Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/kfkPnhh7kDb7t5ZVRe1oSAyVEZM.roa
File:                     kfkPnhh7kDb7t5ZVRe1oSAyVEZM.roa (raw, json)
Hash identifier:          pwa5WUBt77o74MEQW7pGQ/jWBRknn0Q+Fn5gZy0bwWc=
Subject key identifier:   91:F9:0F:9E:18:7B:90:36:FB:B7:96:55:45:ED:68:48:0C:95:11:93
Certificate issuer:       /CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Certificate serial:       01837C6837E76F9C326A1FC6ED23255FEE2B
Authority key identifier: 52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/kfkPnhh7kDb7t5ZVRe1oSAyVEZM.roa
Signing time:             Tue 27 Sep 2022 00:45:48 +0000
ROA not before:           Tue 27 Sep 2022 00:45:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     62240
IP address blocks:        78.136.196.0/22 maxlen: 24
                          78.136.202.0/23 maxlen: 24
                          88.204.40.0/23 maxlen: 24
                          78.136.200.0/23 maxlen: 24
                          88.204.44.0/23 maxlen: 24
                          78.136.204.0/22 maxlen: 24
                          88.204.42.0/23 maxlen: 24
                          88.204.46.0/23 maxlen: 24
                          83.172.60.0/24 maxlen: 24
                          83.172.63.0/24 maxlen: 24
                          78.136.250.0/23 maxlen: 24
                          78.136.248.0/23 maxlen: 24
                          78.136.252.0/23 maxlen: 24
                          78.136.254.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:7c:68:37:e7:6f:9c:32:6a:1f:c6:ed:23:25:5f:ee:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
        Validity
            Not Before: Sep 27 00:45:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=91f90f9e187b9036fbb7965545ed68480c951193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:40:77:aa:83:7d:c2:3c:86:c1:0e:ef:77:79:
                    4f:8c:c1:4a:34:ac:62:20:de:0e:ba:c0:c2:21:50:
                    33:1a:df:ae:5f:40:1d:71:b9:9f:34:52:84:a6:da:
                    5b:c7:72:15:88:66:8e:6b:ae:71:4a:ed:4d:da:48:
                    39:94:c7:88:47:5d:66:03:4e:6f:40:b6:46:10:7b:
                    dc:1f:4d:eb:13:29:03:3b:63:c0:f7:12:9e:f0:71:
                    6b:ec:2e:df:4a:7a:1f:5a:d7:f6:95:ad:5e:2d:af:
                    97:29:10:48:bb:06:76:80:a3:18:1e:86:1d:c7:d9:
                    de:ee:f0:e6:b3:cb:b5:2c:58:15:df:8a:70:2c:31:
                    60:42:ec:02:43:e7:a8:b8:1a:9f:a9:32:b5:5c:2b:
                    eb:4f:cf:13:6f:8b:03:2f:74:cd:0e:27:2c:bf:99:
                    16:27:37:0d:d5:72:e9:88:5a:1d:14:73:c8:d3:c5:
                    60:7a:66:45:b6:54:35:03:7d:cc:09:d4:5e:28:40:
                    9a:e7:b4:6b:ac:b9:a4:67:dd:e2:e8:f4:8f:39:aa:
                    de:e2:69:81:c9:7c:8d:0f:51:3c:ff:87:26:bd:76:
                    2c:6e:39:e4:35:d5:7c:9d:ce:c0:86:d6:11:4f:cc:
                    0a:f8:07:c6:2f:4c:c2:db:eb:87:a9:3e:5c:dd:ba:
                    ce:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:F9:0F:9E:18:7B:90:36:FB:B7:96:55:45:ED:68:48:0C:95:11:93
            X509v3 Authority Key Identifier:
                keyid:52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/kfkPnhh7kDb7t5ZVRe1oSAyVEZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/UpwnMJi1J2jKDkSjosFu_tSmXKA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.136.196.0-78.136.207.255
                  78.136.248.0-78.136.254.255
                  83.172.60.0/24
                  83.172.63.0/24
                  88.204.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         04:70:2a:3d:2d:bd:5c:e2:12:3e:e7:80:a4:1c:f8:ff:b3:c0:
         ce:56:82:60:22:aa:18:95:80:20:30:25:5e:13:6e:b0:94:5c:
         27:ed:82:3b:f9:d2:97:fa:43:a0:43:59:8f:e2:98:05:b5:ae:
         5a:4f:96:90:68:bb:41:08:91:7e:cc:10:73:ff:25:22:fe:ad:
         fa:ab:fd:77:d9:e5:ca:46:f4:eb:dc:4b:47:bd:a5:e7:79:61:
         65:4e:df:a8:1f:cf:49:c4:ac:86:d7:ac:2e:e4:d1:42:72:e5:
         a2:f4:7f:ab:1a:8f:ab:53:d3:8a:4c:ae:1a:c0:c0:bf:f6:18:
         59:68:9b:1c:9e:b7:49:0a:b3:a8:e9:ef:3c:26:55:5e:cc:bf:
         9d:95:5c:0b:5d:46:f8:df:18:09:c8:36:42:f0:b5:6d:5a:8b:
         a6:09:92:04:3b:90:98:2c:f6:9d:0a:0b:c4:2e:18:12:d2:3d:
         83:15:1d:0b:9e:f1:83:3d:d7:84:5e:ee:9b:cb:c6:ac:ed:6a:
         dc:08:19:e3:3b:f1:e9:ae:46:34:3f:74:2d:aa:a3:19:f7:36:
         cf:d3:75:1e:43:3f:da:3c:32:3a:c1:8c:da:0a:a1:2b:b3:15:
         5b:7b:38:e0:b6:7d:78:1a:94:72:4e:17:18:48:88:48:9d:e5:
         45:e5:78:a7
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYN8aDfnb5wyah/G7SMlX+4rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWMyNzMwOThiNTI3NjhjYTBlNDRhM2EyYzE2ZWZlZDRh
NjVjYTAwHhcNMjIwOTI3MDA0NTQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWY5MGY5ZTE4N2I5MDM2ZmJiNzk2NTU0NWVkNjg0ODBjOTUxMTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0B3qoN9wjyGwQ7vd3lPjMFKNKxi
IN4OusDCIVAzGt+uX0AdcbmfNFKEptpbx3IViGaOa65xSu1N2kg5lMeIR11mA05v
QLZGEHvcH03rEykDO2PA9xKe8HFr7C7fSnofWtf2la1eLa+XKRBIuwZ2gKMYHoYd
x9ne7vDms8u1LFgV34pwLDFgQuwCQ+eouBqfqTK1XCvrT88Tb4sDL3TNDicsv5kW
JzcN1XLpiFodFHPI08VgemZFtlQ1A33MCdReKECa57RrrLmkZ93i6PSPOare4mmB
yXyND1E8/4cmvXYsbjnkNdV8nc7AhtYRT8wK+AfGL0zC2+uHqT5c3brOOwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFJH5D54Ye5A2+7eWVUXtaEgMlRGTMB8GA1UdIwQY
MBaAFFKcJzCYtSdoyg5Eo6LBbv7UplygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMt
ZjMzZDNiYjM2NDg0LzEva2ZrUG5oaDdrRGI3dDVaVlJlMW9TQXlWRVpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMtZjMzZDNiYjM2NDg0
LzEvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAJOiMQD
BAROiMAwDAMEA06I+AMEAE6I/gMEAFOsPAMEAFOsPwMEA1jMKDANBgkqhkiG9w0B
AQsFAAOCAQEABHAqPS29XOISPueApBz4/7PAzlaCYCKqGJWAIDAlXhNusJRcJ+2C
O/nSl/pDoENZj+KYBbWuWk+WkGi7QQiRfswQc/8lIv6t+qv9d9nlykb069xLR72l
53lhZU7fqB/PScSshtesLuTRQnLlovR/qxqPq1PTikyuGsDAv/YYWWibHJ63SQqz
qOnvPCZVXsy/nZVcC11G+N8YCcg2QvC1bVqLpgmSBDuQmCz2nQoLxC4YEtI9gxUd
C57xgz3XhF7um8vGrO1q3AgZ4zvx6a5GND90LaqjGfc2z9N1HkM/2jwyOsGM2gqh
K7MVW3s44LZ9eBqUck4XGEiISJ3lReV4pw==
-----END CERTIFICATE-----