Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/464631-ca8e-4c6a-b091-d9f6d9642537/1/ToJn9pM6WwcuJa1mKgvmNg6-PGE.roa
File:                     ToJn9pM6WwcuJa1mKgvmNg6-PGE.roa (raw, json)
Hash identifier:          b2wuzmIsL13TTWUXnFJeJvBtRVNAOgXGJP4SYH3nvIw=
Subject key identifier:   4E:82:67:F6:93:3A:5B:07:2E:25:AD:66:2A:0B:E6:36:0E:BE:3C:61
Certificate issuer:       /CN=54914541fd1b95e7c0afc875fbef78794f55386b
Certificate serial:       0184D8463302A7B626EB26B484EC70600871
Authority key identifier: 54:91:45:41:FD:1B:95:E7:C0:AF:C8:75:FB:EF:78:79:4F:55:38:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VJFFQf0blefAr8h1--94eU9VOGs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/464631-ca8e-4c6a-b091-d9f6d9642537/1/ToJn9pM6WwcuJa1mKgvmNg6-PGE.roa
Signing time:             Sat 03 Dec 2022 13:56:30 +0000
ROA not before:           Sat 03 Dec 2022 13:56:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203888
IP address blocks:        2a06:a005:150a::/48 maxlen: 48
                          2a06:a005:d22::/48 maxlen: 48
                          2a0a:6040:300::/40 maxlen: 48
                          2a06:a005:24c0::/44 maxlen: 48
                          2a06:a005:2480::/44 maxlen: 48
                          2a06:a005:24d0::/44 maxlen: 48
                          2a06:a005:b60::/44 maxlen: 48
                          2a06:a005:24a0::/44 maxlen: 48
                          2a06:a005:2100::/44 maxlen: 48
                          2a06:a005:24b0::/44 maxlen: 48
                          2a07:54c2:b00b::/48 maxlen: 48
                          2a05:dfc7:6400::/40 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:d8:46:33:02:a7:b6:26:eb:26:b4:84:ec:70:60:08:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54914541fd1b95e7c0afc875fbef78794f55386b
        Validity
            Not Before: Dec  3 13:56:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4e8267f6933a5b072e25ad662a0be6360ebe3c61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:28:33:21:8f:58:94:5f:36:fa:36:e2:9a:0e:
                    5b:0d:eb:9c:55:a5:0c:ef:49:ab:57:40:68:93:cd:
                    42:3f:d7:72:e3:59:87:b7:b4:ac:1c:e9:a8:1c:7c:
                    e1:04:21:4f:3a:23:11:25:ad:d1:ae:8b:0b:4b:22:
                    88:e0:08:9a:5b:fb:d6:1f:18:fc:98:0b:0b:58:95:
                    b1:77:c5:b3:69:39:b5:58:52:46:19:ff:76:83:73:
                    1b:96:b8:02:8e:12:dc:46:5a:d5:a6:25:eb:a6:56:
                    79:0b:0c:6b:74:13:30:1f:1a:44:a2:1c:62:21:80:
                    0e:90:ed:6e:ac:c2:dc:72:03:5a:f7:c2:d9:68:70:
                    06:62:77:7d:fd:dc:43:99:2c:bf:a5:e1:6c:da:61:
                    c4:ad:3f:d1:17:be:65:04:ed:e8:5b:d0:b9:70:cf:
                    5a:a9:cc:b4:83:c5:ca:c1:fe:e8:ec:d0:4d:58:fe:
                    91:3e:14:30:5b:e6:5a:70:49:2d:ac:c0:eb:95:0c:
                    52:47:2f:86:00:40:3b:67:48:ab:7a:62:d6:d5:3d:
                    a4:b0:f4:32:a5:da:ad:77:14:cf:94:3f:ab:68:be:
                    c2:28:b5:8f:96:ac:d5:0a:db:6c:56:b8:27:27:f0:
                    a8:d3:f4:bf:4c:48:c8:9c:b9:c2:62:5b:d7:62:03:
                    ea:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:82:67:F6:93:3A:5B:07:2E:25:AD:66:2A:0B:E6:36:0E:BE:3C:61
            X509v3 Authority Key Identifier:
                keyid:54:91:45:41:FD:1B:95:E7:C0:AF:C8:75:FB:EF:78:79:4F:55:38:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VJFFQf0blefAr8h1--94eU9VOGs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/464631-ca8e-4c6a-b091-d9f6d9642537/1/ToJn9pM6WwcuJa1mKgvmNg6-PGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/464631-ca8e-4c6a-b091-d9f6d9642537/1/VJFFQf0blefAr8h1--94eU9VOGs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc7:6400::/40
                  2a06:a005:b60::/44
                  2a06:a005:d22::/48
                  2a06:a005:150a::/48
                  2a06:a005:2100::/44
                  2a06:a005:2480::/44
                  2a06:a005:24a0::-2a06:a005:24df:ffff:ffff:ffff:ffff:ffff
                  2a07:54c2:b00b::/48
                  2a0a:6040:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         79:11:79:42:a3:40:02:bc:dd:47:7d:a9:71:87:07:64:c0:99:
         a0:1b:7e:b5:54:f9:46:5c:64:17:05:5e:93:8c:07:bb:1c:09:
         6f:e0:3f:9a:b7:43:fa:f2:cc:70:73:34:c4:4d:c2:ba:ce:8f:
         96:f9:55:e3:b0:06:e9:47:e1:e6:5b:08:ea:7b:d9:b8:81:67:
         4b:85:49:b9:84:79:af:88:25:59:a2:73:9d:bd:09:7e:ce:97:
         19:ce:4e:cf:f5:1d:b5:2f:c1:d2:ad:d5:b5:4f:a4:6d:4c:ab:
         32:3a:29:7c:d8:b7:37:af:ae:14:6b:ea:21:43:ee:69:8e:10:
         75:aa:13:20:dc:75:28:5f:3e:29:22:ee:ec:13:7f:84:79:dc:
         c6:f5:9b:5a:b5:65:71:9f:f1:81:be:1d:15:02:f6:2b:d5:01:
         1a:a8:d4:7a:9e:a6:bc:3b:c3:8d:79:67:21:c2:b4:01:c3:fd:
         7c:59:7c:cb:82:ee:18:de:ae:b9:e2:19:ce:06:7a:28:d7:95:
         34:27:33:b3:fa:a6:3e:9e:61:96:11:2b:5e:ca:2a:b0:e2:c5:
         52:fa:50:bb:96:a4:14:c8:15:e8:7c:18:2e:e9:69:c6:b1:27:
         59:80:0b:fe:03:41:c9:a3:41:fa:8a:ed:6a:09:0f:1c:58:af:
         f0:4c:fb:f2
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYTYRjMCp7Ym6ya0hOxwYAhxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0OTE0NTQxZmQxYjk1ZTdjMGFmYzg3NWZiZWY3ODc5NGY1
NTM4NmIwHhcNMjIxMjAzMTM1NjMwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTgyNjdmNjkzM2E1YjA3MmUyNWFkNjYyYTBiZTYzNjBlYmUzYzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApigzIY9YlF82+jbimg5bDeucVaUM
70mrV0Bok81CP9dy41mHt7SsHOmoHHzhBCFPOiMRJa3RrosLSyKI4AiaW/vWHxj8
mAsLWJWxd8WzaTm1WFJGGf92g3MblrgCjhLcRlrVpiXrplZ5CwxrdBMwHxpEohxi
IYAOkO1urMLccgNa98LZaHAGYnd9/dxDmSy/peFs2mHErT/RF75lBO3oW9C5cM9a
qcy0g8XKwf7o7NBNWP6RPhQwW+ZacEktrMDrlQxSRy+GAEA7Z0iremLW1T2ksPQy
pdqtdxTPlD+raL7CKLWPlqzVCttsVrgnJ/Co0/S/TEjInLnCYlvXYgPqlwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFE6CZ/aTOlsHLiWtZioL5jYOvjxhMB8GA1UdIwQY
MBaAFFSRRUH9G5XnwK/IdfvveHlPVThrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkpGRlFmMGJsZWZBcjhoMS0tOTRlVTlWT0dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS80NjQ2MzEtY2E4ZS00YzZhLWIwOTEt
ZDlmNmQ5NjQyNTM3LzEvVG9KbjlwTTZXd2N1SmExbUtndm1OZzYtUEdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS80NjQ2MzEtY2E4ZS00YzZhLWIwOTEtZDlmNmQ5NjQyNTM3
LzEvVkpGRlFmMGJsZWZBcjhoMS0tOTRlVTlWT0dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAAjBaAwYAKgXfx2QD
BwQqBqAFC2ADBwAqBqAFDSIDBwAqBqAFFQoDBwQqBqAFIQADBwQqBqAFJIAwEgMH
BSoGoAUkoAMHBSoGoAUkwAMHACoHVMKwCwMGACoKYEADMA0GCSqGSIb3DQEBCwUA
A4IBAQB5EXlCo0ACvN1HfalxhwdkwJmgG361VPlGXGQXBV6TjAe7HAlv4D+at0P6
8sxwczTETcK6zo+W+VXjsAbpR+HmWwjqe9m4gWdLhUm5hHmviCVZonOdvQl+zpcZ
zk7P9R21L8HSrdW1T6RtTKsyOil82Lc3r64Ua+ohQ+5pjhB1qhMg3HUoXz4pIu7s
E3+EedzG9ZtatWVxn/GBvh0VAvYr1QEaqNR6nqa8O8ONeWchwrQBw/18WXzLgu4Y
3q654hnOBnoo15U0JzOz+qY+nmGWESteyiqw4sVS+lC7lqQUyBXofBgu6WnGsSdZ
gAv+A0HJo0H6iu1qCQ8cWK/wTPvy
-----END CERTIFICATE-----