Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/f4f2bd-9621-4624-89de-e8858fd8b4ca/1/hDqTfo_ojBFG5ngYFxDB8_w7vwM.roa
File:                     hDqTfo_ojBFG5ngYFxDB8_w7vwM.roa (raw, json)
Hash identifier:          pH1EdNzUfwvJV8bulbgjUmazNRK8u8N81Bk4EFbGpAw=
Subject key identifier:   84:3A:93:7E:8F:E8:8C:11:46:E6:78:18:17:10:C1:F3:FC:3B:BF:03
Certificate issuer:       /CN=a65e61591857073d7b8766a734c9b566aaab3e95
Certificate serial:       01B08D08
Authority key identifier: A6:5E:61:59:18:57:07:3D:7B:87:66:A7:34:C9:B5:66:AA:AB:3E:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pl5hWRhXBz17h2anNMm1ZqqrPpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/f4f2bd-9621-4624-89de-e8858fd8b4ca/1/hDqTfo_ojBFG5ngYFxDB8_w7vwM.roa
Signing time:             Sat 01 Jan 2022 13:02:39 +0000
ROA not before:           Sat 01 Jan 2022 13:02:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        46.19.64.0/22 maxlen: 22
                          46.19.68.0/23 maxlen: 23
                          185.166.196.0/23 maxlen: 23
                          37.220.80.0/22 maxlen: 22
                          94.198.216.0/22 maxlen: 22
                          37.220.84.0/23 maxlen: 23
                          81.200.144.0/21 maxlen: 21
                          94.198.220.0/23 maxlen: 23
                          81.200.152.0/22 maxlen: 22
                          81.200.156.0/23 maxlen: 23

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 28347656 (0x1b08d08)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a65e61591857073d7b8766a734c9b566aaab3e95
        Validity
            Not Before: Jan  1 13:02:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=843a937e8fe88c1146e678181710c1f3fc3bbf03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:3f:f3:34:7a:5d:f8:8b:09:86:9c:29:07:79:
                    cb:26:12:9e:2a:b5:68:84:31:40:48:d8:80:4a:d1:
                    ac:fb:c8:6b:3f:b6:2a:a6:05:27:11:21:d2:08:95:
                    3d:c3:c3:39:64:9c:aa:f1:87:33:79:39:6b:9d:2c:
                    65:9f:17:fa:6c:4c:33:86:77:95:f1:1c:46:bc:0a:
                    fe:d8:71:43:cc:95:38:d1:ac:e7:80:5d:49:bb:8d:
                    51:97:d5:42:57:9c:96:c5:42:a0:be:83:dc:78:ad:
                    66:ed:a5:fe:bd:ed:de:7f:2c:a2:12:ea:d4:46:09:
                    63:8f:64:64:9a:3e:b5:8c:bb:28:94:0b:bc:1d:31:
                    7a:59:61:c3:16:ae:d9:d8:30:f3:46:ee:3e:c1:b1:
                    c8:5e:c3:86:29:0a:39:1e:69:60:10:89:20:85:6f:
                    e2:51:1a:be:78:ec:ed:1a:30:a0:85:61:fb:18:3d:
                    8d:df:02:28:3c:4a:76:62:3c:45:1e:05:9e:29:43:
                    b8:34:3a:18:1b:c6:f6:4a:b0:9b:b1:ad:67:ef:bb:
                    c6:91:3c:fe:97:b0:37:6e:99:fc:a5:57:95:85:df:
                    4c:43:97:11:18:e0:be:f9:b0:2b:a9:80:58:19:3b:
                    43:cb:b9:d1:d7:4f:e2:5a:95:e4:27:d3:bf:b1:5f:
                    58:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:3A:93:7E:8F:E8:8C:11:46:E6:78:18:17:10:C1:F3:FC:3B:BF:03
            X509v3 Authority Key Identifier:
                keyid:A6:5E:61:59:18:57:07:3D:7B:87:66:A7:34:C9:B5:66:AA:AB:3E:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pl5hWRhXBz17h2anNMm1ZqqrPpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/f4f2bd-9621-4624-89de-e8858fd8b4ca/1/hDqTfo_ojBFG5ngYFxDB8_w7vwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/f4f2bd-9621-4624-89de-e8858fd8b4ca/1/pl5hWRhXBz17h2anNMm1ZqqrPpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.220.80.0-37.220.85.255
                  46.19.64.0-46.19.69.255
                  81.200.144.0-81.200.157.255
                  94.198.216.0-94.198.221.255
                  185.166.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:a8:80:79:07:40:0b:5d:05:23:72:63:e6:fa:86:d9:fd:dc:
         7b:f0:fe:13:d8:c7:e4:34:a7:58:28:65:00:00:bf:37:24:dc:
         a5:a7:ef:6a:c7:ad:19:51:df:e2:62:ac:c5:49:b3:04:7b:c9:
         65:f5:2c:58:47:32:d5:9f:b0:bc:d6:4e:54:d3:f7:0f:4c:9d:
         d7:02:48:8b:1f:64:09:4b:ac:bb:b5:29:85:bd:3d:0e:49:e6:
         0a:51:ad:60:67:ec:f9:25:d7:ac:32:a0:7b:b0:7e:c3:47:f9:
         e5:74:0c:06:9d:f3:03:ac:3e:f2:db:b3:11:b0:e5:83:f8:a0:
         e6:7a:79:07:c5:bd:cf:81:b6:f0:6f:94:91:6e:c2:ba:aa:c0:
         03:ff:d8:30:b5:eb:94:8d:9a:82:51:c0:fd:bc:41:67:5f:aa:
         11:1d:8d:7d:47:df:a7:46:c2:63:e3:e8:81:27:de:c7:9f:30:
         ac:8b:42:0d:23:9b:f4:8a:66:0c:73:20:6d:36:35:a9:fb:7d:
         46:20:55:f5:98:09:c7:1c:82:53:3d:c6:c6:fd:30:4a:85:56:
         65:da:4b:3f:25:8d:07:bd:50:d1:56:91:ca:af:54:e7:53:53:
         38:0d:5d:ba:2e:21:4e:30:ad:0b:b4:43:12:30:a8:d5:01:c2:
         11:f8:3c:28
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIEAbCNCDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
NjVlNjE1OTE4NTcwNzNkN2I4NzY2YTczNGM5YjU2NmFhYWIzZTk1MB4XDTIyMDEw
MTEzMDIzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODQzYTkzN2U4ZmU4
OGMxMTQ2ZTY3ODE4MTcxMGMxZjNmYzNiYmYwMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOk/8zR6XfiLCYacKQd5yyYSniq1aIQxQEjYgErRrPvIaz+2
KqYFJxEh0giVPcPDOWScqvGHM3k5a50sZZ8X+mxMM4Z3lfEcRrwK/thxQ8yVONGs
54BdSbuNUZfVQleclsVCoL6D3HitZu2l/r3t3n8sohLq1EYJY49kZJo+tYy7KJQL
vB0xellhwxau2dgw80buPsGxyF7DhikKOR5pYBCJIIVv4lEavnjs7RowoIVh+xg9
jd8CKDxKdmI8RR4FnilDuDQ6GBvG9kqwm7GtZ++7xpE8/pewN26Z/KVXlYXfTEOX
ERjgvvmwK6mAWBk7Q8u50ddP4lqV5CfTv7FfWCUCAwEAAaOCAkEwggI9MB0GA1Ud
DgQWBBSEOpN+j+iMEUbmeBgXEMHz/Du/AzAfBgNVHSMEGDAWgBSmXmFZGFcHPXuH
Zqc0ybVmqqs+lTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3BsNWhXUmhYQnoxN2gyYW5OTW0xWnFxclBwVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2EvZjRmMmJkLTk2MjEtNDYyNC04OWRlLWU4ODU4ZmQ4YjRjYS8x
L2hEcVRmb19vakJGRzVuZ1lGeERCOF93N3Z3TS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Ev
ZjRmMmJkLTk2MjEtNDYyNC04OWRlLWU4ODU4ZmQ4YjRjYS8xL3BsNWhXUmhYQnox
N2gyYW5OTW0xWnFxclBwVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBX
BggrBgEFBQcBBwEB/wRIMEYwRAQCAAEwPjAMAwQEJdxQAwQBJdxUMAwDBAYuE0AD
BAEuE0QwDAMEBFHIkAMEAVHInDAMAwQDXsbYAwQBXsbcAwQBuabEMA0GCSqGSIb3
DQEBCwUAA4IBAQBuqIB5B0ALXQUjcmPm+obZ/dx78P4T2MfkNKdYKGUAAL83JNyl
p+9qx60ZUd/iYqzFSbMEe8ll9SxYRzLVn7C81k5U0/cPTJ3XAkiLH2QJS6y7tSmF
vT0OSeYKUa1gZ+z5JdesMqB7sH7DR/nldAwGnfMDrD7y27MRsOWD+KDmenkHxb3P
gbbwb5SRbsK6qsAD/9gwteuUjZqCUcD9vEFnX6oRHY19R9+nRsJj4+iBJ97HnzCs
i0INI5v0imYMcyBtNjWp+31GIFX1mAnHHIJTPcbG/TBKhVZl2ks/JY0HvVDRVpHK
r1TnU1M4DV26LiFOMK0LtEMSMKjVAcIR+Dwo
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:32 2023 by rpki-client on console-ams.rpki-client.org