Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/67703c-0ef9-465e-8a5a-314f729fa595/1/d8m9FCp-Ydh0YxNMoHgRdGPxhTw.roa
File:                     d8m9FCp-Ydh0YxNMoHgRdGPxhTw.roa (raw, json)
Hash identifier:          m+dKlkbIU9sjudYbKTAkVAFM4WdOOlWL94cregHopjU=
Subject key identifier:   77:C9:BD:14:2A:7E:61:D8:74:63:13:4C:A0:78:11:74:63:F1:85:3C
Certificate issuer:       /CN=a28815e43926af7eb961de7b703aed6328953e30
Certificate serial:       0188F6CC7C913F23CCBC30764C0583A7C576
Authority key identifier: A2:88:15:E4:39:26:AF:7E:B9:61:DE:7B:70:3A:ED:63:28:95:3E:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oogV5Dkmr365Yd57cDrtYyiVPjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/67703c-0ef9-465e-8a5a-314f729fa595/1/d8m9FCp-Ydh0YxNMoHgRdGPxhTw.roa
Signing time:             Mon 26 Jun 2023 08:22:56 +0000
ROA not before:           Mon 26 Jun 2023 08:22:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35625
IP address blocks:        195.90.116.0/22 maxlen: 22
                          109.197.240.0/21 maxlen: 21
                          185.39.168.0/22 maxlen: 22
                          195.190.27.0/24 maxlen: 24
                          45.15.204.0/22 maxlen: 22
                          91.212.236.0/24 maxlen: 24
                          185.218.212.0/22 maxlen: 22
                          185.181.4.0/22 maxlen: 22
                          185.31.148.0/22 maxlen: 22
                          91.229.136.0/24 maxlen: 24
                          2a00:ba60::/32 maxlen: 32
                          2a00:ba60::/31 maxlen: 31
                          2a00:ba62::/32 maxlen: 32
                          2a00:ba61::/32 maxlen: 32
                          2a00:ba67::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:f6:cc:7c:91:3f:23:cc:bc:30:76:4c:05:83:a7:c5:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a28815e43926af7eb961de7b703aed6328953e30
        Validity
            Not Before: Jun 26 08:22:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=77c9bd142a7e61d87463134ca078117463f1853c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:f6:71:d4:f2:72:03:87:d8:ca:4b:97:fa:5a:
                    8b:91:4c:f8:c8:ce:22:06:62:78:b6:8d:3f:c8:30:
                    48:80:6b:a1:05:07:93:e8:d9:e6:49:51:6b:13:ec:
                    e3:7f:ec:d4:e4:47:44:5e:59:50:88:2b:c8:6d:87:
                    3c:0f:84:d7:72:94:45:73:63:99:8f:65:cb:41:7b:
                    c9:dd:22:a2:3f:78:6c:29:4d:b1:39:be:fd:b4:0d:
                    07:24:c6:b6:5e:46:90:43:3d:18:2e:ab:6c:6a:46:
                    15:dc:e6:c5:b3:41:39:0f:71:d9:9b:67:0a:9e:fe:
                    d7:00:f6:91:dd:6f:85:52:7b:b8:d1:d3:fc:f2:3a:
                    16:04:64:49:31:4b:fe:1d:84:15:f5:df:43:90:25:
                    39:6f:40:c1:66:6d:34:dd:86:44:57:a1:0e:54:e5:
                    3b:99:81:31:78:ff:4d:68:a7:5d:35:3a:55:45:7d:
                    f1:d4:44:85:c5:d5:c3:56:e7:e8:04:cc:d5:5f:c8:
                    7d:fc:87:06:d1:de:9b:6f:f5:e8:96:c5:1a:41:6d:
                    2a:47:71:2e:f7:ab:e0:c4:ce:a5:e7:b1:07:01:a9:
                    d2:c7:23:41:74:cd:e9:e1:8b:b1:66:f5:3f:60:9c:
                    03:23:3d:b1:d3:11:61:80:ea:04:10:2a:2f:9e:c5:
                    ab:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:C9:BD:14:2A:7E:61:D8:74:63:13:4C:A0:78:11:74:63:F1:85:3C
            X509v3 Authority Key Identifier:
                keyid:A2:88:15:E4:39:26:AF:7E:B9:61:DE:7B:70:3A:ED:63:28:95:3E:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oogV5Dkmr365Yd57cDrtYyiVPjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/67703c-0ef9-465e-8a5a-314f729fa595/1/d8m9FCp-Ydh0YxNMoHgRdGPxhTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/67703c-0ef9-465e-8a5a-314f729fa595/1/oogV5Dkmr365Yd57cDrtYyiVPjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.204.0/22
                  91.212.236.0/24
                  91.229.136.0/24
                  109.197.240.0/21
                  185.31.148.0/22
                  185.39.168.0/22
                  185.181.4.0/22
                  185.218.212.0/22
                  195.90.116.0/22
                  195.190.27.0/24
                IPv6:
                  2a00:ba60::-2a00:ba62:ffff:ffff:ffff:ffff:ffff:ffff
                  2a00:ba67::/32

    Signature Algorithm: sha256WithRSAEncryption
         c7:01:87:d4:89:ec:76:74:95:c1:ce:2b:82:a0:2b:48:b5:e3:
         20:4b:83:3a:df:79:fc:19:b8:11:e4:8c:1c:a9:f8:52:e4:44:
         2d:ec:6a:5d:c6:fc:3b:86:0d:e7:84:bd:7a:fa:ef:2e:a0:ec:
         4b:3e:1b:37:f3:1a:d3:8b:1d:b4:6e:12:21:08:0c:36:c7:8b:
         b5:b6:d6:d7:c6:8d:d5:0f:68:79:af:e6:4a:89:1a:06:f5:a9:
         e1:7a:18:28:f0:e2:7b:36:24:c9:77:81:8c:14:b0:c7:fe:21:
         25:79:4d:38:fc:21:02:85:7a:0f:c2:7a:b1:b7:49:d3:98:55:
         ef:3d:4e:26:14:4e:42:39:8c:45:39:98:54:6f:49:f6:f7:c3:
         5d:2b:8d:9e:74:80:ce:1b:b3:bb:52:4d:18:1a:18:5b:3d:13:
         28:80:42:1d:db:62:d1:1d:0a:46:c5:3f:12:3e:ac:cf:f6:ac:
         6e:71:f6:01:ad:75:e8:da:5f:6c:0e:e2:1f:f8:f8:7b:a0:24:
         bf:6b:4d:23:df:70:7a:d6:52:f4:5f:e0:e7:d2:a3:dc:5a:1c:
         83:89:3c:16:15:4e:0a:69:19:72:06:40:c6:69:ed:59:1b:b0:
         1d:90:a8:4c:c8:46:93:2b:3c:a6:9a:94:a0:39:dd:ff:17:aa:
         b8:4b:07:13
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAYj2zHyRPyPMvDB2TAWDp8V2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyODgxNWU0MzkyNmFmN2ViOTYxZGU3YjcwM2FlZDYzMjg5
NTNlMzAwHhcNMjMwNjI2MDgyMjU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2M5YmQxNDJhN2U2MWQ4NzQ2MzEzNGNhMDc4MTE3NDYzZjE4NTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/Zx1PJyA4fYykuX+lqLkUz4yM4i
BmJ4to0/yDBIgGuhBQeT6NnmSVFrE+zjf+zU5EdEXllQiCvIbYc8D4TXcpRFc2OZ
j2XLQXvJ3SKiP3hsKU2xOb79tA0HJMa2XkaQQz0YLqtsakYV3ObFs0E5D3HZm2cK
nv7XAPaR3W+FUnu40dP88joWBGRJMUv+HYQV9d9DkCU5b0DBZm003YZEV6EOVOU7
mYExeP9NaKddNTpVRX3x1ESFxdXDVufoBMzVX8h9/IcG0d6bb/XolsUaQW0qR3Eu
96vgxM6l57EHAanSxyNBdM3p4YuxZvU/YJwDIz2x0xFhgOoEECovnsWrZwIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFHfJvRQqfmHYdGMTTKB4EXRj8YU8MB8GA1UdIwQY
MBaAFKKIFeQ5Jq9+uWHee3A67WMolT4wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb29nVjVEa21yMzY1WWQ1N2NEcnRZeWlWUGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS82NzcwM2MtMGVmOS00NjVlLThhNWEt
MzE0ZjcyOWZhNTk1LzEvZDhtOUZDcC1ZZGgwWXhOTW9IZ1JkR1B4aFR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS82NzcwM2MtMGVmOS00NjVlLThhNWEtMzE0ZjcyOWZhNTk1
LzEvb29nVjVEa21yMzY1WWQ1N2NEcnRZeWlWUGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBCBAIAATA8AwQCLQ/MAwQA
W9TsAwQAW+WIAwQDbcXwAwQCuR+UAwQCuSeoAwQCubUEAwQCudrUAwQCw1p0AwQA
w74bMB0EAgACMBcwDgMFBSoAumADBQAqALpiAwUAKgC6ZzANBgkqhkiG9w0BAQsF
AAOCAQEAxwGH1InsdnSVwc4rgqArSLXjIEuDOt95/Bm4EeSMHKn4UuRELexqXcb8
O4YN54S9evrvLqDsSz4bN/Ma04sdtG4SIQgMNseLtbbW18aN1Q9oea/mSokaBvWp
4XoYKPDiezYkyXeBjBSwx/4hJXlNOPwhAoV6D8J6sbdJ05hV7z1OJhROQjmMRTmY
VG9J9vfDXSuNnnSAzhuzu1JNGBoYWz0TKIBCHdti0R0KRsU/Ej6sz/asbnH2Aa11
6NpfbA7iH/j4e6Akv2tNI99wetZS9F/g59Kj3Focg4k8FhVOCmkZcgZAxmntWRuw
HZCoTMhGkys8ppqUoDnd/xequEsHEw==
-----END CERTIFICATE-----