Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/28e56f-cf1a-43e0-84c3-52da8be640f4/1/XXdgs6W6PKI7UjE6N9MmFapiGPw.roa
File:                     XXdgs6W6PKI7UjE6N9MmFapiGPw.roa (raw, json)
Hash identifier:          qz1gzaWwzSylOw5tlvYMf1ti/J5XCAVwZuvhJMJVQnU=
Subject key identifier:   5D:77:60:B3:A5:BA:3C:A2:3B:52:31:3A:37:D3:26:15:AA:62:18:FC
Certificate issuer:       /CN=fbb330fac14c6216a74f5d9317544b63f2c118dc
Certificate serial:       09D15014
Authority key identifier: FB:B3:30:FA:C1:4C:62:16:A7:4F:5D:93:17:54:4B:63:F2:C1:18:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-7Mw-sFMYhanT12TF1RLY_LBGNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/28e56f-cf1a-43e0-84c3-52da8be640f4/1/XXdgs6W6PKI7UjE6N9MmFapiGPw.roa
Signing time:             Wed 15 Jun 2022 19:50:44 +0000
ROA not before:           Wed 15 Jun 2022 19:50:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202265
IP address blocks:        45.87.161.0/24 maxlen: 24
                          45.87.160.0/24 maxlen: 24
                          2a04:5b81:1fff::/48 maxlen: 48
                          2a04:5b80:53::/48 maxlen: 48
                          2a04:5b81:1000::/40 maxlen: 48
                          2a04:5b87:1::/48 maxlen: 48
                          2a04:5b84:1::/48 maxlen: 48
                          2a04:5b81:2020::/44 maxlen: 44
                          2a04:5b82::/44 maxlen: 44
                          2a04:5b81:2050::/44 maxlen: 48
                          2a04:5b81:2010::/44 maxlen: 48
                          2a04:5b82:8::/48 maxlen: 48
                          2a04:5b80:300::/48 maxlen: 48
                          2a04:5b80::/48 maxlen: 48
                          2a04:5b80:200::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 164712468 (0x9d15014)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbb330fac14c6216a74f5d9317544b63f2c118dc
        Validity
            Not Before: Jun 15 19:50:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5d7760b3a5ba3ca23b52313a37d32615aa6218fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:58:43:7c:9c:b5:78:75:a2:ad:01:63:4d:14:
                    ca:3f:3a:17:fe:d7:de:72:41:0d:43:0d:14:35:b6:
                    14:bf:ba:54:d5:45:af:3a:81:b8:f1:54:0a:56:30:
                    97:99:1c:45:63:47:ea:b9:23:e7:fe:fb:eb:68:47:
                    bb:53:e8:7f:a6:15:63:ca:84:da:8a:7f:e5:44:6b:
                    fd:c1:8c:6f:47:30:b3:8f:44:81:15:08:d8:5f:85:
                    6b:8f:a5:24:f6:a2:98:23:7a:75:23:37:4a:16:aa:
                    10:ea:80:29:69:4a:9c:07:1e:44:50:ee:02:ed:d9:
                    dd:09:e7:0d:09:a6:57:2e:56:fe:b3:8f:9f:04:06:
                    5c:27:1b:ec:55:fa:df:d0:0b:b5:85:24:e5:55:d6:
                    c4:23:ad:a1:a5:28:aa:66:04:19:4c:b1:24:8e:9e:
                    66:58:d7:2a:f4:00:d7:2e:53:cd:8e:0e:67:fe:06:
                    2f:e8:3a:b8:bd:3e:ed:d1:b5:ed:d4:c2:84:bc:43:
                    89:92:ca:d7:34:f0:26:18:e1:d6:3c:60:a4:ca:5e:
                    6f:3e:93:91:db:0f:0c:d2:d5:e5:f4:41:d5:55:86:
                    fc:c1:ca:d6:1c:28:a8:62:01:87:f0:fd:eb:39:03:
                    e5:1e:90:18:03:c4:0e:f5:02:49:01:0e:fd:14:57:
                    b5:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:77:60:B3:A5:BA:3C:A2:3B:52:31:3A:37:D3:26:15:AA:62:18:FC
            X509v3 Authority Key Identifier:
                keyid:FB:B3:30:FA:C1:4C:62:16:A7:4F:5D:93:17:54:4B:63:F2:C1:18:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-7Mw-sFMYhanT12TF1RLY_LBGNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/28e56f-cf1a-43e0-84c3-52da8be640f4/1/XXdgs6W6PKI7UjE6N9MmFapiGPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/28e56f-cf1a-43e0-84c3-52da8be640f4/1/1-7Mw-sFMYhanT12TF1RLY_LBGNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.160.0/23
                IPv6:
                  2a04:5b80::/48
                  2a04:5b80:53::/48
                  2a04:5b80:200::/48
                  2a04:5b80:300::/48
                  2a04:5b81:1000::/40
                  2a04:5b81:1fff::/48
                  2a04:5b81:2010::-2a04:5b81:202f:ffff:ffff:ffff:ffff:ffff
                  2a04:5b81:2050::/44
                  2a04:5b82::/44
                  2a04:5b84:1::/48
                  2a04:5b87:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:cb:50:ee:a2:af:f7:11:10:a6:93:fe:68:73:24:3d:7a:66:
         c5:47:e3:ec:49:da:8c:cd:43:48:a9:e8:2f:58:14:d4:9a:99:
         ce:8a:ad:50:d7:66:7d:25:2e:9e:52:50:69:d1:8c:7a:51:a3:
         1c:fd:4c:70:1e:3e:69:5e:67:fd:7e:ac:34:45:a2:4d:2b:aa:
         73:73:d9:25:64:fc:58:12:ab:a5:6e:c0:c3:71:f8:d7:12:d3:
         39:33:28:77:2f:f6:bb:17:3b:a3:fb:b2:f9:ef:19:2b:e1:6e:
         c4:ab:f5:7d:7e:70:06:af:fd:69:51:69:57:fe:5f:5e:b4:8b:
         a5:e5:61:ae:f8:53:84:8d:12:3e:50:90:80:7b:41:a7:f8:d1:
         54:20:11:a0:ab:32:cd:ac:24:1e:2c:dc:4b:0d:8e:0d:ea:40:
         56:3e:ac:32:be:e6:02:4a:6c:ce:e8:33:dc:f2:e8:19:03:00:
         4a:4a:d6:a8:3e:67:8f:00:d7:96:35:79:14:e6:8a:74:8b:b1:
         3a:ce:ab:82:6f:94:67:03:cb:80:9b:af:41:ab:d9:5c:84:d1:
         31:f0:be:29:70:94:e5:10:e9:8a:ea:85:96:9c:45:89:6d:f6:
         ab:68:cb:c0:dd:f5:74:75:45:4f:ee:7c:5b:2c:90:bf:db:71:
         19:4d:8a:a4
-----BEGIN CERTIFICATE-----
MIIFaTCCBFGgAwIBAgIECdFQFDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YmIzMzBmYWMxNGM2MjE2YTc0ZjVkOTMxNzU0NGI2M2YyYzExOGRjMB4XDTIyMDYx
NTE5NTA0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWQ3NzYwYjNhNWJh
M2NhMjNiNTIzMTNhMzdkMzI2MTVhYTYyMThmYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANZYQ3yctXh1oq0BY00Uyj86F/7X3nJBDUMNFDW2FL+6VNVF
rzqBuPFUClYwl5kcRWNH6rkj5/7762hHu1Pof6YVY8qE2op/5URr/cGMb0cws49E
gRUI2F+Fa4+lJPaimCN6dSM3ShaqEOqAKWlKnAceRFDuAu3Z3QnnDQmmVy5W/rOP
nwQGXCcb7FX639ALtYUk5VXWxCOtoaUoqmYEGUyxJI6eZljXKvQA1y5TzY4OZ/4G
L+g6uL0+7dG17dTChLxDiZLK1zTwJhjh1jxgpMpebz6TkdsPDNLV5fRB1VWG/MHK
1hwoqGIBh/D96zkD5R6QGAPEDvUCSQEO/RRXtX0CAwEAAaOCAoMwggJ/MB0GA1Ud
DgQWBBRdd2Czpbo8ojtSMTo30yYVqmIY/DAfBgNVHSMEGDAWgBT7szD6wUxiFqdP
XZMXVEtj8sEY3DAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtN013LXNGTVloYW5UMTJURjFSTFlfTEJHTncuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzAyLzI4ZTU2Zi1jZjFhLTQzZTAtODRjMy01MmRhOGJlNjQwZjQv
MS9YWGRnczZXNlBLSTdVakU2TjlNbUZhcGlHUHcucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAy
LzI4ZTU2Zi1jZjFhLTQzZTAtODRjMy01MmRhOGJlNjQwZjQvMS8xLTdNdy1zRk1Z
aGFuVDEyVEYxUkxZX0xCR053LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MIGWBggrBgEFBQcBBwEB/wSBhjCBgzAMBAIAATAGAwQBLVegMHMEAgACMG0DBwAq
BFuAAAADBwAqBFuAAFMDBwAqBFuAAgADBwAqBFuAAwADBgAqBFuBEAMHACoEW4Ef
/zASAwcEKgRbgSAQAwcEKgRbgSAgAwcEKgRbgSBQAwcEKgRbggAAAwcAKgRbhAAB
AwcAKgRbhwABMA0GCSqGSIb3DQEBCwUAA4IBAQBoy1Duoq/3ERCmk/5ocyQ9embF
R+PsSdqMzUNIqegvWBTUmpnOiq1Q12Z9JS6eUlBp0Yx6UaMc/UxwHj5pXmf9fqw0
RaJNK6pzc9klZPxYEqulbsDDcfjXEtM5Myh3L/a7Fzuj+7L57xkr4W7Eq/V9fnAG
r/1pUWlX/l9etIul5WGu+FOEjRI+UJCAe0Gn+NFUIBGgqzLNrCQeLNxLDY4N6kBW
PqwyvuYCSmzO6DPc8ugZAwBKStaoPmePANeWNXkU5op0i7E6zquCb5RnA8uAm69B
q9lchNEx8L4pcJTlEOmK6oWWnEWJbfaraMvA3fV0dUVP7nxbLJC/23EZTYqk
-----END CERTIFICATE-----