Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/1229e4-940b-4628-b41f-80f14c671d6e/1/BJsPRvHO4Xa8WTqZ91fLQHw3oXw.roa
File:                     BJsPRvHO4Xa8WTqZ91fLQHw3oXw.roa (raw, json)
Hash identifier:          SUwisFYBjAe8wkiXRMN+5WKAw4q3VyISleszfXY67uA=
Subject key identifier:   04:9B:0F:46:F1:CE:E1:76:BC:59:3A:99:F7:57:CB:40:7C:37:A1:7C
Certificate issuer:       /CN=525c79479aeb01d1a60257dc07904b9f5b9a6791
Certificate serial:       018340E07B8E5CE80F33E8127063D099C8FA
Authority key identifier: 52:5C:79:47:9A:EB:01:D1:A6:02:57:DC:07:90:4B:9F:5B:9A:67:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ulx5R5rrAdGmAlfcB5BLn1uaZ5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/1229e4-940b-4628-b41f-80f14c671d6e/1/BJsPRvHO4Xa8WTqZ91fLQHw3oXw.roa
Signing time:             Thu 15 Sep 2022 11:19:56 +0000
ROA not before:           Thu 15 Sep 2022 11:19:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208414
IP address blocks:        45.138.104.0/24 maxlen: 29
                          45.138.105.0/24 maxlen: 24
                          45.138.104.0/22 maxlen: 22
                          45.138.107.0/24 maxlen: 24
                          45.138.106.0/24 maxlen: 24
                          2a0e:acc0:ac08::/48 maxlen: 48
                          2a0e:acc0:ac03::/48 maxlen: 48
                          2a0e:acc0:ac13::/48 maxlen: 48
                          2a0e:acc0:ac11::/48 maxlen: 48
                          2a0e:acc0:ac01::/48 maxlen: 48
                          2a0e:acc0:ac07::/48 maxlen: 48
                          2a0e:acc0:ac17::/48 maxlen: 48
                          2a0e:acc0:ac12::/48 maxlen: 48
                          2a0e:acc0:ac02::/48 maxlen: 48
                          2a0e:acc0:ac05::/48 maxlen: 48
                          2a0e:acc0:ac15::/48 maxlen: 48
                          2a0e:acc0:ac10::/48 maxlen: 48
                          2a0e:acc0::/48 maxlen: 48
                          2a0e:acc0:ac06::/48 maxlen: 48
                          2a0e:acc0:ac16::/48 maxlen: 48
                          2a0e:acc0:ac09::/48 maxlen: 48
                          2a0e:acc0:ac04::/48 maxlen: 48
                          2a0e:acc0:ac14::/48 maxlen: 48
                          2a0e:acc0::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:40:e0:7b:8e:5c:e8:0f:33:e8:12:70:63:d0:99:c8:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=525c79479aeb01d1a60257dc07904b9f5b9a6791
        Validity
            Not Before: Sep 15 11:19:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=049b0f46f1cee176bc593a99f757cb407c37a17c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:da:15:67:d5:43:10:a2:12:29:ce:ff:23:cd:
                    cd:f6:85:df:57:92:5c:35:ab:56:34:04:24:79:3d:
                    db:69:47:14:f0:c9:61:c3:b7:3d:fd:07:f1:50:79:
                    4d:78:82:da:9d:b9:52:86:31:58:3c:9c:db:61:fd:
                    c3:65:a0:ff:a8:57:51:da:b5:a4:39:94:4d:31:30:
                    d1:dc:c0:61:be:06:09:df:b9:6b:a0:58:b9:46:e0:
                    26:c8:75:3f:87:70:f2:16:64:30:74:96:6f:9d:90:
                    57:6c:2c:a0:2b:b4:30:93:9d:94:5f:2b:c5:db:3b:
                    c4:76:0f:f9:74:4a:19:ff:e3:bf:ef:8f:d8:30:01:
                    f9:36:b2:ff:36:6f:69:be:31:eb:42:60:80:d8:37:
                    a9:6e:44:fb:4c:bc:af:3c:51:78:85:0b:53:a4:60:
                    9b:ef:e2:41:1a:77:82:59:3e:9a:68:57:a0:27:23:
                    2c:56:3f:92:dd:c8:a6:e6:e5:df:92:e2:7c:d7:8f:
                    e9:2d:a3:53:1a:b7:19:3a:41:76:83:45:5e:92:fe:
                    f5:f3:99:39:62:e8:92:c2:c7:43:05:f1:da:ec:20:
                    f4:79:a3:ca:84:b2:d2:2b:f2:76:1a:0b:aa:21:ea:
                    48:03:d8:17:ad:bf:63:77:3d:fe:27:c5:8c:f7:28:
                    3a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:9B:0F:46:F1:CE:E1:76:BC:59:3A:99:F7:57:CB:40:7C:37:A1:7C
            X509v3 Authority Key Identifier:
                keyid:52:5C:79:47:9A:EB:01:D1:A6:02:57:DC:07:90:4B:9F:5B:9A:67:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ulx5R5rrAdGmAlfcB5BLn1uaZ5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/1229e4-940b-4628-b41f-80f14c671d6e/1/BJsPRvHO4Xa8WTqZ91fLQHw3oXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/1229e4-940b-4628-b41f-80f14c671d6e/1/Ulx5R5rrAdGmAlfcB5BLn1uaZ5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.104.0/22
                IPv6:
                  2a0e:acc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:87:17:71:3b:60:c8:c2:38:e0:2e:22:54:a7:5a:0c:4d:8f:
         66:25:8b:66:96:2c:6e:87:03:cd:6e:4e:be:b2:ec:02:c6:e1:
         13:aa:df:b3:ea:65:05:ef:ac:57:ef:4e:61:c4:ee:f8:a4:fd:
         01:d3:c3:68:11:09:70:3c:83:40:69:a3:ca:59:57:a2:07:02:
         4c:4a:0e:e3:7f:44:51:9c:5d:ff:50:48:1e:d4:61:52:cb:8d:
         78:52:75:30:aa:bf:04:da:c1:1e:56:be:c6:ad:c0:0d:b1:1a:
         cd:38:1c:e8:be:61:9f:90:52:1e:e5:38:89:33:e3:de:62:c5:
         67:1c:9a:ca:16:19:a7:ed:6b:32:83:a1:33:94:a4:37:aa:be:
         6d:97:7a:d3:7e:6b:bd:5c:08:3e:a1:c4:d3:48:e2:d1:08:51:
         9a:b7:17:84:a0:41:1f:a5:07:24:ff:5b:c1:98:9c:31:6f:98:
         d9:34:68:d3:d1:5f:e6:a8:a8:e6:f4:28:2a:d2:b6:04:51:62:
         d6:f8:bf:a4:dc:c0:74:b5:f8:10:19:0b:73:34:e7:c3:2d:75:
         32:b0:45:d9:9f:4e:d0:d5:89:84:49:88:fd:fb:b9:6b:e1:c4:
         94:b5:7f:ed:e3:e6:95:6e:ae:fb:cf:e3:18:35:b2:35:57:e8:
         9c:c0:e5:16
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYNA4HuOXOgPM+gScGPQmcj6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNWM3OTQ3OWFlYjAxZDFhNjAyNTdkYzA3OTA0YjlmNWI5
YTY3OTEwHhcNMjIwOTE1MTExOTU2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDliMGY0NmYxY2VlMTc2YmM1OTNhOTlmNzU3Y2I0MDdjMzdhMTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNoVZ9VDEKISKc7/I83N9oXfV5Jc
NatWNAQkeT3baUcU8Mlhw7c9/QfxUHlNeILanblShjFYPJzbYf3DZaD/qFdR2rWk
OZRNMTDR3MBhvgYJ37lroFi5RuAmyHU/h3DyFmQwdJZvnZBXbCygK7Qwk52UXyvF
2zvEdg/5dEoZ/+O/74/YMAH5NrL/Nm9pvjHrQmCA2DepbkT7TLyvPFF4hQtTpGCb
7+JBGneCWT6aaFegJyMsVj+S3cim5uXfkuJ814/pLaNTGrcZOkF2g0Vekv7185k5
YuiSwsdDBfHa7CD0eaPKhLLSK/J2GguqIepIA9gXrb9jdz3+J8WM9yg6AQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFASbD0bxzuF2vFk6mfdXy0B8N6F8MB8GA1UdIwQY
MBaAFFJceUea6wHRpgJX3AeQS59bmmeRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWx4NVI1cnJBZEdtQWxmY0I1QkxuMXVhWjVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC8xMjI5ZTQtOTQwYi00NjI4LWI0MWYt
ODBmMTRjNjcxZDZlLzEvQkpzUFJ2SE80WGE4V1RxWjkxZkxRSHczb1h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC8xMjI5ZTQtOTQwYi00NjI4LWI0MWYtODBmMTRjNjcxZDZl
LzEvVWx4NVI1cnJBZEdtQWxmY0I1QkxuMXVhWjVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYpoMA0E
AgACMAcDBQMqDqzAMA0GCSqGSIb3DQEBCwUAA4IBAQCfhxdxO2DIwjjgLiJUp1oM
TY9mJYtmlixuhwPNbk6+suwCxuETqt+z6mUF76xX705hxO74pP0B08NoEQlwPINA
aaPKWVeiBwJMSg7jf0RRnF3/UEge1GFSy414UnUwqr8E2sEeVr7GrcANsRrNOBzo
vmGfkFIe5TiJM+PeYsVnHJrKFhmn7Wsyg6EzlKQ3qr5tl3rTfmu9XAg+ocTTSOLR
CFGatxeEoEEfpQck/1vBmJwxb5jZNGjT0V/mqKjm9Cgq0rYEUWLW+L+k3MB0tfgQ
GQtzNOfDLXUysEXZn07Q1YmESYj9+7lr4cSUtX/t4+aVbq77z+MYNbI1V+icwOUW
-----END CERTIFICATE-----