Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/fc7c82-3159-4d54-a0a1-35171aedd313/1/sPNzHPbsyfnNPPFTeLiiTgkmg3w.roa
File:                     sPNzHPbsyfnNPPFTeLiiTgkmg3w.roa (raw, json)
Hash identifier:          +IcaAixH7WN8oVuITqOOBM2kWXWWhYO1P8uScYWxjVk=
Subject key identifier:   B0:F3:73:1C:F6:EC:C9:F9:CD:3C:F1:53:78:B8:A2:4E:09:26:83:7C
Certificate issuer:       /CN=b64074aa8449830da9b20b3afb0682d3c032f9fe
Certificate serial:       01856C53F8808B0E500F7A5530FC3185A846
Authority key identifier: B6:40:74:AA:84:49:83:0D:A9:B2:0B:3A:FB:06:82:D3:C0:32:F9:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tkB0qoRJgw2psgs6-waC08Ay-f4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/fc7c82-3159-4d54-a0a1-35171aedd313/1/sPNzHPbsyfnNPPFTeLiiTgkmg3w.roa
Signing time:             Sun 01 Jan 2023 07:55:20 +0000
ROA not before:           Sun 01 Jan 2023 07:55:20 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43893
IP address blocks:        185.9.164.0/24 maxlen: 24
                          185.9.166.0/23 maxlen: 23
                          185.84.240.0/24 maxlen: 24
                          185.84.242.0/24 maxlen: 24
                          185.84.248.0/24 maxlen: 24
                          185.84.249.0/24 maxlen: 24
                          2001:67c:1001::/48 maxlen: 48
                          2a03:4bc0:2900::/48 maxlen: 48
                          2a03:4bc0:1000::/48 maxlen: 48
                          2a03:4bc0:2200::/48 maxlen: 48
                          2a03:4bc0:2100::/48 maxlen: 48
                          2a03:4bc0:2000::/48 maxlen: 48
                          2a03:4bc0:3160::/48 maxlen: 48
                          2a03:4bc0:1001::/48 maxlen: 48
                          2001:67c:1000::/48 maxlen: 48
                          2001:67c:1000::/47 maxlen: 47
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:53:f8:80:8b:0e:50:0f:7a:55:30:fc:31:85:a8:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b64074aa8449830da9b20b3afb0682d3c032f9fe
        Validity
            Not Before: Jan  1 07:55:20 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b0f3731cf6ecc9f9cd3cf15378b8a24e0926837c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:6c:86:7c:fc:04:0b:6d:67:09:c6:ed:db:31:
                    c2:65:74:cc:af:a0:c4:50:2d:92:61:6c:89:00:b9:
                    cd:9b:a6:3d:c6:ea:cb:82:22:bb:16:58:f0:cf:5a:
                    66:55:90:44:eb:9a:57:6e:29:67:ba:3e:0d:59:8f:
                    33:07:af:f3:aa:db:b6:bf:9a:0c:9c:ee:e9:ba:78:
                    35:9d:be:b9:3c:66:b8:9c:94:83:0c:c6:99:00:cd:
                    29:fd:08:54:90:50:33:31:6e:1f:d7:36:c3:d4:d7:
                    44:11:6c:51:7e:62:05:9a:3d:87:59:a8:72:58:52:
                    8c:e7:b1:05:d7:05:2f:d7:06:d2:0d:15:76:30:30:
                    8e:07:a8:97:27:a5:5b:5d:54:e5:10:cc:fe:20:b0:
                    be:a1:a3:6b:75:2f:61:7d:cb:c9:d2:15:f2:10:0e:
                    9d:38:6e:07:85:35:3d:4a:88:1c:1e:bb:de:8d:10:
                    32:d2:da:bf:03:ff:02:f6:58:bc:5a:7d:c0:71:16:
                    84:f5:fa:bd:be:c8:e0:a3:7f:96:53:83:8c:0b:10:
                    49:20:8b:60:28:a3:56:9d:ef:b0:a2:26:2f:82:87:
                    34:e5:0a:7c:84:9b:3b:0f:eb:17:26:e8:52:d8:63:
                    0f:09:85:b8:85:74:b0:af:62:d0:b2:bb:6d:60:cc:
                    a9:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:F3:73:1C:F6:EC:C9:F9:CD:3C:F1:53:78:B8:A2:4E:09:26:83:7C
            X509v3 Authority Key Identifier:
                keyid:B6:40:74:AA:84:49:83:0D:A9:B2:0B:3A:FB:06:82:D3:C0:32:F9:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tkB0qoRJgw2psgs6-waC08Ay-f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/fc7c82-3159-4d54-a0a1-35171aedd313/1/sPNzHPbsyfnNPPFTeLiiTgkmg3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/fc7c82-3159-4d54-a0a1-35171aedd313/1/tkB0qoRJgw2psgs6-waC08Ay-f4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.9.164.0/24
                  185.9.166.0/23
                  185.84.240.0/24
                  185.84.242.0/24
                  185.84.248.0/23
                IPv6:
                  2001:67c:1000::/47
                  2a03:4bc0:1000::/47
                  2a03:4bc0:2000::/48
                  2a03:4bc0:2100::/48
                  2a03:4bc0:2200::/48
                  2a03:4bc0:2900::/48
                  2a03:4bc0:3160::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:2d:8c:c8:e3:25:24:d2:a7:7f:38:04:98:1b:80:7d:e2:fe:
         d7:aa:4f:6e:3d:20:c6:73:17:e4:81:08:17:28:7b:0d:23:f7:
         45:f4:d3:6b:c4:a6:4d:f6:2e:71:9b:59:c6:ab:58:e6:a3:7c:
         b2:6c:78:2e:22:57:ee:7e:ee:83:b0:11:dc:28:00:c0:14:05:
         87:c8:98:3f:7e:2b:36:a6:a0:4e:fa:3f:7b:b7:fd:ad:ea:bd:
         a0:72:42:48:f2:06:4c:f9:51:51:22:fb:f6:6c:b5:f5:b5:87:
         5a:eb:71:75:10:6e:c0:20:24:0b:5d:90:fe:de:92:c8:4f:af:
         96:54:ab:be:8d:15:b8:bc:80:54:9b:55:fe:30:82:7c:99:24:
         fe:73:6a:8f:57:17:a7:d4:3c:d3:35:9d:28:dc:f6:b2:d6:ca:
         0c:8b:7b:3b:c9:2d:cc:bf:b7:f9:cb:a3:f8:f0:46:02:c9:6a:
         ac:01:ad:b1:a6:b9:db:95:20:aa:9f:85:4b:0f:59:11:b5:1d:
         7b:85:fe:45:0c:e1:ef:b1:bb:2e:21:d5:59:66:8a:73:08:f2:
         99:5c:6c:b8:b7:87:95:4b:00:0c:a5:1a:b2:b6:1b:49:ca:7c:
         45:23:b6:66:59:22:89:0b:46:50:3b:03:be:79:bd:f2:12:37:
         1f:8e:a2:6e
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAYVsU/iAiw5QD3pVMPwxhahGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2NDA3NGFhODQ0OTgzMGRhOWIyMGIzYWZiMDY4MmQzYzAz
MmY5ZmUwHhcNMjMwMTAxMDc1NTIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGYzNzMxY2Y2ZWNjOWY5Y2QzY2YxNTM3OGI4YTI0ZTA5MjY4MzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmyGfPwEC21nCcbt2zHCZXTMr6DE
UC2SYWyJALnNm6Y9xurLgiK7Fljwz1pmVZBE65pXbilnuj4NWY8zB6/zqtu2v5oM
nO7pung1nb65PGa4nJSDDMaZAM0p/QhUkFAzMW4f1zbD1NdEEWxRfmIFmj2HWahy
WFKM57EF1wUv1wbSDRV2MDCOB6iXJ6VbXVTlEMz+ILC+oaNrdS9hfcvJ0hXyEA6d
OG4HhTU9SogcHrvejRAy0tq/A/8C9li8Wn3AcRaE9fq9vsjgo3+WU4OMCxBJIItg
KKNWne+woiYvgoc05Qp8hJs7D+sXJuhS2GMPCYW4hXSwr2LQsrttYMyp7QIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFLDzcxz27Mn5zTzxU3i4ok4JJoN8MB8GA1UdIwQY
MBaAFLZAdKqESYMNqbILOvsGgtPAMvn+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGtCMHFvUkpndzJwc2dzNi13YUMwOEF5LWY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9mYzdjODItMzE1OS00ZDU0LWEwYTEt
MzUxNzFhZWRkMzEzLzEvc1BOekhQYnN5Zm5OUFBGVGVMaWlUZ2ttZzN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9mYzdjODItMzE1OS00ZDU0LWEwYTEtMzUxNzFhZWRkMzEz
LzEvdGtCMHFvUkpndzJwc2dzNi13YUMwOEF5LWY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTAkBAIAATAeAwQAuQmkAwQB
uQmmAwQAuVTwAwQAuVTyAwQBuVT4MEUEAgACMD8DBwEgAQZ8EAADBwEqA0vAEAAD
BwAqA0vAIAADBwAqA0vAIQADBwAqA0vAIgADBwAqA0vAKQADBwAqA0vAMWAwDQYJ
KoZIhvcNAQELBQADggEBAF8tjMjjJSTSp384BJgbgH3i/teqT249IMZzF+SBCBco
ew0j90X002vEpk32LnGbWcarWOajfLJseC4iV+5+7oOwEdwoAMAUBYfImD9+Kzam
oE76P3u3/a3qvaByQkjyBkz5UVEi+/ZstfW1h1rrcXUQbsAgJAtdkP7ekshPr5ZU
q76NFbi8gFSbVf4wgnyZJP5zao9XF6fUPNM1nSjc9rLWygyLezvJLcy/t/nLo/jw
RgLJaqwBrbGmuduVIKqfhUsPWRG1HXuF/kUM4e+xuy4h1VlminMI8plcbLi3h5VL
AAylGrK2G0nKfEUjtmZZIokLRlA7A755vfISNx+Oom4=
-----END CERTIFICATE-----