Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/28e56f-cf1a-43e0-84c3-52da8be640f4/1/ATqjTXf01wkrpxskthDuAseCHmI.roa
File:                     ATqjTXf01wkrpxskthDuAseCHmI.roa (raw, json)
Hash identifier:          8GZJEbU/p1VYCYbt3UQ1QIJKXvo3BbUZ285uALY2ybo=
Subject key identifier:   01:3A:A3:4D:77:F4:D7:09:2B:A7:1B:24:B6:10:EE:02:C7:82:1E:62
Certificate issuer:       /CN=fbb330fac14c6216a74f5d9317544b63f2c118dc
Certificate serial:       09E5CF1D
Authority key identifier: FB:B3:30:FA:C1:4C:62:16:A7:4F:5D:93:17:54:4B:63:F2:C1:18:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-7Mw-sFMYhanT12TF1RLY_LBGNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/28e56f-cf1a-43e0-84c3-52da8be640f4/1/ATqjTXf01wkrpxskthDuAseCHmI.roa
Signing time:             Thu 23 Jun 2022 15:54:30 +0000
ROA not before:           Thu 23 Jun 2022 15:54:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202265
IP address blocks:        45.87.161.0/24 maxlen: 24
                          45.87.160.0/24 maxlen: 24
                          2a04:5b81:1fff::/48 maxlen: 48
                          2a04:5b80:53::/48 maxlen: 48
                          2a04:5b81:1000::/40 maxlen: 48
                          2a04:5b87:1::/48 maxlen: 48
                          2a04:5b84:1::/48 maxlen: 48
                          2a04:5b81:2020::/44 maxlen: 44
                          2a04:5b82::/44 maxlen: 44
                          2a04:5b81:2010::/44 maxlen: 48
                          2a04:5b82:8::/48 maxlen: 48
                          2a04:5b80::/48 maxlen: 48
                          2a04:5b80:200::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 166055709 (0x9e5cf1d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbb330fac14c6216a74f5d9317544b63f2c118dc
        Validity
            Not Before: Jun 23 15:54:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=013aa34d77f4d7092ba71b24b610ee02c7821e62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:22:3a:84:e8:b5:07:35:0b:b2:df:6c:93:c3:
                    e5:f5:cc:f4:2d:72:d7:2f:fc:3f:20:74:8b:9c:a4:
                    d8:a7:12:f5:2c:90:bf:70:d9:04:18:04:a2:4b:0b:
                    b6:e5:b9:3f:49:d6:69:3b:cc:10:f9:ae:64:f3:d7:
                    a2:a8:34:c1:57:6f:ee:0d:4e:77:3c:90:ef:20:8c:
                    a3:9f:ff:aa:0a:bd:c7:a9:6a:1c:3b:1e:b5:4c:e7:
                    9b:47:1b:65:16:a1:f0:d6:c7:9c:01:7a:a3:b3:8d:
                    68:ce:0d:e0:59:4c:7d:ad:af:3a:c1:9f:90:a5:9e:
                    f1:27:f2:ae:16:57:8c:bf:61:63:fa:2a:d1:44:63:
                    84:a0:a0:08:9a:cf:8e:a6:f2:f1:34:29:36:96:55:
                    75:6f:22:20:a1:f5:ee:fd:76:56:a6:04:19:58:05:
                    c1:5e:2b:d8:5e:6e:7f:b1:be:e7:33:45:fc:fc:f7:
                    c0:b4:b3:ac:f7:2a:79:8b:9f:ec:06:bd:2c:76:b0:
                    b8:a6:25:dd:eb:06:bf:9e:ed:c3:0b:2b:91:05:0f:
                    b1:a5:59:17:ad:0b:b1:1c:1b:4e:a6:48:20:2e:73:
                    d4:12:8a:23:eb:25:e6:e5:22:7b:31:c3:f4:60:36:
                    67:d7:29:20:31:b1:15:e7:1f:cb:2c:54:1d:33:d8:
                    ad:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:3A:A3:4D:77:F4:D7:09:2B:A7:1B:24:B6:10:EE:02:C7:82:1E:62
            X509v3 Authority Key Identifier:
                keyid:FB:B3:30:FA:C1:4C:62:16:A7:4F:5D:93:17:54:4B:63:F2:C1:18:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-7Mw-sFMYhanT12TF1RLY_LBGNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/28e56f-cf1a-43e0-84c3-52da8be640f4/1/ATqjTXf01wkrpxskthDuAseCHmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/28e56f-cf1a-43e0-84c3-52da8be640f4/1/1-7Mw-sFMYhanT12TF1RLY_LBGNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.160.0/23
                IPv6:
                  2a04:5b80::/48
                  2a04:5b80:53::/48
                  2a04:5b80:200::/48
                  2a04:5b81:1000::/40
                  2a04:5b81:1fff::/48
                  2a04:5b81:2010::-2a04:5b81:202f:ffff:ffff:ffff:ffff:ffff
                  2a04:5b82::/44
                  2a04:5b84:1::/48
                  2a04:5b87:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:ea:dd:71:3a:e3:cf:06:0b:4f:34:4c:90:cc:46:c9:7a:bb:
         e0:a8:5d:7d:a5:1d:64:eb:97:7d:df:00:b4:af:a4:9f:23:d8:
         35:e7:de:a3:6e:47:6c:6f:25:43:cd:1a:3e:71:93:0e:53:27:
         50:9e:ab:15:8b:3e:11:45:c9:a6:54:65:32:16:7a:60:37:f1:
         8f:2a:d8:b7:20:c8:ab:5b:f8:3a:48:28:25:79:07:9a:c9:b5:
         5a:63:28:60:3b:2b:9e:e2:5b:3f:44:dc:1a:31:72:d4:27:95:
         9d:a2:b5:a1:fe:70:43:28:f7:53:af:57:82:9b:55:05:67:9f:
         48:64:bf:a2:b8:01:33:3c:74:c7:c4:28:79:ad:5f:99:14:de:
         cd:55:b8:6f:c2:c3:12:35:cc:31:b1:02:34:4c:e5:94:b4:18:
         a9:c0:ee:45:90:19:f2:1e:1a:dc:99:51:00:46:32:ab:23:ef:
         63:39:f2:12:00:b1:20:79:fb:72:6b:f9:b5:29:5a:77:48:32:
         7f:64:b4:b7:58:fd:5b:93:38:0c:7d:d7:2d:6f:50:b5:ae:25:
         6d:e0:cb:dd:cd:18:c1:5a:6b:f4:6c:95:55:e0:8e:d6:30:b1:
         58:af:66:41:ce:83:b0:81:96:6b:a6:3a:2b:43:bc:03:03:04:
         9f:b7:72:5d
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgIECeXPHTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YmIzMzBmYWMxNGM2MjE2YTc0ZjVkOTMxNzU0NGI2M2YyYzExOGRjMB4XDTIyMDYy
MzE1NTQzMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDEzYWEzNGQ3N2Y0
ZDcwOTJiYTcxYjI0YjYxMGVlMDJjNzgyMWU2MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM8iOoTotQc1C7LfbJPD5fXM9C1y1y/8PyB0i5yk2KcS9SyQ
v3DZBBgEoksLtuW5P0nWaTvMEPmuZPPXoqg0wVdv7g1OdzyQ7yCMo5//qgq9x6lq
HDsetUznm0cbZRah8NbHnAF6o7ONaM4N4FlMfa2vOsGfkKWe8SfyrhZXjL9hY/oq
0URjhKCgCJrPjqby8TQpNpZVdW8iIKH17v12VqYEGVgFwV4r2F5uf7G+5zNF/Pz3
wLSzrPcqeYuf7Aa9LHawuKYl3esGv57twwsrkQUPsaVZF60LsRwbTqZIIC5z1BKK
I+sl5uUiezHD9GA2Z9cpIDGxFecfyyxUHTPYrdkCAwEAAaOCAm8wggJrMB0GA1Ud
DgQWBBQBOqNNd/TXCSunGyS2EO4Cx4IeYjAfBgNVHSMEGDAWgBT7szD6wUxiFqdP
XZMXVEtj8sEY3DAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtN013LXNGTVloYW5UMTJURjFSTFlfTEJHTncuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzAyLzI4ZTU2Zi1jZjFhLTQzZTAtODRjMy01MmRhOGJlNjQwZjQv
MS9BVHFqVFhmMDF3a3JweHNrdGhEdUFzZUNIbUkucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAy
LzI4ZTU2Zi1jZjFhLTQzZTAtODRjMy01MmRhOGJlNjQwZjQvMS8xLTdNdy1zRk1Z
aGFuVDEyVEYxUkxZX0xCR053LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MIGCBggrBgEFBQcBBwEB/wRzMHEwDAQCAAEwBgMEAS1XoDBhBAIAAjBbAwcAKgRb
gAAAAwcAKgRbgABTAwcAKgRbgAIAAwYAKgRbgRADBwAqBFuBH/8wEgMHBCoEW4Eg
EAMHBCoEW4EgIAMHBCoEW4IAAAMHACoEW4QAAQMHACoEW4cAATANBgkqhkiG9w0B
AQsFAAOCAQEAaurdcTrjzwYLTzRMkMxGyXq74KhdfaUdZOuXfd8AtK+knyPYNefe
o25HbG8lQ80aPnGTDlMnUJ6rFYs+EUXJplRlMhZ6YDfxjyrYtyDIq1v4OkgoJXkH
msm1WmMoYDsrnuJbP0TcGjFy1CeVnaK1of5wQyj3U69XgptVBWefSGS/orgBMzx0
x8Qoea1fmRTezVW4b8LDEjXMMbECNEzllLQYqcDuRZAZ8h4a3JlRAEYyqyPvYzny
EgCxIHn7cmv5tSlad0gyf2S0t1j9W5M4DH3XLW9Qta4lbeDL3c0YwVpr9GyVVeCO
1jCxWK9mQc6DsIGWa6Y6K0O8AwMEn7dyXQ==
-----END CERTIFICATE-----