Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/51v9esW0-YYB9InID1arcGCh2iA.roa
File:                     51v9esW0-YYB9InID1arcGCh2iA.roa (raw, json)
Hash identifier:          tTO5wq1wafvYG0gKzSvnK1KGSl0AhhOAlftzd3eaZ7M=
Subject key identifier:   E7:5B:FD:7A:C5:B4:F9:86:01:F4:89:C8:0F:56:AB:70:60:A1:DA:20
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       01856BE5AC1C1554C7DF47035AA4F01BDE89
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/51v9esW0-YYB9InID1arcGCh2iA.roa
Signing time:             Sun 01 Jan 2023 05:54:52 +0000
ROA not before:           Sun 01 Jan 2023 05:54:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     40676
IP address blocks:        5.105.124.0/24 maxlen: 24
                          5.105.129.0/24 maxlen: 24
                          5.105.135.0/24 maxlen: 24
                          5.105.98.0/24 maxlen: 24
                          5.105.105.0/24 maxlen: 24
                          5.105.102.0/24 maxlen: 24
                          5.105.238.0/24 maxlen: 24
                          5.105.241.0/24 maxlen: 24
                          5.105.27.0/24 maxlen: 24
                          5.105.252.0/24 maxlen: 24
                          5.105.253.0/24 maxlen: 24
                          5.105.188.0/24 maxlen: 24
                          5.105.204.0/24 maxlen: 24
                          5.105.2.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:e5:ac:1c:15:54:c7:df:47:03:5a:a4:f0:1b:de:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Jan  1 05:54:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e75bfd7ac5b4f98601f489c80f56ab7060a1da20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:21:88:1c:f6:de:fc:cb:4b:3a:14:d3:20:c1:
                    47:23:de:10:98:4e:64:b6:4b:3a:e6:14:3b:90:fd:
                    e7:a7:9e:d6:37:0e:89:ae:44:de:7f:85:28:7c:f4:
                    03:9d:7a:62:d1:32:a7:01:64:23:58:7b:4b:58:6c:
                    f0:b9:6b:b2:b5:93:b3:a0:7b:03:4d:51:21:38:c1:
                    51:a4:02:01:ff:78:2c:07:17:e7:6c:0c:43:09:dd:
                    b0:31:e8:f8:e0:21:22:62:6a:f3:46:84:d7:84:f8:
                    b3:d5:ed:3e:08:e3:90:12:8f:69:61:a9:77:a0:8c:
                    ad:4f:62:cb:56:1e:dc:de:2d:ff:76:d9:cd:c6:12:
                    3b:4e:d9:00:1d:3f:92:77:37:84:48:7f:8c:33:a6:
                    a4:18:a1:1a:94:e4:74:58:71:9a:cf:2a:ad:d2:7b:
                    2a:8d:fc:99:b6:91:44:57:67:0a:79:29:7c:0e:22:
                    c2:c4:a9:79:2f:50:3b:ea:31:90:f8:b5:25:84:31:
                    00:13:20:7e:8b:1b:79:2d:17:10:0d:2a:54:67:65:
                    6c:6c:d2:b9:c4:b0:1b:02:fb:3e:a9:c0:c7:28:2b:
                    03:52:b2:38:4d:e6:c0:82:0b:a5:69:5b:6a:96:ce:
                    1d:0b:c7:81:c4:44:26:5a:6b:11:eb:b2:5d:fd:95:
                    a1:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:5B:FD:7A:C5:B4:F9:86:01:F4:89:C8:0F:56:AB:70:60:A1:DA:20
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/51v9esW0-YYB9InID1arcGCh2iA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.2.0/24
                  5.105.27.0/24
                  5.105.98.0/24
                  5.105.102.0/24
                  5.105.105.0/24
                  5.105.124.0/24
                  5.105.129.0/24
                  5.105.135.0/24
                  5.105.188.0/24
                  5.105.204.0/24
                  5.105.238.0/24
                  5.105.241.0/24
                  5.105.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:4f:1c:80:79:04:63:22:ec:80:1c:97:d2:0f:aa:0a:0d:dd:
         18:d0:52:89:51:1a:c1:05:12:c2:05:e3:23:b6:d6:86:6d:ef:
         e1:34:9e:83:c4:d2:1a:18:b2:50:50:5c:5a:86:97:eb:e8:6a:
         2a:62:74:0f:ba:bb:fe:63:14:68:5f:c3:45:86:52:09:cc:38:
         6c:9e:bc:0b:9d:56:d7:dd:e2:f1:8b:7b:09:be:3d:73:c3:42:
         2a:02:29:34:24:8b:3a:86:75:19:44:b9:bd:e8:1e:f4:b6:22:
         15:5b:5b:84:0b:56:68:5a:e8:2f:c9:9a:bb:c1:37:39:ca:cc:
         8e:cd:f1:c0:ac:30:dc:ba:9c:63:d5:9a:eb:7f:34:03:74:39:
         7f:ac:15:c8:74:7a:95:7e:74:62:bc:e6:3f:ea:c7:92:0a:db:
         a9:e4:77:0a:03:9b:58:7a:e6:82:fe:50:38:67:a2:0d:11:3c:
         6e:d2:33:a8:15:c7:81:53:4d:0a:e4:af:44:bc:57:7b:e0:91:
         00:60:4b:db:f4:9e:e7:33:43:b8:b9:23:00:d0:f0:ad:f3:47:
         7f:7c:b9:3d:e1:f0:21:7e:aa:03:b9:fe:1f:5e:19:df:12:d5:
         46:a0:00:85:29:4f:23:32:a0:f5:a8:1f:90:6d:1e:d4:34:35:
         ca:bb:69:37
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYVr5awcFVTH30cDWqTwG96JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwMTAxMDU1NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzViZmQ3YWM1YjRmOTg2MDFmNDg5YzgwZjU2YWI3MDYwYTFkYTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkyGIHPbe/MtLOhTTIMFHI94QmE5k
tks65hQ7kP3np57WNw6JrkTef4UofPQDnXpi0TKnAWQjWHtLWGzwuWuytZOzoHsD
TVEhOMFRpAIB/3gsBxfnbAxDCd2wMej44CEiYmrzRoTXhPiz1e0+COOQEo9pYal3
oIytT2LLVh7c3i3/dtnNxhI7TtkAHT+SdzeESH+MM6akGKEalOR0WHGazyqt0nsq
jfyZtpFEV2cKeSl8DiLCxKl5L1A76jGQ+LUlhDEAEyB+ixt5LRcQDSpUZ2VsbNK5
xLAbAvs+qcDHKCsDUrI4TebAggulaVtqls4dC8eBxEQmWmsR67Jd/ZWhmwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFOdb/XrFtPmGAfSJyA9Wq3BgodogMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvNTF2OWVzVzAtWVlCOUluSUQxYXJjR0NoMmlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQABWkCAwQA
BWkbAwQABWliAwQABWlmAwQABWlpAwQABWl8AwQABWmBAwQABWmHAwQABWm8AwQA
BWnMAwQABWnuAwQABWnxAwQBBWn8MA0GCSqGSIb3DQEBCwUAA4IBAQAuTxyAeQRj
IuyAHJfSD6oKDd0Y0FKJURrBBRLCBeMjttaGbe/hNJ6DxNIaGLJQUFxahpfr6Goq
YnQPurv+YxRoX8NFhlIJzDhsnrwLnVbX3eLxi3sJvj1zw0IqAik0JIs6hnUZRLm9
6B70tiIVW1uEC1ZoWugvyZq7wTc5ysyOzfHArDDcupxj1ZrrfzQDdDl/rBXIdHqV
fnRivOY/6seSCtup5HcKA5tYeuaC/lA4Z6INETxu0jOoFceBU00K5K9EvFd74JEA
YEvb9J7nM0O4uSMA0PCt80d/fLk94fAhfqoDuf4fXhnfEtVGoACFKU8jMqD1qB+Q
bR7UNDXKu2k3
-----END CERTIFICATE-----