Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/cHxhJze_LD4uh0YgkARPU-Lxkac.roa
File:                     cHxhJze_LD4uh0YgkARPU-Lxkac.roa (raw, json)
Hash identifier:          Mbzdoi1w4KsAzix20RAgQC6fsSEOH0n9GQjaxVQ6vs4=
Subject key identifier:   70:7C:61:27:37:BF:2C:3E:2E:87:46:20:90:04:4F:53:E2:F1:91:A7
Certificate issuer:       /CN=e754c347d68d15493de71bb962f0a567e134d603
Certificate serial:       018A1C8409DF25CD029FEFBAE8972CAC9B87
Authority key identifier: E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/cHxhJze_LD4uh0YgkARPU-Lxkac.roa
Signing time:             Tue 22 Aug 2023 09:12:09 +0000
ROA not before:           Tue 22 Aug 2023 09:12:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     64080
IP address blocks:        45.43.64.0/19 maxlen: 24
                          45.43.68.0/22 maxlen: 24
                          45.43.84.0/23 maxlen: 24
                          45.43.80.0/22 maxlen: 24
                          198.105.96.0/19 maxlen: 24
                          198.105.100.0/22 maxlen: 24
                          89.33.6.0/23 maxlen: 24
                          155.254.32.0/19 maxlen: 24
                          155.254.48.0/23 maxlen: 24
                          107.181.132.0/23 maxlen: 24
                          107.181.128.0/19 maxlen: 24
                          107.181.140.0/22 maxlen: 24
                          107.181.148.0/23 maxlen: 24
                          2a05:9f46::/32 maxlen: 48
                          2a05:9f47::/32 maxlen: 48
                          2a07:9946::/32 maxlen: 48
                          2a05:9f40:1f::/48 maxlen: 48
                          2a05:9f44:2a05::/48 maxlen: 48
                          2a07:9947::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:1c:84:09:df:25:cd:02:9f:ef:ba:e8:97:2c:ac:9b:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e754c347d68d15493de71bb962f0a567e134d603
        Validity
            Not Before: Aug 22 09:12:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=707c612737bf2c3e2e87462090044f53e2f191a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c1:2b:fa:6a:a1:07:cf:44:3a:08:bb:ca:7e:
                    76:9a:e2:a7:15:d7:44:dd:89:eb:56:7e:0d:b6:15:
                    40:99:ae:f7:63:cf:bc:62:1d:e0:e7:db:d4:ab:13:
                    b0:41:d5:ce:37:16:a8:c8:cb:2b:bb:11:a7:3d:d6:
                    e5:ac:8a:f7:44:d1:d3:79:43:51:de:e0:da:b5:b2:
                    65:10:6d:b6:95:55:c6:8d:46:e9:6e:e6:d3:13:8c:
                    ac:7d:cc:f7:de:c1:0a:a0:a8:ea:5d:df:fc:2d:e7:
                    9f:94:c0:d2:dd:ab:6a:dc:7c:7f:19:1c:7f:39:4f:
                    87:93:97:68:b8:8b:d4:9f:d8:d0:e9:b3:be:a4:70:
                    1c:15:50:5a:73:e0:97:7e:b2:90:c3:5c:a1:d1:e9:
                    ca:15:46:79:57:8c:dd:20:20:99:05:8a:38:a6:23:
                    b4:0a:5c:4e:fe:ad:3a:3b:96:9d:33:af:b0:24:0f:
                    ae:1b:d3:87:4a:3d:5a:6b:ae:1b:42:c9:f1:83:6f:
                    0f:05:16:88:de:24:9d:65:63:d9:e7:06:ce:e5:74:
                    3b:12:ff:9e:18:fe:39:92:bf:06:e2:b6:24:6c:99:
                    bd:73:0e:9c:3b:26:74:3d:6e:df:e9:58:2a:7d:db:
                    47:d4:78:56:c8:7f:ca:21:fa:de:02:41:cd:26:d8:
                    57:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:7C:61:27:37:BF:2C:3E:2E:87:46:20:90:04:4F:53:E2:F1:91:A7
            X509v3 Authority Key Identifier:
                keyid:E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/cHxhJze_LD4uh0YgkARPU-Lxkac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.64.0/19
                  89.33.6.0/23
                  107.181.128.0/19
                  155.254.32.0/19
                  198.105.96.0/19
                IPv6:
                  2a05:9f40:1f::/48
                  2a05:9f44:2a05::/48
                  2a05:9f46::/31
                  2a07:9946::/31

    Signature Algorithm: sha256WithRSAEncryption
         b7:e5:11:ea:40:00:db:52:fb:44:54:31:e7:f0:10:05:56:ac:
         c5:1d:f0:e7:d5:c0:2a:c2:8e:df:46:09:70:0d:4e:56:4a:75:
         d8:99:88:a4:e3:65:5e:7e:65:4a:e1:96:6a:26:87:4e:b8:b9:
         51:6f:d1:78:55:9c:ae:b8:8d:fb:fe:5a:28:df:68:bf:c7:c6:
         d9:bd:b5:0d:44:10:87:3c:16:f5:e9:37:55:8c:ad:3b:cb:be:
         4e:a7:a3:3b:44:cc:0e:e5:da:a6:99:2f:c8:54:60:a0:66:3c:
         de:86:c8:b8:eb:6a:29:37:bc:b7:ce:92:67:97:df:cc:75:27:
         a6:ff:ab:d8:c4:3b:f0:21:85:12:d1:02:10:c7:de:bd:c4:18:
         cd:3a:65:f9:8f:73:fb:1a:5e:34:3a:fd:db:05:ea:68:35:00:
         88:83:6b:a8:1a:ba:23:61:f6:b6:fd:a7:42:69:ec:33:4e:9b:
         36:7d:13:8c:8a:8b:7a:20:cb:c3:d5:67:63:07:f2:27:c0:f7:
         ab:92:ee:9d:b3:82:58:3d:37:36:94:a5:33:49:e2:af:58:04:
         d6:4d:c6:d8:a4:85:04:20:5c:d1:78:f2:78:17:c2:41:d5:68:
         36:6e:77:2c:8e:bd:0a:05:64:26:27:04:aa:14:9c:8b:c6:ea:
         00:89:03:32
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYochAnfJc0Cn++66JcsrJuHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTRjMzQ3ZDY4ZDE1NDkzZGU3MWJiOTYyZjBhNTY3ZTEz
NGQ2MDMwHhcNMjMwODIyMDkxMjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDdjNjEyNzM3YmYyYzNlMmU4NzQ2MjA5MDA0NGY1M2UyZjE5MWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8Er+mqhB89EOgi7yn52muKnFddE
3YnrVn4NthVAma73Y8+8Yh3g59vUqxOwQdXONxaoyMsruxGnPdblrIr3RNHTeUNR
3uDatbJlEG22lVXGjUbpbubTE4ysfcz33sEKoKjqXd/8LeeflMDS3atq3Hx/GRx/
OU+Hk5douIvUn9jQ6bO+pHAcFVBac+CXfrKQw1yh0enKFUZ5V4zdICCZBYo4piO0
ClxO/q06O5adM6+wJA+uG9OHSj1aa64bQsnxg28PBRaI3iSdZWPZ5wbO5XQ7Ev+e
GP45kr8G4rYkbJm9cw6cOyZ0PW7f6VgqfdtH1HhWyH/KIfreAkHNJthX4QIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFHB8YSc3vyw+LodGIJAET1Pi8ZGnMB8GA1UdIwQY
MBaAFOdUw0fWjRVJPecbuWLwpWfhNNYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2It
MzdiNjJkMjIzOTI0LzEvY0h4aEp6ZV9MRDR1aDBZZ2tBUlBVLUx4a2FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2ItMzdiNjJkMjIzOTI0
LzEvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjAkBAIAATAeAwQFLStAAwQB
WSEGAwQFa7WAAwQFm/4gAwQFxmlgMCYEAgACMCADBwAqBZ9AAB8DBwAqBZ9EKgUD
BQEqBZ9GAwUBKgeZRjANBgkqhkiG9w0BAQsFAAOCAQEAt+UR6kAA21L7RFQx5/AQ
BVasxR3w59XAKsKO30YJcA1OVkp12JmIpONlXn5lSuGWaiaHTri5UW/ReFWcrriN
+/5aKN9ov8fG2b21DUQQhzwW9ek3VYytO8u+TqejO0TMDuXappkvyFRgoGY83obI
uOtqKTe8t86SZ5ffzHUnpv+r2MQ78CGFEtECEMfevcQYzTpl+Y9z+xpeNDr92wXq
aDUAiINrqBq6I2H2tv2nQmnsM06bNn0TjIqLeiDLw9VnYwfyJ8D3q5LunbOCWD03
NpSlM0nir1gE1k3G2KSFBCBc0XjyeBfCQdVoNm53LI69CgVkJicEqhSci8bqAIkD
Mg==
-----END CERTIFICATE-----