Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/Rd0jQjni4BEROBwrxgLHCXiLzJ0.roa
File:                     Rd0jQjni4BEROBwrxgLHCXiLzJ0.roa (raw, json)
Hash identifier:          xteD5iSQ2vWySk8gp7COIg/1HXx8f5bkjVfrqTHK7lE=
Subject key identifier:   45:DD:23:42:39:E2:E0:11:11:38:1C:2B:C6:02:C7:09:78:8B:CC:9D
Certificate issuer:       /CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
Certificate serial:       018D78CA39D5BA592BC53E4A37839B862FF2
Authority key identifier: A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/Rd0jQjni4BEROBwrxgLHCXiLzJ0.roa
Signing time:             Mon 05 Feb 2024 10:22:15 +0000
ROA not before:           Mon 05 Feb 2024 10:22:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41221
IP address blocks:        5.56.64.0/18 maxlen: 24
                          37.75.16.0/20 maxlen: 24
                          37.75.64.0/18 maxlen: 24
                          46.55.0.0/17 maxlen: 24
                          85.204.176.0/21 maxlen: 24
                          86.104.196.0/22 maxlen: 24
                          86.105.56.0/21 maxlen: 24
                          86.105.80.0/21 maxlen: 24
                          86.105.172.0/22 maxlen: 24
                          86.105.208.0/22 maxlen: 24
                          86.106.144.0/21 maxlen: 24
                          86.106.208.0/20 maxlen: 24
                          86.107.64.0/22 maxlen: 24
                          86.107.160.0/21 maxlen: 24
                          93.116.254.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:78:ca:39:d5:ba:59:2b:c5:3e:4a:37:83:9b:86:2f:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
        Validity
            Not Before: Feb  5 10:22:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45dd234239e2e01111381c2bc602c709788bcc9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:65:59:09:f9:be:3b:17:12:d4:94:06:02:61:
                    de:48:7b:74:02:c1:c9:7f:53:0d:e8:69:67:fa:8b:
                    69:4d:4a:87:29:84:18:ee:55:d2:51:b3:4e:c6:56:
                    72:f1:b3:44:db:3a:0c:dc:2c:3e:68:75:ee:d9:de:
                    19:69:85:e6:32:69:36:c8:2c:64:09:2e:92:60:99:
                    c6:6d:b6:71:01:9a:09:45:f8:dd:5b:68:b9:30:b0:
                    e1:42:3c:2d:21:03:77:c4:d9:ef:c4:6a:9e:1e:e7:
                    65:f0:ef:b8:5c:dd:9e:f8:66:c9:64:44:c1:01:2c:
                    af:d4:6f:df:a1:e7:9c:cb:af:f7:7f:33:ab:ce:25:
                    26:1b:19:cc:eb:99:1c:86:28:7c:f2:43:48:d6:c6:
                    46:c9:77:91:1d:d5:c9:0b:9e:85:00:79:37:70:a5:
                    ef:b7:37:ff:33:e5:21:c6:c7:86:a3:f6:a0:b6:c5:
                    7b:17:85:75:01:d6:64:d0:fa:40:33:00:8d:19:ad:
                    f8:4b:2d:aa:ff:0a:68:20:2e:37:46:11:fc:bf:db:
                    79:39:5a:8d:2d:0c:03:72:c5:a7:44:d1:ee:a4:df:
                    bf:78:ec:eb:ab:ed:17:ec:9d:4f:18:7d:15:63:6f:
                    a4:4c:73:00:3e:ea:f8:5a:cd:3f:c7:29:fc:1e:36:
                    32:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:DD:23:42:39:E2:E0:11:11:38:1C:2B:C6:02:C7:09:78:8B:CC:9D
            X509v3 Authority Key Identifier:
                keyid:A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/Rd0jQjni4BEROBwrxgLHCXiLzJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.64.0/18
                  37.75.16.0/20
                  37.75.64.0/18
                  46.55.0.0/17
                  85.204.176.0/21
                  86.104.196.0/22
                  86.105.56.0/21
                  86.105.80.0/21
                  86.105.172.0/22
                  86.105.208.0/22
                  86.106.144.0/21
                  86.106.208.0/20
                  86.107.64.0/22
                  86.107.160.0/21
                  93.116.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:fb:1c:bf:4d:83:6c:ca:69:e8:45:a5:7d:b5:c7:0d:0f:74:
         fa:0c:53:44:25:51:77:77:17:e7:3e:2c:0c:28:80:2a:a6:3b:
         49:f0:75:c3:e2:ee:9a:b4:32:ef:5c:bd:20:ce:4a:7a:25:57:
         c1:32:8d:9a:52:7f:c2:78:c7:06:7b:65:9f:9a:73:f1:88:ec:
         18:f5:06:f2:17:e7:d7:f7:54:f5:01:1c:42:b1:2e:45:ba:24:
         b6:af:29:fd:9a:e6:dd:67:ba:63:44:a9:bc:7b:9d:fd:b6:aa:
         7e:2b:7d:80:e8:b6:da:4d:66:34:76:87:51:7a:81:da:cf:e4:
         0d:f2:cf:23:ce:d9:df:71:16:c4:cc:25:ab:36:82:f6:e1:7d:
         54:5c:f9:e2:de:34:c3:ff:3a:ae:74:b8:12:f4:bc:c1:14:1c:
         24:33:95:12:4b:36:0d:0c:c2:09:d5:32:e6:5b:e3:60:6b:fb:
         4b:a2:99:a8:cf:70:15:2c:0f:2a:27:06:4b:55:cd:63:74:0f:
         e5:67:b5:ce:2e:5b:9c:e7:39:90:c9:7a:9f:8b:a8:0d:70:e0:
         09:c8:e2:05:3f:c6:a3:19:c0:71:8a:04:cd:5a:12:ae:e0:33:
         1f:9f:1f:3a:06:07:6b:46:d7:9e:a9:ae:a0:af:74:61:ee:2b:
         ae:2d:8f:a2
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAY14yjnVulkrxT5KN4Obhi/yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMDg4ZTA2ZDU1M2NmZjI5M2QyNzdmNGQ3NmMzYTcxMGJk
OGIyZjcwHhcNMjQwMjA1MTAyMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWRkMjM0MjM5ZTJlMDExMTEzODFjMmJjNjAyYzcwOTc4OGJjYzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WVZCfm+OxcS1JQGAmHeSHt0AsHJ
f1MN6Gln+otpTUqHKYQY7lXSUbNOxlZy8bNE2zoM3Cw+aHXu2d4ZaYXmMmk2yCxk
CS6SYJnGbbZxAZoJRfjdW2i5MLDhQjwtIQN3xNnvxGqeHudl8O+4XN2e+GbJZETB
ASyv1G/foeecy6/3fzOrziUmGxnM65kchih88kNI1sZGyXeRHdXJC56FAHk3cKXv
tzf/M+UhxseGo/agtsV7F4V1AdZk0PpAMwCNGa34Sy2q/wpoIC43RhH8v9t5OVqN
LQwDcsWnRNHupN+/eOzrq+0X7J1PGH0VY2+kTHMAPur4Ws0/xyn8HjYyNwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFEXdI0I54uARETgcK8YCxwl4i8ydMB8GA1UdIwQY
MBaAFKIIjgbVU8/yk9J39NdsOnEL2LL3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTct
YmJlYTI5MThlMTAyLzEvUmQwalFqbmk0QkVST0J3cnhnTEhDWGlMekowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTctYmJlYTI5MThlMTAy
LzEvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQGBThAAwQE
JUsQAwQGJUtAAwQHLjcAAwQDVcywAwQCVmjEAwQDVmk4AwQDVmlQAwQCVmmsAwQC
VmnQAwQDVmqQAwQEVmrQAwQCVmtAAwQDVmugAwQAXXT+MA0GCSqGSIb3DQEBCwUA
A4IBAQBq+xy/TYNsymnoRaV9tccND3T6DFNEJVF3dxfnPiwMKIAqpjtJ8HXD4u6a
tDLvXL0gzkp6JVfBMo2aUn/CeMcGe2WfmnPxiOwY9QbyF+fX91T1ARxCsS5FuiS2
ryn9mubdZ7pjRKm8e539tqp+K32A6LbaTWY0dodReoHaz+QN8s8jztnfcRbEzCWr
NoL24X1UXPni3jTD/zqudLgS9LzBFBwkM5USSzYNDMIJ1TLmW+Nga/tLopmoz3AV
LA8qJwZLVc1jdA/lZ7XOLluc5zmQyXqfi6gNcOAJyOIFP8ajGcBxigTNWhKu4DMf
nx86BgdrRteeqa6gr3Rh7iuuLY+i
-----END CERTIFICATE-----