Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/eI2ORYV6eJSeXwVkPsc4mRy4IoM.roa
File:                     eI2ORYV6eJSeXwVkPsc4mRy4IoM.roa (raw, json)
Hash identifier:          tFqLgiQV7+yvIiU2exwAhA8M5XzDMRbn1UZcnlqjmdA=
Subject key identifier:   78:8D:8E:45:85:7A:78:94:9E:5F:05:64:3E:C7:38:99:1C:B8:22:83
Certificate issuer:       /CN=2e4bd4edca29d4e72be86ced0b7ad652c7d261c9
Certificate serial:       01856B530B99F8E101B94E85506121B5CAC1
Authority key identifier: 2E:4B:D4:ED:CA:29:D4:E7:2B:E8:6C:ED:0B:7A:D6:52:C7:D2:61:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LkvU7cop1Ocr6GztC3rWUsfSYck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/eI2ORYV6eJSeXwVkPsc4mRy4IoM.roa
Signing time:             Sun 01 Jan 2023 03:14:42 +0000
ROA not before:           Sun 01 Jan 2023 03:14:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     30148
IP address blocks:        185.93.228.0/22 maxlen: 24
                          193.19.224.0/22 maxlen: 24
                          2a02:fe80:16::/48 maxlen: 48
                          2a02:fe80:21::/48 maxlen: 48
                          2a02:fe80:11::/48 maxlen: 48
                          2a02:fe80:15::/48 maxlen: 48
                          2a02:fe80:2010::/48 maxlen: 48
                          2a02:fe80:1010::/48 maxlen: 48
                          2a02:fe80:20::/48 maxlen: 48
                          2a02:fe80:13::/48 maxlen: 48
                          2a02:fe80:19::/48 maxlen: 48
                          2a02:fe80:14::/48 maxlen: 48
                          2a02:fe80:17::/48 maxlen: 48
                          2a02:fe80:12::/48 maxlen: 48
                          2a02:fe80:22::/48 maxlen: 48
                          2a02:fe80:18::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:53:0b:99:f8:e1:01:b9:4e:85:50:61:21:b5:ca:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e4bd4edca29d4e72be86ced0b7ad652c7d261c9
        Validity
            Not Before: Jan  1 03:14:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=788d8e45857a78949e5f05643ec738991cb82283
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ce:ac:22:2e:ee:6e:08:a9:b2:3e:1c:52:5d:
                    df:c4:85:54:7a:53:c8:02:ab:6f:69:92:f4:08:b4:
                    7e:d6:88:c6:68:1f:a6:07:8c:8e:85:13:9c:fb:57:
                    08:9a:50:27:fe:bf:e9:32:9a:62:d0:20:25:13:2f:
                    78:3c:5c:48:23:2e:92:15:c1:7c:84:0c:04:a7:2c:
                    42:14:79:b0:97:13:10:f0:88:31:d9:cc:39:ae:a4:
                    63:ad:78:92:d6:d6:07:f4:06:46:4c:5b:2d:6c:ba:
                    6f:43:dc:38:bf:86:13:63:c4:98:46:95:dc:93:c5:
                    4f:10:ba:20:a7:18:00:7d:6b:19:cb:9a:71:14:d9:
                    2a:61:92:1e:07:98:8f:1d:f6:c2:e9:2b:d3:83:d7:
                    c8:6b:0f:41:ce:41:d0:d7:ed:40:c0:dd:5a:42:24:
                    10:ea:a0:e5:59:7d:84:cc:6e:e8:6e:35:e3:0c:d6:
                    18:6f:22:34:8c:7f:bb:95:e6:df:d2:61:b2:bf:1b:
                    1a:0b:f0:89:c8:7b:a9:3c:c7:2f:05:03:ae:33:61:
                    03:a7:ac:26:ff:2f:8d:c9:d7:ee:9a:03:de:b1:3e:
                    fb:4a:e4:04:e6:9e:b8:de:68:a7:fd:f7:d3:aa:f5:
                    b3:7d:7f:16:f9:a7:b1:89:4e:fa:41:4e:de:b7:65:
                    c8:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:8D:8E:45:85:7A:78:94:9E:5F:05:64:3E:C7:38:99:1C:B8:22:83
            X509v3 Authority Key Identifier:
                keyid:2E:4B:D4:ED:CA:29:D4:E7:2B:E8:6C:ED:0B:7A:D6:52:C7:D2:61:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LkvU7cop1Ocr6GztC3rWUsfSYck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/eI2ORYV6eJSeXwVkPsc4mRy4IoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/LkvU7cop1Ocr6GztC3rWUsfSYck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.228.0/22
                  193.19.224.0/22
                IPv6:
                  2a02:fe80:11::-2a02:fe80:19:ffff:ffff:ffff:ffff:ffff
                  2a02:fe80:20::-2a02:fe80:22:ffff:ffff:ffff:ffff:ffff
                  2a02:fe80:1010::/48
                  2a02:fe80:2010::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:94:a9:54:86:f1:47:09:ea:a9:a2:e6:73:ec:93:ad:af:e8:
         bf:89:52:a8:9a:ea:96:9a:82:3b:2d:a3:50:ed:f1:e1:b9:f3:
         4f:00:8d:3e:f1:8c:ba:59:55:7d:df:65:8e:0c:cc:40:72:6f:
         58:ec:d1:e2:47:78:f2:22:e1:9a:63:54:11:52:6f:d0:58:bf:
         2e:e6:d8:b0:40:ec:1b:94:93:9e:65:9d:d0:91:cb:7f:89:42:
         9f:4e:8d:c5:af:00:37:c8:e0:86:e4:56:ed:95:f7:44:cc:95:
         d1:17:af:cf:42:a9:cd:40:1d:3b:ce:2b:cd:96:56:ad:8f:b8:
         f3:10:08:c0:74:0a:1e:d6:a7:3b:e8:07:b9:20:15:7e:a3:78:
         16:ed:57:cf:0e:7e:4f:03:95:bd:c7:e2:50:6d:eb:8e:75:7d:
         65:f6:4c:14:ba:89:35:a4:e1:16:19:8e:19:f4:7e:12:c4:63:
         8f:34:a7:e5:99:85:0b:29:0a:6e:41:3c:15:e5:5f:ad:a8:f1:
         5b:a4:96:b0:62:bd:67:0b:41:50:2d:1d:f5:ef:5e:4c:db:0f:
         0a:61:8b:53:ab:64:c8:89:4a:f2:c6:92:13:0b:58:d3:24:57:
         1a:df:86:26:b0:0e:c3:95:b8:8a:87:64:53:09:9c:ea:c5:8c:
         46:b4:7f:47
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYVrUwuZ+OEBuU6FUGEhtcrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNGJkNGVkY2EyOWQ0ZTcyYmU4NmNlZDBiN2FkNjUyYzdk
MjYxYzkwHhcNMjMwMTAxMDMxNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODhkOGU0NTg1N2E3ODk0OWU1ZjA1NjQzZWM3Mzg5OTFjYjgyMjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAks6sIi7ubgipsj4cUl3fxIVUelPI
AqtvaZL0CLR+1ojGaB+mB4yOhROc+1cImlAn/r/pMppi0CAlEy94PFxIIy6SFcF8
hAwEpyxCFHmwlxMQ8Igx2cw5rqRjrXiS1tYH9AZGTFstbLpvQ9w4v4YTY8SYRpXc
k8VPELogpxgAfWsZy5pxFNkqYZIeB5iPHfbC6SvTg9fIaw9BzkHQ1+1AwN1aQiQQ
6qDlWX2EzG7objXjDNYYbyI0jH+7lebf0mGyvxsaC/CJyHupPMcvBQOuM2EDp6wm
/y+NydfumgPesT77SuQE5p643min/ffTqvWzfX8W+aexiU76QU7et2XIPwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFHiNjkWFeniUnl8FZD7HOJkcuCKDMB8GA1UdIwQY
MBaAFC5L1O3KKdTnK+hs7Qt61lLH0mHJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGt2VTdjb3AxT2NyNkd6dEMzcldVc2ZTWWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9hNTNiYjYtNjZjMC00ODYxLWIyODgt
MmE2MzcyZTA1NGQyLzEvZUkyT1JZVjZlSlNlWHdWa1BzYzRtUnk0SW9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9hNTNiYjYtNjZjMC00ODYxLWIyODgtMmE2MzcyZTA1NGQy
LzEvTGt2VTdjb3AxT2NyNkd6dEMzcldVc2ZTWWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjASBAIAATAMAwQCuV3kAwQC
wRPgMEAEAgACMDowEgMHACoC/oAAEQMHASoC/oAAGDASAwcFKgL+gAAgAwcAKgL+
gAAiAwcAKgL+gBAQAwcAKgL+gCAQMA0GCSqGSIb3DQEBCwUAA4IBAQBalKlUhvFH
CeqpouZz7JOtr+i/iVKomuqWmoI7LaNQ7fHhufNPAI0+8Yy6WVV932WODMxAcm9Y
7NHiR3jyIuGaY1QRUm/QWL8u5tiwQOwblJOeZZ3Qkct/iUKfTo3FrwA3yOCG5Fbt
lfdEzJXRF6/PQqnNQB07zivNllatj7jzEAjAdAoe1qc76Ae5IBV+o3gW7VfPDn5P
A5W9x+JQbeuOdX1l9kwUuok1pOEWGY4Z9H4SxGOPNKflmYULKQpuQTwV5V+tqPFb
pJawYr1nC0FQLR31715M2w8KYYtTq2TIiUryxpITC1jTJFca34YmsA7DlbiKh2RT
CZzqxYxGtH9H
-----END CERTIFICATE-----