Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/qOzixS9znouX_SvjaV9y0RG0ZMs.roa
File:                     qOzixS9znouX_SvjaV9y0RG0ZMs.roa (raw, json)
Hash identifier:          z3/6KDiWfNaL9NRVTpbEaUzkJ83ESkas+fG3zRY/e4w=
Subject key identifier:   A8:EC:E2:C5:2F:73:9E:8B:97:FD:2B:E3:69:5F:72:D1:11:B4:64:CB
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       018A4A5FC3AAFA8C294F5BA916B5F81959BE
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/qOzixS9znouX_SvjaV9y0RG0ZMs.roa
Signing time:             Thu 31 Aug 2023 06:55:04 +0000
ROA not before:           Thu 31 Aug 2023 06:55:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        5.105.128.0/24 maxlen: 24
                          5.105.160.0/24 maxlen: 24
                          5.105.89.0/24 maxlen: 24
                          5.105.86.0/24 maxlen: 24
                          5.105.88.0/24 maxlen: 24
                          5.105.87.0/24 maxlen: 24
                          5.105.110.0/24 maxlen: 24
                          5.105.250.0/24 maxlen: 24
                          5.105.251.0/24 maxlen: 24
                          5.105.255.0/24 maxlen: 24
                          5.105.254.0/24 maxlen: 24
                          5.105.176.0/24 maxlen: 24
                          5.105.191.0/24 maxlen: 24
                          5.105.190.0/24 maxlen: 24
                          5.105.192.0/24 maxlen: 24
                          5.105.194.0/24 maxlen: 24
                          5.105.206.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:4a:5f:c3:aa:fa:8c:29:4f:5b:a9:16:b5:f8:19:59:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Aug 31 06:55:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a8ece2c52f739e8b97fd2be3695f72d111b464cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:2d:3a:9a:db:b5:67:65:af:1a:bd:75:9e:2a:
                    19:f2:e1:11:e5:45:9a:be:31:fd:85:03:ed:d3:53:
                    90:56:26:f2:5e:a1:24:77:5c:6b:f1:88:84:1a:26:
                    90:53:a3:d8:86:0b:57:5f:2c:09:80:61:18:00:71:
                    8a:ef:aa:d8:80:e4:ed:d1:3e:df:0f:89:c1:3f:b3:
                    4d:0b:dc:bd:ea:46:f5:3f:72:a9:fa:4b:f8:4f:27:
                    09:3a:f4:00:c3:4e:2a:e0:53:7e:e5:4d:07:0f:0b:
                    ce:be:00:6f:2e:1d:3a:52:04:cb:b9:69:7b:f4:03:
                    c2:04:c1:32:0f:31:1c:75:69:61:f0:fb:e8:cb:92:
                    37:c7:89:66:50:67:69:27:46:05:06:65:29:a3:d3:
                    ac:38:f6:b9:7c:12:3e:9b:59:ba:0e:8e:54:4a:d1:
                    81:5c:4f:ce:92:ad:d6:c3:f8:8b:e1:db:fb:8d:48:
                    a7:22:61:e8:95:bb:ac:1c:99:ca:27:c5:b5:e4:08:
                    17:69:69:74:fc:7a:87:73:8f:c6:95:87:51:b5:50:
                    b0:4c:d3:de:20:6e:4c:84:a9:bd:58:35:16:01:cd:
                    e7:4c:b6:5b:f8:7e:b5:95:96:41:86:c2:21:77:36:
                    e7:63:ff:ec:7d:d9:15:03:01:14:c1:0d:76:cf:6b:
                    56:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:EC:E2:C5:2F:73:9E:8B:97:FD:2B:E3:69:5F:72:D1:11:B4:64:CB
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/qOzixS9znouX_SvjaV9y0RG0ZMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.86.0-5.105.89.255
                  5.105.110.0/24
                  5.105.128.0/24
                  5.105.160.0/24
                  5.105.176.0/24
                  5.105.190.0-5.105.192.255
                  5.105.194.0/24
                  5.105.206.0/24
                  5.105.250.0/23
                  5.105.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:e6:5d:17:3b:9f:d9:43:aa:43:c5:19:09:25:a2:89:1d:24:
         d5:b5:81:21:6f:e6:6f:4a:2d:14:5e:b0:08:a8:a9:7b:f1:e8:
         58:5b:cc:b8:64:cc:8c:b1:e9:a6:34:18:52:20:9c:65:fc:cb:
         5b:dc:a6:ff:86:d6:20:30:6d:bf:4a:64:7b:b3:61:6c:93:df:
         4a:bd:4c:c3:3d:7f:93:81:93:52:87:b5:40:98:fd:ae:f0:ae:
         07:18:8a:28:1e:a4:e4:8d:db:74:84:2b:de:50:0c:2b:a6:6c:
         90:ce:b1:95:bc:5d:95:bc:c3:80:e8:21:74:c7:ff:97:c9:5e:
         3c:93:fd:90:4e:d7:35:22:39:26:15:30:91:b4:ef:71:e7:04:
         a5:91:33:ff:83:58:9e:90:47:fc:5b:48:84:30:76:11:8a:2d:
         c7:77:94:52:b1:8d:86:7a:58:ab:86:5d:03:25:c3:8b:29:54:
         c9:97:eb:df:37:2c:2e:47:d3:d4:1e:6b:3c:06:a3:21:2d:36:
         62:d1:8c:fb:e8:bd:28:8d:2e:97:33:3e:45:d4:2f:03:6f:ca:
         bb:9a:be:4a:2f:2b:86:2a:ec:7e:26:29:07:21:a8:0b:fc:b4:
         59:19:04:32:05:39:45:ae:7b:b2:da:2e:92:f3:a9:42:93:68:
         a1:c9:53:d9
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYpKX8Oq+owpT1upFrX4GVm+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwODMxMDY1NTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGVjZTJjNTJmNzM5ZThiOTdmZDJiZTM2OTVmNzJkMTExYjQ2NGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnS06mtu1Z2WvGr11nioZ8uER5UWa
vjH9hQPt01OQVibyXqEkd1xr8YiEGiaQU6PYhgtXXywJgGEYAHGK76rYgOTt0T7f
D4nBP7NNC9y96kb1P3Kp+kv4TycJOvQAw04q4FN+5U0HDwvOvgBvLh06UgTLuWl7
9APCBMEyDzEcdWlh8Pvoy5I3x4lmUGdpJ0YFBmUpo9OsOPa5fBI+m1m6Do5UStGB
XE/Okq3Ww/iL4dv7jUinImHolbusHJnKJ8W15AgXaWl0/HqHc4/GlYdRtVCwTNPe
IG5MhKm9WDUWAc3nTLZb+H61lZZBhsIhdzbnY//sfdkVAwEUwQ12z2tWtwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFKjs4sUvc56Ll/0r42lfctERtGTLMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvcU96aXhTOXpub3VYX1N2amFWOXkwUkcwWk1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMMAwDBAEFaVYD
BAEFaVgDBAAFaW4DBAAFaYADBAAFaaADBAAFabAwDAMEAQVpvgMEAAVpwAMEAAVp
wgMEAAVpzgMEAQVp+gMEAQVp/jANBgkqhkiG9w0BAQsFAAOCAQEAE+ZdFzuf2UOq
Q8UZCSWiiR0k1bWBIW/mb0otFF6wCKipe/HoWFvMuGTMjLHppjQYUiCcZfzLW9ym
/4bWIDBtv0pke7NhbJPfSr1Mwz1/k4GTUoe1QJj9rvCuBxiKKB6k5I3bdIQr3lAM
K6ZskM6xlbxdlbzDgOghdMf/l8lePJP9kE7XNSI5JhUwkbTvcecEpZEz/4NYnpBH
/FtIhDB2EYotx3eUUrGNhnpYq4ZdAyXDiylUyZfr3zcsLkfT1B5rPAajIS02YtGM
++i9KI0ulzM+RdQvA2/Ku5q+Si8rhirsfiYpByGoC/y0WRkEMgU5Ra57stoukvOp
QpNooclT2Q==
-----END CERTIFICATE-----