:e7:5e:13:26:af:78:
         49:f8:37:9b:6d:97:12:2e:ad:d5:5f:9c:87:91:d2:f7:75:6b:
         a0:83:5a:cc
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYVs7xC1WoLjRF1ECCLY0R0IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5ZTRkYzk2OGVkNTI5MzVhMDRkZWUzYjIyOWMyMWNhOWJm
ZGJkN2UwHhcNMjMwMTAxMTA0NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzU0ZWNjMWFmMmNhZDk2NGFiMTVhYzgyNGZmN2ZkZDkzYjRkODg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQt/cr0n5YFdd8ZgaqzTJ58pK7YS
ccyHNp3erXg7USaumXce2y/ofL9KuzGaT7jwN11utHoDuTjPGmup1kaje5gKZrqc
vEJL+W2uLA35clZdg/SOyiz2UrHiJq6lwEiOX+UPShXA243afbidxutfdD+QjR9b
Sz5NXPDNHiVLPdkB3MkGAmIYb24QRkwnFQhhnkyQvAefN3HFyaeQSZsXJoMIUu1N
Vo0b6fkSnePYR1XqWZi1VY+C21Mo6omzp5fAEV0+SvrjmkRUCr0XfdhaKocZxs7K
F9Aabo+OK3KtSZOAUYqk8Kcsz1zB75fo1hZlwhY0VQyW3eG3VlWD1894JwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFDNU7MGvLK2WSrFayCT/f92TtNiHMB8GA1UdIwQY
MBaAFOnk3JaO1Sk1oE3uOyKcIcqb/b1+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmVUY2xvN1ZLVFdnVGU0N0lwd2h5cHY5dlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8xYTEzNGYtMDMwYS00M2U3LWIwNDEt
NmM3ODU2ZWY3YjMxLzEvTTFUc3dhOHNyWlpLc1ZySUpQOV8zWk8wMkljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8xYTEzNGYtMDMwYS00M2U3LWIwNDEtNmM3ODU2ZWY3YjMx
LzEvNmVUY2xvN1ZLVFdnVGU0N0lwd2h5cHY5dlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAwBAIAATAqAwQDBSvgAwQD
W/GoAwQDnv8gAwQDsErYAwQCuQg4AwQDvHw4AwQCwaFUMA8EAgACMAkDBwIqAxhA
AAAwDQYJKoZIhvcNAQELBQADggEBACq1H5zrKvKIcFaHHR2vM75SkjnkoRRdmu/9
Z5FyTJ/Sth61/GfWBqGV8Ac92d0lrXODXWbnMZyjj51hH4ctS+n0d8d7yb5JqNWo
SaP7FXu/blBfQVK+fA6CpWZq9OGl7QqtkdzuIxpOkHhj7CQmcrWQIZVZliLtpvrL
Bzlvhm+6GP3OP0QZ8m+XNZoNR3/VJD7sc+BL4IaBeVzKfmGghvgQXoaBtlAluVDV
/kZwncD7kpU3LeVDN55itH/JqSKuxMsWPQwSp/Rwt8crqA4zQyI6JnBYOLnFQpGw
xrnHtCu32qci7+deEyaveEn4N5ttlxIurdVfnIeR0vd1a6CDWsw=
-----END CERTIFICATE-----