Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/909082-d7d4-4801-aafe-fdeb615a8429/1/sV72XnakKxVgq1l9VPWVctMPeH0.roa
File:                     sV72XnakKxVgq1l9VPWVctMPeH0.roa (raw, json)
Hash identifier:          lwXp/UFztQeT361Qe0voqRcM5ebBUQd07MsZBf3xLOM=
Subject key identifier:   B1:5E:F6:5E:76:A4:2B:15:60:AB:59:7D:54:F5:95:72:D3:0F:78:7D
Certificate issuer:       /CN=b361c46090869fbdfee22436ce8a94393aa1be64
Certificate serial:       01FD4E02
Authority key identifier: B3:61:C4:60:90:86:9F:BD:FE:E2:24:36:CE:8A:94:39:3A:A1:BE:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s2HEYJCGn73-4iQ2zoqUOTqhvmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/909082-d7d4-4801-aafe-fdeb615a8429/1/sV72XnakKxVgq1l9VPWVctMPeH0.roa
Signing time:             Sat 01 Jan 2022 05:03:49 +0000
ROA not before:           Sat 01 Jan 2022 05:03:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206576
IP address blocks:        185.247.202.0/23 maxlen: 23
                          185.247.200.0/23 maxlen: 23
                          185.247.200.0/22 maxlen: 22
                          5.181.72.0/22 maxlen: 22
                          83.150.252.0/22 maxlen: 22
                          83.150.252.0/24 maxlen: 24
                          45.137.44.0/22 maxlen: 22
                          45.137.44.0/24 maxlen: 24
                          185.229.4.0/22 maxlen: 22
                          185.229.4.0/23 maxlen: 23
                          185.248.252.0/24 maxlen: 24
                          185.248.254.0/24 maxlen: 24
                          185.246.132.0/22 maxlen: 22
                          185.246.132.0/24 maxlen: 24
                          2a0d:bf80::/29 maxlen: 29
                          2a09:2500::/48 maxlen: 48
                          2a0d:7680::/29 maxlen: 29
                          2a0d:7680::/48 maxlen: 48
                          2a0e:a1c0::/29 maxlen: 29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 33377794 (0x1fd4e02)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b361c46090869fbdfee22436ce8a94393aa1be64
        Validity
            Not Before: Jan  1 05:03:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b15ef65e76a42b1560ab597d54f59572d30f787d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:f8:a9:c0:e1:f3:d8:ee:12:78:49:1f:c1:b3:
                    48:a4:8b:a7:74:04:a5:eb:ad:6e:7a:b0:2d:f3:0d:
                    28:6d:08:6b:4e:14:5c:7b:e6:c0:5e:d7:b1:36:23:
                    bb:e2:cf:aa:82:83:14:5c:78:c4:d7:dc:0c:42:75:
                    36:0d:f5:47:59:06:39:c3:97:5f:62:7a:99:81:7c:
                    43:d1:70:fb:83:ec:6e:f9:05:56:09:36:03:72:5d:
                    74:6d:35:f7:2a:83:7a:69:a6:07:e3:62:22:68:3b:
                    f8:bb:36:43:82:00:4a:38:39:b4:7e:eb:0e:0e:dd:
                    9d:77:50:51:44:d9:ae:4d:34:ff:2d:7b:f7:50:e0:
                    94:48:7b:85:98:57:f3:82:1a:18:66:8f:91:e6:e9:
                    1c:ce:2b:47:14:18:a3:3e:2b:59:8e:fc:9d:96:70:
                    d9:d1:13:91:ac:e0:98:b3:a0:a9:dc:f7:2e:20:18:
                    e2:4c:e2:c0:e5:c2:70:09:4a:0b:18:b9:a4:d7:71:
                    74:4e:4d:46:09:fb:d0:f5:0f:95:21:cb:82:a8:30:
                    e7:4c:d6:bc:b8:44:1e:bb:49:8f:41:f4:54:bd:52:
                    0f:15:58:bc:34:6e:02:b9:02:00:80:3f:77:e7:6b:
                    dd:15:6d:ea:e7:b2:5d:81:65:e0:fa:70:61:77:5d:
                    b4:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:5E:F6:5E:76:A4:2B:15:60:AB:59:7D:54:F5:95:72:D3:0F:78:7D
            X509v3 Authority Key Identifier:
                keyid:B3:61:C4:60:90:86:9F:BD:FE:E2:24:36:CE:8A:94:39:3A:A1:BE:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s2HEYJCGn73-4iQ2zoqUOTqhvmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/909082-d7d4-4801-aafe-fdeb615a8429/1/sV72XnakKxVgq1l9VPWVctMPeH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/909082-d7d4-4801-aafe-fdeb615a8429/1/s2HEYJCGn73-4iQ2zoqUOTqhvmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.72.0/22
                  45.137.44.0/22
                  83.150.252.0/22
                  185.229.4.0/22
                  185.246.132.0/22
                  185.247.200.0/22
                  185.248.252.0/24
                  185.248.254.0/24
                IPv6:
                  2a09:2500::/48
                  2a0d:7680::/29
                  2a0d:bf80::/29
                  2a0e:a1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:38:34:73:f5:3b:33:22:33:63:b2:95:db:c0:9d:1b:8a:51:
         d8:70:14:0d:ca:80:5e:67:0b:0f:ac:2b:1d:b5:b1:8a:cc:22:
         9a:0d:ff:67:13:ff:bb:8c:ea:ea:4a:9d:44:26:8e:cd:b2:41:
         af:9e:c8:82:38:74:34:c4:c3:45:24:3e:4b:bb:d1:d5:7b:bc:
         ef:93:ec:82:ef:f7:45:43:f4:26:24:10:8d:4d:11:6d:7c:21:
         5d:22:7f:f2:cd:5b:f7:96:2b:b2:61:8f:c5:e6:99:20:17:a2:
         25:46:f0:f3:85:6f:48:74:a5:2f:53:48:ea:8e:07:12:66:0a:
         4e:80:6a:9f:cc:20:03:e2:5c:c6:10:f8:99:d9:ec:fd:61:cf:
         3f:8d:cb:39:35:1c:9b:66:20:ad:78:93:9c:16:73:8c:70:1a:
         29:58:15:79:6c:7a:fe:94:07:89:13:af:99:5a:7b:0b:f4:89:
         42:ae:43:47:3b:68:9e:69:ee:2d:ea:65:1a:58:a3:ab:ea:9f:
         69:a3:38:1c:70:af:15:3d:92:f2:91:27:47:bf:de:df:e8:ee:
         45:d0:58:cd:34:53:82:13:7a:8b:fe:3e:b2:0e:7a:bf:08:63:
         67:c1:4d:19:6a:1f:e6:fd:60:5f:06:d8:72:71:5b:68:15:be:
         d1:67:ed:b8
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgIEAf1OAjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MzYxYzQ2MDkwODY5ZmJkZmVlMjI0MzZjZThhOTQzOTNhYTFiZTY0MB4XDTIyMDEw
MTA1MDM0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjE1ZWY2NWU3NmE0
MmIxNTYwYWI1OTdkNTRmNTk1NzJkMzBmNzg3ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMn4qcDh89juEnhJH8GzSKSLp3QEpeutbnqwLfMNKG0Ia04U
XHvmwF7XsTYju+LPqoKDFFx4xNfcDEJ1Ng31R1kGOcOXX2J6mYF8Q9Fw+4PsbvkF
Vgk2A3JddG019yqDemmmB+NiImg7+Ls2Q4IASjg5tH7rDg7dnXdQUUTZrk00/y17
91DglEh7hZhX84IaGGaPkebpHM4rRxQYoz4rWY78nZZw2dETkazgmLOgqdz3LiAY
4kziwOXCcAlKCxi5pNdxdE5NRgn70PUPlSHLgqgw50zWvLhEHrtJj0H0VL1SDxVY
vDRuArkCAIA/d+dr3RVt6ueyXYFl4PpwYXddtLUCAwEAAaOCAlkwggJVMB0GA1Ud
DgQWBBSxXvZedqQrFWCrWX1U9ZVy0w94fTAfBgNVHSMEGDAWgBSzYcRgkIafvf7i
JDbOipQ5OqG+ZDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3MySEVZSkNHbjczLTRpUTJ6b3FVT1RxaHZtUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODUvOTA5MDgyLWQ3ZDQtNDgwMS1hYWZlLWZkZWI2MTVhODQyOS8x
L3NWNzJYbmFrS3hWZ3ExbDlWUFdWY3RNUGVIMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODUv
OTA5MDgyLWQ3ZDQtNDgwMS1hYWZlLWZkZWI2MTVhODQyOS8xL3MySEVZSkNHbjcz
LTRpUTJ6b3FVT1RxaHZtUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBv
BggrBgEFBQcBBwEB/wRgMF4wNgQCAAEwMAMEAgW1SAMEAi2JLAMEAlOW/AMEArnl
BAMEArn2hAMEArn3yAMEALn4/AMEALn4/jAkBAIAAjAeAwcAKgklAAAAAwUDKg12
gAMFAyoNv4ADBQMqDqHAMA0GCSqGSIb3DQEBCwUAA4IBAQBtODRz9TszIjNjspXb
wJ0bilHYcBQNyoBeZwsPrCsdtbGKzCKaDf9nE/+7jOrqSp1EJo7NskGvnsiCOHQ0
xMNFJD5Lu9HVe7zvk+yC7/dFQ/QmJBCNTRFtfCFdIn/yzVv3liuyYY/F5pkgF6Il
RvDzhW9IdKUvU0jqjgcSZgpOgGqfzCAD4lzGEPiZ2ez9Yc8/jcs5NRybZiCteJOc
FnOMcBopWBV5bHr+lAeJE6+ZWnsL9IlCrkNHO2ieae4t6mUaWKOr6p9pozgccK8V
PZLykSdHv97f6O5F0FjNNFOCE3qL/j6yDnq/CGNnwU0Zah/m/WBfBthycVtoFb7R
Z+24
-----END CERTIFICATE-----