Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/299984-6d7d-45e3-b6fd-bc917c9235d2/1/E5rCI4uBnHRfHtgFFeqXdxj9YlA.roa
File:                     E5rCI4uBnHRfHtgFFeqXdxj9YlA.roa (raw, json)
Hash identifier:          zP3kci8TPp7H6a5tomVueDX1Ix7CN12PDGqXJFGhW60=
Subject key identifier:   13:9A:C2:23:8B:81:9C:74:5F:1E:D8:05:15:EA:97:77:18:FD:62:50
Certificate issuer:       /CN=4bf203d6ae6698e09f255780b88accdcd94675a1
Certificate serial:       01856FE71C299A5163E5E802E580F1557AF6
Authority key identifier: 4B:F2:03:D6:AE:66:98:E0:9F:25:57:80:B8:8A:CC:DC:D9:46:75:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S_ID1q5mmOCfJVeAuIrM3NlGdaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/299984-6d7d-45e3-b6fd-bc917c9235d2/1/E5rCI4uBnHRfHtgFFeqXdxj9YlA.roa
Signing time:             Mon 02 Jan 2023 00:34:54 +0000
ROA not before:           Mon 02 Jan 2023 00:34:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59605
IP address blocks:        151.248.111.0/24 maxlen: 24
                          151.248.106.0/24 maxlen: 24
                          151.248.108.0/24 maxlen: 24
                          151.248.107.0/24 maxlen: 24
                          151.248.110.0/24 maxlen: 24
                          151.248.109.0/24 maxlen: 24
                          151.248.96.0/20 maxlen: 20
                          151.248.96.0/21 maxlen: 21
                          151.248.97.0/24 maxlen: 24
                          151.248.98.0/24 maxlen: 24
                          151.248.104.0/24 maxlen: 24
                          151.248.99.0/24 maxlen: 24
                          151.248.105.0/24 maxlen: 24
                          151.248.101.0/24 maxlen: 24
                          151.248.103.0/24 maxlen: 24
                          185.201.192.0/22 maxlen: 22
                          2a02:f040::/29 maxlen: 29
                          2a02:f040:7::/48 maxlen: 48
                          2a02:f040:1::/48 maxlen: 48
                          2a02:f040:c::/48 maxlen: 48
                          2a02:f040:a::/48 maxlen: 48
                          2a02:f040:5::/48 maxlen: 48
                          2a02:f040::/48 maxlen: 48
                          2a02:f040:4::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:e7:1c:29:9a:51:63:e5:e8:02:e5:80:f1:55:7a:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4bf203d6ae6698e09f255780b88accdcd94675a1
        Validity
            Not Before: Jan  2 00:34:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=139ac2238b819c745f1ed80515ea977718fd6250
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:72:36:f5:29:b1:e5:43:c4:49:de:1b:21:38:
                    26:35:11:2a:76:12:0f:ab:d9:92:59:ce:3e:21:4e:
                    de:22:a8:2c:ff:4f:d1:63:10:a7:2e:7e:81:e8:30:
                    53:ab:f0:82:90:8c:49:8f:c5:fe:53:f5:72:6c:8f:
                    77:b2:56:61:1b:65:e3:5f:c7:25:56:1d:b3:4a:69:
                    1e:29:54:1e:de:e5:1d:0c:ea:b9:1a:a9:fd:1e:b7:
                    4d:d8:36:cd:a1:ae:d1:7c:a4:c8:19:6a:95:54:fd:
                    ed:8e:48:d8:8e:10:07:08:14:cb:c2:49:b7:4f:f9:
                    00:d3:01:ab:17:71:11:10:89:7d:c4:d1:bc:b0:0c:
                    ce:7d:82:6c:10:af:06:b8:56:a9:6b:ee:89:b8:c1:
                    f9:5b:c8:54:33:2f:15:0a:10:c0:13:a3:83:b4:05:
                    e4:1a:2f:74:97:0a:5c:d5:05:f5:69:52:0c:62:0d:
                    a1:59:b3:89:b1:4d:73:08:88:9c:c9:9c:a7:0c:d3:
                    e1:3e:cb:79:36:1e:ff:27:13:a1:c1:ea:c9:51:b2:
                    46:0c:72:85:6d:7b:83:9e:b8:cf:c1:6f:4e:74:17:
                    7d:57:86:0e:6d:c0:f1:df:5c:14:dc:d7:4b:61:8f:
                    bc:21:cc:ba:1e:07:28:2e:f5:cf:58:fc:8d:eb:39:
                    61:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:9A:C2:23:8B:81:9C:74:5F:1E:D8:05:15:EA:97:77:18:FD:62:50
            X509v3 Authority Key Identifier:
                keyid:4B:F2:03:D6:AE:66:98:E0:9F:25:57:80:B8:8A:CC:DC:D9:46:75:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S_ID1q5mmOCfJVeAuIrM3NlGdaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/299984-6d7d-45e3-b6fd-bc917c9235d2/1/E5rCI4uBnHRfHtgFFeqXdxj9YlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/299984-6d7d-45e3-b6fd-bc917c9235d2/1/S_ID1q5mmOCfJVeAuIrM3NlGdaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.248.96.0/20
                  185.201.192.0/22
                IPv6:
                  2a02:f040::/29

    Signature Algorithm: sha256WithRSAEncryption
         62:a5:ec:2e:ba:6b:ed:d7:aa:7f:a7:76:3e:69:01:ef:e4:39:
         b6:c5:dc:89:12:99:c9:52:3f:7b:7e:24:67:c4:73:5f:ac:2b:
         ea:d7:41:50:cc:cf:c1:4a:b4:ec:3e:97:51:e2:39:a3:c9:d5:
         a8:6b:a6:c5:80:9d:75:22:a8:95:f4:d7:0c:a7:e7:7f:36:2a:
         f9:60:c0:ad:b4:94:0a:42:77:63:6f:9a:77:f3:2a:04:a5:cc:
         1b:2e:8f:84:0b:03:6b:15:85:9d:16:31:49:98:2c:c1:be:95:
         f1:8d:63:56:56:93:5a:31:95:21:f1:28:6c:0d:eb:16:da:3f:
         c0:56:24:05:df:27:95:6c:22:44:3c:a2:c5:e6:e2:10:c7:ae:
         34:07:95:a6:c6:22:9d:f7:46:02:22:85:d1:06:f7:2b:51:a9:
         17:27:f1:a7:75:bd:e7:08:0b:48:53:69:58:0c:a7:cb:98:90:
         f5:cb:c7:a3:0a:9a:7d:23:df:a0:7c:de:08:d5:c9:45:09:e7:
         f5:83:1e:58:df:36:b9:17:92:bf:d5:57:f7:b5:29:1c:77:ce:
         6e:fd:21:0e:0c:92:aa:dd:8e:45:f8:96:7a:c3:24:a2:6a:5e:
         d3:fa:97:ba:89:21:43:99:eb:91:e0:ba:0b:6f:ee:fd:77:42:
         da:ba:52:c0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVv5xwpmlFj5egC5YDxVXr2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZjIwM2Q2YWU2Njk4ZTA5ZjI1NTc4MGI4OGFjY2RjZDk0
Njc1YTEwHhcNMjMwMTAyMDAzNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzlhYzIyMzhiODE5Yzc0NWYxZWQ4MDUxNWVhOTc3NzE4ZmQ2MjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHI29Smx5UPESd4bITgmNREqdhIP
q9mSWc4+IU7eIqgs/0/RYxCnLn6B6DBTq/CCkIxJj8X+U/VybI93slZhG2XjX8cl
Vh2zSmkeKVQe3uUdDOq5Gqn9HrdN2DbNoa7RfKTIGWqVVP3tjkjYjhAHCBTLwkm3
T/kA0wGrF3EREIl9xNG8sAzOfYJsEK8GuFapa+6JuMH5W8hUMy8VChDAE6ODtAXk
Gi90lwpc1QX1aVIMYg2hWbOJsU1zCIicyZynDNPhPst5Nh7/JxOhwerJUbJGDHKF
bXuDnrjPwW9OdBd9V4YObcDx31wU3NdLYY+8Icy6HgcoLvXPWPyN6zlhbwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBOawiOLgZx0Xx7YBRXql3cY/WJQMB8GA1UdIwQY
MBaAFEvyA9auZpjgnyVXgLiKzNzZRnWhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU19JRDFxNW1tT0NmSlZlQXVJck0zTmxHZGFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8yOTk5ODQtNmQ3ZC00NWUzLWI2ZmQt
YmM5MTdjOTIzNWQyLzEvRTVyQ0k0dUJuSFJmSHRnRkZlcVhkeGo5WWxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8yOTk5ODQtNmQ3ZC00NWUzLWI2ZmQtYmM5MTdjOTIzNWQy
LzEvU19JRDFxNW1tT0NmSlZlQXVJck0zTmxHZGFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEl/hgAwQC
ucnAMA0EAgACMAcDBQMqAvBAMA0GCSqGSIb3DQEBCwUAA4IBAQBipewuumvt16p/
p3Y+aQHv5Dm2xdyJEpnJUj97fiRnxHNfrCvq10FQzM/BSrTsPpdR4jmjydWoa6bF
gJ11IqiV9NcMp+d/Nir5YMCttJQKQndjb5p38yoEpcwbLo+ECwNrFYWdFjFJmCzB
vpXxjWNWVpNaMZUh8ShsDesW2j/AViQF3yeVbCJEPKLF5uIQx640B5WmxiKd90YC
IoXRBvcrUakXJ/Gndb3nCAtIU2lYDKfLmJD1y8ejCpp9I9+gfN4I1clFCef1gx5Y
3za5F5K/1Vf3tSkcd85u/SEODJKq3Y5F+JZ6wySial7T+pe6iSFDmeuR4LoLb+79
d0LaulLA
-----END CERTIFICATE-----