Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/C46Rimdf9yR6yg1uSWhLNEkgApw.roa
File:                     C46Rimdf9yR6yg1uSWhLNEkgApw.roa (raw, json)
Hash identifier:          g1WbjEyGjLnu6NXZXqyTbyfrlfZeqIob2F/u208wh/A=
Subject key identifier:   0B:8E:91:8A:67:5F:F7:24:7A:CA:0D:6E:49:68:4B:34:49:20:02:9C
Certificate issuer:       /CN=624ad4535ac88dd534199f2a726095af71afe44e
Certificate serial:       07F5AC08
Authority key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/C46Rimdf9yR6yg1uSWhLNEkgApw.roa
Signing time:             Tue 28 Jun 2022 16:50:02 +0000
ROA not before:           Tue 28 Jun 2022 16:50:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     197706
IP address blocks:        185.233.124.0/24 maxlen: 24
                          185.233.125.0/24 maxlen: 24
                          185.233.127.0/24 maxlen: 24
                          185.233.126.0/24 maxlen: 24
                          185.53.100.0/22 maxlen: 24
                          31.171.152.0/21 maxlen: 21
                          31.171.152.0/22 maxlen: 22
                          31.171.159.0/24 maxlen: 24
                          31.171.158.0/24 maxlen: 24
                          31.171.156.0/24 maxlen: 24
                          31.171.157.0/24 maxlen: 24
                          45.66.252.0/22 maxlen: 22
                          194.113.80.0/23 maxlen: 23
                          194.113.94.0/24 maxlen: 24
                          194.113.95.0/24 maxlen: 24
                          2a0d:4a40::/29 maxlen: 29
                          2a04:27c0::/29 maxlen: 29
                          2a0e:d4c0::/29 maxlen: 29
                          2a0d:42c0::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 133540872 (0x7f5ac08)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=624ad4535ac88dd534199f2a726095af71afe44e
        Validity
            Not Before: Jun 28 16:50:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0b8e918a675ff7247aca0d6e49684b344920029c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:2b:65:9d:ba:8c:68:7d:fd:5d:e7:fd:95:e5:
                    77:cc:1c:5f:0b:13:91:9a:f4:07:b9:f6:a6:06:e6:
                    a4:59:94:56:39:80:6b:18:f9:8c:27:9a:78:93:92:
                    18:52:2f:52:c2:8d:36:43:20:45:51:cd:1d:40:33:
                    e6:99:72:1a:81:68:ba:e5:c8:78:e9:3d:f1:e7:2f:
                    1c:58:46:16:5e:ce:91:53:bc:2e:65:b6:75:2c:ad:
                    42:d6:3f:5f:cf:da:dd:4c:8a:d9:f8:e8:df:13:9f:
                    7a:f7:cd:fc:cd:51:45:4c:ea:c7:f3:aa:bf:bd:26:
                    b7:45:bd:8e:35:54:69:a5:91:8d:0d:ae:9f:88:f8:
                    e3:0b:64:36:f4:76:23:84:74:dc:94:6e:fe:68:11:
                    10:c2:12:99:9f:d9:d4:c9:76:14:7e:95:aa:13:35:
                    51:40:6b:78:39:cb:5a:b6:99:31:1c:1f:e8:77:16:
                    a5:2e:15:50:75:a7:26:47:e2:1b:3c:e3:f8:cc:74:
                    8c:0a:a5:d1:8f:0a:01:6f:39:4f:fd:26:32:db:fb:
                    bb:71:0d:b4:f3:46:92:b6:93:e3:95:1c:c3:bd:90:
                    dc:ca:32:ff:ce:0e:83:a7:83:49:3d:ec:11:e8:91:
                    9f:0e:8f:a2:69:2b:37:22:ee:ac:15:60:f3:14:52:
                    10:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:8E:91:8A:67:5F:F7:24:7A:CA:0D:6E:49:68:4B:34:49:20:02:9C
            X509v3 Authority Key Identifier:
                keyid:62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/C46Rimdf9yR6yg1uSWhLNEkgApw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.171.152.0/21
                  45.66.252.0/22
                  185.53.100.0/22
                  185.233.124.0/22
                  194.113.80.0/23
                  194.113.94.0/23
                IPv6:
                  2a04:27c0::/29
                  2a0d:42c0::/29
                  2a0d:4a40::/29
                  2a0e:d4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0a:85:1c:7a:b0:ff:31:08:9d:ca:97:09:b4:f7:5e:d9:3d:97:
         c0:a2:97:06:34:9b:64:34:5d:bd:04:a3:89:44:94:72:d8:ae:
         65:b6:ac:f4:c3:84:f1:be:46:ba:04:2d:99:41:4a:3a:33:46:
         11:70:f5:7d:da:69:81:c2:b9:38:ce:16:5f:d2:54:fb:ca:a3:
         81:e1:c0:42:f6:1e:34:17:76:ab:0e:9c:66:0c:26:03:d9:94:
         a3:fa:e5:ce:1a:56:39:05:d0:3a:21:f8:e9:c4:68:b9:ab:e2:
         4f:a0:3f:1f:be:34:ec:a1:17:ce:08:0e:8c:bb:61:8f:82:47:
         7e:de:f5:8f:6f:85:dd:94:d4:3a:ae:8e:30:e1:04:48:38:61:
         42:04:88:43:4c:b0:17:26:e1:84:53:9c:1d:27:e5:a3:6a:31:
         5b:e0:be:a7:48:c0:0f:83:bc:ac:79:9b:b5:6a:25:03:db:6f:
         9f:36:f8:d3:28:a1:09:00:93:39:34:f0:0a:cd:dd:8c:fe:3d:
         0f:c3:22:e6:6a:70:e3:5d:48:81:3b:5f:67:2e:08:37:be:30:
         c2:20:e4:d1:1a:09:9e:82:c0:80:30:53:42:f1:52:5a:5c:da:
         be:1f:8d:9b:34:86:38:7b:d9:c3:08:50:60:8e:ab:87:aa:57:
         8a:d9:73:3f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIEB/WsCDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
MjRhZDQ1MzVhYzg4ZGQ1MzQxOTlmMmE3MjYwOTVhZjcxYWZlNDRlMB4XDTIyMDYy
ODE2NTAwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGI4ZTkxOGE2NzVm
ZjcyNDdhY2EwZDZlNDk2ODRiMzQ0OTIwMDI5YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIwrZZ26jGh9/V3n/ZXld8wcXwsTkZr0B7n2pgbmpFmUVjmA
axj5jCeaeJOSGFIvUsKNNkMgRVHNHUAz5plyGoFouuXIeOk98ecvHFhGFl7OkVO8
LmW2dSytQtY/X8/a3UyK2fjo3xOfevfN/M1RRUzqx/Oqv70mt0W9jjVUaaWRjQ2u
n4j44wtkNvR2I4R03JRu/mgREMISmZ/Z1Ml2FH6VqhM1UUBreDnLWraZMRwf6HcW
pS4VUHWnJkfiGzzj+Mx0jAql0Y8KAW85T/0mMtv7u3ENtPNGkraT45Ucw72Q3Moy
/84Og6eDST3sEeiRnw6PomkrNyLurBVg8xRSEOkCAwEAAaOCAkswggJHMB0GA1Ud
DgQWBBQLjpGKZ1/3JHrKDW5JaEs0SSACnDAfBgNVHSMEGDAWgBRiStRTWsiN1TQZ
nypyYJWvca/kTjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1lrclVVMXJJamRVMEdaOHFjbUNWcjNHdjVFNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDAvYWExMDE5LTU2NGYtNGM0Ni1hMjE3LWZiNTk0OTgwOGRkYy8x
L0M0NlJpbWRmOXlSNnlnMXVTV2hMTkVrZ0Fwdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDAv
YWExMDE5LTU2NGYtNGM0Ni1hMjE3LWZiNTk0OTgwOGRkYy8xL1lrclVVMXJJamRV
MEdaOHFjbUNWcjNHdjVFNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBh
BggrBgEFBQcBBwEB/wRSMFAwKgQCAAEwJAMEAx+rmAMEAi1C/AMEArk1ZAMEArnp
fAMEAcJxUAMEAcJxXjAiBAIAAjAcAwUDKgQnwAMFAyoNQsADBQMqDUpAAwUDKg7U
wDANBgkqhkiG9w0BAQsFAAOCAQEACoUcerD/MQidypcJtPde2T2XwKKXBjSbZDRd
vQSjiUSUctiuZbas9MOE8b5GugQtmUFKOjNGEXD1fdppgcK5OM4WX9JU+8qjgeHA
QvYeNBd2qw6cZgwmA9mUo/rlzhpWOQXQOiH46cRouaviT6A/H7407KEXzggOjLth
j4JHft71j2+F3ZTUOq6OMOEESDhhQgSIQ0ywFybhhFOcHSflo2oxW+C+p0jAD4O8
rHmbtWolA9tvnzb40yihCQCTOTTwCs3djP49D8Mi5mpw411IgTtfZy4IN74wwiDk
0RoJnoLAgDBTQvFSWlzavh+NmzSGOHvZwwhQYI6rh6pXitlzPw==
-----END CERTIFICATE-----