Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/db5989-19f6-468d-9fc3-f8a3780c348e/1/9hPJJFLtvTkLpH3UhQSB8uBc5jQ.roa
File:                     9hPJJFLtvTkLpH3UhQSB8uBc5jQ.roa (raw, json)
Hash identifier:          1h3JEYzbgr6K0XHFj7D/GW5cO2MddoGMR0tD5vW2A6w=
Subject key identifier:   F6:13:C9:24:52:ED:BD:39:0B:A4:7D:D4:85:04:81:F2:E0:5C:E6:34
Certificate issuer:       /CN=b4506bce3f7e1ae3a7e2cb9ad205c4cdfb02ddb5
Certificate serial:       0185715567E149FA9E2E499168F190460576
Authority key identifier: B4:50:6B:CE:3F:7E:1A:E3:A7:E2:CB:9A:D2:05:C4:CD:FB:02:DD:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tFBrzj9-GuOn4sua0gXEzfsC3bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/db5989-19f6-468d-9fc3-f8a3780c348e/1/9hPJJFLtvTkLpH3UhQSB8uBc5jQ.roa
Signing time:             Mon 02 Jan 2023 07:15:00 +0000
ROA not before:           Mon 02 Jan 2023 07:15:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39287
IP address blocks:        45.142.140.0/22 maxlen: 22
                          95.215.16.0/22 maxlen: 22
                          45.158.116.0/22 maxlen: 22
                          185.193.125.0/24 maxlen: 24
                          185.193.124.0/22 maxlen: 22
                          185.193.126.0/23 maxlen: 23
                          80.78.16.0/20 maxlen: 20
                          195.14.20.0/24 maxlen: 24
                          2a0f:5e80::/29 maxlen: 29
                          2a02:6f8::/32 maxlen: 32
                          2001:67c:2358::/48 maxlen: 48
                          2a0a:3840::/29 maxlen: 29
                          2a0e:d9c0::/29 maxlen: 29
                          2001:67c:2354::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:55:67:e1:49:fa:9e:2e:49:91:68:f1:90:46:05:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4506bce3f7e1ae3a7e2cb9ad205c4cdfb02ddb5
        Validity
            Not Before: Jan  2 07:15:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f613c92452edbd390ba47dd4850481f2e05ce634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1b:a0:b1:f9:c8:99:11:e1:16:ff:81:03:63:
                    d2:7c:e4:bb:1b:30:4a:2b:66:67:27:82:44:be:8c:
                    87:c8:05:78:91:25:54:2e:b9:0e:3a:59:cd:49:76:
                    79:f3:49:57:75:07:a1:3b:25:88:b6:14:36:ab:99:
                    bf:c6:87:a7:00:48:b4:0b:0b:81:9e:e5:05:e4:a3:
                    17:d0:4c:6d:d5:b1:c7:7b:1c:41:c5:1d:50:22:1e:
                    1e:1d:e5:79:96:8e:d7:4e:ef:2c:e3:db:38:ab:34:
                    92:56:72:03:d2:9d:69:ac:1a:be:f9:80:9e:f2:7d:
                    42:83:24:24:31:11:6c:5e:62:c5:0b:79:c4:55:ae:
                    fd:5d:d8:ba:11:b4:ba:2e:9a:84:22:96:c9:84:a8:
                    e6:e8:d3:59:8e:8e:af:55:81:a5:64:91:16:8d:de:
                    65:44:11:d2:c6:45:a7:8b:6e:12:56:83:ec:dd:68:
                    ce:b7:be:bf:aa:0f:ae:01:9c:dd:78:6b:46:f6:68:
                    f6:0c:6b:b9:00:e1:ed:46:a8:c6:ec:5d:c3:a8:03:
                    84:dd:9a:0b:ab:a5:fd:6a:b0:c3:21:0b:a9:71:88:
                    07:de:a3:b4:0b:4b:64:9b:d1:e2:d4:34:e1:12:3c:
                    bd:9b:31:da:3b:da:1a:dd:b1:1c:12:5f:60:ed:84:
                    1e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:13:C9:24:52:ED:BD:39:0B:A4:7D:D4:85:04:81:F2:E0:5C:E6:34
            X509v3 Authority Key Identifier:
                keyid:B4:50:6B:CE:3F:7E:1A:E3:A7:E2:CB:9A:D2:05:C4:CD:FB:02:DD:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tFBrzj9-GuOn4sua0gXEzfsC3bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/db5989-19f6-468d-9fc3-f8a3780c348e/1/9hPJJFLtvTkLpH3UhQSB8uBc5jQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/db5989-19f6-468d-9fc3-f8a3780c348e/1/tFBrzj9-GuOn4sua0gXEzfsC3bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.140.0/22
                  45.158.116.0/22
                  80.78.16.0/20
                  95.215.16.0/22
                  185.193.124.0/22
                  195.14.20.0/24
                IPv6:
                  2001:67c:2354::/48
                  2001:67c:2358::/48
                  2a02:6f8::/32
                  2a0a:3840::/29
                  2a0e:d9c0::/29
                  2a0f:5e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:05:09:bf:c8:55:1c:b1:8f:57:d8:a1:20:ce:a5:99:03:4d:
         d8:7b:45:5b:d1:96:b9:ba:25:17:0b:d4:5d:e6:b0:aa:f9:6a:
         4f:1d:cd:f6:7a:58:b5:2e:cb:ec:ab:36:58:38:f5:e9:0f:b6:
         d1:60:88:8a:30:93:cc:2e:ea:d5:b1:08:0e:1d:3a:82:4e:99:
         6f:86:d4:69:ff:ba:45:4a:9f:fe:7a:f6:6a:8f:f1:32:a5:2c:
         5b:4e:e9:c2:63:a8:81:19:c1:f9:17:ab:fa:cb:7b:b0:bc:46:
         2f:f7:6b:f0:38:f4:fe:e9:2b:e4:96:63:21:e0:37:44:8b:0a:
         d9:f9:ad:10:9e:2b:3e:ac:ea:6a:af:88:f8:ba:c2:dc:76:85:
         e9:f3:cb:8b:5b:c4:f8:80:c9:48:7f:3f:91:89:44:ab:46:f5:
         2a:93:09:93:8b:0e:d0:72:33:be:f1:f0:75:c5:ea:85:cb:79:
         5b:18:39:20:a3:e1:28:24:ec:f0:13:ce:ec:03:e9:f2:50:b8:
         22:c9:73:5a:79:10:d6:28:ec:8b:a7:e9:10:f5:85:c8:5f:c3:
         e9:cf:64:32:be:53:a2:16:0c:75:35:76:67:d6:70:b9:e9:d3:
         68:a0:61:30:65:e9:67:24:90:c8:99:80:b5:98:a2:0f:6f:79:
         2e:d1:49:0a
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYVxVWfhSfqeLkmRaPGQRgV2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NTA2YmNlM2Y3ZTFhZTNhN2UyY2I5YWQyMDVjNGNkZmIw
MmRkYjUwHhcNMjMwMTAyMDcxNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjEzYzkyNDUyZWRiZDM5MGJhNDdkZDQ4NTA0ODFmMmUwNWNlNjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBugsfnImRHhFv+BA2PSfOS7GzBK
K2ZnJ4JEvoyHyAV4kSVULrkOOlnNSXZ580lXdQehOyWIthQ2q5m/xoenAEi0CwuB
nuUF5KMX0Ext1bHHexxBxR1QIh4eHeV5lo7XTu8s49s4qzSSVnID0p1prBq++YCe
8n1CgyQkMRFsXmLFC3nEVa79Xdi6EbS6LpqEIpbJhKjm6NNZjo6vVYGlZJEWjd5l
RBHSxkWni24SVoPs3WjOt76/qg+uAZzdeGtG9mj2DGu5AOHtRqjG7F3DqAOE3ZoL
q6X9arDDIQupcYgH3qO0C0tkm9Hi1DThEjy9mzHaO9oa3bEcEl9g7YQeYwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFPYTySRS7b05C6R91IUEgfLgXOY0MB8GA1UdIwQY
MBaAFLRQa84/fhrjp+LLmtIFxM37At21MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEZCcnpqOS1HdU9uNHN1YTBnWEV6ZnNDM2JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9kYjU5ODktMTlmNi00NjhkLTlmYzMt
ZjhhMzc4MGMzNDhlLzEvOWhQSkpGTHR2VGtMcEgzVWhRU0I4dUJjNWpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9kYjU5ODktMTlmNi00NjhkLTlmYzMtZjhhMzc4MGMzNDhl
LzEvdEZCcnpqOS1HdU9uNHN1YTBnWEV6ZnNDM2JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjAqBAIAATAkAwQCLY6MAwQC
LZ50AwQEUE4QAwQCX9cQAwQCucF8AwQAww4UMDQEAgACMC4DBwAgAQZ8I1QDBwAg
AQZ8I1gDBQAqAgb4AwUDKgo4QAMFAyoO2cADBQMqD16AMA0GCSqGSIb3DQEBCwUA
A4IBAQB+BQm/yFUcsY9X2KEgzqWZA03Ye0Vb0Za5uiUXC9Rd5rCq+WpPHc32eli1
LsvsqzZYOPXpD7bRYIiKMJPMLurVsQgOHTqCTplvhtRp/7pFSp/+evZqj/EypSxb
TunCY6iBGcH5F6v6y3uwvEYv92vwOPT+6SvklmMh4DdEiwrZ+a0Qnis+rOpqr4j4
usLcdoXp88uLW8T4gMlIfz+RiUSrRvUqkwmTiw7QcjO+8fB1xeqFy3lbGDkgo+Eo
JOzwE87sA+nyULgiyXNaeRDWKOyLp+kQ9YXIX8Ppz2QyvlOiFgx1NXZn1nC56dNo
oGEwZelnJJDImYC1mKIPb3ku0UkK
-----END CERTIFICATE-----