Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/CrD2nW3WDWd582xeI1rrz15MPj8.roa
File:                     CrD2nW3WDWd582xeI1rrz15MPj8.roa (raw, json)
Hash identifier:          L/QO2LEIWkJlCpda8OddTGMgx45D3bIlZDlSn7Om3XU=
Subject key identifier:   0A:B0:F6:9D:6D:D6:0D:67:79:F3:6C:5E:23:5A:EB:CF:5E:4C:3E:3F
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       0183A481FF80DF825BDE1BE7AAE525AB0360
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/CrD2nW3WDWd582xeI1rrz15MPj8.roa
Signing time:             Tue 04 Oct 2022 19:38:46 +0000
ROA not before:           Tue 04 Oct 2022 19:38:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        93.115.155.0/24 maxlen: 24
                          5.35.192.0/21 maxlen: 24
                          212.237.224.0/22 maxlen: 24
                          86.104.209.0/24 maxlen: 24
                          94.177.65.0/24 maxlen: 24
                          62.112.0.0/21 maxlen: 24
                          93.113.184.0/21 maxlen: 24
                          93.115.111.0/24 maxlen: 24
                          217.19.1.0/24 maxlen: 24
                          84.247.59.0/24 maxlen: 24
                          185.77.249.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:a4:81:ff:80:df:82:5b:de:1b:e7:aa:e5:25:ab:03:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Oct  4 19:38:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0ab0f69d6dd60d6779f36c5e235aebcf5e4c3e3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:6a:21:c7:a3:3a:cc:87:a5:8e:f7:4c:5d:b6:
                    43:ee:10:b3:ac:5e:ed:5f:8a:c4:55:47:a4:10:d3:
                    36:dc:21:44:37:60:d5:19:56:7a:4e:3e:c7:9b:fc:
                    96:e7:f2:5c:b6:a3:0b:df:f4:ec:5c:c2:19:6c:5a:
                    3d:eb:cf:6a:57:e4:d1:b6:d5:8a:5d:f3:a5:1d:52:
                    1f:34:e9:49:12:41:6a:cc:75:79:bd:18:6b:4b:76:
                    9d:8e:49:27:e5:22:25:35:1e:26:79:45:64:8f:c8:
                    f4:49:30:d7:8a:fd:1a:fc:75:ac:d8:f4:55:a9:21:
                    33:2b:38:07:d3:cd:ec:ec:2b:1b:b1:98:78:78:41:
                    89:0c:5c:14:f2:0b:02:79:0d:84:d6:93:f1:00:f9:
                    5c:f8:e6:52:b9:29:f1:6d:90:29:54:d8:bc:90:16:
                    3c:ec:b2:be:39:97:94:c4:f7:83:81:f8:37:51:23:
                    8e:5e:5e:92:e9:be:f2:dc:16:17:53:e1:e8:02:f0:
                    f2:c4:63:10:d6:5c:23:30:d0:b2:e7:9e:4b:31:9b:
                    3a:94:e8:c9:2f:06:88:b7:0d:38:24:ac:ab:9d:3b:
                    3d:bd:08:68:53:ce:81:41:b6:4e:b4:cf:15:54:71:
                    de:a7:63:d7:a4:e4:c8:32:5b:73:e0:63:fd:97:d4:
                    d3:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:B0:F6:9D:6D:D6:0D:67:79:F3:6C:5E:23:5A:EB:CF:5E:4C:3E:3F
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/CrD2nW3WDWd582xeI1rrz15MPj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.35.192.0/21
                  62.112.0.0/21
                  84.247.59.0/24
                  86.104.209.0/24
                  93.113.184.0/21
                  93.115.111.0/24
                  93.115.155.0/24
                  94.177.65.0/24
                  185.77.249.0/24
                  212.237.224.0/22
                  217.19.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:97:9d:5c:c0:3c:cb:36:b1:51:ea:94:b3:09:ef:6f:4e:b0:
         79:d3:b2:b2:f3:16:6a:8e:e7:e1:7f:20:53:bc:85:c1:ba:41:
         db:5d:3e:85:4a:87:53:d6:53:23:3a:24:62:06:16:1f:ed:e2:
         c0:33:57:9e:6c:a9:67:d2:0c:8b:9b:38:51:b6:f1:b5:38:57:
         60:a0:37:33:fe:d0:62:e9:a5:c0:2c:85:b6:78:98:d9:df:7d:
         d2:bb:c8:89:55:55:14:4f:9f:b9:50:f3:e3:ce:24:9f:8a:44:
         8a:dd:09:55:27:f9:fd:0a:16:a8:69:d7:e9:68:e7:80:8b:39:
         3e:36:4d:ca:f1:13:7c:79:5c:3a:45:7f:8e:91:23:95:57:e1:
         b9:0d:e8:c4:61:01:02:36:ac:d8:6d:fb:37:8d:ad:a5:dd:a0:
         be:55:aa:72:ed:6c:4f:be:b0:0b:88:35:fd:6f:f1:54:74:5e:
         18:0f:fa:82:e4:33:26:34:09:84:31:a0:91:97:49:d4:1d:39:
         60:61:81:42:6d:00:f4:9d:d7:0d:0a:40:cc:78:1c:3c:7d:b2:
         7c:2e:a8:f5:4f:09:b2:16:ce:b1:96:1d:e5:bd:56:1b:d8:61:
         61:ce:53:22:99:b4:c5:d0:b9:8c:8c:80:8d:95:4a:6e:5f:0b:
         10:84:ba:69
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYOkgf+A34Jb3hvnquUlqwNgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjIxMDA0MTkzODQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWIwZjY5ZDZkZDYwZDY3NzlmMzZjNWUyMzVhZWJjZjVlNGMzZTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGohx6M6zIeljvdMXbZD7hCzrF7t
X4rEVUekENM23CFEN2DVGVZ6Tj7Hm/yW5/JctqML3/TsXMIZbFo9689qV+TRttWK
XfOlHVIfNOlJEkFqzHV5vRhrS3adjkkn5SIlNR4meUVkj8j0STDXiv0a/HWs2PRV
qSEzKzgH083s7CsbsZh4eEGJDFwU8gsCeQ2E1pPxAPlc+OZSuSnxbZApVNi8kBY8
7LK+OZeUxPeDgfg3USOOXl6S6b7y3BYXU+HoAvDyxGMQ1lwjMNCy555LMZs6lOjJ
LwaItw04JKyrnTs9vQhoU86BQbZOtM8VVHHep2PXpOTIMltz4GP9l9TT6wIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFAqw9p1t1g1nefNsXiNa689eTD4/MB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvQ3JEMm5XM1dEV2Q1ODJ4ZUkxcnJ6MTVNUGo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQDBSPAAwQD
PnAAAwQAVPc7AwQAVmjRAwQDXXG4AwQAXXNvAwQAXXObAwQAXrFBAwQAuU35AwQC
1O3gAwQA2RMBMA0GCSqGSIb3DQEBCwUAA4IBAQCBl51cwDzLNrFR6pSzCe9vTrB5
07Ky8xZqjufhfyBTvIXBukHbXT6FSodT1lMjOiRiBhYf7eLAM1eebKln0gyLmzhR
tvG1OFdgoDcz/tBi6aXALIW2eJjZ333Su8iJVVUUT5+5UPPjziSfikSK3QlVJ/n9
ChaoadfpaOeAizk+Nk3K8RN8eVw6RX+OkSOVV+G5DejEYQECNqzYbfs3ja2l3aC+
Vapy7WxPvrALiDX9b/FUdF4YD/qC5DMmNAmEMaCRl0nUHTlgYYFCbQD0ndcNCkDM
eBw8fbJ8Lqj1TwmyFs6xlh3lvVYb2GFhzlMimbTF0LmMjICNlUpuXwsQhLpp
-----END CERTIFICATE-----