Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/fuVrOid725u4X1uKlTggbTItmcU.roa
File:                     fuVrOid725u4X1uKlTggbTItmcU.roa (raw, json)
Hash identifier:          cqX6cjIL9p2sMXOHhm60Cgu9LDGLGM49sUP8hrWydnM=
Subject key identifier:   7E:E5:6B:3A:27:7B:DB:9B:B8:5F:5B:8A:95:38:20:6D:32:2D:99:C5
Certificate issuer:       /CN=5e399fba9aae9d2d6ffe52ae8c74ae38fc6c1af1
Certificate serial:       01856C139357C7DA95FB5BBBB84AB4AAA95D
Authority key identifier: 5E:39:9F:BA:9A:AE:9D:2D:6F:FE:52:AE:8C:74:AE:38:FC:6C:1A:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XjmfupqunS1v_lKujHSuOPxsGvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/fuVrOid725u4X1uKlTggbTItmcU.roa
Signing time:             Sun 01 Jan 2023 06:45:00 +0000
ROA not before:           Sun 01 Jan 2023 06:45:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211083
IP address blocks:        185.198.70.0/24 maxlen: 24
                          2a11:6c0:cafe::/48 maxlen: 64
                          2a11:6c0:9::/48 maxlen: 64
                          2a11:6c5::/32 maxlen: 48
                          2a11:6c0:4::/48 maxlen: 64
                          2a11:6c1::/32 maxlen: 48
                          2a11:6c0:2::/48 maxlen: 64
                          2a11:6c4::/32 maxlen: 48
                          2a11:6c2::/32 maxlen: 48
                          2a11:6c0:8::/48 maxlen: 64
                          2a11:6c0:3::/48 maxlen: 64
                          2a11:6c0:6::/48 maxlen: 64
                          2a11:6c3::/32 maxlen: 48
                          2a11:6c0:1::/48 maxlen: 64
                          2a11:6c0:7::/48 maxlen: 64
                          2a11:6c0::/29 maxlen: 32
                          2a11:6c0:5::/48 maxlen: 64
                          2a11:6c0::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:13:93:57:c7:da:95:fb:5b:bb:b8:4a:b4:aa:a9:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e399fba9aae9d2d6ffe52ae8c74ae38fc6c1af1
        Validity
            Not Before: Jan  1 06:45:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7ee56b3a277bdb9bb85f5b8a9538206d322d99c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:2e:80:64:9b:39:ea:66:b2:34:61:79:09:a4:
                    9e:05:58:4f:0a:aa:8e:31:f6:a0:81:5b:31:83:de:
                    21:5a:19:6a:44:ec:e9:2a:3e:3e:89:96:c2:f8:cb:
                    a7:c3:ab:a7:a7:61:27:fa:08:6d:f9:5c:9e:97:fb:
                    7d:9b:99:a6:6d:dd:95:cc:6b:9e:07:c2:94:8d:be:
                    44:ce:ca:13:3f:86:09:48:3c:fd:10:b9:b4:55:92:
                    24:a0:4d:b2:fa:a6:6c:da:9d:6e:6c:d8:bd:7f:4e:
                    84:51:c0:9b:a0:a0:c4:e7:f8:13:f8:ee:d0:da:91:
                    8a:7a:a4:a8:1f:89:b5:0d:56:35:c6:d7:46:c3:04:
                    c4:0b:08:a8:9f:1b:2e:07:6d:e4:96:17:3b:e6:ef:
                    73:8f:1e:63:86:5c:95:fe:20:49:b4:c5:8c:38:97:
                    d2:da:74:08:28:55:ba:2c:a5:55:52:c4:9a:c1:34:
                    a8:1f:09:c6:80:48:bd:f2:b9:d1:2c:ac:19:e1:de:
                    45:9f:47:45:6e:b5:0f:53:01:ac:13:55:14:45:2e:
                    e6:7c:20:e7:16:55:d0:ee:6d:a9:4e:f2:c8:18:99:
                    e7:4e:eb:22:ad:08:5c:04:b6:4e:c5:47:90:fb:8a:
                    bf:a0:fb:65:47:dd:9b:7b:be:11:12:2a:f3:10:a6:
                    73:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:E5:6B:3A:27:7B:DB:9B:B8:5F:5B:8A:95:38:20:6D:32:2D:99:C5
            X509v3 Authority Key Identifier:
                keyid:5E:39:9F:BA:9A:AE:9D:2D:6F:FE:52:AE:8C:74:AE:38:FC:6C:1A:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XjmfupqunS1v_lKujHSuOPxsGvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/fuVrOid725u4X1uKlTggbTItmcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/XjmfupqunS1v_lKujHSuOPxsGvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.70.0/24
                IPv6:
                  2a11:6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:c0:99:88:43:a1:70:b4:69:37:3f:1a:eb:ce:6f:35:f4:44:
         fe:d0:2c:e5:6c:6d:5b:9c:cb:ab:a8:53:c0:6e:b0:36:6d:b5:
         0a:7c:a1:45:cd:0e:d8:83:73:04:56:8d:8d:5c:3e:2a:9f:a1:
         09:a1:29:a8:9b:e4:1b:71:98:f0:7a:5d:96:b4:a8:38:24:bc:
         0a:04:f2:82:72:f1:72:ea:00:a2:e0:77:24:74:67:a8:0c:78:
         a7:6a:94:e0:4d:02:63:32:72:d0:42:e1:98:7d:d9:9d:b0:40:
         d5:5d:57:7d:3f:35:30:76:72:11:31:2c:a7:8f:40:9b:00:87:
         4e:70:2e:4e:9b:c9:68:4f:eb:6c:2c:5b:aa:55:b2:b3:6c:03:
         e4:04:0d:e1:b6:81:62:8e:dd:76:fd:c7:95:2f:07:f5:ac:98:
         c2:c7:de:c8:e9:8f:1e:41:ef:b6:0f:9d:69:8c:99:b7:25:f1:
         54:83:6f:b0:d8:54:34:ae:be:20:29:80:ca:61:e9:4b:09:a1:
         a8:e1:81:f5:a8:bc:32:3a:3b:cb:e7:10:f3:c1:28:ff:43:b9:
         b6:5b:66:86:ed:75:d2:ae:ce:c0:9e:db:6a:57:f7:89:c7:dd:
         99:46:a5:3b:2d:d6:87:43:df:52:e5:77:36:bf:df:32:8e:8a:
         37:b9:4a:3e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVsE5NXx9qV+1u7uEq0qqldMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMzk5ZmJhOWFhZTlkMmQ2ZmZlNTJhZThjNzRhZTM4ZmM2
YzFhZjEwHhcNMjMwMTAxMDY0NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWU1NmIzYTI3N2JkYjliYjg1ZjViOGE5NTM4MjA2ZDMyMmQ5OWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiy6AZJs56mayNGF5CaSeBVhPCqqO
MfaggVsxg94hWhlqROzpKj4+iZbC+Munw6unp2En+ght+Vyel/t9m5mmbd2VzGue
B8KUjb5EzsoTP4YJSDz9ELm0VZIkoE2y+qZs2p1ubNi9f06EUcCboKDE5/gT+O7Q
2pGKeqSoH4m1DVY1xtdGwwTECwionxsuB23klhc75u9zjx5jhlyV/iBJtMWMOJfS
2nQIKFW6LKVVUsSawTSoHwnGgEi98rnRLKwZ4d5Fn0dFbrUPUwGsE1UURS7mfCDn
FlXQ7m2pTvLIGJnnTusirQhcBLZOxUeQ+4q/oPtlR92be74REirzEKZzxwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH7lazone9ubuF9bipU4IG0yLZnFMB8GA1UdIwQY
MBaAFF45n7qarp0tb/5Srox0rjj8bBrxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGptZnVwcXVuUzF2X2xLdWpIU3VPUHhzR3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9iOTFkMDUtNmEwMy00MGVkLWE5ODMt
YmQ4MDlkOWRlZGI5LzEvZnVWck9pZDcyNXU0WDF1S2xUZ2diVEl0bWNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9iOTFkMDUtNmEwMy00MGVkLWE5ODMtYmQ4MDlkOWRlZGI5
LzEvWGptZnVwcXVuUzF2X2xLdWpIU3VPUHhzR3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAucZGMA0E
AgACMAcDBQMqEQbAMA0GCSqGSIb3DQEBCwUAA4IBAQBVwJmIQ6FwtGk3Pxrrzm81
9ET+0CzlbG1bnMurqFPAbrA2bbUKfKFFzQ7Yg3MEVo2NXD4qn6EJoSmom+QbcZjw
el2WtKg4JLwKBPKCcvFy6gCi4HckdGeoDHinapTgTQJjMnLQQuGYfdmdsEDVXVd9
PzUwdnIRMSynj0CbAIdOcC5Om8loT+tsLFuqVbKzbAPkBA3htoFijt12/ceVLwf1
rJjCx97I6Y8eQe+2D51pjJm3JfFUg2+w2FQ0rr4gKYDKYelLCaGo4YH1qLwyOjvL
5xDzwSj/Q7m2W2aG7XXSrs7AnttqV/eJx92ZRqU7LdaHQ99S5Xc2v98yjoo3uUo+
-----END CERTIFICATE-----