Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/aa9187-5e0c-4d6a-b704-894205f2691b/1/ZH4v2geAbhkGmIs9w_wHQrXrHLE.roa
File:                     ZH4v2geAbhkGmIs9w_wHQrXrHLE.roa (raw, json)
Hash identifier:          a5+yYlP0h+Rh/q9+HxiNH3GNNA03/p6FlKuXD7Ct/M0=
Subject key identifier:   64:7E:2F:DA:07:80:6E:19:06:98:8B:3D:C3:FC:07:42:B5:EB:1C:B1
Certificate issuer:       /CN=de8171491d89092da36c15fc814e538b9bfa3904
Certificate serial:       018572CCB7953F219D7C4B6F5E7821D8E8F8
Authority key identifier: DE:81:71:49:1D:89:09:2D:A3:6C:15:FC:81:4E:53:8B:9B:FA:39:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3oFxSR2JCS2jbBX8gU5Ti5v6OQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/aa9187-5e0c-4d6a-b704-894205f2691b/1/ZH4v2geAbhkGmIs9w_wHQrXrHLE.roa
Signing time:             Mon 02 Jan 2023 14:04:56 +0000
ROA not before:           Mon 02 Jan 2023 14:04:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15377
IP address blocks:        193.108.248.0/22 maxlen: 22
                          46.98.0.0/16 maxlen: 16
                          185.244.140.0/22 maxlen: 22
                          91.243.192.0/19 maxlen: 19
                          91.201.68.0/22 maxlen: 22
                          178.215.160.0/20 maxlen: 20
                          185.205.144.0/22 maxlen: 22
                          5.252.180.0/22 maxlen: 22
                          91.233.96.0/22 maxlen: 22
                          192.162.108.0/22 maxlen: 22
                          91.215.52.0/22 maxlen: 22
                          212.115.224.0/19 maxlen: 19
                          91.236.96.0/22 maxlen: 22
                          88.218.180.0/22 maxlen: 22
                          2a05:8dc0::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:cc:b7:95:3f:21:9d:7c:4b:6f:5e:78:21:d8:e8:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de8171491d89092da36c15fc814e538b9bfa3904
        Validity
            Not Before: Jan  2 14:04:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=647e2fda07806e1906988b3dc3fc0742b5eb1cb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:6c:cb:5a:4d:ef:b0:90:71:2e:50:b8:75:d2:
                    84:d2:1a:de:31:dc:1e:fa:38:3c:72:06:fa:2e:b9:
                    5e:be:a4:f0:bc:41:4e:a1:6a:cf:79:e8:32:5b:cc:
                    88:53:d4:d1:dc:ee:9a:e4:a0:e8:1f:c9:b1:eb:04:
                    0c:4a:75:47:14:f9:d0:f4:0c:61:95:0a:fe:40:8a:
                    71:2e:20:5a:2b:c5:9d:47:f5:71:b0:83:70:65:24:
                    91:40:94:8f:b4:71:a8:4e:0f:98:4a:b0:d7:93:39:
                    1d:7a:be:d3:43:ba:f9:0a:6c:ed:f6:32:1f:4b:1e:
                    d3:21:cc:ee:aa:d1:90:2d:c5:8e:34:08:e8:93:cc:
                    73:8e:bd:fa:dd:a3:fa:bc:49:af:24:d5:71:32:f9:
                    ff:47:5c:d2:ba:db:80:58:e5:64:5c:c0:dc:33:c1:
                    64:d8:8e:e0:36:ee:bd:e4:12:a4:cc:0c:cf:8a:dd:
                    18:87:16:26:1f:d6:bd:db:c6:df:f7:4e:79:e9:14:
                    71:cc:29:af:b1:4b:0a:bd:ba:c4:2e:bb:97:30:e3:
                    cd:f4:de:e8:5a:4b:8b:26:f6:b6:a1:21:5f:ab:8f:
                    f3:ad:c6:a1:d4:41:f3:9f:85:38:23:13:f7:7b:61:
                    28:40:86:c6:cd:7e:6a:ee:58:6b:e4:14:ff:a6:58:
                    98:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:7E:2F:DA:07:80:6E:19:06:98:8B:3D:C3:FC:07:42:B5:EB:1C:B1
            X509v3 Authority Key Identifier:
                keyid:DE:81:71:49:1D:89:09:2D:A3:6C:15:FC:81:4E:53:8B:9B:FA:39:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3oFxSR2JCS2jbBX8gU5Ti5v6OQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/aa9187-5e0c-4d6a-b704-894205f2691b/1/ZH4v2geAbhkGmIs9w_wHQrXrHLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/aa9187-5e0c-4d6a-b704-894205f2691b/1/3oFxSR2JCS2jbBX8gU5Ti5v6OQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.180.0/22
                  46.98.0.0/16
                  88.218.180.0/22
                  91.201.68.0/22
                  91.215.52.0/22
                  91.233.96.0/22
                  91.236.96.0/22
                  91.243.192.0/19
                  178.215.160.0/20
                  185.205.144.0/22
                  185.244.140.0/22
                  192.162.108.0/22
                  193.108.248.0/22
                  212.115.224.0/19
                IPv6:
                  2a05:8dc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:8e:ef:6e:5e:8c:43:ae:34:8c:3b:ba:56:0d:29:f5:c3:42:
         fc:c8:37:54:d7:a7:df:fe:fa:f4:bd:47:7c:32:2a:e4:95:c8:
         ac:60:ad:2b:aa:e5:39:3d:80:5c:14:38:30:50:a9:b9:34:53:
         b9:14:41:3b:cd:22:dc:9a:fd:d5:6c:8b:a7:3b:47:b3:4f:f1:
         ba:d4:35:11:33:a6:6d:48:fd:89:74:6b:a9:31:ea:6e:80:29:
         ef:9b:0f:a1:4a:47:a0:15:da:8e:7a:6f:a2:45:4c:c1:f4:b0:
         02:7d:0c:45:13:f9:bc:3e:8b:9b:75:a7:ba:85:33:69:ef:42:
         52:c6:b1:42:30:d3:3d:67:e9:22:5b:ae:0c:1b:c3:7d:d9:17:
         0e:b3:31:51:be:b4:f1:07:46:2e:41:9d:de:5f:72:88:5b:6b:
         82:09:39:f4:0c:06:21:21:fc:02:f5:0a:b7:2b:1a:6c:8e:96:
         d3:c5:f4:9e:bc:6d:ac:02:46:6c:7f:ce:55:bd:93:fc:30:29:
         5d:34:88:ee:4c:63:eb:08:3b:e9:9f:8a:a6:3b:26:b3:b9:29:
         ea:dd:35:c5:74:7c:1c:6e:7f:86:95:23:4a:4e:75:45:5f:f9:
         fe:ad:38:89:3f:89:a5:b6:92:26:c7:5f:d3:c1:33:d9:e1:17:
         85:31:60:e9
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAYVyzLeVPyGdfEtvXngh2Oj4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlODE3MTQ5MWQ4OTA5MmRhMzZjMTVmYzgxNGU1MzhiOWJm
YTM5MDQwHhcNMjMwMTAyMTQwNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDdlMmZkYTA3ODA2ZTE5MDY5ODhiM2RjM2ZjMDc0MmI1ZWIxY2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWzLWk3vsJBxLlC4ddKE0hreMdwe
+jg8cgb6LrlevqTwvEFOoWrPeegyW8yIU9TR3O6a5KDoH8mx6wQMSnVHFPnQ9Axh
lQr+QIpxLiBaK8WdR/VxsINwZSSRQJSPtHGoTg+YSrDXkzkder7TQ7r5Cmzt9jIf
Sx7TIczuqtGQLcWONAjok8xzjr363aP6vEmvJNVxMvn/R1zSutuAWOVkXMDcM8Fk
2I7gNu695BKkzAzPit0YhxYmH9a928bf90556RRxzCmvsUsKvbrELruXMOPN9N7o
WkuLJva2oSFfq4/zrcah1EHzn4U4IxP3e2EoQIbGzX5q7lhr5BT/pliYuQIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFGR+L9oHgG4ZBpiLPcP8B0K16xyxMB8GA1UdIwQY
MBaAFN6BcUkdiQkto2wV/IFOU4ub+jkEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM29GeFNSMkpDUzJqYkJYOGdVNVRpNXY2T1FRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9hYTkxODctNWUwYy00ZDZhLWI3MDQt
ODk0MjA1ZjI2OTFiLzEvWkg0djJnZUFiaGtHbUlzOXdfd0hRclhySExFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9hYTkxODctNWUwYy00ZDZhLWI3MDQtODk0MjA1ZjI2OTFi
LzEvM29GeFNSMkpDUzJqYkJYOGdVNVRpNXY2T1FRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBZBAIAATBTAwQCBfy0AwMA
LmIDBAJY2rQDBAJbyUQDBAJb1zQDBAJb6WADBAJb7GADBAVb88ADBASy16ADBAK5
zZADBAK59IwDBALAomwDBALBbPgDBAXUc+AwDQQCAAIwBwMFAyoFjcAwDQYJKoZI
hvcNAQELBQADggEBAFKO725ejEOuNIw7ulYNKfXDQvzIN1TXp9/++vS9R3wyKuSV
yKxgrSuq5Tk9gFwUODBQqbk0U7kUQTvNItya/dVsi6c7R7NP8brUNREzpm1I/Yl0
a6kx6m6AKe+bD6FKR6AV2o56b6JFTMH0sAJ9DEUT+bw+i5t1p7qFM2nvQlLGsUIw
0z1n6SJbrgwbw33ZFw6zMVG+tPEHRi5Bnd5fcohba4IJOfQMBiEh/AL1CrcrGmyO
ltPF9J68bawCRmx/zlW9k/wwKV00iO5MY+sIO+mfiqY7JrO5KerdNcV0fBxuf4aV
I0pOdUVf+f6tOIk/iaW2kibHX9PBM9nhF4UxYOk=
-----END CERTIFICATE-----