Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/d58727-d970-44d9-abdc-93b3ad12d2f3/1/qUYfFO3gLT03p-dnyFmN1ZnpZJk.roa
File:                     qUYfFO3gLT03p-dnyFmN1ZnpZJk.roa (raw, json)
Hash identifier:          +Q5Jco6Z+NBgkVIHOZ/P0arh8tIP6FaAN8S8wJprtzc=
Subject key identifier:   A9:46:1F:14:ED:E0:2D:3D:37:A7:E7:67:C8:59:8D:D5:99:E9:64:99
Certificate issuer:       /CN=9c11139ae553d6dc7307887f467e4207880045eb
Certificate serial:       05B2601D
Authority key identifier: 9C:11:13:9A:E5:53:D6:DC:73:07:88:7F:46:7E:42:07:88:00:45:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nBETmuVT1txzB4h_Rn5CB4gARes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/d58727-d970-44d9-abdc-93b3ad12d2f3/1/qUYfFO3gLT03p-dnyFmN1ZnpZJk.roa
Signing time:             Sat 01 Jan 2022 02:54:29 +0000
ROA not before:           Sat 01 Jan 2022 02:54:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41368
IP address blocks:        89.29.128.0/20 maxlen: 20
                          89.29.144.0/21 maxlen: 21
                          185.64.243.0/24 maxlen: 24
                          89.29.152.0/22 maxlen: 22
                          89.29.157.0/24 maxlen: 24
                          89.29.156.0/24 maxlen: 24
                          89.29.156.0/22 maxlen: 22
                          89.29.159.0/24 maxlen: 24
                          89.29.158.0/24 maxlen: 24
                          176.57.104.0/22 maxlen: 22
                          176.57.108.0/22 maxlen: 22
                          89.29.232.0/22 maxlen: 22
                          89.29.236.0/22 maxlen: 22
                          89.29.254.0/24 maxlen: 24
                          185.40.37.0/24 maxlen: 24
                          185.40.38.0/23 maxlen: 23
                          2a00:4b80:3::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 95576093 (0x5b2601d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c11139ae553d6dc7307887f467e4207880045eb
        Validity
            Not Before: Jan  1 02:54:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a9461f14ede02d3d37a7e767c8598dd599e96499
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:87:b6:f8:81:d4:7b:f0:4d:2f:bb:c1:c3:dd:
                    ea:64:d9:f0:2d:c9:cb:69:74:4c:a7:b5:16:20:b7:
                    9a:99:96:34:ac:24:3e:9e:65:62:31:25:5f:f3:b7:
                    de:8e:6c:f8:22:f8:e0:3f:02:4e:af:2e:41:8f:6d:
                    bf:1d:f5:4f:60:a3:ac:98:69:64:8f:df:49:39:61:
                    e8:86:4d:ca:fe:70:0c:43:5d:03:e4:a9:2c:70:4f:
                    a5:fb:dd:22:1f:da:db:90:c6:26:b6:2c:a9:ad:68:
                    bd:8a:45:bc:d9:19:b1:5e:5e:27:51:af:fc:05:fa:
                    f2:c7:7d:b1:e2:65:b8:04:5b:c4:c3:12:6b:c2:22:
                    3c:50:ef:ac:65:6a:be:aa:38:dd:ae:15:d0:b5:47:
                    0e:6b:e8:70:a2:04:96:a6:08:4f:71:e8:8a:e5:3f:
                    3e:47:55:9a:ec:b4:e2:a0:4a:9b:e6:d9:95:ec:1f:
                    80:5f:fc:55:ee:16:c2:1f:c4:da:8d:37:9f:f7:72:
                    26:0e:d1:be:8e:36:49:8c:12:00:8c:49:34:40:55:
                    d3:9a:4e:e1:50:14:15:38:b2:ba:8e:f2:c0:26:8d:
                    29:22:7b:c0:ee:7a:ff:95:69:e9:af:b0:eb:da:60:
                    ad:bf:cc:07:02:71:1f:53:17:6c:ba:e2:66:f1:9b:
                    de:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:46:1F:14:ED:E0:2D:3D:37:A7:E7:67:C8:59:8D:D5:99:E9:64:99
            X509v3 Authority Key Identifier:
                keyid:9C:11:13:9A:E5:53:D6:DC:73:07:88:7F:46:7E:42:07:88:00:45:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nBETmuVT1txzB4h_Rn5CB4gARes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/d58727-d970-44d9-abdc-93b3ad12d2f3/1/qUYfFO3gLT03p-dnyFmN1ZnpZJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/d58727-d970-44d9-abdc-93b3ad12d2f3/1/nBETmuVT1txzB4h_Rn5CB4gARes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.29.128.0/19
                  89.29.232.0/21
                  89.29.254.0/24
                  176.57.104.0/21
                  185.40.37.0-185.40.39.255
                  185.64.243.0/24
                IPv6:
                  2a00:4b80:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:6d:92:46:b4:1e:a1:c2:43:c0:aa:b1:41:78:84:1e:d5:cd:
         79:f1:48:3b:d2:78:12:e1:0e:31:a2:5e:ed:f3:a1:d2:82:40:
         cf:d7:65:b2:7d:99:09:73:a3:04:c2:8f:e3:40:38:11:69:e4:
         fc:ba:43:c2:ae:41:fc:f2:01:84:76:24:8c:5e:45:b9:a5:31:
         6f:08:05:5a:b7:e6:3d:40:8e:ee:bb:0c:9b:c7:a5:58:65:ed:
         2b:73:fd:2e:2a:ca:fb:63:86:fb:71:20:d2:f0:39:a7:2d:f8:
         08:fa:cb:cd:a4:ca:fc:44:35:a3:46:30:3f:0e:1f:2b:17:a5:
         eb:d7:7a:d4:5c:f2:6b:f7:2f:9c:87:2d:09:32:97:59:79:2c:
         ac:c5:8b:9a:df:f1:79:30:01:04:84:5f:67:22:7f:06:b2:7d:
         a3:33:c8:6a:4b:6a:fa:14:66:95:f0:30:f9:38:5d:0b:69:6e:
         d6:24:86:43:34:44:26:db:a5:65:66:3e:e7:b1:3b:31:8b:4c:
         40:02:65:fe:7d:5d:fa:ed:5e:59:c2:7a:55:db:bf:75:07:8c:
         16:7f:da:8e:04:10:6f:49:80:7b:2a:6e:89:44:ee:3b:10:20:
         0f:cc:e4:d6:f9:8f:b9:58:96:d8:ba:16:a4:c5:09:e3:11:7a:
         07:7b:49:f2
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIEBbJgHTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YzExMTM5YWU1NTNkNmRjNzMwNzg4N2Y0NjdlNDIwNzg4MDA0NWViMB4XDTIyMDEw
MTAyNTQyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTk0NjFmMTRlZGUw
MmQzZDM3YTdlNzY3Yzg1OThkZDU5OWU5NjQ5OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKGHtviB1HvwTS+7wcPd6mTZ8C3Jy2l0TKe1FiC3mpmWNKwk
Pp5lYjElX/O33o5s+CL44D8CTq8uQY9tvx31T2CjrJhpZI/fSTlh6IZNyv5wDENd
A+SpLHBPpfvdIh/a25DGJrYsqa1ovYpFvNkZsV5eJ1Gv/AX68sd9seJluARbxMMS
a8IiPFDvrGVqvqo43a4V0LVHDmvocKIElqYIT3HoiuU/PkdVmuy04qBKm+bZlewf
gF/8Ve4Wwh/E2o03n/dyJg7Rvo42SYwSAIxJNEBV05pO4VAUFTiyuo7ywCaNKSJ7
wO56/5Vp6a+w69pgrb/MBwJxH1MXbLriZvGb3gUCAwEAAaOCAkAwggI8MB0GA1Ud
DgQWBBSpRh8U7eAtPTen52fIWY3VmelkmTAfBgNVHSMEGDAWgBScEROa5VPW3HMH
iH9GfkIHiABF6zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L25CRVRtdVZUMXR4ekI0aF9SbjVDQjRnQVJlcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTUvZDU4NzI3LWQ5NzAtNDRkOS1hYmRjLTkzYjNhZDEyZDJmMy8x
L3FVWWZGTzNnTFQwM3AtZG55Rm1OMVpucFpKay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTUv
ZDU4NzI3LWQ5NzAtNDRkOS1hYmRjLTkzYjNhZDEyZDJmMy8xL25CRVRtdVZUMXR4
ekI0aF9SbjVDQjRnQVJlcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBW
BggrBgEFBQcBBwEB/wRHMEUwMgQCAAEwLAMEBVkdgAMEA1kd6AMEAFkd/gMEA7A5
aDAMAwQAuSglAwQDuSggAwQAuUDzMA8EAgACMAkDBwAqAEuAAAMwDQYJKoZIhvcN
AQELBQADggEBAIhtkka0HqHCQ8CqsUF4hB7VzXnxSDvSeBLhDjGiXu3zodKCQM/X
ZbJ9mQlzowTCj+NAOBFp5Py6Q8KuQfzyAYR2JIxeRbmlMW8IBVq35j1Aju67DJvH
pVhl7Stz/S4qyvtjhvtxINLwOact+Aj6y82kyvxENaNGMD8OHysXpevXetRc8mv3
L5yHLQkyl1l5LKzFi5rf8XkwAQSEX2cifwayfaMzyGpLavoUZpXwMPk4XQtpbtYk
hkM0RCbbpWVmPuexOzGLTEACZf59XfrtXlnCelXbv3UHjBZ/2o4EEG9JgHsqbolE
7jsQIA/M5Nb5j7lYlti6FqTFCeMRegd7SfI=
-----END CERTIFICATE-----