Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/464631-ca8e-4c6a-b091-d9f6d9642537/1/JdTe9zbAwVFQwLURwiBw_XOcEZM.roa
File:                     JdTe9zbAwVFQwLURwiBw_XOcEZM.roa (raw, json)
Hash identifier:          HbOzPUPba4MGj4ALtPagl7sZqpzWRk+cPlQlxudB6bs=
Subject key identifier:   25:D4:DE:F7:36:C0:C1:51:50:C0:B5:11:C2:20:70:FD:73:9C:11:93
Certificate issuer:       /CN=54914541fd1b95e7c0afc875fbef78794f55386b
Certificate serial:       0184D79CD391B1D541A226C0DE14B10D8C69
Authority key identifier: 54:91:45:41:FD:1B:95:E7:C0:AF:C8:75:FB:EF:78:79:4F:55:38:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VJFFQf0blefAr8h1--94eU9VOGs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/464631-ca8e-4c6a-b091-d9f6d9642537/1/JdTe9zbAwVFQwLURwiBw_XOcEZM.roa
Signing time:             Sat 03 Dec 2022 10:51:29 +0000
ROA not before:           Sat 03 Dec 2022 10:51:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203888
IP address blocks:        2a06:a005:150a::/48 maxlen: 48
                          2a06:a005:d22::/48 maxlen: 48
                          2a0a:6040:300::/40 maxlen: 48
                          2a06:a005:24c0::/44 maxlen: 48
                          2a06:a005:2480::/44 maxlen: 48
                          2a06:a005:24d0::/44 maxlen: 48
                          2a06:a005:b60::/44 maxlen: 48
                          2a06:a005:24a0::/44 maxlen: 48
                          2a06:a005:2100::/44 maxlen: 48
                          2a06:a005:24b0::/44 maxlen: 48
                          2a07:54c2:b00b::/48 maxlen: 48
                          2a05:dfc7:6400::/40 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:d7:9c:d3:91:b1:d5:41:a2:26:c0:de:14:b1:0d:8c:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54914541fd1b95e7c0afc875fbef78794f55386b
        Validity
            Not Before: Dec  3 10:51:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=25d4def736c0c15150c0b511c22070fd739c1193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:97:21:c8:a2:b4:db:ab:c9:0a:1b:ff:ad:e3:
                    8f:28:4b:45:cb:89:b1:8c:c7:51:5e:19:69:30:60:
                    4c:0a:6d:7a:b8:ac:61:b4:8f:22:39:95:64:9b:a1:
                    41:5e:08:16:cd:de:f9:ad:91:d8:cc:3c:f0:50:1f:
                    2d:14:c9:3d:95:2c:ed:77:16:b6:b2:76:76:1f:7b:
                    b5:18:0c:58:85:9d:4f:fb:3c:ce:77:b4:90:ce:00:
                    4f:6c:21:1b:b7:8a:06:7f:de:2a:1c:f1:2a:04:6a:
                    25:d8:bb:23:93:c8:41:a8:9e:62:73:a9:be:a9:9c:
                    f0:9e:5e:ab:a0:e5:02:43:73:f4:e5:a8:fe:54:8e:
                    98:d3:51:1f:4e:0c:2b:5d:c1:81:88:00:27:34:b3:
                    bf:1b:3a:9d:d1:b9:49:89:2b:ce:d3:de:2b:bc:1c:
                    5c:d3:29:62:65:b4:bf:f4:e9:40:1e:85:c6:98:bf:
                    09:04:1c:bc:1c:d2:9c:a7:45:8d:d4:58:fb:f0:5f:
                    08:be:58:ca:97:3d:de:dd:9d:1b:95:d7:81:fd:15:
                    8e:33:d7:23:5e:99:c4:b4:ed:35:50:7b:f2:c5:f1:
                    3b:6f:7a:34:2c:95:3f:59:c5:a4:ff:a8:74:66:da:
                    9e:f4:29:96:59:b2:c5:b5:a0:55:97:a6:eb:79:f3:
                    34:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:D4:DE:F7:36:C0:C1:51:50:C0:B5:11:C2:20:70:FD:73:9C:11:93
            X509v3 Authority Key Identifier:
                keyid:54:91:45:41:FD:1B:95:E7:C0:AF:C8:75:FB:EF:78:79:4F:55:38:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VJFFQf0blefAr8h1--94eU9VOGs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/464631-ca8e-4c6a-b091-d9f6d9642537/1/JdTe9zbAwVFQwLURwiBw_XOcEZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/464631-ca8e-4c6a-b091-d9f6d9642537/1/VJFFQf0blefAr8h1--94eU9VOGs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc7:6400::/40
                  2a06:a005:b60::/44
                  2a06:a005:d22::/48
                  2a06:a005:150a::/48
                  2a06:a005:2100::/44
                  2a06:a005:2480::/44
                  2a06:a005:24a0::-2a06:a005:24df:ffff:ffff:ffff:ffff:ffff
                  2a07:54c2:b00b::/48
                  2a0a:6040:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         05:67:73:8f:1e:6f:89:1e:82:53:ee:63:f0:42:ea:15:c9:ca:
         b4:39:23:f9:b6:cf:0e:03:e2:fe:07:c4:f0:45:d6:ce:62:3d:
         98:45:08:21:e8:23:1b:60:fa:20:24:52:45:05:a1:e4:f3:c0:
         f4:cf:dc:32:e4:56:eb:25:de:fe:c1:3a:9a:77:b4:2a:75:bf:
         a1:f5:b0:29:cf:1b:24:87:6b:4d:bd:41:15:84:e8:15:ad:93:
         99:87:57:05:3a:21:8f:ea:ac:36:55:99:cb:55:be:20:bc:69:
         eb:20:b1:aa:18:2f:9d:f1:c3:1e:4a:33:96:8d:87:78:52:22:
         e4:a4:00:c3:39:d4:e8:a6:71:dc:55:ce:c0:45:f5:0c:07:bb:
         a9:a5:38:eb:3a:68:65:6a:86:c2:77:f1:88:0e:5c:6f:4d:71:
         fd:7e:61:63:23:51:ba:ab:87:5d:04:8f:92:90:51:75:39:6d:
         f7:a3:c6:af:d5:57:01:3d:c6:01:d3:2d:cf:af:5b:47:8a:58:
         3e:7c:56:9f:72:c4:c7:e2:55:b7:31:b0:1a:99:3e:c6:1f:68:
         a9:2a:1a:e0:ca:27:0d:8a:6c:5d:b2:9c:15:9a:cd:13:49:61:
         9a:c9:af:98:a4:0e:54:a7:04:80:00:cc:9c:a6:87:a7:b0:52:
         38:e8:84:e4
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYTXnNORsdVBoibA3hSxDYxpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0OTE0NTQxZmQxYjk1ZTdjMGFmYzg3NWZiZWY3ODc5NGY1
NTM4NmIwHhcNMjIxMjAzMTA1MTI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWQ0ZGVmNzM2YzBjMTUxNTBjMGI1MTFjMjIwNzBmZDczOWMxMTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpchyKK026vJChv/reOPKEtFy4mx
jMdRXhlpMGBMCm16uKxhtI8iOZVkm6FBXggWzd75rZHYzDzwUB8tFMk9lSztdxa2
snZ2H3u1GAxYhZ1P+zzOd7SQzgBPbCEbt4oGf94qHPEqBGol2Lsjk8hBqJ5ic6m+
qZzwnl6roOUCQ3P05aj+VI6Y01EfTgwrXcGBiAAnNLO/Gzqd0blJiSvO094rvBxc
0yliZbS/9OlAHoXGmL8JBBy8HNKcp0WN1Fj78F8IvljKlz3e3Z0bldeB/RWOM9cj
XpnEtO01UHvyxfE7b3o0LJU/WcWk/6h0Ztqe9CmWWbLFtaBVl6brefM01wIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFCXU3vc2wMFRUMC1EcIgcP1znBGTMB8GA1UdIwQY
MBaAFFSRRUH9G5XnwK/IdfvveHlPVThrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkpGRlFmMGJsZWZBcjhoMS0tOTRlVTlWT0dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS80NjQ2MzEtY2E4ZS00YzZhLWIwOTEt
ZDlmNmQ5NjQyNTM3LzEvSmRUZTl6YkF3VkZRd0xVUndpQndfWE9jRVpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS80NjQ2MzEtY2E4ZS00YzZhLWIwOTEtZDlmNmQ5NjQyNTM3
LzEvVkpGRlFmMGJsZWZBcjhoMS0tOTRlVTlWT0dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAAjBaAwYAKgXfx2QD
BwQqBqAFC2ADBwAqBqAFDSIDBwAqBqAFFQoDBwQqBqAFIQADBwQqBqAFJIAwEgMH
BSoGoAUkoAMHBSoGoAUkwAMHACoHVMKwCwMGACoKYEADMA0GCSqGSIb3DQEBCwUA
A4IBAQAFZ3OPHm+JHoJT7mPwQuoVycq0OSP5ts8OA+L+B8TwRdbOYj2YRQgh6CMb
YPogJFJFBaHk88D0z9wy5FbrJd7+wTqad7Qqdb+h9bApzxskh2tNvUEVhOgVrZOZ
h1cFOiGP6qw2VZnLVb4gvGnrILGqGC+d8cMeSjOWjYd4UiLkpADDOdTopnHcVc7A
RfUMB7uppTjrOmhlaobCd/GIDlxvTXH9fmFjI1G6q4ddBI+SkFF1OW33o8av1VcB
PcYB0y3Pr1tHilg+fFafcsTH4lW3MbAamT7GH2ipKhrgyicNimxdspwVms0TSWGa
ya+YpA5UpwSAAMycpoensFI46ITk
-----END CERTIFICATE-----