Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/464631-ca8e-4c6a-b091-d9f6d9642537/1/xLD5a2GJP3yNlajFX6mrk7QGK-g.roa
File:                     xLD5a2GJP3yNlajFX6mrk7QGK-g.roa (raw, json)
Hash identifier:          1cVALzY9Qait2xlEvZgfYR915Vz6bEQlcz9xBo+mlvE=
Subject key identifier:   C4:B0:F9:6B:61:89:3F:7C:8D:95:A8:C5:5F:A9:AB:93:B4:06:2B:E8
Certificate issuer:       /CN=54914541fd1b95e7c0afc875fbef78794f55386b
Certificate serial:       0184DACC8FD77149F393B44A2A07D95970DE
Authority key identifier: 54:91:45:41:FD:1B:95:E7:C0:AF:C8:75:FB:EF:78:79:4F:55:38:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VJFFQf0blefAr8h1--94eU9VOGs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/464631-ca8e-4c6a-b091-d9f6d9642537/1/xLD5a2GJP3yNlajFX6mrk7QGK-g.roa
Signing time:             Sun 04 Dec 2022 01:42:30 +0000
ROA not before:           Sun 04 Dec 2022 01:42:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203888
IP address blocks:        2a06:a005:150a::/48 maxlen: 48
                          2a06:a005:d22::/48 maxlen: 48
                          2a0a:6040:300::/40 maxlen: 48
                          2a06:a005:24c0::/44 maxlen: 48
                          2a06:a005:2480::/44 maxlen: 48
                          2a06:a005:24d0::/44 maxlen: 48
                          2a06:a005:b60::/44 maxlen: 48
                          2a06:a005:24a0::/44 maxlen: 48
                          2a06:a005:24b0::/44 maxlen: 48
                          2a07:54c2:b00b::/48 maxlen: 48
                          2a05:dfc7:6400::/40 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:da:cc:8f:d7:71:49:f3:93:b4:4a:2a:07:d9:59:70:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54914541fd1b95e7c0afc875fbef78794f55386b
        Validity
            Not Before: Dec  4 01:42:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c4b0f96b61893f7c8d95a8c55fa9ab93b4062be8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:43:a7:30:45:8d:d9:be:c6:48:50:98:33:dc:
                    6d:8c:17:6a:0b:06:7f:42:a2:e4:11:41:52:89:77:
                    d9:b3:8c:f8:8f:e0:aa:de:a5:53:ae:30:a3:66:e6:
                    ea:43:ec:cb:a4:46:ce:d6:21:b0:aa:09:eb:58:56:
                    f5:8e:90:a3:11:44:2b:5e:36:01:52:1c:a7:4e:33:
                    1b:4c:3e:ab:e5:11:20:15:41:3e:54:20:ea:64:27:
                    d5:c3:d0:f7:59:a1:e3:2a:8c:69:82:1d:3d:64:a0:
                    ad:66:76:76:27:c9:03:d7:72:6d:b2:8e:1a:b2:a2:
                    e3:99:ed:b6:76:44:0d:e1:94:ec:84:a6:bc:b3:64:
                    d1:e8:e7:ca:1b:67:f6:a2:14:de:47:73:24:62:58:
                    a1:3b:15:31:02:ad:20:2c:90:35:09:da:50:26:0d:
                    17:10:69:e8:64:e9:cb:90:2b:ed:87:2d:65:f3:d0:
                    64:00:21:58:8d:73:ea:e8:f2:b0:04:86:7c:7f:61:
                    c3:a0:4c:56:64:20:4c:6d:9b:de:df:13:66:18:dd:
                    d3:ea:a3:a4:a1:db:e9:1f:23:5e:46:4a:45:f8:77:
                    5c:c9:7e:f3:63:1d:7d:69:6e:7a:c2:a1:9a:74:8e:
                    9e:3b:27:c3:74:e1:6b:3c:a1:d8:52:b1:2d:08:b5:
                    97:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:B0:F9:6B:61:89:3F:7C:8D:95:A8:C5:5F:A9:AB:93:B4:06:2B:E8
            X509v3 Authority Key Identifier:
                keyid:54:91:45:41:FD:1B:95:E7:C0:AF:C8:75:FB:EF:78:79:4F:55:38:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VJFFQf0blefAr8h1--94eU9VOGs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/464631-ca8e-4c6a-b091-d9f6d9642537/1/xLD5a2GJP3yNlajFX6mrk7QGK-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/464631-ca8e-4c6a-b091-d9f6d9642537/1/VJFFQf0blefAr8h1--94eU9VOGs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc7:6400::/40
                  2a06:a005:b60::/44
                  2a06:a005:d22::/48
                  2a06:a005:150a::/48
                  2a06:a005:2480::/44
                  2a06:a005:24a0::-2a06:a005:24df:ffff:ffff:ffff:ffff:ffff
                  2a07:54c2:b00b::/48
                  2a0a:6040:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         4e:b0:83:8b:5b:fa:89:be:4f:42:d1:e8:84:bc:c2:14:e5:d2:
         52:55:96:d3:36:b0:00:54:1e:1e:5d:e7:3a:23:59:74:2f:5f:
         39:f2:dc:19:5e:c5:45:56:ac:87:a1:dc:cf:37:a3:dd:b5:72:
         c4:f7:01:b8:ca:6f:a6:df:bf:59:0f:c5:e7:87:a2:cc:eb:13:
         dc:85:65:75:f4:1c:c2:b8:bd:9c:c6:67:5f:81:f9:3c:34:e3:
         e5:26:e3:0e:29:ee:18:74:0d:1f:a5:36:76:61:67:77:32:84:
         f4:46:3b:cf:70:44:ff:62:71:d9:4b:16:fb:ea:75:b4:8a:cd:
         59:16:78:67:9b:d9:77:ad:4a:b7:f0:0b:81:fc:01:69:b3:2c:
         ca:9e:cc:aa:6c:b2:31:c3:58:eb:dd:3f:f4:be:f1:d7:9b:2f:
         c3:d9:63:97:29:6a:32:d5:99:c0:47:a2:d9:c6:c8:ab:88:bb:
         79:d6:74:ef:74:ec:fd:2b:c7:e9:51:c6:b2:4a:60:b5:91:6d:
         4b:35:ea:62:87:e0:8c:77:72:ee:08:ed:58:81:0b:ed:0a:33:
         4d:d9:92:d4:a2:6c:de:a4:0e:1d:b3:03:2b:36:26:01:63:16:
         d5:61:49:40:90:1f:57:73:d3:c1:78:47:88:97:7b:a9:db:1c:
         9c:c3:dd:e0
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYTazI/XcUnzk7RKKgfZWXDeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0OTE0NTQxZmQxYjk1ZTdjMGFmYzg3NWZiZWY3ODc5NGY1
NTM4NmIwHhcNMjIxMjA0MDE0MjMwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGIwZjk2YjYxODkzZjdjOGQ5NWE4YzU1ZmE5YWI5M2I0MDYyYmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEOnMEWN2b7GSFCYM9xtjBdqCwZ/
QqLkEUFSiXfZs4z4j+Cq3qVTrjCjZubqQ+zLpEbO1iGwqgnrWFb1jpCjEUQrXjYB
UhynTjMbTD6r5REgFUE+VCDqZCfVw9D3WaHjKoxpgh09ZKCtZnZ2J8kD13Jtso4a
sqLjme22dkQN4ZTshKa8s2TR6OfKG2f2ohTeR3MkYlihOxUxAq0gLJA1CdpQJg0X
EGnoZOnLkCvthy1l89BkACFYjXPq6PKwBIZ8f2HDoExWZCBMbZve3xNmGN3T6qOk
odvpHyNeRkpF+HdcyX7zYx19aW56wqGadI6eOyfDdOFrPKHYUrEtCLWXZwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFMSw+WthiT98jZWoxV+pq5O0BivoMB8GA1UdIwQY
MBaAFFSRRUH9G5XnwK/IdfvveHlPVThrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkpGRlFmMGJsZWZBcjhoMS0tOTRlVTlWT0dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS80NjQ2MzEtY2E4ZS00YzZhLWIwOTEt
ZDlmNmQ5NjQyNTM3LzEveExENWEyR0pQM3lObGFqRlg2bXJrN1FHSy1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS80NjQ2MzEtY2E4ZS00YzZhLWIwOTEtZDlmNmQ5NjQyNTM3
LzEvVkpGRlFmMGJsZWZBcjhoMS0tOTRlVTlWT0dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBXBAIAAjBRAwYAKgXfx2QD
BwQqBqAFC2ADBwAqBqAFDSIDBwAqBqAFFQoDBwQqBqAFJIAwEgMHBSoGoAUkoAMH
BSoGoAUkwAMHACoHVMKwCwMGACoKYEADMA0GCSqGSIb3DQEBCwUAA4IBAQBOsIOL
W/qJvk9C0eiEvMIU5dJSVZbTNrAAVB4eXec6I1l0L1858twZXsVFVqyHodzPN6Pd
tXLE9wG4ym+m379ZD8Xnh6LM6xPchWV19BzCuL2cxmdfgfk8NOPlJuMOKe4YdA0f
pTZ2YWd3MoT0RjvPcET/YnHZSxb76nW0is1ZFnhnm9l3rUq38AuB/AFpsyzKnsyq
bLIxw1jr3T/0vvHXmy/D2WOXKWoy1ZnAR6LZxsiriLt51nTvdOz9K8fpUcaySmC1
kW1LNepih+CMd3LuCO1YgQvtCjNN2ZLUomzepA4dswMrNiYBYxbVYUlAkB9Xc9PB
eEeIl3up2xycw93g
-----END CERTIFICATE-----