Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/MbW9Y-ddQxa5AkskfL1Sh3qWkus.roa
File:                     MbW9Y-ddQxa5AkskfL1Sh3qWkus.roa (raw, json)
Hash identifier:          UKWrFXui918P3KACO1i7Vc9PdF3Jm+twDKhde6Vmlkw=
Subject key identifier:   31:B5:BD:63:E7:5D:43:16:B9:02:4B:24:7C:BD:52:87:7A:96:92:EB
Certificate issuer:       /CN=b35002ba088d5bd09c1553dced5b0bf3907ff736
Certificate serial:       018CED2C6DA79A6B6BD1FDFA0D158ADF9E2C
Authority key identifier: B3:50:02:BA:08:8D:5B:D0:9C:15:53:DC:ED:5B:0B:F3:90:7F:F7:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s1ACugiNW9CcFVPc7VsL85B_9zY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/MbW9Y-ddQxa5AkskfL1Sh3qWkus.roa
Signing time:             Tue 09 Jan 2024 07:42:40 +0000
ROA not before:           Tue 09 Jan 2024 07:42:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48108
IP address blocks:        176.116.0.0/24 maxlen: 24
                          94.247.137.0/24 maxlen: 24
                          146.19.84.0/24 maxlen: 24
                          185.235.230.0/24 maxlen: 24
                          31.222.227.0/24 maxlen: 24
                          2001:678:e30::/48 maxlen: 48
                          2a11:8481::/32 maxlen: 32
                          2a0a:2e80::/32 maxlen: 32
                          2a11:8482::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ed:2c:6d:a7:9a:6b:6b:d1:fd:fa:0d:15:8a:df:9e:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b35002ba088d5bd09c1553dced5b0bf3907ff736
        Validity
            Not Before: Jan  9 07:42:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31b5bd63e75d4316b9024b247cbd52877a9692eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f9:71:42:a8:4a:e7:4a:d1:80:be:9e:b1:30:
                    68:35:74:45:c5:c2:6c:80:09:03:f9:c4:0f:d1:80:
                    b4:f0:99:9e:38:54:a9:ab:c7:a6:9f:4f:5c:6f:06:
                    a3:2f:86:cd:30:75:1d:26:96:de:87:ff:2b:ee:17:
                    73:51:e4:a8:ba:93:77:84:73:d9:3b:e9:2f:ce:b7:
                    92:ec:6b:ec:28:f3:c9:0b:00:5a:47:08:1d:aa:1d:
                    f2:cc:c7:8f:3f:4d:23:bf:6d:d1:c6:91:29:9e:00:
                    91:a1:98:82:a4:f9:6c:5a:95:8a:3d:f6:fd:6c:2a:
                    c0:c2:2a:53:7f:9f:52:fa:b1:90:a2:02:a4:f8:7c:
                    4e:e8:53:c4:19:36:d8:34:a8:ec:48:9d:7c:85:a3:
                    c8:e3:fa:71:b6:3d:34:bb:e9:df:d5:91:c6:60:7f:
                    77:04:00:12:9c:92:b9:de:7f:d3:35:71:7e:ac:7f:
                    ee:bd:e5:9c:ee:9a:14:e1:b4:e9:da:c8:63:9e:a5:
                    f9:2a:4e:e1:d0:cc:06:5c:a4:c6:78:7b:3f:18:91:
                    cc:c0:a6:d4:e6:18:28:8d:10:37:eb:d2:e3:b3:88:
                    71:61:64:9e:eb:21:06:21:95:52:0f:4a:9c:4e:ab:
                    dd:f3:2f:dd:cb:fe:37:d1:cd:73:d9:27:5d:ae:d9:
                    ff:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:B5:BD:63:E7:5D:43:16:B9:02:4B:24:7C:BD:52:87:7A:96:92:EB
            X509v3 Authority Key Identifier:
                keyid:B3:50:02:BA:08:8D:5B:D0:9C:15:53:DC:ED:5B:0B:F3:90:7F:F7:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s1ACugiNW9CcFVPc7VsL85B_9zY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/MbW9Y-ddQxa5AkskfL1Sh3qWkus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/s1ACugiNW9CcFVPc7VsL85B_9zY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.222.227.0/24
                  94.247.137.0/24
                  146.19.84.0/24
                  176.116.0.0/24
                  185.235.230.0/24
                IPv6:
                  2001:678:e30::/48
                  2a0a:2e80::/32
                  2a11:8481::-2a11:8482:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         0d:48:b5:e6:ce:8d:53:9b:32:69:a2:72:d4:cc:dc:b1:67:a2:
         d9:2a:f5:29:25:b4:1e:e2:4f:db:67:6b:e8:8c:93:b5:b4:86:
         d5:ca:26:9f:94:ef:05:48:e0:ae:0d:8c:6d:cb:52:3f:eb:cf:
         9e:8c:3b:ec:7c:b1:0f:d4:be:c9:98:ba:06:0e:42:e7:a8:09:
         ff:8f:e9:f3:c6:ac:1a:d8:7b:6e:fb:73:b3:c1:ad:6e:f2:e9:
         77:40:90:81:2c:df:3c:3b:11:51:6c:da:82:35:0d:74:c4:24:
         be:03:60:8b:46:29:6e:b3:2b:b6:6f:57:7d:91:9d:2c:5a:0c:
         7d:60:fe:b2:03:b4:52:8d:8f:9c:1f:89:f7:89:2c:d6:0a:1a:
         7a:33:82:ec:54:5b:ca:2c:79:50:90:0e:ff:17:a9:2e:f4:f8:
         a8:44:39:3d:6a:da:92:ff:86:66:cb:12:44:d9:73:c9:b5:c4:
         21:33:91:8f:b7:25:ee:4d:7c:bf:6f:0a:63:d5:f9:57:c1:ad:
         a2:6b:33:58:5f:63:e5:92:2d:c6:d5:97:ef:a3:e3:2d:d5:15:
         e9:9f:7b:ec:95:b6:14:1c:c6:8c:8d:37:c3:08:d2:d2:f7:11:
         8f:f2:e0:06:49:bc:39:0d:21:47:ec:18:32:3e:dd:1b:80:33:
         1b:82:8d:bb
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYztLG2nmmtr0f36DRWK354sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNTAwMmJhMDg4ZDViZDA5YzE1NTNkY2VkNWIwYmYzOTA3
ZmY3MzYwHhcNMjQwMTA5MDc0MjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWI1YmQ2M2U3NWQ0MzE2YjkwMjRiMjQ3Y2JkNTI4NzdhOTY5MmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsflxQqhK50rRgL6esTBoNXRFxcJs
gAkD+cQP0YC08JmeOFSpq8emn09cbwajL4bNMHUdJpbeh/8r7hdzUeSoupN3hHPZ
O+kvzreS7GvsKPPJCwBaRwgdqh3yzMePP00jv23RxpEpngCRoZiCpPlsWpWKPfb9
bCrAwipTf59S+rGQogKk+HxO6FPEGTbYNKjsSJ18haPI4/pxtj00u+nf1ZHGYH93
BAASnJK53n/TNXF+rH/uveWc7poU4bTp2shjnqX5Kk7h0MwGXKTGeHs/GJHMwKbU
5hgojRA369Ljs4hxYWSe6yEGIZVSD0qcTqvd8y/dy/430c1z2Sddrtn/mwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFDG1vWPnXUMWuQJLJHy9Uod6lpLrMB8GA1UdIwQY
MBaAFLNQAroIjVvQnBVT3O1bC/OQf/c2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczFBQ3VnaU5XOUNjRlZQYzdWc0w4NUJfOXpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9mZTRiMDYtZmMyZS00YmNiLTg3N2Ut
YWYxZWYxZDdhZmI4LzEvTWJXOVktZGRReGE1QWtza2ZMMVNoM3FXa3VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9mZTRiMDYtZmMyZS00YmNiLTg3N2UtYWYxZWYxZDdhZmI4
LzEvczFBQ3VnaU5XOUNjRlZQYzdWc0w4NUJfOXpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjAkBAIAATAeAwQAH97jAwQA
XveJAwQAkhNUAwQAsHQAAwQAuevmMCYEAgACMCADBwAgAQZ4DjADBQAqCi6AMA4D
BQAqEYSBAwUAKhGEgjANBgkqhkiG9w0BAQsFAAOCAQEADUi15s6NU5syaaJy1Mzc
sWei2Sr1KSW0HuJP22dr6IyTtbSG1comn5TvBUjgrg2MbctSP+vPnow77HyxD9S+
yZi6Bg5C56gJ/4/p88asGth7bvtzs8GtbvLpd0CQgSzfPDsRUWzagjUNdMQkvgNg
i0YpbrMrtm9XfZGdLFoMfWD+sgO0Uo2PnB+J94ks1goaejOC7FRbyix5UJAO/xep
LvT4qEQ5PWrakv+GZssSRNlzybXEITORj7cl7k18v28KY9X5V8GtomszWF9j5ZIt
xtWX76PjLdUV6Z977JW2FBzGjI03wwjS0vcRj/LgBkm8OQ0hR+wYMj7dG4AzG4KN
uw==
-----END CERTIFICATE-----