Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/28e56f-cf1a-43e0-84c3-52da8be640f4/1/JbxaZE7iadsuBHIsLI9YsZQmi4Y.roa
File:                     JbxaZE7iadsuBHIsLI9YsZQmi4Y.roa (raw, json)
Hash identifier:          c209YJj9Pct44dqjfmXRQF7kpXMrSZNjNx/FfIx/hWk=
Subject key identifier:   25:BC:5A:64:4E:E2:69:DB:2E:04:72:2C:2C:8F:58:B1:94:26:8B:86
Certificate issuer:       /CN=fbb330fac14c6216a74f5d9317544b63f2c118dc
Certificate serial:       0928503C
Authority key identifier: FB:B3:30:FA:C1:4C:62:16:A7:4F:5D:93:17:54:4B:63:F2:C1:18:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-7Mw-sFMYhanT12TF1RLY_LBGNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/28e56f-cf1a-43e0-84c3-52da8be640f4/1/JbxaZE7iadsuBHIsLI9YsZQmi4Y.roa
Signing time:             Tue 29 Mar 2022 13:44:41 +0000
ROA not before:           Tue 29 Mar 2022 13:44:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202265
IP address blocks:        45.87.161.0/24 maxlen: 24
                          45.87.160.0/24 maxlen: 24
                          2a04:5b81:1fff::/48 maxlen: 48
                          2a04:5b80:53::/48 maxlen: 48
                          2a04:5b81:1000::/40 maxlen: 48
                          2a04:5b82::/32 maxlen: 32
                          2a04:5b87:1::/48 maxlen: 48
                          2a04:5b84:1::/48 maxlen: 48
                          2a04:5b81:2020::/44 maxlen: 44
                          2a04:5b82::/44 maxlen: 44
                          2a04:5b81:2050::/44 maxlen: 48
                          2a04:5b81:2010::/44 maxlen: 48
                          2a04:5b82:8::/48 maxlen: 48
                          2a04:5b80:300::/48 maxlen: 48
                          2a04:5b80::/48 maxlen: 48
                          2a04:5b80:200::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 153636924 (0x928503c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbb330fac14c6216a74f5d9317544b63f2c118dc
        Validity
            Not Before: Mar 29 13:44:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=25bc5a644ee269db2e04722c2c8f58b194268b86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:e1:6f:46:93:c0:11:a2:b3:bd:02:e1:7b:1f:
                    78:92:1f:80:02:5f:27:04:93:e4:eb:fe:c3:39:24:
                    68:d0:e6:c0:2c:1e:1d:be:85:31:3d:46:e5:b5:e7:
                    24:b4:73:52:bb:14:d3:13:3a:91:ab:26:28:2c:fb:
                    94:b9:40:5e:7c:06:8a:7c:7f:1d:cf:bb:25:fb:db:
                    11:8b:20:44:4d:aa:06:be:1a:2b:fc:49:ca:d2:81:
                    47:b7:bc:9d:80:51:e1:1c:7e:6f:6b:6a:5f:a3:c0:
                    9c:18:35:09:5d:13:0d:f9:bd:0f:08:72:73:cc:3e:
                    da:c7:22:39:c4:c6:94:3e:b8:35:0d:cc:e4:9e:6e:
                    36:d8:a8:ad:fa:74:c6:38:88:08:a0:7a:9a:8b:90:
                    40:6d:cb:85:57:9a:ba:ca:65:9e:eb:a6:51:d5:f6:
                    d3:b2:a6:be:73:de:c3:7c:f5:36:98:00:bd:f3:a3:
                    c9:47:80:92:45:ec:89:89:53:b0:6a:08:7a:fa:7b:
                    3e:13:74:2c:a5:45:6a:91:3b:c5:b4:83:d9:ab:4b:
                    95:94:78:6e:a5:8d:88:24:f5:28:c6:85:22:07:06:
                    eb:92:37:ad:34:2f:79:29:d0:92:a5:e8:f6:16:2d:
                    0c:ca:db:20:29:cd:16:79:db:6c:2c:64:20:0a:d8:
                    f2:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:BC:5A:64:4E:E2:69:DB:2E:04:72:2C:2C:8F:58:B1:94:26:8B:86
            X509v3 Authority Key Identifier:
                keyid:FB:B3:30:FA:C1:4C:62:16:A7:4F:5D:93:17:54:4B:63:F2:C1:18:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-7Mw-sFMYhanT12TF1RLY_LBGNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/28e56f-cf1a-43e0-84c3-52da8be640f4/1/JbxaZE7iadsuBHIsLI9YsZQmi4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/28e56f-cf1a-43e0-84c3-52da8be640f4/1/1-7Mw-sFMYhanT12TF1RLY_LBGNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.160.0/23
                IPv6:
                  2a04:5b80::/48
                  2a04:5b80:53::/48
                  2a04:5b80:200::/48
                  2a04:5b80:300::/48
                  2a04:5b81:1000::/40
                  2a04:5b81:1fff::/48
                  2a04:5b81:2010::-2a04:5b81:202f:ffff:ffff:ffff:ffff:ffff
                  2a04:5b81:2050::/44
                  2a04:5b82::/32
                  2a04:5b84:1::/48
                  2a04:5b87:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:d6:4e:bf:93:7d:3d:20:5f:c2:b8:07:5a:a4:ea:c8:57:05:
         0a:ab:d4:71:bf:d6:81:09:47:38:58:b8:86:5e:39:9a:10:2f:
         62:3c:d0:42:06:fd:b2:e3:64:33:1e:d7:87:de:c6:6c:c0:ae:
         f3:f2:dd:53:dc:df:7a:f5:98:6c:d8:53:65:46:78:7b:f1:9c:
         48:cf:76:fd:e9:3d:16:28:9b:29:2d:16:4f:69:e7:4a:03:2d:
         64:9c:18:ab:9e:dd:44:4b:01:4f:be:10:5e:7b:db:05:f7:43:
         9b:7e:97:03:db:92:71:90:d3:49:27:60:ac:2d:6f:8b:63:28:
         7d:c1:b2:39:ce:06:19:07:7e:fa:a8:80:d0:20:b6:c9:36:00:
         3e:61:3e:8d:9b:ad:1a:91:20:0d:73:e1:a5:7d:d3:b0:95:02:
         8d:1a:48:ec:32:86:5f:c4:d3:a3:7d:7f:fc:aa:50:d1:e4:fa:
         2e:59:96:b1:67:61:09:5e:fb:22:7a:81:de:72:50:88:ba:56:
         90:7d:a0:c2:43:4f:ab:ae:ed:86:f8:ec:2a:f3:90:08:8f:40:
         4e:be:b8:5d:88:21:25:dd:13:31:8a:e8:ef:33:07:a6:3c:af:
         b3:e4:85:72:93:57:58:47:3f:b4:8b:b3:9a:79:c7:e3:97:a6:
         4b:af:9b:61
-----BEGIN CERTIFICATE-----
MIIFZzCCBE+gAwIBAgIECShQPDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YmIzMzBmYWMxNGM2MjE2YTc0ZjVkOTMxNzU0NGI2M2YyYzExOGRjMB4XDTIyMDMy
OTEzNDQ0MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjViYzVhNjQ0ZWUy
NjlkYjJlMDQ3MjJjMmM4ZjU4YjE5NDI2OGI4NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJThb0aTwBGis70C4XsfeJIfgAJfJwST5Ov+wzkkaNDmwCwe
Hb6FMT1G5bXnJLRzUrsU0xM6kasmKCz7lLlAXnwGinx/Hc+7JfvbEYsgRE2qBr4a
K/xJytKBR7e8nYBR4Rx+b2tqX6PAnBg1CV0TDfm9Dwhyc8w+2sciOcTGlD64NQ3M
5J5uNtiorfp0xjiICKB6mouQQG3LhVeausplnuumUdX207KmvnPew3z1NpgAvfOj
yUeAkkXsiYlTsGoIevp7PhN0LKVFapE7xbSD2atLlZR4bqWNiCT1KMaFIgcG65I3
rTQveSnQkqXo9hYtDMrbICnNFnnbbCxkIArY8tcCAwEAAaOCAoEwggJ9MB0GA1Ud
DgQWBBQlvFpkTuJp2y4Eciwsj1ixlCaLhjAfBgNVHSMEGDAWgBT7szD6wUxiFqdP
XZMXVEtj8sEY3DAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtN013LXNGTVloYW5UMTJURjFSTFlfTEJHTncuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzAyLzI4ZTU2Zi1jZjFhLTQzZTAtODRjMy01MmRhOGJlNjQwZjQv
MS9KYnhhWkU3aWFkc3VCSElzTEk5WXNaUW1pNFkucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAy
LzI4ZTU2Zi1jZjFhLTQzZTAtODRjMy01MmRhOGJlNjQwZjQvMS8xLTdNdy1zRk1Z
aGFuVDEyVEYxUkxZX0xCR053LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MIGUBggrBgEFBQcBBwEB/wSBhDCBgTAMBAIAATAGAwQBLVegMHEEAgACMGsDBwAq
BFuAAAADBwAqBFuAAFMDBwAqBFuAAgADBwAqBFuAAwADBgAqBFuBEAMHACoEW4Ef
/zASAwcEKgRbgSAQAwcEKgRbgSAgAwcEKgRbgSBQAwUAKgRbggMHACoEW4QAAQMH
ACoEW4cAATANBgkqhkiG9w0BAQsFAAOCAQEAl9ZOv5N9PSBfwrgHWqTqyFcFCqvU
cb/WgQlHOFi4hl45mhAvYjzQQgb9suNkMx7Xh97GbMCu8/LdU9zfevWYbNhTZUZ4
e/GcSM92/ek9FiibKS0WT2nnSgMtZJwYq57dREsBT74QXnvbBfdDm36XA9uScZDT
SSdgrC1vi2MofcGyOc4GGQd++qiA0CC2yTYAPmE+jZutGpEgDXPhpX3TsJUCjRpI
7DKGX8TTo31//KpQ0eT6LlmWsWdhCV77InqB3nJQiLpWkH2gwkNPq67thvjsKvOQ
CI9ATr64XYghJd0TMYro7zMHpjyvs+SFcpNXWEc/tIuzmnnH45emS6+bYQ==
-----END CERTIFICATE-----