Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/cd9bc8-11c5-4f5a-bb25-45ae7b3dae68/1/rwUPmduBqrC9XGXt8J6ctS7X8vo.roa
File:                     rwUPmduBqrC9XGXt8J6ctS7X8vo.roa (raw, json)
Hash identifier:          iPR6a52WvHFxIYvsQfj3cEwwhNp9x5LZIHwcNRTebzw=
Subject key identifier:   AF:05:0F:99:DB:81:AA:B0:BD:5C:65:ED:F0:9E:9C:B5:2E:D7:F2:FA
Certificate issuer:       /CN=6dd2e9b3a4d7b24b3a6aa14f3eda3f14fa29c76b
Certificate serial:       313F043A
Authority key identifier: 6D:D2:E9:B3:A4:D7:B2:4B:3A:6A:A1:4F:3E:DA:3F:14:FA:29:C7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bdLps6TXsks6aqFPPto_FPopx2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/cd9bc8-11c5-4f5a-bb25-45ae7b3dae68/1/rwUPmduBqrC9XGXt8J6ctS7X8vo.roa
Signing time:             Tue 08 Feb 2022 09:43:54 +0000
ROA not before:           Tue 08 Feb 2022 09:43:54 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39246
IP address blocks:        77.78.134.0/24 maxlen: 24
                          77.78.133.0/24 maxlen: 24
                          77.78.139.0/24 maxlen: 24
                          77.78.138.0/24 maxlen: 24
                          77.78.137.0/24 maxlen: 24
                          77.78.136.0/24 maxlen: 24
                          77.78.135.0/24 maxlen: 24
                          77.78.143.0/24 maxlen: 24
                          77.78.142.0/24 maxlen: 24
                          109.121.132.0/24 maxlen: 24
                          109.121.131.0/24 maxlen: 24
                          109.121.130.0/24 maxlen: 24
                          109.121.129.0/24 maxlen: 24
                          77.78.141.0/24 maxlen: 24
                          77.78.140.0/24 maxlen: 24
                          109.121.149.0/24 maxlen: 24
                          109.121.148.0/24 maxlen: 24
                          77.78.132.0/24 maxlen: 24
                          77.78.131.0/24 maxlen: 24
                          77.78.129.0/24 maxlen: 24
                          77.78.128.0/24 maxlen: 24
                          62.192.132.0/24 maxlen: 24
                          62.192.133.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 826213434 (0x313f043a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6dd2e9b3a4d7b24b3a6aa14f3eda3f14fa29c76b
        Validity
            Not Before: Feb  8 09:43:54 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=af050f99db81aab0bd5c65edf09e9cb52ed7f2fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:44:4d:69:a7:f5:68:9a:32:44:35:8d:f6:91:
                    f3:bc:d5:28:a4:87:fd:e6:f6:76:17:85:34:a4:72:
                    14:cf:f2:22:fb:b2:ab:f3:04:73:a1:d1:24:f5:a0:
                    dd:2d:a9:49:3a:5c:48:30:9a:8c:ef:5f:a4:a8:a7:
                    e4:d2:80:f0:b6:9d:02:ed:87:f8:e4:ea:ba:da:01:
                    42:b4:b9:74:8a:fb:58:b3:c2:f5:6f:ca:53:05:1f:
                    2f:f2:36:ad:e3:7e:e7:1c:1b:e0:5f:9e:00:4d:58:
                    87:3a:ad:b3:8d:6f:71:13:04:9f:23:f3:32:5b:9f:
                    f5:a0:6f:3a:11:1b:37:06:d5:3f:de:b0:b3:bc:60:
                    40:da:54:8a:7f:8d:07:20:a0:47:5d:0b:33:e6:3e:
                    c4:7e:e8:2d:6f:89:4c:57:c4:87:2f:8d:17:82:74:
                    f5:fd:d1:92:f7:e1:8a:db:d8:f8:35:04:12:f7:19:
                    f9:c2:f8:3d:f6:07:48:6d:18:41:72:56:93:22:e7:
                    b2:e7:86:49:59:e9:90:4a:f4:a8:aa:3a:66:45:07:
                    fb:c1:a1:79:c6:ae:7f:4b:cb:95:3c:25:be:4c:b4:
                    94:21:fd:df:5c:0d:98:e2:ee:eb:c6:94:f9:6c:e3:
                    1f:06:e7:1a:28:23:a8:75:02:9c:0a:0a:14:f8:e9:
                    07:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:05:0F:99:DB:81:AA:B0:BD:5C:65:ED:F0:9E:9C:B5:2E:D7:F2:FA
            X509v3 Authority Key Identifier:
                keyid:6D:D2:E9:B3:A4:D7:B2:4B:3A:6A:A1:4F:3E:DA:3F:14:FA:29:C7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bdLps6TXsks6aqFPPto_FPopx2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/cd9bc8-11c5-4f5a-bb25-45ae7b3dae68/1/rwUPmduBqrC9XGXt8J6ctS7X8vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/cd9bc8-11c5-4f5a-bb25-45ae7b3dae68/1/bdLps6TXsks6aqFPPto_FPopx2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.192.132.0/23
                  77.78.128.0/23
                  77.78.131.0-77.78.143.255
                  109.121.129.0-109.121.132.255
                  109.121.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:a3:a7:8e:f7:09:2d:e1:cf:0d:5c:2d:38:49:f3:f6:c6:72:
         4d:be:6d:83:e2:dc:20:a1:3a:95:0e:b0:69:56:de:67:06:7f:
         14:7b:c4:f6:fd:44:56:bb:f3:e7:c8:c2:c9:97:ed:f4:6e:6a:
         1e:96:17:5a:cc:7e:49:d5:7a:2f:99:d3:07:f9:22:89:05:88:
         55:ac:8f:fe:5b:7f:94:76:38:71:81:a6:30:b5:c3:de:e6:62:
         27:44:a2:a6:bb:16:57:50:03:a4:cb:3e:65:61:ac:50:66:97:
         a4:fe:50:ea:c4:e1:4a:7b:d8:04:f4:41:94:28:9c:13:f7:14:
         b8:ae:b1:af:f7:52:ed:c0:d8:66:53:6f:e0:8c:57:25:81:43:
         30:ea:3c:95:74:d2:78:ab:0f:e4:5d:57:55:24:81:eb:62:1f:
         bf:1d:54:9a:90:d7:36:db:0b:5e:eb:cc:ac:81:bd:a7:f5:fc:
         da:e1:18:53:b6:a9:13:fe:d0:e8:31:dd:c5:a1:fe:f6:d6:07:
         b7:9f:9e:d6:57:32:26:dc:3a:46:56:cd:c3:ac:03:b3:b6:13:
         2e:93:f7:7c:65:f6:f8:dd:06:51:66:aa:c4:1a:9a:69:c6:13:
         75:96:c7:c1:2c:39:b5:d3:14:99:71:2d:48:b4:f1:cb:37:60:
         28:4e:63:14
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIEMT8EOjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZGQyZTliM2E0ZDdiMjRiM2E2YWExNGYzZWRhM2YxNGZhMjljNzZiMB4XDTIyMDIw
ODA5NDM1NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWYwNTBmOTlkYjgx
YWFiMGJkNWM2NWVkZjA5ZTljYjUyZWQ3ZjJmYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANNETWmn9WiaMkQ1jfaR87zVKKSH/eb2dheFNKRyFM/yIvuy
q/MEc6HRJPWg3S2pSTpcSDCajO9fpKin5NKA8LadAu2H+OTqutoBQrS5dIr7WLPC
9W/KUwUfL/I2reN+5xwb4F+eAE1Yhzqts41vcRMEnyPzMluf9aBvOhEbNwbVP96w
s7xgQNpUin+NByCgR10LM+Y+xH7oLW+JTFfEhy+NF4J09f3RkvfhitvY+DUEEvcZ
+cL4PfYHSG0YQXJWkyLnsueGSVnpkEr0qKo6ZkUH+8Ghecauf0vLlTwlvky0lCH9
31wNmOLu68aU+WzjHwbnGigjqHUCnAoKFPjpBzcCAwEAAaOCAjEwggItMB0GA1Ud
DgQWBBSvBQ+Z24GqsL1cZe3wnpy1Ltfy+jAfBgNVHSMEGDAWgBRt0umzpNeySzpq
oU8+2j8U+inHazAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JkTHBzNlRYc2tzNmFxRlBQdG9fRlBvcHgycy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzQvY2Q5YmM4LTExYzUtNGY1YS1iYjI1LTQ1YWU3YjNkYWU2OC8x
L3J3VVBtZHVCcXJDOVhHWHQ4SjZjdFM3WDh2by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzQv
Y2Q5YmM4LTExYzUtNGY1YS1iYjI1LTQ1YWU3YjNkYWU2OC8xL2JkTHBzNlRYc2tz
NmFxRlBQdG9fRlBvcHgycy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBH
BggrBgEFBQcBBwEB/wQ4MDYwNAQCAAEwLgMEAT7AhAMEAU1OgDAMAwQATU6DAwQE
TU6AMAwDBABteYEDBABteYQDBAFteZQwDQYJKoZIhvcNAQELBQADggEBAAKjp473
CS3hzw1cLThJ8/bGck2+bYPi3CChOpUOsGlW3mcGfxR7xPb9RFa78+fIwsmX7fRu
ah6WF1rMfknVei+Z0wf5IokFiFWsj/5bf5R2OHGBpjC1w97mYidEoqa7FldQA6TL
PmVhrFBml6T+UOrE4Up72AT0QZQonBP3FLiusa/3Uu3A2GZTb+CMVyWBQzDqPJV0
0nirD+RdV1UkgetiH78dVJqQ1zbbC17rzKyBvaf1/NrhGFO2qRP+0Ogx3cWh/vbW
B7efntZXMibcOkZWzcOsA7O2Ey6T93xl9vjdBlFmqsQammnGE3WWx8EsObXTFJlx
LUi08cs3YChOYxQ=
-----END CERTIFICATE-----