Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/ttJaBHrt88xI7ARWLg2evLOXoIM.roa
File:                     ttJaBHrt88xI7ARWLg2evLOXoIM.roa (raw, json)
Hash identifier:          pyFF0NqN1vOAvb1UZ+DfJnIFIpofIl/kLqLsl5HARm0=
Subject key identifier:   B6:D2:5A:04:7A:ED:F3:CC:48:EC:04:56:2E:0D:9E:BC:B3:97:A0:83
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       018CC26D57B0F3E7C854C06B89DADBC5E718
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/ttJaBHrt88xI7ARWLg2evLOXoIM.roa
Signing time:             Mon 01 Jan 2024 00:29:54 +0000
ROA not before:           Mon 01 Jan 2024 00:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21769
IP address blocks:        185.199.116.0/22 maxlen: 22
                          103.41.44.0/22 maxlen: 22
                          194.93.4.0/22 maxlen: 22
                          103.63.28.0/22 maxlen: 22
                          45.127.248.0/22 maxlen: 22
                          185.195.212.0/22 maxlen: 22
                          103.71.61.0/24 maxlen: 24
                          185.195.220.0/22 maxlen: 22
                          185.196.188.0/22 maxlen: 22
                          2a09:1e80::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:57:b0:f3:e7:c8:54:c0:6b:89:da:db:c5:e7:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jan  1 00:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6d25a047aedf3cc48ec04562e0d9ebcb397a083
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:85:68:b9:32:06:d8:b4:8d:e9:8a:3b:97:0d:
                    8f:20:2f:9f:7d:97:62:66:9e:f4:a0:b1:41:72:95:
                    e4:5f:69:1c:e4:d7:88:c2:39:dd:18:b8:6c:21:5d:
                    8c:be:59:a2:d5:4f:95:f0:7a:c1:3c:df:34:cf:6c:
                    86:ab:8d:84:20:6e:33:06:86:2b:42:da:0a:5e:7b:
                    84:37:72:ca:a7:22:7c:40:00:5a:fb:1c:14:fa:8e:
                    1d:af:e6:74:aa:45:62:07:4c:82:80:16:b2:da:d3:
                    03:b0:46:de:2c:f8:de:59:cf:5c:aa:fc:a8:e6:33:
                    fc:b4:22:5d:76:3c:b3:d9:70:4c:86:4f:f3:a0:48:
                    9f:af:6c:65:22:e2:69:f1:bf:6b:99:30:86:1b:6c:
                    93:21:8d:b5:b8:c2:33:ec:b1:d0:97:f0:79:d2:0e:
                    f9:ba:fd:01:b3:ca:5c:77:b7:e1:cd:2d:ff:71:b7:
                    d6:27:59:87:e6:80:ea:59:ea:ee:cf:dd:f0:64:c3:
                    09:18:52:b2:d6:55:24:f5:02:33:e5:a2:f4:8b:a3:
                    93:d3:7d:f5:42:64:4c:cf:91:f4:78:73:3c:72:5b:
                    f1:94:1b:a6:37:74:29:d9:94:3b:4c:55:42:a6:83:
                    01:67:6a:2f:d6:ba:ab:c6:c1:0a:28:4d:31:f5:ea:
                    00:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:D2:5A:04:7A:ED:F3:CC:48:EC:04:56:2E:0D:9E:BC:B3:97:A0:83
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/ttJaBHrt88xI7ARWLg2evLOXoIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.127.248.0/22
                  103.41.44.0/22
                  103.63.28.0/22
                  103.71.61.0/24
                  185.195.212.0/22
                  185.195.220.0/22
                  185.196.188.0/22
                  185.199.116.0/22
                  194.93.4.0/22
                IPv6:
                  2a09:1e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         9d:63:a5:c3:9d:da:23:65:2d:e5:4b:04:aa:4a:b1:d0:3a:0f:
         31:b1:44:e9:71:ab:f2:28:f9:f1:4d:1e:10:56:7d:66:48:c8:
         5b:90:ab:f0:8d:38:8f:0b:b1:27:5e:4e:10:f8:7f:5b:7f:f3:
         7e:e4:0a:6f:c9:d5:61:de:6d:0d:2f:2e:77:f4:40:86:ae:6d:
         8c:1f:c6:a8:39:76:9c:cc:54:ae:d5:cc:8b:25:46:8b:c6:dc:
         eb:85:ea:0c:62:44:71:d1:c7:3b:6b:73:79:09:a5:7e:91:5d:
         69:f4:16:6e:ca:78:07:30:82:9b:e3:74:73:42:76:63:6a:00:
         98:ce:0a:d6:1f:ff:0f:f0:ed:87:02:1d:04:97:df:1e:c0:ad:
         00:b3:b4:7f:2f:f4:c6:a1:98:45:c1:59:d4:58:2a:8b:cd:94:
         84:a6:e4:60:e6:5e:bb:8b:80:bc:dc:0a:72:c3:c4:ed:0e:79:
         0c:2c:d8:9f:1a:50:eb:56:f3:f8:17:d9:ae:0e:2a:6a:0e:12:
         fe:29:08:b0:b3:0d:10:ab:14:97:7e:2d:3a:1c:d9:6a:35:cb:
         6b:60:a6:06:40:98:c6:5d:7c:40:b9:b6:46:50:01:fa:1d:b9:
         6c:96:3b:f0:7f:95:4e:e9:83:0c:d1:aa:51:97:ba:41:c1:66:
         22:f1:b3:5e
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYzCbVew8+fIVMBridrbxecYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQwMTAxMDAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmQyNWEwNDdhZWRmM2NjNDhlYzA0NTYyZTBkOWViY2IzOTdhMDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoVouTIG2LSN6Yo7lw2PIC+ffZdi
Zp70oLFBcpXkX2kc5NeIwjndGLhsIV2Mvlmi1U+V8HrBPN80z2yGq42EIG4zBoYr
QtoKXnuEN3LKpyJ8QABa+xwU+o4dr+Z0qkViB0yCgBay2tMDsEbeLPjeWc9cqvyo
5jP8tCJddjyz2XBMhk/zoEifr2xlIuJp8b9rmTCGG2yTIY21uMIz7LHQl/B50g75
uv0Bs8pcd7fhzS3/cbfWJ1mH5oDqWeruz93wZMMJGFKy1lUk9QIz5aL0i6OT0331
QmRMz5H0eHM8clvxlBumN3Qp2ZQ7TFVCpoMBZ2ov1rqrxsEKKE0x9eoAnwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFLbSWgR67fPMSOwEVi4Nnryzl6CDMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvdHRKYUJIcnQ4OHhJN0FSV0xnMmV2TE9Yb0lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQCLX/4AwQC
ZyksAwQCZz8cAwQAZ0c9AwQCucPUAwQCucPcAwQCucS8AwQCucd0AwQCwl0EMA0E
AgACMAcDBQMqCR6AMA0GCSqGSIb3DQEBCwUAA4IBAQCdY6XDndojZS3lSwSqSrHQ
Og8xsUTpcavyKPnxTR4QVn1mSMhbkKvwjTiPC7EnXk4Q+H9bf/N+5ApvydVh3m0N
Ly539ECGrm2MH8aoOXaczFSu1cyLJUaLxtzrheoMYkRx0cc7a3N5CaV+kV1p9BZu
yngHMIKb43RzQnZjagCYzgrWH/8P8O2HAh0El98ewK0As7R/L/TGoZhFwVnUWCqL
zZSEpuRg5l67i4C83Apyw8TtDnkMLNifGlDrVvP4F9muDipqDhL+KQiwsw0QqxSX
fi06HNlqNctrYKYGQJjGXXxAubZGUAH6Hblsljvwf5VO6YMM0apRl7pBwWYi8bNe
-----END CERTIFICATE-----