Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/rhlC5UpZsdvMjDYXdXEcovlpaxU.roa
File:                     rhlC5UpZsdvMjDYXdXEcovlpaxU.roa (raw, json)
Hash identifier:          ioz3SACPzEYeLjptqiAkAndSMEIb+zUSwR0JfYrsdJU=
Subject key identifier:   AE:19:42:E5:4A:59:B1:DB:CC:8C:36:17:75:71:1C:A2:F9:69:6B:15
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       018DAC379BD476DA4623B9BCB608A943DEC5
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/rhlC5UpZsdvMjDYXdXEcovlpaxU.roa
Signing time:             Thu 15 Feb 2024 10:02:21 +0000
ROA not before:           Thu 15 Feb 2024 10:02:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1136
IP address blocks:        2a04:9a00:1200::/48 maxlen: 48
                          2a07:3500:1020::/48 maxlen: 48
                          2a07:3500:11a0::/48 maxlen: 48
                          2a07:3500:1ac0::/48 maxlen: 48
                          2a07:3500:1b30::/48 maxlen: 48
                          2a07:3500:1b48::/48 maxlen: 48
                          2a07:3500:1bc0::/48 maxlen: 48
                          2a07:3500:1c00::/48 maxlen: 48
                          2a07:3502:10e0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:37:9b:d4:76:da:46:23:b9:bc:b6:08:a9:43:de:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Feb 15 10:02:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae1942e54a59b1dbcc8c361775711ca2f9696b15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:db:fd:a5:de:1e:fb:80:77:56:ac:f2:0d:e8:
                    e8:a1:0b:47:03:19:a0:6c:62:c6:da:41:56:78:5e:
                    22:da:5e:28:a8:95:2b:b1:19:2c:01:11:80:c7:38:
                    e4:fb:04:a4:b0:4c:05:ba:e2:3f:79:c8:0e:b6:2a:
                    ea:8b:eb:54:20:6a:49:8e:8c:9d:a6:49:29:a7:99:
                    ae:3f:78:69:e2:d9:01:04:c8:9d:00:1f:01:45:37:
                    7e:cb:c9:61:6c:e8:e0:80:1d:81:d1:8b:c3:74:54:
                    9e:b9:45:5c:b0:36:e9:4d:33:9c:83:93:fa:f4:13:
                    b8:0d:2b:4c:8d:69:93:af:04:ed:aa:03:16:4a:1f:
                    14:8b:b2:26:6f:00:f6:fe:94:c9:68:21:05:ff:a2:
                    13:c9:77:a7:99:24:59:5d:d6:c9:db:e8:36:70:85:
                    68:f8:49:aa:8e:5b:fe:4e:55:da:89:c9:21:c1:a6:
                    19:af:26:ce:9a:5f:a9:89:8a:22:72:a5:b5:02:57:
                    89:25:50:b4:11:6f:cd:53:01:f0:1a:93:ef:7e:33:
                    22:68:dd:e7:f5:b8:71:7c:9b:c0:60:45:ff:ea:ba:
                    ba:fd:4e:48:0e:10:d4:42:dd:f7:af:14:82:1a:a0:
                    17:fb:25:d1:55:63:11:d4:0d:ff:88:5e:d4:2b:e1:
                    9d:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:19:42:E5:4A:59:B1:DB:CC:8C:36:17:75:71:1C:A2:F9:69:6B:15
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/rhlC5UpZsdvMjDYXdXEcovlpaxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:9a00:1200::/48
                  2a07:3500:1020::/48
                  2a07:3500:11a0::/48
                  2a07:3500:1ac0::/48
                  2a07:3500:1b30::/48
                  2a07:3500:1b48::/48
                  2a07:3500:1bc0::/48
                  2a07:3500:1c00::/48
                  2a07:3502:10e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:94:bc:c3:94:d7:67:32:76:64:5a:52:27:7d:90:2a:02:17:
         2f:a5:0b:fc:e6:d0:15:41:0b:03:fb:8f:8a:0c:da:5a:f2:66:
         e6:e2:db:f6:7f:27:f9:f3:72:8d:f6:05:8a:3a:ed:fc:14:3d:
         7f:f0:20:33:51:b8:37:8c:41:43:1d:18:3c:98:11:02:5a:00:
         1f:74:01:c2:ce:ee:3e:c0:e6:c5:19:9d:7e:7f:f9:2e:b8:3f:
         aa:e3:eb:93:fc:0b:3e:32:04:b8:07:5a:c9:83:99:ac:57:a8:
         a3:19:65:ba:00:8e:7a:c5:81:8c:30:7c:0a:ab:26:ad:b7:a6:
         13:c4:40:31:3e:b7:e7:ae:ec:22:1d:0a:83:3d:1f:f5:5a:2d:
         21:81:b5:24:9b:ac:9c:20:74:34:1a:c5:07:a6:03:e5:16:f9:
         e3:4c:82:2a:c9:42:77:20:9e:dc:1c:6d:32:73:c7:55:5a:19:
         ee:ed:e3:8a:bb:e0:80:14:a3:21:94:71:18:d9:e2:e1:c9:77:
         51:f5:e7:39:d0:71:67:1d:1b:f3:d6:11:30:c0:68:0e:fb:d8:
         66:c6:b8:f3:20:15:6a:84:84:2a:28:fb:6a:a0:24:65:bf:87:
         f4:b0:3d:d2:7f:38:e6:83:1a:ba:21:92:7f:57:c3:62:ba:8b:
         ee:29:79:0e
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAY2sN5vUdtpGI7m8tgipQ97FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjQwMjE1MTAwMjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTE5NDJlNTRhNTliMWRiY2M4YzM2MTc3NTcxMWNhMmY5Njk2YjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9v9pd4e+4B3VqzyDejooQtHAxmg
bGLG2kFWeF4i2l4oqJUrsRksARGAxzjk+wSksEwFuuI/ecgOtirqi+tUIGpJjoyd
pkkpp5muP3hp4tkBBMidAB8BRTd+y8lhbOjggB2B0YvDdFSeuUVcsDbpTTOcg5P6
9BO4DStMjWmTrwTtqgMWSh8Ui7ImbwD2/pTJaCEF/6ITyXenmSRZXdbJ2+g2cIVo
+Emqjlv+TlXaickhwaYZrybOml+piYoicqW1AleJJVC0EW/NUwHwGpPvfjMiaN3n
9bhxfJvAYEX/6rq6/U5IDhDUQt33rxSCGqAX+yXRVWMR1A3/iF7UK+Gd4QIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFK4ZQuVKWbHbzIw2F3VxHKL5aWsVMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvcmhsQzVVcFpzZHZNakRZWGRYRWNvdmxwYXhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBXBAIAAjBRAwcAKgSaABIA
AwcAKgc1ABAgAwcAKgc1ABGgAwcAKgc1ABrAAwcAKgc1ABswAwcAKgc1ABtIAwcA
Kgc1ABvAAwcAKgc1ABwAAwcAKgc1AhDgMA0GCSqGSIb3DQEBCwUAA4IBAQBqlLzD
lNdnMnZkWlInfZAqAhcvpQv85tAVQQsD+4+KDNpa8mbm4tv2fyf583KN9gWKOu38
FD1/8CAzUbg3jEFDHRg8mBECWgAfdAHCzu4+wObFGZ1+f/kuuD+q4+uT/As+MgS4
B1rJg5msV6ijGWW6AI56xYGMMHwKqyatt6YTxEAxPrfnruwiHQqDPR/1Wi0hgbUk
m6ycIHQ0GsUHpgPlFvnjTIIqyUJ3IJ7cHG0yc8dVWhnu7eOKu+CAFKMhlHEY2eLh
yXdR9ec50HFnHRvz1hEwwGgO+9hmxrjzIBVqhIQqKPtqoCRlv4f0sD3Sfzjmgxq6
IZJ/V8NiuovuKXkO
-----END CERTIFICATE-----