Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/12bd09-6917-4b10-8623-335c2a52a71a/1/4uY6lMAh_e52EUp62SENplOwcmA.roa
File:                     4uY6lMAh_e52EUp62SENplOwcmA.roa (raw, json)
Hash identifier:          xDQpk1WwxqQIUcd7x3MrZNbpR1nDBdFaNKGUejzB//4=
Subject key identifier:   E2:E6:3A:94:C0:21:FD:EE:76:11:4A:7A:D9:21:0D:A6:53:B0:72:60
Certificate issuer:       /CN=465e78a5ec57231c693d654544618c6782d6190a
Certificate serial:       018CCA29D3D57C3F25DB6E6C651876BA02E7
Authority key identifier: 46:5E:78:A5:EC:57:23:1C:69:3D:65:45:44:61:8C:67:82:D6:19:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rl54pexXIxxpPWVFRGGMZ4LWGQo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/12bd09-6917-4b10-8623-335c2a52a71a/1/4uY6lMAh_e52EUp62SENplOwcmA.roa
Signing time:             Tue 02 Jan 2024 12:33:08 +0000
ROA not before:           Tue 02 Jan 2024 12:33:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51540
IP address blocks:        46.31.145.0/24 maxlen: 24
                          46.31.144.0/24 maxlen: 24
                          185.198.196.0/24 maxlen: 24
                          185.198.197.0/24 maxlen: 24
                          185.198.198.0/24 maxlen: 24
                          185.198.199.0/24 maxlen: 24
                          46.31.146.0/24 maxlen: 24
                          46.31.147.0/24 maxlen: 24
                          46.31.148.0/24 maxlen: 24
                          46.31.149.0/24 maxlen: 24
                          46.31.150.0/24 maxlen: 24
                          46.31.151.0/24 maxlen: 24
                          185.14.20.0/24 maxlen: 24
                          185.14.21.0/24 maxlen: 24
                          185.14.22.0/24 maxlen: 24
                          185.14.23.0/24 maxlen: 24
                          2a03:6c40::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:d3:d5:7c:3f:25:db:6e:6c:65:18:76:ba:02:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=465e78a5ec57231c693d654544618c6782d6190a
        Validity
            Not Before: Jan  2 12:33:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2e63a94c021fdee76114a7ad9210da653b07260
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e9:8d:08:f9:d7:5f:34:51:68:35:da:40:11:
                    f7:82:ca:f9:4c:9a:96:41:a1:76:6b:72:63:7d:69:
                    1b:cc:68:a0:ae:9a:83:47:0a:32:a9:ed:fa:19:7e:
                    54:86:6a:04:2a:67:b3:58:99:1a:b0:f2:b2:d2:7d:
                    a5:f3:44:3c:96:f9:85:c2:45:84:5a:36:24:95:75:
                    76:1e:0c:52:12:12:f3:a8:8a:8f:f1:13:4f:80:54:
                    23:25:e2:6c:e8:58:1c:d7:a0:30:fb:74:9a:9e:86:
                    25:9f:5c:e6:97:64:00:51:19:d2:5f:84:65:e1:21:
                    79:a9:5c:20:bd:69:3b:b1:91:86:e9:cd:c0:8c:df:
                    07:6a:e5:fd:c9:0f:19:da:b1:41:76:d4:c4:ce:d9:
                    04:b3:02:d0:3e:cf:a8:ce:44:12:b5:62:78:b6:31:
                    89:77:da:23:07:9a:e0:b4:79:ee:7d:ac:b9:a2:66:
                    8e:17:70:aa:15:c3:d7:ae:5f:b9:34:b9:d5:c8:46:
                    ab:b3:54:04:71:ab:07:08:e1:c2:8d:9f:40:b7:52:
                    47:7e:3d:b5:4e:f6:5b:ee:54:57:2d:c5:c2:8a:4f:
                    cf:84:5f:fe:44:3a:ba:09:6a:f0:cd:ee:3f:88:85:
                    96:d9:ab:64:b1:df:78:c0:e5:27:29:de:36:43:86:
                    a4:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:E6:3A:94:C0:21:FD:EE:76:11:4A:7A:D9:21:0D:A6:53:B0:72:60
            X509v3 Authority Key Identifier:
                keyid:46:5E:78:A5:EC:57:23:1C:69:3D:65:45:44:61:8C:67:82:D6:19:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl54pexXIxxpPWVFRGGMZ4LWGQo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/12bd09-6917-4b10-8623-335c2a52a71a/1/4uY6lMAh_e52EUp62SENplOwcmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/12bd09-6917-4b10-8623-335c2a52a71a/1/Rl54pexXIxxpPWVFRGGMZ4LWGQo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.144.0/21
                  185.14.20.0/22
                  185.198.196.0/22
                IPv6:
                  2a03:6c40::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:42:72:7a:e8:7f:14:75:9e:20:ed:8c:7a:d2:3c:c7:ac:0e:
         ff:a8:e0:22:bf:6f:d9:6a:51:1b:30:b7:d3:5e:e6:d6:14:c5:
         0a:97:7b:48:cd:0b:b2:14:c3:1b:98:84:e2:11:b7:d5:a8:56:
         f9:ab:74:b0:5e:b5:e6:3a:2c:74:b2:32:ac:65:44:4f:04:b6:
         28:0e:e5:7f:db:d5:dc:e5:10:d8:c3:7e:ba:d2:9e:88:0d:fa:
         bf:73:d7:12:f5:39:d6:8e:36:95:33:df:a4:09:41:7c:29:a7:
         72:5c:a9:5a:20:eb:6d:1f:cf:08:3a:50:10:5f:ca:c3:e8:fb:
         f8:94:de:dc:1b:7b:f2:1f:e7:ca:40:3d:c4:17:07:8f:b9:45:
         f3:91:33:c0:38:67:a7:fd:ce:c3:6a:9f:a1:81:39:c4:ff:5e:
         03:80:c6:56:05:93:7a:60:0f:f3:1d:8e:4c:38:69:f9:f7:12:
         fe:99:9c:d3:a7:47:83:d1:90:8a:59:aa:2d:75:e2:ec:90:f4:
         2c:2e:3b:5b:f4:16:60:0d:8b:25:ce:dc:67:ed:11:3e:78:84:
         f5:12:d6:99:8e:22:9e:d7:38:97:aa:e6:48:2e:13:ca:6b:e2:
         e4:c7:cb:da:3c:5a:21:d5:d6:dd:f9:54:8e:f1:d4:3b:11:82:
         27:12:6e:09
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzKKdPVfD8l225sZRh2ugLnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWU3OGE1ZWM1NzIzMWM2OTNkNjU0NTQ0NjE4YzY3ODJk
NjE5MGEwHhcNMjQwMTAyMTIzMzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmU2M2E5NGMwMjFmZGVlNzYxMTRhN2FkOTIxMGRhNjUzYjA3MjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOmNCPnXXzRRaDXaQBH3gsr5TJqW
QaF2a3JjfWkbzGigrpqDRwoyqe36GX5UhmoEKmezWJkasPKy0n2l80Q8lvmFwkWE
WjYklXV2HgxSEhLzqIqP8RNPgFQjJeJs6Fgc16Aw+3SanoYln1zml2QAURnSX4Rl
4SF5qVwgvWk7sZGG6c3AjN8HauX9yQ8Z2rFBdtTEztkEswLQPs+ozkQStWJ4tjGJ
d9ojB5rgtHnufay5omaOF3CqFcPXrl+5NLnVyEars1QEcasHCOHCjZ9At1JHfj21
TvZb7lRXLcXCik/PhF/+RDq6CWrwze4/iIWW2atksd94wOUnKd42Q4akBwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFOLmOpTAIf3udhFKetkhDaZTsHJgMB8GA1UdIwQY
MBaAFEZeeKXsVyMcaT1lRURhjGeC1hkKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw1NHBleFhJeHhwUFdWRlJHR01aNExXR1FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8xMmJkMDktNjkxNy00YjEwLTg2MjMt
MzM1YzJhNTJhNzFhLzEvNHVZNmxNQWhfZTUyRVVwNjJTRU5wbE93Y21BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8xMmJkMDktNjkxNy00YjEwLTg2MjMtMzM1YzJhNTJhNzFh
LzEvUmw1NHBleFhJeHhwUFdWRlJHR01aNExXR1FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDLh+QAwQC
uQ4UAwQCucbEMA0EAgACMAcDBQAqA2xAMA0GCSqGSIb3DQEBCwUAA4IBAQAfQnJ6
6H8UdZ4g7Yx60jzHrA7/qOAiv2/ZalEbMLfTXubWFMUKl3tIzQuyFMMbmITiEbfV
qFb5q3SwXrXmOix0sjKsZURPBLYoDuV/29Xc5RDYw3660p6IDfq/c9cS9TnWjjaV
M9+kCUF8KadyXKlaIOttH88IOlAQX8rD6Pv4lN7cG3vyH+fKQD3EFwePuUXzkTPA
OGen/c7Dap+hgTnE/14DgMZWBZN6YA/zHY5MOGn59xL+mZzTp0eD0ZCKWaotdeLs
kPQsLjtb9BZgDYslztxn7RE+eIT1EtaZjiKe1ziXquZILhPKa+Lkx8vaPFoh1dbd
+VSO8dQ7EYInEm4J
-----END CERTIFICATE-----