Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/28e56f-cf1a-43e0-84c3-52da8be640f4/1/NWGpRDg3-ZQL1PSdgFk1jejxnp8.roa
File:                     NWGpRDg3-ZQL1PSdgFk1jejxnp8.roa (raw, json)
Hash identifier:          sl2YBIIMM7IgSADSiaadtY928YqZKkL4M0+6x0lNLSU=
Subject key identifier:   35:61:A9:44:38:37:F9:94:0B:D4:F4:9D:80:59:35:8D:E8:F1:9E:9F
Certificate issuer:       /CN=fbb330fac14c6216a74f5d9317544b63f2c118dc
Certificate serial:       090B4A14
Authority key identifier: FB:B3:30:FA:C1:4C:62:16:A7:4F:5D:93:17:54:4B:63:F2:C1:18:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-7Mw-sFMYhanT12TF1RLY_LBGNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/28e56f-cf1a-43e0-84c3-52da8be640f4/1/NWGpRDg3-ZQL1PSdgFk1jejxnp8.roa
Signing time:             Thu 17 Mar 2022 10:42:29 +0000
ROA not before:           Thu 17 Mar 2022 10:42:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202265
IP address blocks:        45.87.161.0/24 maxlen: 24
                          45.87.160.0/24 maxlen: 24
                          2a04:5b81:1fff::/48 maxlen: 48
                          2a04:5b80:53::/48 maxlen: 48
                          2a04:5b81:1000::/40 maxlen: 48
                          2a04:5b82::/32 maxlen: 32
                          2a04:5b87:1::/48 maxlen: 48
                          2a04:5b84:1::/48 maxlen: 48
                          2a04:5b81:2010::/44 maxlen: 44
                          2a04:5b81:2020::/44 maxlen: 44
                          2a04:5b82::/44 maxlen: 44
                          2a04:5b81:2050::/44 maxlen: 48
                          2a04:5b82:8::/48 maxlen: 48
                          2a04:5b80:200::/48 maxlen: 48
                          2a04:5b80::/48 maxlen: 48
                          2a04:5b80:300::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 151734804 (0x90b4a14)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbb330fac14c6216a74f5d9317544b63f2c118dc
        Validity
            Not Before: Mar 17 10:42:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3561a9443837f9940bd4f49d8059358de8f19e9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:a9:fc:9c:b8:01:4f:9f:62:cf:4f:22:66:26:
                    10:c2:25:d3:46:11:52:c8:4b:ac:2a:d2:ed:f5:c4:
                    cc:42:0d:27:8c:e4:21:77:33:08:fc:f5:3e:21:4b:
                    0f:ba:bb:d2:bb:77:b0:9a:cf:4c:4c:9a:03:64:9e:
                    f5:f0:64:3f:24:c6:2a:08:f3:10:35:08:e4:70:c1:
                    cf:2c:1d:bd:20:7d:ae:01:a3:7e:61:a9:9f:38:b1:
                    12:74:d7:40:6d:35:bb:51:c0:c7:4e:7e:18:4c:79:
                    cd:e0:e9:23:56:1f:d0:53:b2:04:74:77:33:0d:c2:
                    69:bf:18:97:61:34:c1:a9:4c:de:c4:80:d9:63:32:
                    58:53:6f:b3:42:b3:d1:75:21:35:fe:46:b6:78:57:
                    02:78:59:cd:29:09:24:8e:67:42:f1:66:17:d3:d4:
                    b3:f6:b5:d5:f9:ef:7a:26:ed:14:d5:b7:4c:67:d4:
                    8c:57:6b:db:ec:c4:e9:bc:17:3b:2d:84:d6:9e:e9:
                    5d:d4:32:a6:2e:e1:cd:c8:cd:0a:04:cd:fd:c0:89:
                    c9:26:97:43:36:f0:75:a3:38:43:ff:43:de:04:e8:
                    d3:f3:50:59:ba:b8:fb:09:50:23:48:64:0a:c9:d7:
                    6c:60:ca:e9:ca:71:87:cd:44:53:3a:e2:63:f8:16:
                    5d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:61:A9:44:38:37:F9:94:0B:D4:F4:9D:80:59:35:8D:E8:F1:9E:9F
            X509v3 Authority Key Identifier:
                keyid:FB:B3:30:FA:C1:4C:62:16:A7:4F:5D:93:17:54:4B:63:F2:C1:18:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-7Mw-sFMYhanT12TF1RLY_LBGNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/28e56f-cf1a-43e0-84c3-52da8be640f4/1/NWGpRDg3-ZQL1PSdgFk1jejxnp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/28e56f-cf1a-43e0-84c3-52da8be640f4/1/1-7Mw-sFMYhanT12TF1RLY_LBGNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.160.0/23
                IPv6:
                  2a04:5b80::/48
                  2a04:5b80:53::/48
                  2a04:5b80:200::/48
                  2a04:5b80:300::/48
                  2a04:5b81:1000::/40
                  2a04:5b81:1fff::/48
                  2a04:5b81:2010::-2a04:5b81:202f:ffff:ffff:ffff:ffff:ffff
                  2a04:5b81:2050::/44
                  2a04:5b82::/32
                  2a04:5b84:1::/48
                  2a04:5b87:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:c6:4d:f1:02:b1:ec:dc:aa:78:f9:87:2c:51:1c:f2:75:1d:
         64:dd:1b:be:ab:32:4b:65:fb:af:0b:9b:18:97:70:f4:de:6d:
         72:aa:7b:f8:63:71:4c:f6:1b:ca:db:9d:41:c0:ce:f9:bc:69:
         70:5a:d8:aa:8c:ea:4c:70:ec:9f:4b:52:90:d7:29:4a:06:c8:
         0d:56:24:19:92:55:38:09:39:10:dc:16:7b:e4:d8:5b:85:e9:
         3c:c0:82:df:1a:07:82:2f:e6:d0:07:85:ec:8d:ed:3f:0c:47:
         8a:ff:1d:8e:ed:6e:2a:8f:fe:05:44:ef:d6:e8:51:85:dc:1e:
         ed:5b:f2:91:63:d8:e9:6a:52:c1:df:e3:6c:e1:83:df:3a:e5:
         5b:ec:e9:b1:08:b7:13:dc:d4:08:f0:5f:6c:dc:59:89:d8:fc:
         60:05:23:75:d5:d3:2e:78:4a:8a:c5:a4:d3:73:1a:d0:aa:c2:
         82:55:a4:5f:37:7c:8e:cc:63:a5:4a:dc:fb:14:d7:59:9b:3e:
         dd:e8:78:ba:47:f7:3d:99:a2:b2:90:5d:95:c6:ce:c5:0a:93:
         9f:51:dc:c7:ca:a5:1b:4c:8b:52:a2:94:ea:46:7a:e7:a3:b4:
         e1:99:34:16:36:32:5c:f8:72:67:8c:af:d2:59:5b:7c:90:b5:
         0c:26:c2:e9
-----BEGIN CERTIFICATE-----
MIIFZzCCBE+gAwIBAgIECQtKFDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YmIzMzBmYWMxNGM2MjE2YTc0ZjVkOTMxNzU0NGI2M2YyYzExOGRjMB4XDTIyMDMx
NzEwNDIyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzU2MWE5NDQzODM3
Zjk5NDBiZDRmNDlkODA1OTM1OGRlOGYxOWU5ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ6p/Jy4AU+fYs9PImYmEMIl00YRUshLrCrS7fXEzEINJ4zk
IXczCPz1PiFLD7q70rt3sJrPTEyaA2Se9fBkPyTGKgjzEDUI5HDBzywdvSB9rgGj
fmGpnzixEnTXQG01u1HAx05+GEx5zeDpI1Yf0FOyBHR3Mw3Cab8Yl2E0walM3sSA
2WMyWFNvs0Kz0XUhNf5GtnhXAnhZzSkJJI5nQvFmF9PUs/a11fnveibtFNW3TGfU
jFdr2+zE6bwXOy2E1p7pXdQypi7hzcjNCgTN/cCJySaXQzbwdaM4Q/9D3gTo0/NQ
Wbq4+wlQI0hkCsnXbGDK6cpxh81EUzriY/gWXYUCAwEAAaOCAoEwggJ9MB0GA1Ud
DgQWBBQ1YalEODf5lAvU9J2AWTWN6PGenzAfBgNVHSMEGDAWgBT7szD6wUxiFqdP
XZMXVEtj8sEY3DAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtN013LXNGTVloYW5UMTJURjFSTFlfTEJHTncuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzAyLzI4ZTU2Zi1jZjFhLTQzZTAtODRjMy01MmRhOGJlNjQwZjQv
MS9OV0dwUkRnMy1aUUwxUFNkZ0ZrMWplanhucDgucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAy
LzI4ZTU2Zi1jZjFhLTQzZTAtODRjMy01MmRhOGJlNjQwZjQvMS8xLTdNdy1zRk1Z
aGFuVDEyVEYxUkxZX0xCR053LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MIGUBggrBgEFBQcBBwEB/wSBhDCBgTAMBAIAATAGAwQBLVegMHEEAgACMGsDBwAq
BFuAAAADBwAqBFuAAFMDBwAqBFuAAgADBwAqBFuAAwADBgAqBFuBEAMHACoEW4Ef
/zASAwcEKgRbgSAQAwcEKgRbgSAgAwcEKgRbgSBQAwUAKgRbggMHACoEW4QAAQMH
ACoEW4cAATANBgkqhkiG9w0BAQsFAAOCAQEAA8ZN8QKx7NyqePmHLFEc8nUdZN0b
vqsyS2X7rwubGJdw9N5tcqp7+GNxTPYbytudQcDO+bxpcFrYqozqTHDsn0tSkNcp
SgbIDVYkGZJVOAk5ENwWe+TYW4XpPMCC3xoHgi/m0AeF7I3tPwxHiv8dju1uKo/+
BUTv1uhRhdwe7VvykWPY6WpSwd/jbOGD3zrlW+zpsQi3E9zUCPBfbNxZidj8YAUj
ddXTLnhKisWk03Ma0KrCglWkXzd8jsxjpUrc+xTXWZs+3eh4ukf3PZmispBdlcbO
xQqTn1Hcx8qlG0yLUqKU6kZ656O04Zk0FjYyXPhyZ4yv0llbfJC1DCbC6Q==
-----END CERTIFICATE-----