Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/4EV7hkyxzy-mLvc0UIWT_uKRpCQ.roa
File:                     4EV7hkyxzy-mLvc0UIWT_uKRpCQ.roa (raw, json)
Hash identifier:          V+nATjvZnu9cliXBaqoePSdRHuqd+LVO/3PU1jqfeQ4=
Subject key identifier:   E0:45:7B:86:4C:B1:CF:2F:A6:2E:F7:34:50:85:93:FE:E2:91:A4:24
Certificate issuer:       /CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
Certificate serial:       018999481C10B5447A8541CAC79DF4676F5A
Authority key identifier: 1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/4EV7hkyxzy-mLvc0UIWT_uKRpCQ.roa
Signing time:             Thu 27 Jul 2023 21:36:27 +0000
ROA not before:           Thu 27 Jul 2023 21:36:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     33932
IP address blocks:        217.150.212.0/24 maxlen: 24
                          217.150.213.0/24 maxlen: 24
                          217.150.211.0/24 maxlen: 24
                          217.150.209.0/24 maxlen: 24
                          217.150.208.0/20 maxlen: 24
                          217.150.210.0/24 maxlen: 24
                          217.150.208.0/24 maxlen: 24
                          217.150.214.0/24 maxlen: 24
                          217.150.223.0/24 maxlen: 24
                          185.228.172.0/24 maxlen: 24
                          185.228.175.0/24 maxlen: 24
                          185.228.173.0/24 maxlen: 24
                          185.228.174.0/24 maxlen: 24
                          2a0d:2e00:1000::/36 maxlen: 36
                          2a0d:2e00:2000::/36 maxlen: 36
                          2a0d:2e00:3000::/36 maxlen: 36
                          2a0d:2e00:4000::/36 maxlen: 36
                          2a0d:2e00:1000::/48 maxlen: 48
                          2a0d:2e00:2000::/48 maxlen: 48
                          2a0d:2e00:3000::/48 maxlen: 48
                          2a0d:2e00:4000::/48 maxlen: 48
                          2a0d:2e00::/29 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:99:48:1c:10:b5:44:7a:85:41:ca:c7:9d:f4:67:6f:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
        Validity
            Not Before: Jul 27 21:36:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e0457b864cb1cf2fa62ef734508593fee291a424
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b1:c7:fe:98:14:48:d5:31:33:6c:60:72:30:
                    34:bc:bf:9f:f4:bb:e6:8c:ab:5f:43:7f:42:9b:88:
                    1f:33:49:95:53:6c:4b:26:b3:74:23:94:1c:c4:e8:
                    d1:5d:84:c4:10:b4:86:74:e7:b5:90:69:89:3c:5e:
                    eb:5e:ad:fa:63:a1:1f:e6:34:66:65:d4:ad:55:8d:
                    b9:97:e1:06:52:d6:86:e1:7d:f9:17:f1:1c:71:19:
                    59:ef:2e:d3:a5:e3:60:80:64:4c:11:29:6c:d9:6e:
                    af:d1:4b:ac:5d:f1:d7:65:10:2e:37:74:c3:cd:b0:
                    63:1f:ca:01:2a:1a:91:39:7b:7a:35:76:dd:2e:f4:
                    61:78:6d:c0:2c:7e:f8:59:ea:22:2d:e6:1a:e6:76:
                    e2:77:6a:c3:f6:f1:03:3c:36:6d:08:6b:41:eb:57:
                    37:c1:97:4b:8c:e9:96:05:45:b4:d2:07:96:90:4b:
                    53:44:cc:40:81:d4:3f:6f:a8:8f:7a:f3:80:d4:de:
                    be:87:2d:83:d6:8f:3d:2d:3d:0e:ff:26:d1:cc:a2:
                    b5:ba:1b:a9:7e:11:9b:7f:c5:84:1f:88:a3:03:86:
                    81:06:c7:50:54:12:44:c7:06:bb:80:76:db:c0:ed:
                    f1:40:80:4a:65:67:71:6f:01:48:5e:08:30:c8:89:
                    2d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:45:7B:86:4C:B1:CF:2F:A6:2E:F7:34:50:85:93:FE:E2:91:A4:24
            X509v3 Authority Key Identifier:
                keyid:1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/4EV7hkyxzy-mLvc0UIWT_uKRpCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.172.0/22
                  217.150.208.0/20
                IPv6:
                  2a0d:2e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         9d:4b:1f:31:63:27:41:18:06:10:36:db:75:c9:5e:9f:da:a3:
         39:49:d3:2d:53:f6:74:1b:19:1c:3f:89:fc:19:8d:2a:09:37:
         e0:6a:a3:14:72:60:f8:a3:0a:44:4d:9b:0c:a4:ae:86:23:93:
         41:af:64:74:28:af:f5:52:73:f6:8f:f6:e7:72:55:27:35:f7:
         db:1f:ec:8a:af:4e:4f:83:4b:0e:84:0e:63:ca:7e:5d:dc:e9:
         0c:16:f2:90:99:31:68:ce:8c:99:0f:4f:0c:7e:3e:02:7a:c5:
         a6:32:04:ef:df:a7:98:34:00:18:25:d2:ca:2b:49:b1:06:9b:
         c0:88:49:39:a6:8f:91:5b:ba:19:54:48:b4:f5:23:27:32:36:
         4f:c3:7f:ff:63:da:a8:8e:da:e6:d5:84:c1:58:c8:7e:fa:d3:
         46:16:d3:76:89:06:99:5d:e5:d5:62:8a:ff:a2:eb:b9:f9:b4:
         8d:80:9f:42:c3:e0:cb:80:34:7e:6f:c4:2c:79:f9:c7:e1:08:
         85:80:bf:e2:c1:3c:18:48:4b:18:45:ac:72:62:db:20:7b:2b:
         03:0b:fb:99:dd:8e:20:a3:df:9e:0e:3d:58:72:65:0c:b1:89:
         6e:75:1e:57:fd:55:82:15:96:35:a2:73:54:95:60:6c:cc:20:
         c7:93:b9:24
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYmZSBwQtUR6hUHKx530Z29aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkODYyNjc0OWNiZjg0YmNmNDJlYmIyOTg1Yjg2ZGVlODMw
ZTVjMTQwHhcNMjMwNzI3MjEzNjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDQ1N2I4NjRjYjFjZjJmYTYyZWY3MzQ1MDg1OTNmZWUyOTFhNDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubHH/pgUSNUxM2xgcjA0vL+f9Lvm
jKtfQ39Cm4gfM0mVU2xLJrN0I5QcxOjRXYTEELSGdOe1kGmJPF7rXq36Y6Ef5jRm
ZdStVY25l+EGUtaG4X35F/EccRlZ7y7TpeNggGRMESls2W6v0UusXfHXZRAuN3TD
zbBjH8oBKhqROXt6NXbdLvRheG3ALH74WeoiLeYa5nbid2rD9vEDPDZtCGtB61c3
wZdLjOmWBUW00geWkEtTRMxAgdQ/b6iPevOA1N6+hy2D1o89LT0O/ybRzKK1uhup
fhGbf8WEH4ijA4aBBsdQVBJExwa7gHbbwO3xQIBKZWdxbwFIXggwyIktAwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOBFe4ZMsc8vpi73NFCFk/7ikaQkMB8GA1UdIwQY
MBaAFB2GJnScv4S89C67KYW4be6DDlwUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYt
MGJmYmFkNDg0OWNkLzEvNEVWN2hreXh6eS1tTHZjMFVJV1RfdUtScENRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYtMGJmYmFkNDg0OWNk
LzEvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCueSsAwQE
2ZbQMA0EAgACMAcDBQMqDS4AMA0GCSqGSIb3DQEBCwUAA4IBAQCdSx8xYydBGAYQ
Ntt1yV6f2qM5SdMtU/Z0GxkcP4n8GY0qCTfgaqMUcmD4owpETZsMpK6GI5NBr2R0
KK/1UnP2j/bnclUnNffbH+yKr05Pg0sOhA5jyn5d3OkMFvKQmTFozoyZD08Mfj4C
esWmMgTv36eYNAAYJdLKK0mxBpvAiEk5po+RW7oZVEi09SMnMjZPw3//Y9qojtrm
1YTBWMh++tNGFtN2iQaZXeXVYor/ouu5+bSNgJ9Cw+DLgDR+b8QsefnH4QiFgL/i
wTwYSEsYRaxyYtsgeysDC/uZ3Y4go9+eDj1YcmUMsYludR5X/VWCFZY1onNUlWBs
zCDHk7kk
-----END CERTIFICATE-----