Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/1a6f83-4ab4-4a43-a491-18ae75981d1d/1/o6vPoDrhY3DJJlrdegFty9ZPtpw.roa
File:                     o6vPoDrhY3DJJlrdegFty9ZPtpw.roa (raw, json)
Hash identifier:          20cZXLrFP7VYuz4zznjMRP0E2bhNyMTJLHr9l2GArOQ=
Subject key identifier:   A3:AB:CF:A0:3A:E1:63:70:C9:26:5A:DD:7A:01:6D:CB:D6:4F:B6:9C
Certificate issuer:       /CN=b61d9e8c9a08b23a98b14c308b80dcfbf55e5cd1
Certificate serial:       39E6A7DA
Authority key identifier: B6:1D:9E:8C:9A:08:B2:3A:98:B1:4C:30:8B:80:DC:FB:F5:5E:5C:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/th2ejJoIsjqYsUwwi4Dc-_VeXNE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/1a6f83-4ab4-4a43-a491-18ae75981d1d/1/o6vPoDrhY3DJJlrdegFty9ZPtpw.roa
Signing time:             Sat 01 Jan 2022 07:58:06 +0000
ROA not before:           Sat 01 Jan 2022 07:58:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34087
IP address blocks:        152.65.32.0/19 maxlen: 19
                          185.161.56.0/23 maxlen: 23
                          185.161.56.0/22 maxlen: 22
                          152.65.64.0/19 maxlen: 19
                          84.16.216.0/24 maxlen: 24
                          94.246.0.0/18 maxlen: 20
                          152.65.0.0/19 maxlen: 19
                          152.65.0.0/17 maxlen: 19
                          89.151.192.0/18 maxlen: 20
                          178.164.0.0/17 maxlen: 20
                          178.164.0.0/23 maxlen: 23
                          84.16.192.0/19 maxlen: 20
                          217.168.80.0/20 maxlen: 20
                          148.252.64.0/18 maxlen: 19
                          152.65.96.0/19 maxlen: 19
                          84.52.192.0/18 maxlen: 20
                          85.89.0.0/19 maxlen: 20
                          2a01:560::/29 maxlen: 29
                          2a01:560::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 971417562 (0x39e6a7da)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b61d9e8c9a08b23a98b14c308b80dcfbf55e5cd1
        Validity
            Not Before: Jan  1 07:58:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a3abcfa03ae16370c9265add7a016dcbd64fb69c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:71:6d:d1:9a:74:e5:2d:de:ec:a6:ec:81:33:
                    1a:33:4b:08:79:0a:56:4e:9d:ee:1a:86:b0:27:4d:
                    b0:93:63:93:0c:5c:70:c1:ce:4a:45:b9:b5:7d:af:
                    37:0a:a7:6e:2f:b1:81:f3:5b:fd:cf:cc:dc:a7:04:
                    80:83:57:2f:6c:37:27:f3:e3:98:80:ab:9c:04:22:
                    70:30:8b:1f:e9:ae:bb:47:41:cc:5b:e4:57:2e:e4:
                    07:e7:a0:59:67:91:24:2d:11:14:24:f1:12:38:1f:
                    13:87:e1:fb:1d:15:fe:66:dc:4e:00:55:18:61:47:
                    e1:95:f0:ec:11:1b:08:d0:d6:6f:5f:97:9c:86:26:
                    7a:64:2e:46:c1:30:bd:39:e2:a4:56:7c:69:bf:ec:
                    4d:d3:59:7a:e1:6f:ce:91:2c:d0:2e:29:47:4b:f9:
                    d6:c4:ca:cb:07:ee:6c:10:8e:08:36:a0:76:70:13:
                    7a:73:5d:c0:8d:df:41:cb:ad:5c:37:ed:2c:0e:f9:
                    ae:26:75:48:04:cb:a2:d3:1a:17:50:f8:a1:e1:c2:
                    38:69:c1:e1:3a:ef:78:07:0b:17:38:14:3c:1d:64:
                    51:11:ec:fc:6e:ed:dd:8a:83:31:3d:2d:26:27:13:
                    2c:b2:19:e4:f6:6b:eb:62:33:43:5a:c2:c4:ac:1c:
                    5b:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:AB:CF:A0:3A:E1:63:70:C9:26:5A:DD:7A:01:6D:CB:D6:4F:B6:9C
            X509v3 Authority Key Identifier:
                keyid:B6:1D:9E:8C:9A:08:B2:3A:98:B1:4C:30:8B:80:DC:FB:F5:5E:5C:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/th2ejJoIsjqYsUwwi4Dc-_VeXNE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/1a6f83-4ab4-4a43-a491-18ae75981d1d/1/o6vPoDrhY3DJJlrdegFty9ZPtpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/1a6f83-4ab4-4a43-a491-18ae75981d1d/1/th2ejJoIsjqYsUwwi4Dc-_VeXNE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.16.192.0/19
                  84.52.192.0/18
                  85.89.0.0/19
                  89.151.192.0/18
                  94.246.0.0/18
                  148.252.64.0/18
                  152.65.0.0/17
                  178.164.0.0/17
                  185.161.56.0/22
                  217.168.80.0/20
                IPv6:
                  2a01:560::/29

    Signature Algorithm: sha256WithRSAEncryption
         b8:bf:02:57:83:9b:1d:d7:ee:fc:05:1d:86:3a:56:68:a4:70:
         ee:1d:68:94:a0:b3:77:3e:d4:4f:ff:75:fa:d0:1e:02:6d:80:
         a5:8d:ef:fb:95:d1:6a:9b:32:5f:93:3a:47:c8:4f:86:8c:87:
         0c:ed:15:50:3e:34:18:dc:34:93:be:16:4d:b3:5e:81:81:72:
         64:4b:10:60:b2:85:9a:0e:06:59:c4:9a:51:89:99:84:1f:bd:
         5a:06:2f:9d:f0:3f:83:8e:50:47:5a:d0:b7:36:e4:d1:be:31:
         e2:da:13:f6:11:fc:2c:2f:14:e5:eb:28:73:26:b3:a7:ce:63:
         a4:8e:72:3e:15:e5:d9:88:c0:73:d4:30:79:89:4e:de:d3:dd:
         05:53:9b:8e:41:2d:be:1a:57:bf:b1:51:3b:0e:cc:e7:46:6f:
         b2:6f:e3:ea:50:48:4e:46:15:4b:7e:24:98:ff:8d:cb:71:2a:
         81:7e:75:61:6e:72:70:e7:d8:3d:5a:07:cf:db:c8:c7:f1:48:
         cd:5f:07:81:1c:94:d7:18:7f:f6:ac:40:86:33:89:8f:5c:00:
         b2:16:57:92:d6:48:d4:33:4e:3a:99:22:c3:82:76:af:e1:ac:
         e9:5c:3e:24:59:17:9e:ce:61:bd:75:d6:3d:e2:20:16:09:09:
         e4:27:88:78
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgIEOean2jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NjFkOWU4YzlhMDhiMjNhOThiMTRjMzA4YjgwZGNmYmY1NWU1Y2QxMB4XDTIyMDEw
MTA3NTgwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTNhYmNmYTAzYWUx
NjM3MGM5MjY1YWRkN2EwMTZkY2JkNjRmYjY5YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANRxbdGadOUt3uym7IEzGjNLCHkKVk6d7hqGsCdNsJNjkwxc
cMHOSkW5tX2vNwqnbi+xgfNb/c/M3KcEgINXL2w3J/PjmICrnAQicDCLH+muu0dB
zFvkVy7kB+egWWeRJC0RFCTxEjgfE4fh+x0V/mbcTgBVGGFH4ZXw7BEbCNDWb1+X
nIYmemQuRsEwvTnipFZ8ab/sTdNZeuFvzpEs0C4pR0v51sTKywfubBCOCDagdnAT
enNdwI3fQcutXDftLA75riZ1SATLotMaF1D4oeHCOGnB4TrveAcLFzgUPB1kURHs
/G7t3YqDMT0tJicTLLIZ5PZr62IzQ1rCxKwcW5ECAwEAAaOCAk4wggJKMB0GA1Ud
DgQWBBSjq8+gOuFjcMkmWt16AW3L1k+2nDAfBgNVHSMEGDAWgBS2HZ6MmgiyOpix
TDCLgNz79V5c0TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RoMmVqSm9Jc2pxWXNVd3dpNERjLV9WZVhORS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmIvMWE2ZjgzLTRhYjQtNGE0My1hNDkxLTE4YWU3NTk4MWQxZC8x
L282dlBvRHJoWTNESkpscmRlZ0Z0eTlaUHRwdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmIv
MWE2ZjgzLTRhYjQtNGE0My1hNDkxLTE4YWU3NTk4MWQxZC8xL3RoMmVqSm9Jc2px
WXNVd3dpNERjLV9WZVhORS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBk
BggrBgEFBQcBBwEB/wRVMFMwQgQCAAEwPAMEBVQQwAMEBlQ0wAMEBVVZAAMEBlmX
wAMEBl72AAMEBpT8QAMEB5hBAAMEB7KkAAMEArmhOAMEBNmoUDANBAIAAjAHAwUD
KgEFYDANBgkqhkiG9w0BAQsFAAOCAQEAuL8CV4ObHdfu/AUdhjpWaKRw7h1olKCz
dz7UT/91+tAeAm2ApY3v+5XRapsyX5M6R8hPhoyHDO0VUD40GNw0k74WTbNegYFy
ZEsQYLKFmg4GWcSaUYmZhB+9WgYvnfA/g45QR1rQtzbk0b4x4toT9hH8LC8U5eso
cyazp85jpI5yPhXl2YjAc9QweYlO3tPdBVObjkEtvhpXv7FROw7M50Zvsm/j6lBI
TkYVS34kmP+Ny3EqgX51YW5ycOfYPVoHz9vIx/FIzV8HgRyU1xh/9qxAhjOJj1wA
shZXktZI1DNOOpkiw4J2r+Gs6Vw+JFkXns5hvXXWPeIgFgkJ5CeIeA==
-----END CERTIFICATE-----